Mission Critical Windows 2000 (P1)

Chia sẻ: Tran Thach | Ngày: | Loại File: PDF | Số trang:30

lượt xem

Mission Critical Windows 2000 (P1)

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents....

Chủ đề:

Nội dung Text: Mission Critical Windows 2000 (P1)

  1. If it’s a impact, high- high-risk,fail situation, t- must-no RITICAL! ”This book is perfect for administrators who it’s MISSION C need an advanced Windows 2000 reference. I will turn to it again and again.“ FREE Monthly –Eric Livingston, Technology Updates Vice President and Chief Technology Officer AppNet, Inc. One-year Vendor Product Upgrade Protection Plan Robin Walshaw, MCSE Technical Editor: FREE Membership to D. Lynn White, MCPS, MCSE, MCT, MCP+I Access.Globalknowledge
  2. solutions@syngress.com With over 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we have come to know many of you personally. By listening, we've learned what you like and dislike about typical computer books. The most requested item has been for a web-based service that keeps you current on the topic of the book and related technologies. In response, we have created solutions@syngress.com, a service that includes the following features: s A one-year warranty against content obsolescence that occurs as the result of vendor product upgrades. We will provide regular web updates for affected chapters. s Monthly mailings that respond to customer FAQs and provide detailed explanations of the most difficult topics, written by content experts exclusively for solutions@syngress.com. s Regularly updated links to sites that our editors have determined offer valuable additional information on key topics. s Access to “Ask the Author”™ customer query forms that allow readers to post questions to be addressed by our authors and editors. Once you've purchased this book, browse to www.syngress.com/solutions. To register, you will need to have the book handy to verify your purchase. Thank you for giving us the opportunity to serve you.
  4. Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other inci- dental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable case, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media® and Syngress® are registered trademarks of Syngress Media, Inc. “Career Advancement Through Skill Enhancement™,” “Ask the Author™,” “Ask the Author UPDATE™,” and “Mission Critical™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 9TATW2ADSE 002 NF4TRA7TC4 003 CDE3C28FV7 004 DC5C8NVT4N 005 Z745QQE2BR 006 PF62RT652H 007 DTP252ZX44 008 NT3F743RTG 009 6532M977LS 010 SMWR8P554N PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370 Mission Critical Windows 2000 Server Administration Copyright © 2000 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or dis- tributed in any form or by any means, or stored in a database or retrieval system, without the prior written per- mission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN: 1-928994-16-4 Copy edit by: Beth Roberts Proofreading by: Fred Lanigan Technical edit by: D. Lynn White Page Layout and Art by: Reuben Kantor Index by: Robert Saigh and Shannon Tozier Co-Publisher: Richard Kristof Distributed by Publishers Group West
  5. Acknowledgments We would like to acknowledge the following people for their kindness and sup- port in making this book possible. Richard Kristof, Duncan Anderson, Jennifer Gould, Robert Woodruff, Kevin Murray, Dale Leatherwood, Rhonda Harmon, and Robert Sanregret of Global Knowledge, for their generous access to the IT industry’s best courses, instructors and training facilities. Ralph Troupe and the team at Callisma for their invaluable insight into the challenges of designing, deploying and supporting world-class enterprise net- works. Karen Cross, Kim Wylie, Harry Kirchner, John Hays, Bill Richter, Kevin Votel, Brittin Clark, Sarah Schaffer, Ellen Lafferty and Sarah MacLachlan of Publishers Group West for sharing their incredible marketing experience and expertise. Mary Ging, Caroline Hird, and Simon Beale of Harcourt International for making certain that our vision remains worldwide in scope. Annabel Dent, Anneka Baeten, Clare MacKenzie, and Laurie Giles of Harcourt Australia for all their help. David Buckland, Wendi Wong, David Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthu- siasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support. Ethan Atkin at Cranbury International for his help in expanding the Syngress program. Special thanks to the professionals at Osborne with whom we are proud to publish the best-selling Global Knowledge Certification Press series. v
  6. From Global Knowledge At Global Knowledge we strive to support the multiplicity of learning styles required by our students to achieve success as technical professionals. As the world's largest IT training company, Global Knowledge is uniquely positioned to offer these books. The expertise gained each year from pro- viding instructor-led training to hundreds of thousands of students world- wide has been captured in book form to enhance your learning experience. We hope that the quality of these books demonstrates our commitment to your lifelong learning success. Whether you choose to learn through the written word, computer based training, Web delivery, or instructor-led training, Global Knowledge is committed to providing you with the very best in each of these categories. For those of you who know Global Knowledge, or those of you who have just found us for the first time, our goal is to be your lifelong competency partner. Thank your for the opportunity to serve you. We look forward to serving your needs again in the future. Warmest regards, Duncan Anderson President and Chief Executive Officer, Global Knowledge vi
  7. About the Author Robin Walshaw (B.Sc Computer Science, MCSE, DPPM) is an independent consultant who delivers strategic Windows 2000 solutions to large corpora- tions around the globe. Born in England, Robin spent the majority of his ear- lier years in Scotland and South Africa. One of the first MCSEs in Africa, he enjoys being at the forefront of new developments in network and operating system architecture. With a flair for developing strategic IT solutions for diverse clients, he has worked in the world of computers in eight countries, and has traveled to over thirty countries in the last ten years. A veteran of numerous global pro- jects, Robin has honed his skills across of a wide variety of platforms and technologies. Though an industrious computer professional by day, by ‘night’ Robin is an experienced mountain guide. Robin is a keen sportsman and has man- aged to balance work with a passion for climbing the world’s highest moun- tains, culminating in an attempt on the North Ridge of Mount Everest. Residing with his wife, Natalie, in London and South Africa, Robin can be contacted via email at rwalshaw@hotmail.com. Displaying Herculean resolve, Natalie simultaneously manages to keep Robin’s feet on the ground and a smile on his face. Some men just have all the luck. vii
  8. Contributors Melissa Craft (CCNA, MCSE, Network+, CNE-3, CNE-4, CNE-5, CNE-GW, MCNE, Citrix) is a Director of e-Business Offering Development for MicroAge. MicroAge is a global systems integrator headquartered in Tempe, Arizona. MicroAge provides IT design, project management and support for distributed computing systems. Melissa develops enterprise-wide technology solutions and methodologies for client organizations. These technology solutions touch every part of a system’s lifecycle—from network design, testing and implementation to operational management and strategic planning. Melissa holds a bachelor’s degree from the University of Michigan and is a member of the IEEE, the Society of Women Engineers and American MENSA, Ltd. Melissa currently resides in Phoenix, Arizona with her family, Dan, Justine and Taylor, and her two dogs, Marmaduke and Pooka. Debra Littlejohn Shinder (MCSE, MCP+I, MCT) is an Instructor in the AATP program at Eastfield College, Dallas County Community College District, where she has taught since 1992. She is Webmaster for the cities of Seagoville and Sunnyvale, Texas, as well as the family Web site at www.shinder.net. She and her husband, Dr. Thomas W. Shinder, provide consulting and technical support services to Dallas area organizations. She is also the proud mom of a daughter, Kristen, who is currently serving in the U.S. Navy in Italy, and a son, Kris, who is a high school chess champion. Deb has been a writer for most her life, and has published numerous articles in both technical and non- technical fields. She can be contacted at deb@shinder.net. Thomas W. Shinder, M.D. (MCSE, MCP+I, MCT) is a Technology Trainer and Consultant in the Dallas-Ft. Worth metroplex. Dr. Shinder has consulted with major firms, including Xerox, Lucent Technologies, and FINA Oil, assisting in the development and implementation of IP-based communications strategies. Dr. Shinder attended medical school at the University of Illinois in Chicago, and trained in neurology at the Oregon Health Sciences Center in Portland, Oregon. His fascination with interneuronal communication ultimately melded with his interest in internetworking and led him to focus on systems engi- neering. Tom works passionately with his beloved wife, Deb Shinder, to design elegant and cost-efficient solutions for small- and medium-sized businesses based on Windows NT/2000 platforms. viii
  9. Technical Editor D. Lynn White (MCPS, MCSE, MCT, MCP+I) is President of Independent Network Consultants, Inc. Lynn has more than 14 years experience in net- working and programming. She has been a system manager in the mainframe environment as well as a software developer for a process control company. She is a technical author, editor, trainer, and consultant in networking and computer-related technologies. Lynn has been delivering mainframe, Microsoft-official curriculum and other networking coursed in and outside the United States for more than 12 years. ix
  10. Contents Chapter 1: Introduction to Windows 2000 Server 1 Introduction 2 What’s New in Windows 2000 Server? 3 The Key to Unlocking Your Network: Active Directory 5 Why Should I Use the Active Directory? 6 Change and Configuration Management 7 Group Policies 10 Windows 2000 Security 11 Why the Change? 12 Differences in Windows 2000 Server Security 12 Windows 2000 Network Services 13 Managing and Supporting Windows 2000 Server 14 Integrated Directory Services 15 Comprehensive Management Solutions 15 Comprehensive File, Print, and Web Services 17 What’s Not New in Windows 2000 Server? 20 Core Architecture 21 Application Support 21 User Interface 21 Client Support 22 Windows 2000 Challenges 22 Summary 24 FAQs 25 Chapter 2: Active Directory—The Heart of Windows 2000 Server 27 Introduction 28 Mission-Critical Active Directory Concepts 29 Where Active Directory Fits in the Overall Windows 2000 Architecture 30 Active Directory Concepts 30 What’s in a Name? 30 The Architecture of Active Directory 34 Putting the Pieces Together 36 xi
  11. xii Contents Developing a Naming Strategy 40 Active Directory’s Integration with DNS 41 How Active Directory Uses DNS 43 Forest Plan 45 Domain and DNS Strategy 48 Organizational Units (OUs) 49 Site Topology 52 Naming Conventions 53 Defining DNS Names 53 Defining DNS Zones 55 Naming Conventions for Active Directory 55 Virtual Containers 56 Designing Active Directory Domains 56 Forest Plan 58 Domain Plan Including DNS Strategy 58 Organizational Unit Strategy 60 Organizational Unit Structure 60 OU Objects in the Active Directory 60 Group Policy and OUs 60 Delegating Administration 61 Site Topology 62 Summary 63 FAQs 64 Chapter 3: Migrating to Windows 2000 Server 67 Introduction 68 Server Migration Strategies 69 Primary Domain Controllers (PDCs) 76 Changes Required when Upgrading a Domain Controller 78 Backup Domain Controllers (BDCs) 79 Member Servers 81 Promoting Member Servers with DCPROMO 81 Upgrading with the Windows 2000 Setup Wizard 82 Installing Active Directory Services 84 Interim Mixed Domains 87 Mixed Mode 88 Native Mode 88 Migrating Components 90 Using Organizational Units (OUs) to Create a Hierarchical Structure 91 User Accounts 92 Machine Accounts 94
  12. Contents xiii Nested Groups 94 Global Groups 95 Delegating Administrative Authority 95 Insert into the Replication Topology 96 Migrating from Novell Directory Services 97 Upgrade Clients to Windows 2000 Professional 98 Summary 100 FAQs 102 Chapter 4: Implementing Domains, Trees and Forests 103 Introduction 104 Implementing a Domain 104 Installing the First Domain in Active Directory 105 Active Directory Wizard 106 Integrating DNS into the Active Directory 110 Configuring DNS 111 Active Directory Integrated Zones 112 About Zones 112 Service Resource Record Registration 114 Creating Organizational Units 114 Managing Objects in Active Directory 115 Managing User Accounts 116 Managing Groups 117 Managing Computers 119 Managing Shares 120 Managing Printers 121 Common Object Management 122 Nesting Groups 122 Role-Based Administration 123 Microsoft Management Console 123 Administrative Roles 123 Delegating Administration 124 Object-Based Access Control 126 Building Trees and Forests 127 Forest Characteristics 128 Common Schema 128 Common Configuration 128 Global Catalog 128 Contiguous Namespace 129 Trust Relationships 129 Planning a Forest Structure 134 The Domain Tree Structure 137 Adding a Child Domain 139
  13. xiv Contents Sizing the Active Directory Store 139 Managing the Forest 142 Summary 145 FAQs 147 Chapter 5: Planning and Implementing Active Directory Sites 149 Introduction 150 The Function of Sites in Active Directory 150 Default-First-Site-Name 153 Replicated Active Directory Components 153 Domain Partitions 153 Global Catalog 154 Schema and Configuration Containers 155 Modifying the Schema 155 Configuring Site Replication Components 166 Creating Site Objects 166 Creating Connection Objects 167 Creating Site Links 167 Creating Site Link Bridges 168 Replication Protocols 169 Replication in Active Directory 170 Replication Topology 171 Planning a Site Structure 174 Placing Domain Controllers 177 Where to Place Global Catalog Servers 177 Implementing a Site Structure in Active Directory 178 Replication Utilities 183 Replication Monitor (REPLMON) 183 Replication Administrator (REPADMIN) 183 DSASTAT 183 Understanding Time Synchronization in Active Directory 184 Summary 185 FAQs 187 Chapter 6: Advanced Active Directory 189 Introduction 190 Interfacing with Active Directory 190 ADSI 190 RPC 192 Windows Sockets 192 DCOM 193 Exchange Server Active Directory Connector 193 Synchronizing with the Novell Directory Service 195
  14. Contents xv Microsoft’s Metadirectory 195 VIA Architecture 199 Implementing a Disaster Recovery Plan 200 Modeling Sites with Disaster Recovery in Mind 201 The Active Directory Database File Structure 204 Backup 205 Creating an Emergency Repair Disk 206 Recovering a Failed Domain Controller 208 Authoritative Restore of Deleted Objects 208 Startup Options 209 The Recovery Console 210 For Experts 211 PDC Emulation and Native Mode 211 How Active Directory Prevents Unnecessary Replication 212 How an LDAP Query Accesses Active Directory 213 Renaming Domains 214 Add a Server to Two Different Sites Simultaneously 214 Removing Phantom Objects 215 Phantom Domains 215 Transferring FSMO Roles 216 Troubleshooting Tips 219 Avoiding Errors When Migrating a Domain 220 Remote Procedure Call (RPC) Errors 220 Summary 221 FAQs 222 Chapter 7: Configuring IntelliMirror 223 Introduction 224 What Is IntelliMirror? 224 Configuring Group Policies 226 How Group Policies Are Applied 229 Refresh Interval 230 Blocking and Enforcing 230 Group Policy Information Storage 231 Administrative Templates 232 Registry.pol 233 Group Policy Settings 233 Computer Configuration 235 User Configuration 235 Designing a Group Policy Strategy 236 Group Policy in WAN Environments 237 Implementing Group Policy Strategies 240 Configuring Group Policy Objects 240
  15. xvi Contents Link a Group Policy Object to a Container 241 Keeping Groups from Growing Over Time 242 Delegating Control of Group Policy 243 Troubleshooting Group Policies 245 Policy Does Not Execute 245 Policy Executes in the Wrong Way 246 Logging On Takes a Long Time 246 Security 247 Groups 247 Group Strategy 249 Viewing Security Features in Active Directory Users and Computers 250 Domain Security Console 250 Account Policies 250 Local Policies 254 Event Log 254 Restricted Groups 255 System Services 255 Registry 255 File System 255 Public Key Policies 256 IP Security Policies on Active Directory 256 Security Templates 256 Object Protection 256 Access Control Lists (ACLs) 256 Access Control Entries (ACEs) 257 Security Descriptor 258 Security Identifier (SID) 259 Summary 260 FAQs 261 Chapter 8: Managing Settings, Software, and User Data with IntelliMirror 263 Introduction 264 Deploying Software with Group Policies 264 Assigning Software 265 User Assignments 265 Computer Assignments 266 Publishing Software 266 Enhancements within Add/Remove Programs 266 Packaging an Application 268 Windows Installer 269 Creating a Package 272 Repackaging 272
  16. Contents xvii ZAP Files 273 Customizing a Package 273 Creating Distribution Points 274 Targeting Software and Using the Software MMC Snap-In 274 Using the Software Policy MMC Snap-In 275 Using Group Policy to Assign or Publish an Application 276 Managing Software with Group Policies 277 Upgrading Software 278 Upgrading Windows 2000 279 Removing Software 280 Redeploying Software 281 Software Installation Options 281 Group Policy Settings 283 Application Deployment Walkthrough 285 Deployment Methods 287 Managing User and Computer Settings 287 Using Administrative Templates 288 Assigning Registry-Based Policies 290 Creating Custom Administrative Templates 293 Adding Administrative Templates 299 Using Scripts 300 Assigning Script Policies to Users and Computers 301 Folder Redirection 303 Summary 305 FAQs 306 Chapter 9: Managing Users and Groups 309 Introduction 310 Setting Up User Accounts 310 Defining an Acceptable Use Policy 310 Requirements for New User Accounts 312 Default User Account Settings 313 Logon Mechanics 313 Creating User Accounts 314 Setting Account Policies 315 Account Policy Configuration 315 Modifying Properties for User Accounts 317 Managing User Accounts 319 Deleting User Accounts 319 Resetting Passwords 319 Disabling an Account 320 Enabling an Account 320
  17. xviii Contents Other Active Directory Users and Computers Functions 320 Moving User Accounts 320 Mapping a Certificate to a User 321 Using Groups to Organize User Accounts 323 Group Types 323 Security Groups 323 Distribution Lists 324 Group Scope 324 Local 324 Domain Local 325 Global 325 Universal 325 Implementing Groups 326 Creating a Group 328 Assigning Users to a Group 328 Adding Users through Group Settings 328 Configuring Group Settings 328 Managing Groups 329 Changing a Group’s Scope 330 Deleting Groups 330 Implementing Local Groups 331 Preparing to Create Local Groups 331 Creating a Local Group 331 Implementing Built-in Groups 332 Built-In Group Behavior 332 Groups—Best Practices 335 Administering User Accounts 336 User Profiles Overview 337 Types of User Profiles 337 Contents of a User Profile 338 Settings Saved in a User Profile 339 Local User Profiles 340 Roaming User Profiles 340 Creating Individualized Roaming User Profiles 341 Mandatory Profiles 341 Setting Up a Roaming User Profile 342 Assigning Customized Roaming Profiles 343 Creating Home Directories 343 Home Directories and My Documents 343 Creating Home Directories 344 Advanced Techniques 345 Creating Multiple User Accounts 345 Migrating Users from a Windows NT 4.0 Domain 345
  18. Contents xix Creating New Active Directory Users in Bulk 346 Importing Users from Novell Directory Services (NDS) 348 Summary 348 FAQs 349 Chapter 10: Managing File and Print Resources 351 Introduction 352 Windows 2000 Data Storage 352 Understanding Disk Types 352 Basic Disks 353 Dynamic Disks 354 Configuring Disks 355 Understanding Windows 2000 File Systems 357 CDFS 358 UDF 358 FAT 358 NTFS 359 Configuring File Systems 364 Configuration Options for Windows 2000 Storage 365 Logical Disk Manager 366 Removable Storage Manager 366 Remote Storage Server 367 Distributed File System 367 File Replication Service 368 Indexing Service 369 Backup Utility 369 Defragmentation Utility 369 Administering NTFS Resources 370 How NTFS Permissions Are Applied 370 Access Control Lists 371 Combining NTFS Permissions 371 Permission Inheritance 372 NTFS Folder Permissions 372 NTFS File Permissions 372 Managing NTFS Permissions 373 Special Access Permissions 375 Using Special Access Permissions 375 Changing NTFS Permissions 378 Copying and Moving Files and Folders 378 Copying Files 378 Moving Files 379 Administering Shared Resources 380 Securing Network Resources 380 Shared Folder Permissions 381
Đồng bộ tài khoản