www.dbeBooks.com - An Ebook Library About the Authors Tony Northrup, MCSE and CISSP, is a consultant and author living in the Boston, Mas- sachusetts, area. During his seven years as Principal Systems Architect at BBN/Genuity, he was ultimately responsible for the reliability and security of hundreds of Windows– based servers and dozens of Windows domains—all connected directly to the Internet. Needless to say, Tony learned the hard way how to keep Windows systems safe in a hostile environment. Tony has authored and co-authored many books on Windows and networking, from NT Network Plumbing in 1998 to the Windows Server 2003 Resource Kit Performance and Troubleshooting Guide. Tony has also written several papers for Microsoft TechNet, covering firewalls, ASP.NET, and other security topics. Orin Thomas is a writer, editor, and systems administrator who works for the certifica- tion advice Web site Certtutor.net. His work in IT has been varied: he’s done everything from providing first-level networking support to acting in the role of systems adminis- trator for one of Australia’s largest companies. He was co-author of the MCSA/MCSE self-paced training kit for Exam 70-290 and co-editor of the MCSA/MCSE self-paced training kits for exams 70-292 and 70-296, both by Microsoft Press. He holds the MCSE, CCNA, CCDA, and Linux+ certifications. He holds a bachelor’s degree in Science with honors from the University of Melbourne and is currently working toward the comple- tion of a PhD in Philosophy of Science. iii Contents Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxi About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxiii Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv About the CD-ROM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv Features of This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Part 1: Learn at Your Own Pace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Part 2: Prepare for the Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi Informational Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Keyboard Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxviii Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxviii Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix Setup Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix The Microsoft Certified Professional Program . . . . . . . . . . . . . . . . . . . . . . . . . . xxx Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi Requirements for Becoming a Microsoft Certified Professional . . . . . . . . . xxxi Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii Evaluation Edition Software Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxxiii Part I Learn at Your Own Pace 1 Planning and Configuring an Authentication Strategy 1-3 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-4 Lesson 1: Understanding the Components of an Authentication Model . . . . . . . .1-6 The Difference Between Authentication and Authorization . . . . . . . . . . . . . . .1-6 Network Authentication Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Storing User Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Authentication Features of Windows Server 2003 . . . . . . . . . . . . . . . . . . . .1-9 Authentication Protocols in Windows Server 2003 . . . . . . . . . . . . . . . . . . . .1-9 LM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-11 NTLM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 The Kerberos Authentication Process . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13 Storage of Local User Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15 Tools for Troubleshooting Authentication Problems . . . . . . . . . . . . . . . . . . .1-16 vi Contents Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-16 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17 Lesson 2: Planning and Implementing an Authentication Strategy . . . . . . . . . . .1-18 Considerations for Evaluating Your Environment . . . . . . . . . . . . . . . . . . . . .1-18 Guidelines for Creating a Strong Password Policy . . . . . . . . . . . . . . . . . . . .1-19 Options for Account Lockout Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-21 Options for Creating a Kerberos Ticket Policy . . . . . . . . . . . . . . . . . . . . . . .1-22 Windows 2003 Authentication Methods for Earlier Operating Systems . . . .1-24 Using Multifactor Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-27 Practice: Adjusting Authentication Options . . . . . . . . . . . . . . . . . . . . . . . . .1-28 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-30 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31 Lesson 3: Configuring Authentication for Web Users . . . . . . . . . . . . . . . . . . . . 1-32 Configuring Anonymous Access for Web Users . . . . . . . . . . . . . . . . . . . . . . 1-32 Configuring Web Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-33 Delegated Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-34 Practice: Configuring Anonymous Authentication . . . . . . . . . . . . . . . . . . . .1-36 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-39 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-40 Lesson 4: Creating Trusts in Windows Server 2003 . . . . . . . . . . . . . . . . . . . . .1-41 Trusts in Windows Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-43 Practice: Creating Trusts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-49 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-53 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-55 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-56 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-57 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-58 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-60 Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-60 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-60 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-61 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . .1-65 Design Activity: Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-65 2 Planning and Configuring an Authorization Strategy 2-1 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Lesson 1: Understanding Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Effective Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-4 Inheriting Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-5 Contents vii Standard and Special Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-7 Practice: Denying Access Using Group Membership . . . . . . . . . . . . . . . . . .2-14 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18 Lesson 2: Managing Groups in Windows Server 2003 . . . . . . . . . . . . . . . . . . . 2-19 Types of Groups in Windows Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . .2-19 Group Scopes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20 Domain and Forest Functional Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22 Built-In Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-24 Special Groups and Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28 Tools for Administering Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32 Creating Restricted Groups Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32 Practice: Creating Groups and Assigning Rights . . . . . . . . . . . . . . . . . . . . . 2-34 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-35 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-37 Lesson 3: Planning, Implementing, and Maintaining an Authorization Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-38 Authentication, Authorization, and the Principle of Least Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-38 User/ACL Authorization Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39 Account Group/ACL Authorization Method . . . . . . . . . . . . . . . . . . . . . . . . .2-39 Account Group/Resource Group Authorization Method . . . . . . . . . . . . . . . .2-40 Group Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-41 Defining Which Users Can Create Groups . . . . . . . . . . . . . . . . . . . . . . . . . 2-43 Group Nesting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-44 When to Retire Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-44 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-45 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-46 Lesson 4: Troubleshooting Authorization Problems. . . . . . . . . . . . . . . . . . . . . .2-47 Troubleshooting Simple Authorization Problems . . . . . . . . . . . . . . . . . . . . .2-47 Troubleshooting Complex Authorization Problems. . . . . . . . . . . . . . . . . . . .2-48 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-54 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-55 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-55 Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-55 Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-56 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-57 Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-57 Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-57 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-58 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-59 viii Contents Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-59 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-60 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-61 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . .2-65 Design Activity: Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-65 3 Deploying and Troubleshooting Security Templates 3-1 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Lesson 1: Configuring Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4 Predefined Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5 Security Template Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6 Creating and Editing Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Security Template Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9 Security Configuration for Earlier Versions of Windows . . . . . . . . . . . . . . . .3-13 Practice: Create and Examine a New Security Template . . . . . . . . . . . . . . .3-14 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-16 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Lesson 2: Deploying Security Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 Deploying Security Templates Using Active Directory . . . . . . . . . . . . . . . . .3-18 Deploying Security Templates Without Active Directory . . . . . . . . . . . . . . . .3-25 Practice: Applying and Deploying Security Templates . . . . . . . . . . . . . . . . .3-27 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-29 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 Lesson 3: Troubleshooting Security Templates. . . . . . . . . . . . . . . . . . . . . . . . . 3-31 Troubleshooting Problems with Applying Group Policy . . . . . . . . . . . . . . . . .3-31 Troubleshooting Unexpected Security Settings . . . . . . . . . . . . . . . . . . . . . . 3-38 Troubleshooting System Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-43 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-44 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-45 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50 Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-50 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-50 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . .3-54 Design Activity: Troubleshooting Exercise . . . . . . . . . . . . . . . . . . . . . . . . .3-55 Contents ix 4 Hardening Computers for Specific Roles 4-1 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Lesson 1: Tuning Security for Client Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Planning Managed Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Software Restriction Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-5 Security for Desktop Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 Security for Mobile Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 Security for Kiosks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-9 Practice: Restricting Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-10 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 Lesson 2: Tuning Security for Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-16 Perimeter Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19 Security for DHCP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-21 Security for DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-26 Security for Domain Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29 Security for Internet Information Services . . . . . . . . . . . . . . . . . . . . . . . . . 4-31 Security for Internet Authentication Service . . . . . . . . . . . . . . . . . . . . . . . . 4-39 Security for Exchange Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43 Security for SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46 Practice: Hardening Servers and Analyzing Traffic . . . . . . . . . . . . . . . . . . . .4-50 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54 Lesson 3: Analyzing Security Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55 Security Configuration And Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55 Microsoft Baseline Security Analyzer—Graphical Interface . . . . . . . . . . . . .4-56 Microsoft Baseline Security Analyzer—Command-Line Interface . . . . . . . . .4-58 Practice: Analyzing Security Configurations . . . . . . . . . . . . . . . . . . . . . . . .4-58 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-60 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-61 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-65 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-66 Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-67 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-68 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 Design Activity: Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-73 x Contents 5 Planning an Update Management Infrastructure 5-1 Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Lesson 1: Updating Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-3 Introduction to Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-3 Types of Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Product Lifecycles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-10 Chaining Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-12 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13 Lesson 2: Updating Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14 The Updating Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-14 Assessing Your Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-15 Deploying Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-16 The Update Test Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-24 Practice: Evaluating Your Updating Infrastructure . . . . . . . . . . . . . . . . . . . .5-25 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-26 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27 Lesson 3: Updating Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-28 Discovering Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29 Evaluating Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30 Retrieving Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32 Testing Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-33 Installing Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-33 Removing Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-34 Auditing Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35 Practice: Evaluating Your Updating Process . . . . . . . . . . . . . . . . . . . . . . . . 5-36 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-36 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37 Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-37 Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-39 Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-42 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43 Key Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-44 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-44 Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45 Design Activity: Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . .5-48 Design Activity: Troubleshooting Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-50 [...]... Security in a Microsoft Windows Server 2003 Network Today’s networks are constantly under attack by a variety of sources Worms and viruses are the most common sources of attacks, and because they are constantly evolving, protecting your network against them requires implementing and administer­ ing an update management infrastructure More dangerous attacks are launched by malicious, skilled individuals and... Learning Support Web site at http://www .microsoft. com/learning/support/default.asp/ You can also e-mail tkinput @microsoft. com or send a letter to Microsoft Learning, Attention: MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a Microsoft Windows Server 2003 Network Editor, One Microsoft Way, Redmond, WA 98052-6399 Features of This Book This book has two parts... understanding of networking fundamentals ■ Have at least one year of experience implementing and administering a Windowsbased network operating system ■ For some chapters and labs, have a basic understanding of Microsoft SQL Server 2000 and Microsoft Exchange Server 2000 or later ■ Have a basic understanding of wireless technology About the CD-ROM For your use, this book includes a Supplemental CD-ROM,... Contains information that is essential to completing a task About This Book Note xxvii Contains supplemental information Caution Contains valuable information about possible loss of data; be sure to read this information carefully Contains critical information about possible physical injury; be sure to read this information carefully Warning See Also Contains references to other sources of information... templates and instructions for securing Windows Server 2003 ❑ The Windows XP Security Guide,” which provides instructions and templates that can be used to secure Windows XP ❑ “Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP,” which details every security setting About This Book xxv A second CD-ROM contains a 180-day evaluation edition of Microsoft Windows Server 2003, ... example, “Press ALT, F, X” means that you press and release each key in sequence “Press ALT+W, L” means that you first press ALT and W at the same time, and then release them and press L Getting Started This training kit contains hands-on exercises to help you learn about deploying, manag­ ing, and troubleshooting a Windows Server 2003 security infrastructure Use this section to prepare your self-paced. .. questions, or ideas regarding this book or the companion disc, please send them to Microsoft Learning using either of the following methods: E-mail: tkinput @microsoft. com Postal Mail: Microsoft Learning Attn: MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Imple­ menting and Administering Security in a Microsoft Windows Server 2003 Network Editor One Microsoft Way Redmond, WA 98052-6399 About This Book... exam Each objective provides you with several practice exam questions The answers are accompanied by explanations of each correct and incorrect answer Note These questions are also available on the companion CD as a practice test Informational Notes Several types of reader aids appear throughout the training kit Tip Contains methods of performing a task more quickly or in a not-so-obvious way Important... security ■ Sample chapters from several Microsoft Learning books These chapters give you additional information about Windows Server 2003 and introduce you to other resources that are available from Microsoft Press ■ Supplemental information, including: ❑ The Microsoft Windows Server 2003 Deployment Kit, ” which provides detailed information about deploying network services ❑ The Windows Server 2003 Security. .. skills to manage and troubleshoot existing network and system environments based on the Microsoft Windows and Microsoft Windows Server 2003 operating systems ■ Microsoft Certified Database Administrator (MCDBA) Individuals who design, implement, and administer Microsoft SQL Server databases ■ Microsoft Certified Trainer (MCT) Instructionally and technically qualified to deliver Microsoft Official Curriculum . first-level networking support to acting in the role of systems adminis- trator for one of Australia’s largest companies. He was co-author of the MCSA/MCSE self-paced training kit for Exam 70-290 and. say, Tony learned the hard way how to keep Windows systems safe in a hostile environment. Tony has authored and co-authored many books on Windows and networking, from NT Network Plumbing in. www.dbeBooks.com - An Ebook Library About the Authors Tony Northrup, MCSE and CISSP, is a consultant and author living in the Boston, Mas- sachusetts, area. During his seven years as Principal Systems Architect