| Windows Server 2003 |
| Windows Server 2003 R2 Technical Library |
| Windows Server 2003 Service Pack 1 Technical Library |
| Windows Server 2003 Service Pack 2 Technical Library |
| Comparison of Windows Server 2003 Editions |
| Product Evaluation |
| Getting Started |
| Planning and Architecture |
| Deployment |
| Windows Server 2003 Deployment Guide |
| Automating and Customizing Installations |
| Designing a Managed Environment |
| Deploying Network Services |
| Designing and Deploying Directory and Security Services |
| Planning, Testing, and Piloting Deployment Projects |
| Planning Server Deployments |
| Windows Server 2003 Performance Counters Reference |
| Windows Server 2003 Resource Kit Registry Reference |
| Glossary of Registry Terms |
| About the Registry Reference |
| How to Use the Registry Reference |
| Registry Reference Document Conventions |
| About the Windows Registry |
| Overview of the Windows Registry |
| Editing the Registry |
| Data Types in the Registry |
| Backing Up and Restoring the Registry |
| HKEY_CURRENT_CONFIG |
| HKEY_CLASSES_ROOT |
| HKEY_CURRENT_USER |
| Console |
| ColorTable# |
| CursorSize |
| FaceName |
| FontFamily |
| FontSize |
| FontWeight |
| FullScreen |
| HistoryBufferSize |
| InsertMode |
| LoadConIme |
| NumberOfHistoryBuffers |
| PopupColors |
| QuickEdit |
| ScreenBufferSize |
| ScreenColors |
| WindowPosition |
| WindowSize |
| console-window-name |
| element-name Entry |
| Control Panel Key |
| Accessibility Subkey |
| Accessibility-option |
| Appearance |
| Current Entry |
| CustomColors |
| Schemes |
| Colors Subkey |
| Colors\element-name |
| Control Panel\Current |
| Color Schemes |
| Custom Colors |
| Color Entry |
| Control Panel\Desktop Subkey |
| ActiveWndTrkTimeout |
| AutoEndTasks |
| CoolSwitch |
| CoolSwitchColumns |
| CoolSwitchRows |
| CursorBlinkRate |
| DragFullWindows |
| DragHeight |
| DragWidth |
| FontSmoothing |
| ForegroundFlashCount |
| ForegroundLockTimeout |
| GridGranularity |
| HungAppTimeout |
| MenuShowDelay |
| PaintDesktopVersion |
| Pattern Entry |
| ScreenSaveActive Entry |
| ScreenSaveTimeOut Entry |
| SCRNSAVE.EXE |
| TileWallpaper |
| WaitToKillAppTimeout |
| WindowMetrics |
| International Subkey |
| AddHijriDate |
| iCalendarType |
| iCountry |
| iCurrDigits |
| iCurrency |
| iDate |
| iDigits |
| iFirstDayOfWeek |
| iFirstWeekOfYear |
| iLZero |
| iMeasure |
| iNegCurr |
| iNegNumber |
| iTime |
| iTimePrefix |
| iTLZero |
| International\Locale |
| NumShape |
| s1159 |
| s2359 |
| sCountry |
| sCurrency |
| sDate |
| sDecimal |
| sGrouping |
| sList |
| sLongDate |
| sMonDecimalSep |
| sMonGrouping |
| sMonThousandSep |
| sNativeDigits |
| sNegativeSign |
| sPositiveSign |
| sShortDate |
| sThousand |
| sTime |
| sTimeFormat |
| Patterns |
| Patterns\Pattern |
| Screen Saver.Screensaver-name |
| Screen Saver.Screensaver-name\element-name |
| Environment Key |
| TEMP Entry |
| TMP Entry |
| Network Key |
| Drive letter |
| ConnectionType |
| ProviderName |
| ProviderType |
| SOFTWARE Subtree |
| Microsoft Subkey |
| Command Processor Subkey |
| AutoRun Entry |
| CompletionChar Entry |
| DefaultColor Entry |
| DelayedExpansion Entry |
| EnableExtensions Entry |
| PathCompletionChar Entry |
| Driver Signing Subkey |
| Policy Entry |
| Microsoft\Fax Subkey |
| fxsclnt |
| FaxConsoleView |
| Archive |
| SortAscending |
| SortColumn |
| Columns |
| Order Entry |
| MessagesPerCall |
| Confirm |
| ItemDeletion |
| MainFrame |
| Maximized |
| NormalPosBottom |
| NormalPosLeft |
| NormalPosRight |
| NormalPosTop |
| SplitterPos |
| Fax\Setup |
| CfgWzdrUserInfo |
| WereCpesConverted |
| UserInfo |
| FaxNumber |
| File Manager |
| FxsCover |
| Ntbackup Subkey |
| Backup Engine |
| Use fast file restore |
| User Interface |
| RAS Phonebook |
| Microsoft\Windows |
| CurrentVersion Subkey |
| CurrentVersion\Explorer Subkey |
| Shutdown Setting |
| Advanced Subkey |
| Intellimenus Entry |
| Shell Folders Subkey |
| User Shell Folders Subkey |
| User Shell Folders\Desktop |
| Favorites |
| NetHood |
| User Shell Folders\Personal Entry |
| PrintHood |
| User Shell Folders\Programs |
| SendTo |
| Start Menu |
| Startup |
| Recent |
| CurrentVersion\Policies Subkey |
| Policies\ActiveDesktop |
| AdminComponent Subkey |
| Policies\Explorer |
| Explorer\NoFileAssociate |
| Windows Help |
| Microsoft\Windows NT |
| Windows NT\CurrentVersion |
| Devices Subkey |
| Extensions |
| Network Subkey |
| Server Manager |
| User Manager |
| User Manager for Domains |
| Program Manager |
| Program Manager\Restrictions |
| NoClose Entry |
| NoFileMenu Entry |
| NoRun Entry |
| NoSaveSettings Entry |
| Program Manager\Restrictions Subkey |
| ShowCommonGroups |
| EditLevel |
| Program Manager\Settings |
| AutoArrange |
| display.drv |
| MinOnRun |
| SaveSettings |
| UNICODE Groups |
| TaskManager |
| TrueType |
| TTEnable |
| TTonly |
| CurrentVersion\Windows |
| Device Entry |
| Documents |
| fPrintError |
| fPrintFileLine |
| fPrintVerbose |
| fPrintWarning |
| fPromptOnError |
| fPromptOnVerbose |
| fPromptOnWarning |
| load |
| NetMessage |
| NullPort |
| Windows\Programs |
| run Entry |
| Winlogon Subkey |
| ReportDC |
| Winlogon\RunLogonScriptSync |
| Microsoft\Windows Script |
| Windows Script\Settings |
| Settings\Enabled |
| Software\Policies |
| Policies\Microsoft |
| Microsoft\Control Panel |
| Control Panel\International |
| Calendars |
| Microsoft\MMC Subkey |
| Class-ID |
| Policies\Microsoft\Windows Subkey |
| Installer Subkey |
| UNICODE Program Groups |
| HKEY_LOCAL_MACHINE |
| Hardware Key |
| HARDWARE\DESCRIPTION |
| System Subkey |
| DEVICEMAP |
| SAM Key |
| Security Key |
| HKLM\SOFTWARE |
| SOFTWARE\Microsoft |
| Microsoft\Command Processor |
| Command Processor\AutoRun |
| Command Processor\CompletionChar |
| Command Processor\DefaultColor |
| Command Processor\DelayedExpansion |
| Command ProcessorEnableExtensions |
| Command Processor\PathCompletionChar |
| Microsoft\Driver Signing |
| Driver Signing\Policy |
| DrWatson |
| AppendToLogFile |
| CrashDumpFile |
| CreateCrashDump |
| DumpAllThreads |
| DumpSymbols |
| Instructions |
| LogFilePath Entry |
| MaximumCrashes |
| NumberOfCrashes |
| SoundNotification |
| VisualNotification |
| WaveFile |
| Fax Subkey |
| LastUniqueLineId |
| CfgWzdrDevice |
| DisableRoutingExtensionConfiguration |
| Inbound Profile |
| ManualAnswerDevice |
| MaxLineCloseTime |
| NextJobNumber |
| RecipientsLimit |
| QueueDirectory |
| QueueState |
| Branding |
| ActivityLogging |
| Device Providers |
| Fax\Devices |
| Devices Cache |
| Inbox |
| Logging Subkey |
| Outbound Routing |
| Receipts |
| Routing Extensions |
| Fax\Security |
| SentItems |
| Fax\Setup Subkey |
| TAPIDevices |
| Internet Explorer Subkey |
| Media |
| Autoplay |
| MSMQ |
| Parameters |
| MSSQLServer |
| Client Subkey |
| ConnectTo |
| BlockExeAttachments |
| Outlook Express_DepKit |
| Microsoft\PCHealth |
| ErrorReporting Subkey |
| ErrorReporting\DW Subkey |
| PswdSync |
| Domains Subkey |
| UNIX-system-name |
| LoginAccount |
| SystemMonitor |
| DisplaySingleLogSampleValue |
| DisplayThousandsSeparator |
| Microsoft\Windows Subkey |
| Windows\CurrentVersion |
| CurrentVersion\Explorer |
| Explorer\Shell Folders |
| Explorer\User Shell Folders |
| Common Desktop |
| Common Documents |
| Common Favorites |
| Common Programs |
| Common Start Menu |
| User Shell Folders\Personal |
| Common Startup |
| CurrentVersion\Policies |
| CurrentVersion\Run |
| RunOnce |
| Telephony Subkey |
| Microsoft\Windows NT Subkey |
| CurrentVersion Entry |
| AeDebug |
| DNS Server_DepKit |
| Font Drivers |
| FontDPI |
| Fonts Subkey |
| FontSubstitutes |
| GRE_Initialize |
| CurrentVersion\Network Subkey |
| PDH |
| Perflib |
| Print Subkey |
| Type 1 Installer |
| CurrentVersion\Windows Subkey |
| CurrentVersion\Winlogon |
| WOW |
| Microsoft\Windows Script Subkey |
| Policies Subkey |
| Program Groups Subkey |
| SYSTEM |
| Deployment Kit Compact Disc |
| Deployment Guide Document Conventions |
| Support Policy |
| Deployment Guide for the Security Configuration Wizard |
| Planning the SCW Deployment |
| Deploying SCW to multiple servers |
| Creating SCW security policy files |
| Deploying SCW security policy files |
| Converting of SCW security policy files into Group Policy objects (GPOs) |
| Using Group Policy and Active Directory with SCW |
| Deploying SCW security policy as Group Policy objects |
| Rollback considerations |
| Windows Server 2003: Deployment Whitepapers |
| Network Load Balancing: Security Best Practices for Windows 2000 and Windows Server 2003 |
| Deployment and Operational Management |
| Summary of Security Attributes |
| Windows Cluster Technologies: Remote Setup, Unattended Installations and Image-based Installations of Network Load Balancing |
| Unattended Installation of NLB Clusters |
| Image-based Installations of NLB Clusters |
| Generating and Distributing a Virtual Hard Disk |
| Appendix A - Windows Cluster Technologies: Remote Setup, Unattended Installations and Image-based Installations of Network Load Balancing |
| Print Server Upgrade, Migration, and Interoperability |
| Windows 2000 and Windows Server 2003 Printing Architecture |
| Changes to Printer Drivers in Windows 2000 |
| Upgrading to Windows 2000 Server or the Windows Server 2003 Family |
| Migrating to Windows 2000 |
| Point and Print for Windows 2000 |
| Customer Actions Moving Forward |
| Summary (Print Server Upgrade, Migration, and Interoperability) |
| Related Links (Print Server Upgrade, Migration, and Interoperability) |
| Windows Print Server Scalability and Sizing Technical Overview |
| Introduction (Windows Print Server Scalability and Sizing Technical Overview) |
| Factors Influencing Print Server Performance |
| Performance Monitoring and Baseline Measurement |
| Reference Systems |
| Resources (Windows Print Server Scalability and Sizing Technical Overview) |
| Best Practices for Deploying Printer Location with Active Directory |
| Introduction (Best Practices for Deploying Printer Location with Active Directory) |
| Creating the Location Schema |
| Configuring Printer Location and Setting Location Policies |
| Setting Standards When Printer Location Tracking is Disabled |
| Summary (Best Practices for Deploying Printer Location with Active Directory) |
| Related Links (Best Practices for Deploying Printer Location with Active Directory) |
| Certificate Autoenrollment in Windows Server 2003 |
| Introduction (Certificate Autoenrollment in Windows Server 2003) |
| How Autoenrollment Works |
| Configuring an Enterprise CA |
| Configuring Group Policy |
| User Autoenrollment |
| Certificate Renewal |
| Autoenrollment Functions |
| Updating Group Policy |
| Advanced Features |
| Supported Hardware (Certificate Autoenrollment in Windows Server 2003) |
| Troubleshooting (Certificate Autoenrollment in Windows Server 2003) |
| Summary (Certificate Autoenrollment in Windows Server 2003) |
| Related Links (Certificate Autoenrollment in Windows Server 2003) |
| Account Passwords and Policies in Windows Server 2003 |
| Account Lockout and Password Concepts |
| Configuring Account Lockout Settings |
| Configuring Account Lockout |
| Details of Account Lockout Settings and Processes |
| Maintaining and Monitoring Account Lockout |
| Troubleshooting Account Lockout |
| Account Lockout Tools |
| Appendix One: Additional References for Account Lockout |
| Appendix Two: Gathering Information to Troubleshoot Account Lockout Issues |
| Guide to Creating and Configuring a Server Cluster under Windows Server 2003 White Paper |
| Introduction (Guide to Creating and Configuring a Server Cluster under Windows Server 2003 White Paper) |
| Checklists for Server Cluster Configuration |
| Cluster Installation |
| Configuring the Cluster Service |
| Post-Installation Configuration |
| Test Installation |
| Appendix (Guide to Creating and Configuring a Server Cluster under Windows Server 2003 White Paper) |
| Related Links (Guide to Creating and Configuring a Server Cluster under Windows Server 2003 White Paper) |
| Deploying SQL Server Logging with Windows Server 2003 Internet Authentication Service (IAS) |
| Introduction (Deploying SQL Server Logging with Windows Server 2003 Internet Authentication Service (IAS)) |
| Key concepts for IAS SQL Server logging |
| Local IAS SQL Server logging |
| IAS SQL Server logging with a central database |
| IAS SQL Server logging using MSDE 2000 |
| Related Links (Deploying SQL Server Logging with Windows Server 2003 Internet Authentication Service (IAS)) |
| Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs) |
| Introduction (Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)) |
| Configuring Active Directory |
| Configuring IAS |
| Summary (Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)) |
| Related Links (Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)) |
| Kerberos authentication for load balanced web sites |
| Introduction (Kerberos authentication for load balanced web sites) |
| Setting up Kerberos Authentication against the cluster name Service Principal Name |
| Server Clusters: Remote Setup, Unattended Installations and Image-based Installations |
| Overview (Server Clusters: Remote Setup, Unattended Installations and Image-based Installations) |
| Command Line Setup |
| Unattended Installation of Server Clusters |
| Image-based Installations of Server Clusters |
| Configuring Your Server Clusters |
| Image-based Installation of the Operating System and the Cluster Service Using Automated Deployment Services (ADS) |
| Appendix A (Server Clusters: Remote Setup, Unattended Installations and Image-based Installations) |
| Appendix B (Server Clusters: Remote Setup, Unattended Installations and Image-based Installations) |
| Appendix C (Server Clusters: Remote Setup, Unattended Installations and Image-based Installations) |
| Appendix D (Server Clusters: Remote Setup, Unattended Installations and Image-based Installations) |
| Appendix E (Server Clusters: Remote Setup, Unattended Installations and Image-based Installations) |
| Appendix F (Server Clusters: Remote Setup, Unattended Installations and Image-based Installations) |
| Appendix G (Server Clusters: Remote Setup, Unattended Installations and Image-based Installations) |
| Server Clusters: Rolling Upgrades. Upgrading to Windows Server 2003 |
| Introduction (Server Clusters: Rolling Upgrades. Upgrading to Windows Server 2003) |
| Benefits |
| Requirements (Server Clusters: Rolling Upgrades. Upgrading to Windows Server 2003) |
| Limitations |
| How Rolling Upgrades Work (Server Clusters: Rolling Upgrades. Upgrading to Windows Server 2003) |
| Rolling Upgrade Walkthrough |
| Known Issues |
| Troubleshooting (Server Clusters: Rolling Upgrades. Upgrading to Windows Server 2003) |
| Conclusion (Server Clusters: Rolling Upgrades. Upgrading to Windows Server 2003) |
| Server Clusters: Majority Node Set Quorum |
| Motivation (Server Clusters: Majority Node Set Quorum) |
| What Is a Majority Node Set? (Server Clusters: Majority Node Set Quorum) |
| How to Set Up a Majority Node Set (Server Clusters: Majority Node Set Quorum) |
| Using the Cluster Command to Setup a Majority Node Set (Server Clusters: Majority Node Set Quorum) |
| Sizing a Majority Node Set Cluster (Server Clusters: Majority Node Set Quorum) |
| What to Do If You Lose Quorum (Server Clusters: Majority Node Set Quorum) |
| Other Considerations (Server Clusters: Majority Node Set Quorum) |
| Using Windows Server 2003 in a Managed Environment: Controlling Communication with the Internet |
| Introduction to Controlling Communication with the Internet (Windows Server 2003) |
| Activation, Registration, and Internet Communication (Windows Server 2003) |
| Application Help and Internet Communication (Windows Server 2003) |
| Certificate Support and Internet Communication (Windows Server 2003) |
| Device Manager and Internet Communication (Windows Server 2003) |
| Driver Protection and Internet Communication (Windows Server 2003) |
| Dynamic Update and Internet Communication (Windows Server 2003) |
| Event Viewer and Internet Communication (Windows Server 2003) |
| File Association Web Service and Internet Communication (Windows Server 2003) |
| Help and Support Center: Internet Communication (Windows Server 2003) |
| HyperTerminal and Internet Communication (Windows Server 2003) |
| Internet Explorer 6.0 and Internet Communication (Windows Server 2003) |
| Internet Information Services and Internet Communication (Windows Server 2003) |
| Internet Protocol Version 6 (IPv6) and Internet Communication (Windows Server 2003) |
| NetMeeting and Internet Communication (Windows Server 2003) |
| Online Device Help and Internet Communication (Windows Server 2003) |
| Outlook Express 6.0 and Internet Communication (Windows Server 2003) |
| Plug and Play and Internet Communication (Windows Server 2003) |
| Program Compatibility Wizard and Internet Communication (Windows Server 2003) |
| Remote Assistance and Internet Communication (Windows Server 2003) |
| Search Companion and Internet Communication (Windows Server 2003) |
| Terminal Server Licensing and Internet Communication (Windows Server 2003) |
| Windows Error Reporting and Internet Communication (Windows Server 2003) |
| Windows Media Player and Internet Communication (Windows Server 2003) |
| Windows Media Services and Internet Communication (Windows Server 2003) |
| Windows Time Service and Internet Communication (Windows Server 2003) |
| Windows Update, Automatic Updates, and Internet Communication (Windows Server 2003) |
| Appendix A: Resources for Learning About Automated Installation and Deployment (Windows Server 2003) |
| Appendix B: Resources for Learning About Group Policy (Windows Server 2003) |
| Appendix C: Message Queuing and Internet Communication (Windows Server 2003) |
| Appendix D: Connection Manager and Internet Communication (Windows Server 2003) |
| Appendix E: Passport Manager Administration (Windows Server 2003) |
| Appendix F: Internet Connection Sharing and Related Networking Features (Windows Server 2003) |
| Appendix G: Add Network Place Wizard (Windows Server 2003) |
| Appendix H: New Connection Wizard (Windows Server 2003) |
| Related Links for Controlling Communication with the Internet (Windows Server 2003) |
| Network Load Balancing: Configuration Best Practices for Windows 2000 and Windows Server 2003 |
| General Considerations |
| Security and Manageability |
| High Availability |
| Troubleshooting Network Load Balancing |
| Deploying Wireless Provisioning Services (WPS) Technology |
| Introduction (Deploying Wireless Provisioning Services (WPS) Technology) |
| Configuring IAS for WPS Technology |
| WPS Technology for a WISP with VLANs |
| WPS Technology for the Enterprise |
| WISP Roaming Agreement Deployments |
| Server Certificate Requirements |
| Active Directory Replication |
| XML Schemas |
| How to Use IAS with a Third-Party User Accounts Database |
| PEAP-MS-CHAP v2 |
| How to Create an IAS Extension DLL and a URL PEAP-TLV |
| Beta Documentation Note |
| WPS Technology for a WISP with IP Filters |
| WPS Technology for an HSP with IP Filters |
| Summary (Deploying Wireless Provisioning Services (WPS) Technology) |
| Related Links (Deploying Wireless Provisioning Services (WPS) Technology) |
| Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure |
| About This Document (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure) |
| Overview of the PKI Design Process (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure) |
| Integration Into Existing Environments (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure) |
| Windows Server 2003 PKI and Dependencies (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure) |
| Deployment Planning (Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure) |
| Creating Certificate Policies and Certificate Practice Statements |
| Example Scenario for Contoso |
| Stand-alone Offline Intermediate CA (IntermediateCA1) |
| Stand-alone Offline Intermediate CA (CorporateSub2CA) |
| Online Enterprise Issuing CAs (CorporateEnt1CA) |
| Certification Authority Maintenance |
| Appendix A: Directory Objects |
| Contents of \\Localhost\CertConfig and \\Localhost\CertEnroll |
| Relationship of the Configuration Container and Certificate Store |
| Default CA Certificate and CRL Storage |
| Mapping Custom Object Identifiers to Friendly Names |
| CAPolicy.inf Syntax |
| CRL Distribution Point Replacement Token |
| CRL Publishing Properties |
| AIA Publishing Properties |
| Sample Script to Configure CorporateRootCA |
| Sample Script to Configure IntermediateCA |
| Sample Script to Configure the EnterpriseSubCA |
| Appendix B: Parameters for a Three-Tier CA Topology |
| Appendix C: Additional Information |
| Server Clusters: Network Configuration Best Practices for Windows 2000 and Windows Server 2003 |
| Cluster Networking Requirements |
| Cluster Networking Best Practices |
| Procedures for Implementing Cluster Networking Best Practices |
| IPSec in Cluster Networking |
| NetBIOS in Cluster Networking |
| Virtual Private Networking with Windows Server 2003: Deploying Remote Access VPNs |
| Introduction to Virtual Private Networking with Windows Server 2003: Deploying Remote Access VPNs |
| Components of Windows Remote Access VPNs |
| Deploying PPTP-based Remote Access |
| Deploying L2TP/IPSec-based Remote Access |
| Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 |
| Appendix B: Alternate Configurations |
| Appendix C: Setting up a VPN Test Lab |
| Appendix D: Troubleshooting |
| Appendix E: Deploying a Certificate Infrastructure |
| Summary and Related Links |
| Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site VPNs |
| Introduction (Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site VPNs) |
| Components of Windows Server 2003 Site-to-Site VPNs |
| Deploying a PPTP-based Site-to-Site VPN Connection |
| Deploying an L2TP/IPSec-based Site-to-Site VPN Connection |
| Appendix A: Configuring Firewalls for a VPN Router Running Windows Server 2003 |
| Appendix B: Alternate Configurations -- Virtual Private Networking |
| Appendix C: Troubleshooting |
| Summary -- Virtual Private Networking |
| Virtual Private Networking with Windows Server 2003: An Example Deployment |
| Introduction to Virtual Private Networking with Windows Server 2003: An Example Deployment |
| Common Configuration for the VPN Server (VPN with Windows Server 2003) |
| VPN Remote Access for Employees (VPN with Windows Server 2003) |
| On-Demand Branch Office (VPN with Windows Server 2003) |
| Persistent Branch Office (VPN with Windows Server 2003) |
| Extranet for Business Partners (VPN with Windows Server 2003) |
| Dial-up and VPNs with RADIUS Authentication (VPN with Windows Server 2003) |
| Summary (VPN with Windows Server 2003) |
| Related Links for Virtual Private Networking with Windows Server 2003: An Example Deployment |
| Using Hotpatching Technology to Reduce Servicing Reboots |
| Introduction to Hotpatching |
| Hotpatch Package Structure |
| Deployment Strategy |
| Limitations and Compatibility Issues |
| Package Installation |
| Best Practice Guide for Securing Active Directory Installations |
| Scope of This Guide |
| General Guidelines |
| Audience |
| How to Use This Guide |
| Chapter 1: Planning In-Depth Active Directory Security |
| Overview of the Role of Active Directory in Secure Access |
| Planning for Active Directory Security-in-Depth |
| Deployment Scenarios for Domain Controllers in a Secure Network Operating System |
| Security Planning Through Threat Analysis |
| Chapter 2: Establishing Secure Active Directory Boundaries |
| Specifying Security and Administrative Boundaries |
| Selecting an Active Directory Structure Based on Delegation Requirements |
| Establishing Secure Collaboration with Other Forests |
| Recommendations: Establishing Secure Active Directory Boundaries |
| Chapter 3: Deploying Secure Domain Controllers |
| Securing the Domain Controller Build Environment |
| Establishing Secure Domain Controller Build Practices |
| Maintaining Physical Security |
| Recommendations: Deploying Secure Domain Controllers |
| Chapter 4: Strengthening Domain and Domain Controller Policy Settings |
| Strengthening Domain Policy Settings |
| Strengthening Domain Controller Policy Settings |
| Applying Selected Domain and Domain Controller Policy Settings |
| Reviewing Audit Settings on Important Active Directory Objects |
| Recommendations: Strengthening Domain and Domain Controller Policy Settings |
| Chapter 5: Establishing Secure Administrative Practices |
| Establishing Secure Service Administration Practices |
| Establishing Secure Data Administration Practices |
| Recommendations: Establishing Secure Administrative Practices |
| Chapter 6: Securing DNS |
| Deploying Secure DNS |
| Non–Active Directory–Integrated DNS Security |
| Appendix: Procedures |
| Enabling SID Filtering |
| Enabling Auditing on Important Active Directory Objects |
| Securing Scripts with Script Signing |
| Updating the Default Domain Policy GPO and the Default Domain Controllers Policy GPO |
| Creating a New GPO on the Domain Controllers OU and Changing Its Precedence |
| Creating a .reg File |
| Creating a Reserve File |
| Enabling Monitoring for Anonymous Active Directory Access |
| Monitoring for Anonymous Active Directory Access |
| Renaming the Default Administrator Account |
| Creating a Decoy Administrator Account |
| Changing the Security Descriptor on AdminSDHolder |
| Denying Logon Access to the Domain |
| Allowing Logon Access to Administrative Workstations |
| Appendix: Setting User Account Control Policy for Delegated Administrators |
| Best Practices for Delegating Active Directory Administration |
| Chapter 1: Delegation of Administration Overview |
| Business Case for Delegating Administration |
| Benefits of Delegation |
| Delegation at Work |
| Active Directory Management |
| Creating a Successful Active Directory Delegation Model |
| Chapter 2: How Delegation Works in Active Directory |
| Overview |
| Active Directory Administrative Tasks |
| Active Directory Logical Structure and Data Storage |
| Delegation and Access Control |
| Chapter 3: Delegating Service Management |
| Level-of-Privilege Considerations in Delegating Service Management |
| Recommended Approach to Service Management |
| Service Management Overview |
| Creating a Service Management Delegation Model |
| Implementing the Service Management Delegation Model |
| Maintaining the Service Management Delegation Model |
| Chapter 4: Delegating Data Management |
| Recommended Approach to Data Management |
| Understanding Data Management |
| Determining Data Management Stakeholder Needs |
| Creating the Data Management Delegation Model |
| Implementing Your Data Management Delegation Model |
| Maintaining Your Data Management Delegation Model |
| Case Study: A Delegation Scenario |
| Company Overview |
| Active Directory Infrastructure |
| Managing Contoso’s Active Directory Environment |
| Step 1 — Create the Contoso Service Management Administrative Delegation Model |
| Step 2 — Implement the Administrative Delegation Model for Contoso Service Management |
| Step 3 — Hand Off Data Management to Contoso Data Administrators |
| Step 4 — Create the Contoso Data Management Administrative Delegation Model |
| Step 5 – Implement the Contoso Data Management Administrative Delegation Model |
| Best Practices for Delegating Active Directory Administration: Appendices |
| Appendix A: Active Directory Administrative Tasks |
| Appendix B: Default Active Directory Security Groups |
| Appendix C: Active Directory Standard Permissions |
| Appendix D: Active Directory Extended Rights |
| Appendix E: Active Directory Property Sets |
| Appendix F: Logon Rights and Privileges |
| Appendix G: Active Directory Delegation Tools |
| Appendix H: Active Directory Display Name Mappings |
| Appendix I: Default Container Hierarchy for Active Directory Partitions |
| Appendix J: Default Owners of Active Directory Objects |
| Appendix K: Default Settings in the Master Security Descriptor of the AdminSDHolder Object |
| Appendix L: Implementing Service Management Delegation Roles |
| Appendix M: Service Management Delegation Role Definitions |
| Appendix N: Default Active Directory Service Administrator Groups |
| Appendix O: Active Directory Delegation Wizard File |
| R2: Deployment (R2 only) |
| Installing Windows Server 2003 R2 |
| Before You Install |
| Installing or Upgrading to Windows Server 2003 R2 |
| Performing a Clean Installation of Windows Server 2003 R2 |
| Upgrading to Windows Server 2003 R2 |
| Upgrading to Windows Server 2003 R2 |
| Command-line options for installing Windows Server 2003 R2 |
| Installing Optional Components and Server Roles |
| Add or upgrade server roles by using Manage Your Server |
| Install an optional component by using Add/Remove Windows Components |
| Find a component in Add/Remove Windows Components |
| Administering components from a computer running Windows XP |
| Troubleshooting installation issues with Windows Server 2003 R2 |
| Windows Server 2003 R2 Volume License Product Key Encryption |
| ADFS Step-by-Step Guide |
| ADFS Deployment Guide |
| Planning to Deploy ADFS |
| Implementing Your ADFS Design Plan |
| Checklist: Implementing a Web SSO Design |
| Checklist: Implementing a Federated Web SSO Design |
| Checklist: Implementing a Federated Web SSO with Forest Trust Design |
| Deploying Partner Organizations |
| Checklist: Configuring the account partner organization |
| Checklist: Configuring the resource partner organization |
| Checklist: Implementing a resource account mapping method |
| Add a new account partner by manually configuring the trust policy |
| Add a new account partner by importing an existing policy file |
| Add a new resource partner by manually configuring the trust policy |
| Add a new resource partner by importing an existing policy file |
| Create an organization group or custom claim |
| Create an incoming group claim mapping |
| Create an incoming custom claim mapping |
| Create an outgoing group or custom claim mapping |
| Add an Active Directory account store |
| Add an ADAM account store |
| Map an organization group claim to an Active Directory group (group claim extraction) |
| Map an organization custom claim to an Active Directory or ADAM user attribute (custom claim extraction) |
| Map an organization group claim to an ADAM attribute and value (group claim extraction) |
| Map an organization group claim to a resource group |
| Create a resource account in the resource partner forest |
| Configure resource account options |
| Enable enhanced identity privacy |
| Configure a claims transform module |
| Configure an account partner to use Windows trust |
| Configure a resource partner to use Windows trust |
| Distribute certificates to client computers using Group Policy |
| Configure client computers to trust the account federation server |
| Deploying Federated Applications |
| Checklist: Installing a claims-aware application |
| Checklist: Installing a Windows NT token-based application |
| Configure IIS to support a federated application |
| Configure web.config to use the claims-aware Web Agent |
| Configure the Windows NT token-based Web Agent |
| Add a new claims-aware application to the Federation Service |
| Add a new Windows NT token-based application to the Federation Service |
| Enable an organization claim for a federated application in the Federation Service |
| Configure authentication methods for a federated application |
| Configure the security token protection method for a federated application |
| Configure event logging for a claims-aware application |
| Configure event logging for a Windows NT token-based application |
| Deploying ADFS-Enabled Web Servers |
| Checklist: Installing an ADFS-enabled Web server |
| Join a computer to a domain |
| Add a host (A) record to perimeter DNS for an ADFS-enabled Web server |
| Export the private key portion of a server authentication certificate |
| Import a server authentication certificate to the default Web site |
| Install prerequisite applications |
| Install the ADFS Web Agent component of ADFS |
| Verify that an ADFS-enabled Web server is operational |
| Deploying Federation Servers |
| Checklist: Installing a federation server |
| Checklist: Configuring certificates for a federation server |
| Join a computer to a domain |
| Add a host (A) record to corporate DNS for a federation server |
| Export the private key portion of a server authentication certificate |
| Import a server authentication certificate to the default Web site |
| Create a self-signed, token-signing certificate |
| Install prerequisite applications |
| Install the Federation Service component of ADFS |
| Configure event logging on a federation server |
| Verify that a federation server is operational |
| Deploying Federation Server Proxies |
| Checklist: Installing a federation server proxy |
| Join a computer to a domain |
| Configure name resolution for a federation server proxy in a DNS zone serving only the perimeter network |
| Configure name resolution for a federation server proxy in a DNS zone serving both the perimeter network and Internet clients |
| Import a server authentication certificate to the default Web site |
| Install prerequisite applications |
| Install the Federation Service Proxy component of ADFS |
| Export the public key portion of a client authentication certificate |
| Add a Federation Service Proxy certificate to the trust policy |
| Configure event logging on a federation server proxy |
| Verify that a federation server proxy is operational |
| Finding Additional ADFS Resources |
| Hardware Management Introduction |
| Enabling Hardware Management |
| Configuration and Security |
| Integration with WMI |
| Windows Remote Management Command-Line Tool (Winrm.cmd) |
| Event Collector |
| Hardware Management Architecture |
| How to Bundle ADAM with Your Application |
| ADAM Install Components |
| Creating a Windows Installer Package |
| Bundling ADAM |
| Identifying ADAM Install Errors |
| Managing Dependencies on the ADAM Service |
| Uninstalling ADAM |
| Step-by-Step Guide for Print Management |
| Step-by-Step Guide to Deploying ADAM |
| Requirements for ADAM |
| Installing ADAM |
| Using ADAM Administration Tools |
| Setting Up Application Data |
| Using an Application with ADAM |
| Managing OUs, Groups, and Users in ADAM |
| Managing Directory Partitions in ADAM |
| Managing Authorization in ADAM |
| Managing Authentication in ADAM |
| Backing Up and Restoring Active Directory Application Mode (ADAM) |
| Managing Configuration Sets |
| Administering ADAM Programmatically |
| Step-by-Step Guide for Storage Manager for SANs |
| Introduction to Storage Manager for SANs |
| Storage Manager for SANs Requirements |
| Installing Storage Manager for SANs and Other Required Software |
| Using Storage Manager for SANs |
| Overview of LUN Management in Storage Manager for SANs |
| Support for Multipath I/O |
| Deploying LUNs Using Storage Manager for SANs |
| Task 1: Configure Server Connections |
| Task 2: (iSCSI Only) Configure Targets and Enable Portals |
| Task 3: (iSCSI Only) Configure Security |
| Task 4: (iSCSI Only) Establish Logon Sessions Between the Initiator and Targets |
| Task 5: Create LUNs |
| Providing LUN Access to a Server Cluster |
| Step-by-Step Guide for File Server Resource Manager |
| Introduction to File Server Resource Manager |
| Installing File Server Resource Manager |
| Using the File Server Resource Manager Component |
| Configuring E-mail Notifications |
| Working with Quotas |
| Working with File Groups |
| Screening Files |
| Generating Storage Reports |
| Test Scenarios for File Server Resource Manager |
| Step-by-Step Guide to Setting Up Server for NIS |
| Task 1: Install Server for NIS on a Domain Controller |
| Task 2: Migrate NIS Maps to Active Directory |
| Task 3: Set the Frequency of Map Propagation |
| Task 4: Set the Encryption Method for NIS Domains |
| Step-by-Step Guide to Deploying Password Synchronization |
| Task 1: Install Password Synchronization on a Domain Controller |
| Task 2: Install the Password Synchronization Daemon on UNIX-based Computers |
| Task 3: Install the Pluggable Authentication Module on UNIX-based Computers |
| Task 4: Configure Password Synchronization |
| Task 5: Start Password Synchronization |
| Services for Network File System in Microsoft Windows Server 2003 R2 |
| Introduction |
| What Is New in Windows Server 2003 R2? |
| NFS Components in Windows Server 2003 R2 and Past Releases |
| Concepts |
| Windows and UNIX User and Group Identities |
| Integrated Identity Management in Active Directory Domain Services |
| Identity Matching in User Name Mapping Service |
| Configuration |
| Installing Services for Network File System |
| Installing Identity Management for UNIX |
| Extending the Active Directory Domain Services Schema |
| Importing UNIX Identities into Active Directory by Using IDMU |
| Mapping UNIX Users to Windows Users |
| Configuring Services for Network File System to Use Active Directory Domain Lookup |
| Configuring Services for Network File System to Use User Name Mapping Service |
| Open Ports on Firewalls |
| Creating a Network File System Shared Network Resource |
| Conclusion |
| For More Information |
| Network File System in Microsoft Unified Data Storage Server 2003 |
| Introduction |
| What Is New in Windows Server 2003 R2? |
| NFS Components in Windows Server 2003 R2 and Past Releases |
| Concepts |
| Windows and UNIX User and Group Identities |
| Integrated Identity Management in Active Directory Domain Services |
| Identity Matching in User Name Mapping Service |
| Windows Unified Data Storage Server 2003 Configuration |
| Windows Server 2003 R2 Configuration |
| Installing Services for Network File System |
| Installing Identity Management for UNIX |
| Extending the Active Directory Domain Services Schema |
| Importing UNIX Identities into Active Directory by Using IDMU |
| Mapping UNIX Users to Windows Users |
| Configuring Services for Network File System to Use Active Directory Domain Lookup |
| Configuring Services for Network File System to Use User Name Mapping Service |
| Open Ports on Firewalls |
| Creating a Network File System Shared Network Resource |
| Conclusion |
| For More Information |
| Preserving OEM Preactivation When Reinstalling Windows Server 2003 R2 |
| IIS 6.0 Deployment Guide |
| Overview of Deploying IIS 6.0 |
| Overview of Deploying an IIS 6.0 Web Server |
| Process for Deploying an IIS 6.0 Web Server |
| Deploying a New IIS 6.0 Web Server |
| Upgrading and Migrating a Server to IIS 6.0 |
| Overview of IIS 6.0 |
| IIS 6.0 Benefits and Features |
| Internet and Intranet Applications on IIS 6.0 |
| Determining Application Compatibility with IIS 6.0 |
| Moving from IIS 5.0 Isolation Mode to Worker Process Isolation Mode |
| Reviewing Application Isolation Modes |
| Benefits of Moving to Worker Process Isolation Mode |
| Security Enhancements |
| Performance and Scaling Enhancements |
| Availability Enhancements |
| Deploying ASP.NET Applications in IIS 6.0 |
| Overview of Deploying ASP.NET Applications in IIS 6.0 |
| Process for Deploying ASP.NET Applications in IIS 6.0 |
| Deploying the Web Server |
| Installing Windows Server 2003_IIS_SP1_Dep |
| Installing and Configuring IIS 6.0 |
| Enabling ASP.NET in the Web Service Extensions List |
| Installing ASP.NET Applications |
| Creating Web Sites and Virtual Directories for each ASP.NET Application |
| Creating Web Sites and Home Directories |
| Creating Virtual Directories |
| Copying ASP.NET Application Content |
| Enabling Common Storage for ASP.NET Session State |
| Selecting the Method for Maintaining and Storing ASP.NET Session State |
| Configuring Out-of-Process Session State with the ASP.NET State Service |
| Configuring Out-of-Process Session State with SQL Server |
| Configuring Encryption and Validation Keys |
| Configuring ASP.NET Applications to Use the Appropriate Session State |
| Securing the ASP.NET Session-State Connection String |
| Completing the ASP.NET Application Deployment |
| Verifying That the ASP.NET Applications Were Deployed Successfully |
| Ensuring the Security and Availability of ASP.NET Applications |
| Backing Up the Web Server |
| Enabling Client Access |
| Securing Web Sites and Applications |
| Overview of the Securing Web Sites and Applications Process |
| Process for Securing Web Sites and Applications |
| Reducing the Attack Surface of the Web Server |
| Enabling Only Essential Windows Server 2003 Components and Services |
| Enabling Only Essential IIS Components and Services |
| Enabling Only Essential Web Service Extensions |
| Configuring Windows Server 2003 Security Settings |
| Preventing Unauthorized Access to Web Sites and Applications |
| Storing Content on a Dedicated Disk Volume |
| Setting IIS Web Site Permissions |
| Setting IP Address and Domain Name Restrictions |
| Setting NTFS Permissions |
| Isolating Web Sites and Applications |
| Evaluating the Effects of Impersonation on Application Compatibility |
| Identifying the Impersonation Behavior for ASP Applications |
| Selecting the Impersonation Behavior for ASP.NET Applications |
| Configuring Web Sites and Applications for Isolation |
| Adding Web Sites to an IIS 6.0 Server |
| Configuring User Authentication |
| Configuring Web Site Authentication |
| Selecting a Web Site Authentication Method |
| Configuring the Web Site Authentication Method |
| Configuring FTP Site Authentication |
| Encrypting Confidential Data Exchanged with Clients |
| Using SSL to Encrypt Confidential Data |
| Using IPsec or VPN with Remote Administration |
| Maintaining Web Site and Application Security |
| Obtaining and Applying Current Security Patches |
| Enabling Windows Server 2003 Security Logs |
| Enabling File Access Auditing for Web Site Content |
| Configuring IIS Logs |
| Reviewing Security Policies, Processes, and Procedures |
| Additional Resources About Security in IIS 6.0 |
| Ensuring Application Availability |
| Overview of the Ensuring Application Availability Process |
| Process for Ensuring Application Availability |
| Establishing Application Availability Goals |
| Setting Service Availability Goals |
| Setting Request-Handling Goals |
| Configuring IIS 6.0 for Optimum Availability |
| Isolating Applications |
| Determining the Application Isolation Needs of Your Server |
| Creating Application Pools and Assigning Applications to Them |
| Recycling Worker Processes |
| Recycling by Elapsed Time |
| Recycling by Number of Requests |
| Recycling at Scheduled Times |
| Recycling on a Virtual-Memory Threshold |
| Recycling on a Used-Memory Threshold |
| Tuning Performance |
| Configuring Idle Time-out for Worker Processes |
| Configuring a Request Queue Limit |
| Enabling HTTP Compression IIS 6.0 |
| Configuring Web Gardens |
| Setting Processor Affinity on Servers with Multiple CPUs |
| Managing Application Pool Health |
| Configuring Worker Process Pinging |
| Configuring Rapid-Fail Protection for Worker Processes |
| Configuring the Startup Time Limit for Worker Processes |
| Configuring the Shutdown Time Limit for Worker Processes |
| Enabling Debugging for Application Pool Failures |
| Configuring Application Pool Identity |
| Testing Applications for Compatibility |
| Testing Applications for Compatibility with IIS 6.0 |
| Testing Applications for Functional Compatibility with IIS 6.0 |
| Additional Resources About Application Availability in IIS 6.0 |
| Upgrading an IIS Server to IIS 6.0 |
| Overview of Upgrading an IIS Server to IIS 6.0 |
| Process for Upgrading an IIS Server to IIS 6.0 |
| Preparing to Upgrade |
| Determining Compatibility with Windows Server 2003 |
| Identifying and Compensating for Changes to IIS 6.0 |
| Ensuring That the WWW Service is Enabled After Upgrade |
| Compensating for Changes to IIS Components |
| Determining Application Compatibility with Worker Process Isolation Mode |
| Evaluating the Benefits of Worker Process Isolation Mode |
| Evaluating Application Changes Required for Worker Process Isolation Mode |
| Evaluating Management and Provisioning Script Changes Required for Worker Process Isolation Mode |
| Verifying Application Compatibility with Worker Process Isolation Mode in a Lab |
| Determining Application Compatibility with the .NET Framework |
| Performing the Upgrade |
| Backing Up the Server_IIS_SP1_Dep |
| Verifying That Clients Are Not Accessing Web Sites |
| Preventing the WWW Service from Being Disabled |
| Modifying the Registry or Unattended Setup Script |
| Running the IIS Lockdown Tool |
| Upgrading the Server to IIS 6.0 |
| Verifying That the Operating System Upgrade Was Successful |
| Backing Up the IIS 6.0 Metabase |
| Converting to Worker Process Isolation Mode |
| Documenting the Current Application Isolation Settings |
| Configuring IIS 6.0 to Run in Worker Process Isolation Mode |
| Configuring Application Isolation Settings in Worker Process Isolation Mode |
| Example: Converting to Worker Process Isolation Mode |
| Configuring IIS 6.0 Properties |
| Enabling the WWW Service |
| Configuring Web Service Extensions |
| Configuring MIME Types |
| Modifying References to IIS 6.0 Metabase Properties |
| Upgrading FrontPage Extended Web Sites |
| Determining Whether to Run the IIS Lockdown Tool and UrlScan |
| Making Security-Related Configuration Changes |
| Enabling Essential IIS Components and Services |
| Removing Unnecessary IIS Virtual Directories |
| Configuring the Anonymous User Identity |
| Configuring IIS 6.0 to Host ASP.NET Applications |
| Configuring IIS 6.0 to Use the Correct Version of the .NET Framework |
| Configuring the .NET Framework |
| Reviewing How ASP.NET Applications Run In Each Application Isolation Mode |
| Migrating Machine.config Attributes to IIS 6.0 Metabase Property Settings |
| Migrating Recycling-Related Attributes |
| Migrating Performance-Related Attributes |
| Migrating Health-Related Attributes |
| Migrating Identity-Related Attributes |
| Completing the Upgrade_IIS_SP1_Dep |
| Verifying That the Web Sites and Applications Run Properly |
| Backing Up the IIS 6.0 Server before Enabling Client Access |
| Enabling Client Access to the IIS 6.0 Server |
| Additional Resources About Upgrading to IIS 6.0 |
| Migrating IIS Web Sites to IIS 6.0 |
| Migrating Apache Web Sites to IIS 6.0 |
| Appendix A: IIS Deployment Procedures |
| Appendix B: Changes to Metabase Properties in IIS 6.0 |
| Appendix C: Choosing a Cluster Technology for IIS 6.0 |
| Appendix D: Running 32-bit Applications on 64-bit Windows |
| Appendix E: Unattended Setup |
| Additional Resources_IIS_SP1_Dep |
| Operations |
| Windows Server 2003 Operations |
| Active Directory Operations Guide |
| Troubleshooting Active Directory |
| Configuring a Computer for Troubleshooting |
| Troubleshooting Active Directory Replication Problems |
| Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042) |
| Event ID 1388 or 1988: A lingering object is detected |
| A deleted account remains in the Address Book, e-mail is not received, or a duplicate account exists |
| Event ID 2042: It has been too long since this machine replicated |
| Fixing Replication Security Problems |
| An "Access denied" or other security error has caused replication problems |
| Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088) |
| Event ID 1925: Attempt to establish a replication link failed due to DNS lookup problem |
| Event ID 2087: DNS lookup failure caused replication to fail |
| Event ID 2088: DNS lookup failure occurred with replication success |
| Fixing Replication Connectivity Problems (Event ID 1925) |
| Event ID 1925: Attempt to establish a replication link failed due to connectivity problem |
| Fixing Replication Topology Problems (Event ID 1311) |
| Event ID 1311: Replication configuration does not reflect the physical network |
| Additional Resources |
| Monitoring and Troubleshooting Active Directory Replication Using Repadmin |
| Repadmin Introduction and Technology Overview |
| Repadmin Requirements, Syntax, and Parameter Descriptions |
| Repadmin Usage Scenarios |
| Monitor Forest-Wide Replication |
| Display Replication Partners and Status of a Domain Controller |
| Replication Latency |
| View Replication Metadata of an Object |
| Display the Attributes of a Specific Object |
| How Up to Date Are My Domain Controllers? |
| Can I Look at My Connection Objects and Schedule Details? |
| Fine-Tuning Change Notification Values |
| Forcing Replication |
| Keeping Track of Changes That Have Occurred Over a Period of Time |
| Usage of Repadmin When Troubleshooting Event ID 1311 |
| Subcommands Not Covered Under the Previous Scenarios |
| Oldhelp |
| Administer PRP for RODC with Repadmin.exe |
| Repadmin for Experts |
| Administering Active Directory |
| Introduction |
| New in This Guide |
| Administering Domain and Forest Trusts |
| Introduction |
| Best Practices |
| Managing Domain and Forest Trusts |
| Creating Domain and Forest Trusts |
| DNS and NetBIOS Name Resolution to Create External, Realm and Forest Trusts |
| Known Issues for Creating Domain and Forest Trusts |
| Creating External Trusts |
| Create a one-way, incoming, external trust for one side of the trust |
| Create a one-way, incoming, external trust for both sides of the trust |
| Create a one-way, outgoing, external trust for one side of the trust |
| Create a one-way, outgoing, external trust for both sides of the trust |
| Create a two-way, external trust for one side of the trust |
| Create a two-way, external trust for both sides of the trust |
| Creating Shortcut Trusts |
| Create a one-way, incoming, shortcut trust for one side of the trust |
| Create a one-way, incoming, shortcut trust for both sides of the trust |
| Create a one-way, outgoing, shortcut trust for one side of the trust |
| Create a one-way, outgoing, shortcut trust for both sides of the trust |
| Create a two-way, shortcut trust for one side of the trust |
| Create a two-way, shortcut trust for both sides of the trust |
| Creating Forest Trusts |
| Create a one-way, incoming, forest trust for one side of the trust |
| Create a one-way, incoming, forest trust for both sides of the trust |
| Create a one-way, outgoing, forest trust for one side of the trust |
| Create a one-way, outgoing, forest trust for both sides of the trust |
| Create a two-way, forest trust for one side of the trust |
| Create a two-way, forest trust for both sides of the trust |
| Creating Realm Trusts |
| Create a one-way, incoming, realm trust |
| Create a one-way, outgoing, realm trust |
| Create a two-way, realm trust |
| Configuring Domain and Forest Trusts |
| Validating and removing trusts |
| Validate a trust |
| Remove a manually created trust |
| Modifying Name Suffix Routing Settings |
| Modify the routing status of a name suffix |
| Enable or disable an existing name suffix for routing |
| Exclude name suffixes from routing to local forests |
| Securing Domain and Forest Trusts |
| Configuring SID Filtering Settings |
| Verify SID filter quarantining |
| Disable SID filter quarantining |
| Reapply SID filter quarantining |
| Configuring Selective Authentication Settings |
| Enable selective authentication over an external trust |
| Enable selective authentication over a forest trust |
| Enable domain-wide authentication over an external trust |
| Enable forest-wide authentication over a forest trust |
| Grant the Allowed to Authenticate permission on computers in the trusting domain or forest |
| Appendix |
| Administering the Windows Time Service |
| Introduction |
| Managing the Windows Time Service |
| Configuring a time source for the forest |
| Configure the Windows Time service on the PDC emulator in the Forest Root Domain |
| Change the Windows Time service configuration on the previous PDC emulator |
| Configure a domain controller in the parent domain as a reliable time source |
| Configure the PDC emulator to synchronize from its internal hardware clock |
| Disable the Windows Time service |
| Configuring Windows-based clients to synchronize time |
| Configure a manual time source for a selected client computer |
| Configure a client computer for automatic domain time synchronization |
| Restoring Windows Time service to default settings |
| Restore Windows Time service on local computer to default settings |
| Administering SYSVOL |
| Introduction |
| Managing SYSVOL |
| Changing the Space Allocated to the Staging Area |
| Stop the File Replication service |
| Change the space allocated to the Staging Area folder |
| Start the File Replication service |
| Relocating the Staging Area |
| Identify replication partners |
| Check the status of the shared SYSVOL |
| Verify replication with other domain controllers |
| Gather the SYSVOL path information |
| Reset the File Replication service staging folder to a different logical drive |
| Relocating SYSVOL Manually |
| Identify replication partners |
| Check the status of the shared SYSVOL |
| Verify replication with other domain controllers |
| Gather the SYSVOL path information |
| Stop the File Replication service |
| Create the SYSVOL folder structure |
| Set the SYSVOL path |
| Set the staging area path |
| Prepare a domain controller for nonauthoritative SYSVOL restart |
| Update security on the new SYSVOL |
| Start the File Replication service |
| Updating the System Volume Path |
| Gather the SYSVOL path information |
| Stop the File Replication service |
| Set the SYSVOL path |
| Set the staging area path |
| Start the File Replication service |
| Restoring and Rebuilding SYSVOL |
| Identify replication partners |
| Check the status of the shared SYSVOL |
| Verify replication with other domain controllers |
| Restart the domain controller in Directory Services Restore Mode locally |
| Gather the SYSVOL path information |
| Stop the File Replication service |
| Prepare a domain controller for nonauthoritative SYSVOL restart |
| Import the SYSVOL folder structure |
| Start the File Replication service |
| Administering the Global Catalog |
| Introduction |
| Managing the Global Catalog |
| Configuring a Global Catalog Server |
| Determine whether a domain controller is a global catalog server |
| Designate a domain controller to be a global catalog server |
| Monitor global catalog replication progress |
| Determining Global Catalog Readiness |
| Verify global catalog readiness |
| Verify global catalog DNS registrations |
| Removing the Global Catalog |
| Clear the global catalog setting |
| Monitor global catalog removal in Event Viewer |
| Administering Operations Master Roles |
| Introduction |
| Managing Operations Master Roles |
| Designating a standby operations master |
| Determine whether a domain controller is a global catalog server |
| Create a connection object on the current operations master |
| Create a connection object on the standby operations master |
| Verify successful replication to a domain controller |
| Transferring an operations master role |
| Verify successful replication to a domain controller |
| Determine whether a domain controller is a global catalog server |
| Install the Schema snap-in |
| Transfer the schema master |
| Transfer the domain naming master |
| Transfer the domain-level operations master roles |
| View the current operations master role holders |
| Seizing an operations master role |
| Verify successful replication to a domain controller |
| Seize the operations master role |
| View the current operations master role holders |
| Reducing the workload on the PDC emulator master |
| Change the weight for DNS SRV records in the registry |
| Change the priority for DNS SRV records in the registry |
| Administering Active Directory Backup and Restore |
| Introduction |
| Managing Active Directory Backup and Restore |
| Backing Up Active Directory Components |
| Back up system state |
| Back up system state and the system disk |
| Performing a Nonauthoritative Restore of a Domain Controller |
| Restart the domain controller in Directory Services Restore Mode locally |
| Restart the domain controller in Directory Services Restore Mode remotely |
| Restore Active Directory from backup |
| Verify Active Directory restore |
| Performing an Authoritative Restore of Active Directory Objects |
| Restore Active Directory from backup |
| Mark the object or objects authoritative |
| Synchronize replication with all partners |
| Run an LDIF file to recover back-links |
| Restart the domain controller in Directory Services Restore Mode locally |
| Create an LDIF file for recovering back-links for authoritatively restored objects |
| Turn off inbound replication |
| Turn on inbound replication |
| Performing an Authoritative Restore of an Application Directory Partition |
| Restore Active Directory from backup |
| Mark the application directory partition as authoritative |
| Performing an Authoritative Restore of a Group Policy Object |
| Restore a Group Policy Object |
| Restoring a Domain Controller Through Reinstallation and Subsequent Restore from Backup |
| Restore Active Directory from backup |
| Verify Active Directory restore |
| Restoring a Domain Controller Through Reinstallation |
| Clean up server metadata |
| Delete a Server object from a site |
| Delete a Computer object from the Domain Controllers OU |
| Verify DNS registration and functionality |
| Verify communication with other domain controllers |
| Verify the availability of the operations masters |
| Install Active Directory |
| Administering Intersite Replication |
| Introduction |
| Managing Intersite Replication |
| Adding a New Site |
| Create a site object and add it to an existing site link |
| Create a subnet object or objects and associate them with the new site |
| Associate an existing subnet object with the new site |
| Create a site link object and add the appropriate sites |
| Remove the site from the site link |
| Linking Sites for Replication |
| Create a site link object and add the appropriate sites |
| Determine the ISTG role owner for a site |
| Generate the replication topology on the ISTG |
| Changing Site Link Properties |
| Configure the site link schedule to identify times during which intersite replication can occur |
| Configure the site link interval to identify how often replication polling can occur during the schedule window |
| Configure the site link cost to establish a priority for replication routing |
| Determine the ISTG role owner for a site |
| Generate the replication topology on the ISTG |
| Moving a Domain Controller to a Different Site |
| Change the static IP address of a domain controller |
| Create a delegation for a domain controller |
| Verify that an IP address maps to a subnet and determine the site association |
| Determine whether the server is a preferred bridgehead server |
| Configure the server to not be a preferred bridgehead server |
| Move the Server object to the new site |
| Removing a Site |
| Determine whether a Server object has child objects |
| Delete a Server object from a site |
| Delete the Site Link object |
| Associate the subnet or subnets with the appropriate site |
| Delete the Site object |
| Determine the ISTG role owner for a site |
| Generate the replication topology on the ISTG |
| Administering the Active Directory Database |
| Introduction |
| Managing the Active Directory Database |
| Relocating Active Directory Database Files |
| Determine the database size and location online |
| Determine the database size and location offline |
| Compare the size of the directory database files to the volume size |
| Back up system state |
| Restart the domain controller in Directory Services Restore Mode locally |
| Restart the domain controller in Directory Services Restore Mode remotely |
| Move the directory database and log files to a local drive |
| Copy the directory database and log files to a remote share |
| Returning Unused Disk Space from the Active Directory Database to the File System |
| Change the garbage collection logging level to 1 |
| Back up system state |
| Restart the domain controller in Directory Services Restore Mode locally |
| Restart the domain controller in Directory Services Restore Mode remotely |
| Compact the directory database file (offline defragmentation) |
| If database integrity check fails, perform semantic database analysis with fixup |
| Guarding Against Accidental Bulk Deletions in Active Directory |
| Protect an Organizational Unit from Accidental Deletion |
| Remove Protection Against Accidental Organizational Unit Deletion |
| Administering Domain Controllers |
| Introduction |
| Managing Domain Controllers |
| Preparing for Active Directory Installation |
| Install the DNS Server service |
| Verify DNS registration and functionality |
| Verify that an IP address maps to a subnet and determine the site association |
| Verify communication with other domain controllers |
| Verify the availability of the operations masters |
| Installing a Domain Controller in an Existing Domain |
| Install Active Directory |
| Installing a Domain Controller in an Existing Domain Using Restored Backup Media |
| Back up system state |
| Restore system state to an alternate location |
| Install Active Directory from restored backup media |
| Include application directory partitions in an Active Directory installation from backup media |
| Adding Domain Controllers in Remote Sites |
| Known Issues |
| Best Practices |
| Preparing a Server Computer for Shipping and Installation from Backup Media |
| Back up system state |
| Restore system state to an alternate location |
| Enable Remote Desktop |
| Create an answer file for domain controller installation |
| Create a Remote Desktop Connection |
| Install Active Directory from restored backup media |
| Include application directory partitions in an Active Directory installation from backup media |
| Preparing an Existing Domain Controller for Shipping and Long-Term Disconnection |
| Determine the tombstone lifetime for the forest |
| View the current operations master role holders |
| Transfer the domain-level operations master roles |
| Transfer the schema master |
| Transfer the domain naming master |
| Prepare a domain controller for nonauthoritative SYSVOL restart |
| Enable strict replication consistency |
| Synchronize replication with all partners |
| Verify successful replication to a domain controller |
| Reconnecting a Domain Controller After a Long-Term Disconnection |
| Determine when intersite replication is scheduled to begin |
| Use Repadmin to remove lingering objects |
| Verify successful replication to a domain controller |
| Performing an Unattended Installation of Active Directory |
| Create an answer file for domain controller installation |
| Install Active Directory using an answer file |
| Verifying Active Directory Installation |
| Determine whether a Server object has child objects |
| Verify that an IP address maps to a subnet and determine the site association |
| Move the Server object to the new site |
| Configure DNS server forwarders |
| Verifying DNS configuration |
| Create a delegation for a domain controller |
| Create a secondary zone |
| Configure the DNS client settings |
| Check the status of the shared SYSVOL |
| Verify DNS registration and functionality |
| Verify communication with other domain controllers |
| Verify replication with other domain controllers |
| Verify the availability of the operations masters |
| Verify domain membership for a new domain controller |
| Renaming a Domain Controller |
| Rename a domain controller using System Properties |
| Rename a domain controller using Netdom |
| Update the FRS member object |
| Decommissioning a Domain Controller |
| View the current operations master role holders |
| Transfer the schema master |
| Transfer the domain naming master |
| Transfer the domain-level operations master roles |
| Determine whether a domain controller is a global catalog server |
| Verify DNS registration and functionality |
| Verify communication with other domain controllers |
| Verify the availability of the operations masters |
| Uninstall Active Directory |
| Determine whether a Server object has child objects |
| Delete a Server object from a site |
| Forcing the Removal of a Domain Controller |
| Identify replication partners |
| Force domain controller removal |
| Clean up server metadata |
| Additional Resources |
| DNS Operations Guide |
| Administering DNS |
| Introduction |
| Managing DNS |
| Managing DNS Servers |
| Adding a Primary DNS Server to an Existing Zone |
| Install a new DNS server |
| Configure a DNS server |
| Adding a Secondary DNS Server |
| Add a secondary server to a zone |
| Modifying an Existing DNS Server |
| Start, stop, pause, or restart a DNS server |
| Manually update DNS server data files |
| Clear the DNS server names cache |
| Change the boot method of a DNS server |
| Change the name-checking method of a DNS server |
| Restore DNS server default preferences |
| Using Forwarders |
| Configure forwarders for a DNS server |
| Removing a DNS Server from the Network |
| Delete a resource record |
| Modify an existing resource record |
| Modify the SOA record for a zone |
| Verify a zone delegation |
| Using DNS Aging and Scavenging |
| Set aging and scavenging properties for a DNS server |
| Set aging and scavenging properties for a zone |
| Configure automatic scavenging of stale resource records |
| Start scavenging of stale resource records |
| Reset aging and scavenging properties for a specific resource record |
| Managing DNS Clients |
| Configuring DNS Client Settings |
| Configure DNS settings in Network Connections |
| Managing the DNS Client Resolver Cache |
| Preload the DNS client resolver cache |
| View a DNS client resolver cache |
| Flush and reset a client resolver cache |
| Renewing DNS Client Registration |
| Managing DNS Zones |
| Adding and Removing a Zone |
| Delete a DNS zone |
| Add a new zone |
| Start or pause a zone |
| Start a zone transfer at a secondary server |
| Modifying Zone Properties |
| Change the DNS zone type |
| Change a DNS zone file name |
| Change the zone replication scope |
| Modify the SOA record for a zone |
| Modify DNS zone transfer settings |
| Specify DNS servers as authoritative for a zone |
| Change the master server for a secondary zone |
| Create a notify list for a zone |
| Adjust the refresh, retry, or expire intervals for a zone |
| Configuring Dynamic Updates |
| Enable dynamic updates |
| Enable secure dynamic updates |
| Delegating a Zone |
| Create a new zone delegation |
| Verify a zone delegation |
| Using Stub Zones |
| Reload or transfer stub zones |
| Configure a stub zone to use local master servers |
| Using WINS Lookup in DNS Zones |
| Allow DNS to use WINS resolution |
| Verify that WINS is answering a DNS query |
| Managing DNS Resource Records |
| Adding, Changing, and Deleting Resource Records |
| Add an A resource record to a zone |
| Add an MX resource record to a zone |
| Add a CNAME resource record to a zone |
| Add a PTR resource record to a reverse zone |
| Add a resource record to a DNS zone |
| Add a domain to a zone |
| Modify an existing resource record |
| Delete a resource record |
| View unsupported resource records |
| Disable NS resource record registration |
| Allow NS resource record creation for domain controllers |
| Restrict the DNS resource records that are updated by Netlogon |
| Monitoring DNS |
| Check DNS event log |
| Verify DNS server responsiveness with Nslookup |
| Verify dynamic DNS record updates |
| Verify zone transfers |
| Check the DNS server debug log file |
| Test a query on the DNS server |
| Optimizing DNS |
| Enable or disable fast DNS zone transfers |
| Prevent loading of a zone with bad data |
| Disable DNS round robin |
| Restore DNS server default preferences |
| Disable recursion |
| Disable local subnet prioritization |
| Update root hints |
| Secure the server cache against names pollution |
| Clear server names cache |
| Configure DNSSEC |
| Configure EDNS0 |
| Change UDP message size |
| Securing DNS |
| Securing DNS Zones |
| Enable secure dynamic updates |
| Modify DNS zone transfer settings |
| Delegating a Zone |
| Create a new zone delegation |
| Verify a zone delegation |
| Securing the DNS Server Service |
| Restrict the DNS server to listen on selected IP addresses |
| Secure the server cache against names pollution |
| Disable recursion |
| Update root hints |
| Securing DNS Clients |
| Configure DNS settings in Network Connections |
| Restrict the DNS server to listen on selected IP addresses |
| Troubleshooting DNS |
| Introduction |
| Verifying Computer Settings |
| Configuring a Computer for Troubleshooting |
| Troubleshooting DNS Problems |
| Secure dynamic updates fail |
| DNS server resolves some Internet names incorrectly |
| DNS client fails to resolve name |
| Zone transfers from a secondary DNS server fail |
| Dynamic updates for host records fail |
| Additional Resources |
| Group Policy Operations Guide |
| Group Policy Troubleshooting |
| Introduction |
| Verifying Administrative Workstation Settings |
| Quick Fixes |
| Configuring Administrative Workstation for Troubleshooting |
| Enable Logging for Group Policy Management Console |
| Enabling Logging for Group Policy Editor |
| Enable Logging for Group Policy Object Editor Client Side Extensions |
| Enable Logging for Core Group Policy |
| Enable Logging for Security Settings |
| Enable Logging for Folder Redirection Client Side Extension |
| Enable Logging for Software Installation Client Side Extension |
| Enable Logging for Internet Explorer Client Side Extension |
| Troubleshooting Group Policy Problems |
| Fixing Core Group Policy problems |
| Fixing Group Policy networking issues |
| Group Policy does not apply when connecting remotely over a slow link |
| Unable to access domain controller |
| Group Policy does not replicate |
| Fixing Group Policy processing issues |
| Policy setting is not supported |
| GPO provides unexpected value |
| Group Policy does not refresh |
| Policy settings do not apply for software installation, scripts, or folder redirection |
| Group Policy is not applied due to cached credentials |
| Machine required resources are not available |
| Loopback processing does not work |
| Loopback Replace does not work in cross forest environment |
| Fixing Group Policy scoping issues |
| Policy settings incorrectly applied or denied due to security filtering |
| Policy settings incorrectly applied or denied due to WMI filtering |
| Fixing Group Policy structural issues |
| GPO does not apply to a specific user or computer |
| Critical files on domain controllers or client computers are missing or corrupted |
| Trust relationships are not working |
| Group Policy does not apply after migration |
| Fixing Administrative Template policy setting problems |
| Administrative Templates CSE is processed with errors |
| Group Policy Object Editor loads with "[strings] section is too long and has been truncated" message |
| Some policy settings do not show in GPMC reports |
| Custom ADM settings do not display in the Group Policy Editor |
| Fixing Security Settings Problems |
| Replication of Group Policy settings between domain controllers fails |
| Password Policy settings changes do not take effect |
| Account Policy templates are applied incorrectly |
| Security Settings policies are propagated with warnings |
| Scecli.dll errors occur when opening Account Policies or Local Policies |
| Default Group Policy objects become corrupted: disaster recovery |
| Windows Security Settings remain in effect after removal |
| Fixing Scripts policy settings problems |
| Startup scripts do not run as expected on a computer running Windows XP SP1 or Windows XP SP2 |
| Scripts deployed to computer do not run (Userinit events 1000 and 1001) |
| Fixing Software Installation policy setting problems |
| Software Installation changes do not apply after logon |
| Failure to access software share points |
| User uninstalls a deployed application on a computer and application is unavailable to the user on every computer |
| Software is not listed in Add or Remove Programs |
| Install on demand fails |
| Software Installation operation fails |
| Fixing Folder Redirection policy settings problems |
| Folder Redirection encounters errors and redirection fails |
| Folder Redirection CSE processing is delayed |
| Fixing Disk Quota extension problems |
| Disk Quota CSE processed with errors |
| Fixing Group Policy problems by using log files |
| Interpreting Userenv log files |
| Interpreting Security Settings log files |
| Additional Resources |
| Security Technologies Operations Guide |
| Troubleshooting Kerberos |
| Introduction |
| Verifying Computer Settings |
| Configuring a Computer for Troubleshooting |
| Troubleshooting Kerberos Problems |
| Service Logons Fail Due to Incorrectly Set SPNs |
| Authentication Uses NTLM instead of Kerberos |
| Authentication Fails in a Mixed Windows and UNIX Environment |
| Authentication Fails Due to User PAC |
| Authentication Using UDP Causes Errors |
| Authentication Errors are Caused by Unsynchronized Clocks |
| Additional Resources |
| Troubleshooting Access Control |
| Introduction |
| Verifying Computer Settings |
| Quick Fixes |
| Configuring a Computer for Troubleshooting |
| Troubleshooting Access Control Problems |
| Anonymous user cannot access a shared folder |
| Unknown user is attempting to access a file or folder he or she should not have access to |
| Unknown user is changing ACLs on files or folders |
| User cannot access a file or folder but should have permission |
| Users cannot write to a shared folder after migration to Windows Server 2003 |
| Additional Resources |
| Server Cluster Operations Guide |
| Troubleshooting the Quorum Resource in a Server Cluster |
| Verifying Permissions, Hardware, and Software Before Troubleshooting the Quorum Resource |
| Configuring a Computer for Troubleshooting the Quorum Resource in a Server Cluster |
| Troubleshooting Quorum Resource Problems |
| Files on the Cluster Quorum Might be Missing, Inaccessible, or Corrupt |
| The Quorum Resource is on an Inaccessible or Nonfunctioning Disk |
| The Cluster Configuration File on a Node is Corrupt |
| Additional Resources |
| Terminal Server Licensing Operations Guide |
| Troubleshooting Terminal Server Licensing |
| Introduction |
| Verifying Computer Settings |
| Quick Fixes |
| Configuring a Computer for Troubleshooting |
| Troubleshooting Terminal Server Licensing Problems |
| Understanding Windows Server 2003 updates for Terminal Server Licensing |
| Understanding Troubleshooting Considerations for Specific Terminal Server Licensing Environments |
| Fixing Client Connectivity Problems |
| The terminal server cannot locate the license server |
| The remote computer disconnected the session because of an error in the licensing protocol |
| The remote session was disconnected because there were network problems during the license protocol |
| A licensing error occurred while the client was attempting to connect. (Licensing timed out) |
| The remote session was disconnected because there are no Terminal Server license servers available to provide a license |
| The remote session was disconnected because there are no Terminal Server client access licenses available for this computer |
| The remote session was disconnected because the local computer's client access license could not be upgraded or renewed |
| Because of a security error, the client could not connect to the terminal server |
| Event ID 26: Your terminal services temporary client license will expire in N days |
| Event ID 1011: The terminal services client has been disconnected because its temporary license has expired |
| Event ID 1026: The terminal server could not locate a license server in the domain |
| Event ID 1028: The terminal server client has been disconnected because its license could not be renewed |
| Fixing CAL Issuance and Upgrade Problems |
| The terminal server cannot locate the license server |
| The remote session was disconnected because there are no Terminal Server license servers available to provide a license |
| The remote session was disconnected because there are no Terminal Server client access licenses available for this computer |
| The remote session was disconnected because the local computer's client access license could not be upgraded or renewed |
| No licenses are being issued from the available pool of licenses |
| Event ID 26: Your terminal services temporary client license will expire in N days |
| Event ID 1011: The terminal services client has been disconnected because its temporary license has expired |
| Event ID 1026: The terminal server could not locate a license server in the domain |
| Event ID 1028: The terminal server client has been disconnected because its license could not be renewed |
| Fixing License Server Activation Problems and Other Licensing Problems |
| The product ID generated by the Terminal Server License Server Activation Wizard doesn't work |
| Event ID 43: Work Manager error can't startup work scheduler, Error code -1072167891 |
| Additional Resources |
| Step-by-Step Guide for Configuring Group Policy for Terminal Services |
| Loopback Technology Review |
| Requirements for Configuring Group Policy for Terminal Services |
| Group Policy Terminal Services Scenarios |
| Scenario 1: Administering Group Policy to Provide a Consistent Terminal Services Desktop |
| Scenario 2: Filtering Administrators from Terminal Services Group Policies |
| Additional References |
| Windows Firewall Operations Guide |
| Administering Windows Firewall |
| Introduction |
| Managing Windows Firewall |
| Best Practices for Managing Windows Firewall |
| Managing Resets, Startup, and Shutdown |
| Known Issues for Managing Resets, Startup, and Shutdown |
| Configuring Windows Firewall with SCW |
| Use SCW to Configure Windows Firewall |
| Enabling and Disabling Windows Firewall |
| Turn Windows Firewall On or Off |
| Turn Windows Firewall On or Off for a Specific Connection |
| Turn Windows Firewall On with No Exceptions |
| Restoring Windows Firewall Default Settings |
| Restore Windows Firewall Default Settings |
| Managing Windows Firewall Profiles |
| Known Issues for Managing Windows Firewall Profiles |
| Determine Which Profile Windows Firewall Is Using |
| Specify Which Profile You Are Configuring |
| Managing Program, Port, and System Service Firewall Rules |
| Known Issues for Managing Firewall Rules |
| Configuring Program Firewall Rules |
| Add a Program to the Firewall Rules List |
| Edit or Delete a Program Firewall Rule |
| Identify Blocked Servers, Listeners, and Peers |
| Identify Unblocked Servers, Listeners, and Peers |
| Configuring Port Firewall Rules |
| Add a Port to the Firewall Rules List |
| Edit or Delete a Port Firewall Rule |
| Configuring System Service Firewall Rules |
| Enable or Disable the File and Printer Sharing Firewall Rule |
| Enable or Disable the Remote Desktop Firewall Rule |
| Enable or Disable the UPnP Framework Firewall Rule |
| Enable or Disable the Remote Administration Firewall Rule |
| Configuring Firewall Rules for Specific Connections |
| Add a Port to the Firewall Rules List for a Specific Connection |
| Edit or Delete a Connection-Specific Port Firewall Rule |
| Configuring Scope Settings |
| Change the Scope of a Firewall Rule |
| Managing IPsec, Multicast, and ICMP Settings |
| Known Issues for Managing IPsec, Multicast, and ICMP Settings |
| Configuring ICMP Settings |
| Block and Unblock ICMP Messages |
| Configuring IPsec Settings |
| Configure Authenticated IPsec Bypass |
| Configuring Multicast Settings |
| Block Unicast Responses to Multicast Traffic |
| Managing Windows Firewall Notifications |
| Known Issues for Managing Windows Firewall Notifications |
| Enable or Disable Windows Firewall Notifications |
| Optimizing Windows Firewall |
| Best Practices for Optimizing Windows Firewall |
| Known Issues for Optimizing Windows Firewall |
| Monitoring Windows Firewall |
| Best Practices for Monitoring Windows Firewall |
| Using the Windows Firewall Log |
| Known Issues for Using the Windows Firewall Log |
| Enable or Disable the Windows Firewall Log |
| View the Windows Firewall Log File |
| Change the Name and Location of the Windows Firewall Log File |
| Change the Size of the Windows Firewall Log File |
| Interpreting the Windows Firewall Log |
| Identify Program Failures |
| Identify Malicious Activity |
| Using the Security Log |
| Known Issues for Using the Security Log |
| Enable Auditing of Windows Firewall Events |
| View Windows Firewall Events in Event Viewer |
| Securing Windows Firewall |
| Best Practices for Securing Windows Firewall |
| Known Issues for Securing Windows Firewall |
| Preventing Administrators from Turning Windows Firewall On or Off |
| Prevent Local Administrators from Turning Windows Firewall On or Off |
| Preventing Administrators from Creating Exceptions |
| Prevent Local Administrators from Creating Program Exceptions |
| Prevent Local Administrators from Creating Port Exceptions |
| Additional Resources |
| Troubleshooting Windows Firewall |
| Introduction |
| Verifying Computer Settings |
| Quick Fixes |
| Configuring a Computer for Troubleshooting |
| Troubleshooting Windows Firewall Problems |
| Fixing Network Access Problems |
| File and Printer Sharing Does Not Work |
| Computer Names Do Not Resolve When Used in a UNC Path |
| VPN and Remote Access Connections Fail |
| Remote Administration Tools Fail |
| The Ping Command Times Out |
| A Computer Receives Network Traffic Only from Its Local Subnet or Specific Computers |
| Fixing Program Problems |
| A Program in the Exceptions List Does Not Run Properly |
| A Notification Says Windows Explorer Is Trying to Listen on a Port |
| A User Cannot Determine What to Add to the Exceptions List |
| A Program Removed from the Exceptions List Keeps Working |
| There Is a Problem Running an Antivirus Program |
| A System Service Runs in Svchost.exe and Cannot Be Added to the Exceptions List |
| An Unexpected Program Appears in the Exceptions List |
| Fixing Configuration and Management Problems |
| A Program Named “Unspecified” Appears in the Exceptions List |
| A Windows Firewall Setting Does Not Take Effect |
| One or More Windows Firewall Settings Appear Dimmed |
| Additional Resources for Windows Firewall Troubleshooting |
| Windows Server 2003 PKI Operations Guide |
| Basic Administrative Tasks |
| Migrating from a Stand-alone to an Enterprise CA |
| Windows Server 2003 PKI and Role-Based Administration |
| Role Separation |
| CA Auditing |
| Setting Up CA Auditing |
| Auditing and Event Management |
| CA Maintenance |
| Custom CA Configuration |
| Enrollment Processing |
| Tuning CA Database Performance |
| Viewing Extended Information |
| Managing Subject Relative Distinguished Names in the Certificate Subject |
| Enabling the Netscape Revocation Method |
| Configuring the SMTP Exit Module |
| Using SSL to Communicate with Exchange Server |
| Related Links for Windows Server 2003 PKI Operations |
| Appendix A |
| How to Use Windows Firewall with a Server Cluster |
| Using Windows Server 2003 with Service Pack 1 in a Managed Environment: Controlling Communication with the Internet |
| Introduction to Controlling Communication with the Internet for Windows Server 2003 with SP1 |
| Activation, Registration, and Resulting Internet Communication in Windows Server 2003 with Service Pack 1 |
| Certificate Support and Internet Communication |
| Device Manager, Hardware Wizards, and Internet Communication |
| Dynamic Update and Internet Communication |
| Event Viewer and Internet Communication |
| File Association Web Service and Internet Communication |
| Help and Support Center: Features That Communicate with the Internet |
| HyperTerminal and Internet Communication |
| Internet Explorer 6.0 and Resulting Internet Communication in Windows Server 2003 with Service Pack 1 |
| Internet Information Services and Internet Communication |
| Internet Protocol Version 6 (IPv6) and Internet Communication |
| NetMeeting and Internet Communication |
| Online Device Help and Internet Communication |
| Outlook Express 6.0 and Resulting Internet Communication in Windows Server 2003 with Service Pack 1 |
| Plug and Play and Internet Communication |
| Program Compatibility Wizard and Internet Communication |
| Remote Assistance and Internet Communication |
| Search Companion and Internet Communication |
| Terminal Server Licensing and Internet Communication |
| Windows Error Reporting and Internet Communication |
| Windows Media Player and Internet Communication |
| Windows Media Services and Internet Communication |
| Windows Time Service and Internet Communication |
| Windows Update, Automatic Updates, and Internet Communication |
| Appendix A: Resources for Learning About Automated Installation and Deployment |
| Appendix B: Resources for Learning About Group Policy |
| Appendix C: Group Policy Settings Listed Under the Internet Communication Management Key |
| Appendix D: Differences in Windows Server 2003 Before and After Service Pack 1 |
| Appendix E: Windows Firewall and Security Configuration Wizard |
| Appendix F: Internet Connection Sharing and Network Bridge |
| Appendix G: Message Queuing and Internet Communication |
| Appendix H: Connection Manager and Internet Communication |
| Appendix I: Passport Manager Administration |
| Appendix J: Online Ordering Wizards, Add Network Place Wizard, and New Connection Wizard |
| Related Links for Controlling Communication with the Internet |
| Windows Server 2003: Operations Whitepapers |
| User Data and Settings Management |
| User Profiles Overview |
| User Profile Structure |
| Enhancements to User Profiles in Windows Server 2003 and Windows XP |
| How to Configure a Roaming User Profile |
| Security Considerations when Configuring Roaming User Profiles |
| Best Practices for User Profiles |
| Folder Redirection Overview |
| How to Configure Folder Redirection |
| Security Considerations when Configuring Folder Redirection |
| Best Practices for Folder Redirection |
| Related Technologies: Offline Files and Synchronization Manager |
| Common Scenarios for IntelliMirror User Data and Settings Features |
| Appendix: Group Policy Settings for Roaming User Profiles |
| Related Links |
| SSL/TLS in Windows Server 2003 |
| Introduction (SSL/TLS in Windows Server 2003) |
| Overview of SSL/TLS Encryption |
| SSL/TLS in Detail |
| SSL/TLS Scenarios |
| SSL and Firewalls |
| Performance Considerations |
| Choosing the Right Printer Drivers |
| Introduction (Choosing the Right Printer Drivers) |
| User-mode vs. Kernel-mode Drivers |
| Unidrv and PostScript-based Drivers |
| Designed for Windows Drivers |
| Alternate Options |
| Summary (Choosing the Right Printer Drivers) |
| Related Links (Choosing the Right Printer Drivers) |
| GPMC Scripting: Automate GPO management tasks |
| Getting Started with GPMC Scripting |
| Retrieving Permissions for a GPO |
| Obtaining RsoP Reports |
| GPMC Opens New Possibilities |
| Advanced Certificate Enrollment and Management |
| Introduction (Advanced Certificate Enrollment and Management) |
| Requesting Offline Domain Controller Certificates (Advanced Certificate Enrollment and Management) |
| Processing Domain Controller Certificates |
| Domain Controller Certificate Installation |
| Removing Domain Controller Certificates |
| Troubleshooting (Advanced Certificate Enrollment and Management) |
| Appendix 1: Identifying a Domain Controller GUID |
| Appendix 2: Sample Scripts |
| Appendix 3: Certreq.exe Syntax |
| Appendix 4: Certutil -setextension |
| Appendix 5: ASN.1 File Structure |
| Appendix 6: Encoding and Decoding with Hexadecimal, Binary, and Base64 |
| Summary (Advanced Certificate Enrollment and Management) |
| Related Links (Advanced Certificate Enrollment and Management) |
| Administering Group Policy with Group Policy Management Console Abstract |
| Introduction (Administering Group Policy with Group Policy Management Console) |
| Group Policy Management Console Overview (Administering Group Policy with Group Policy Management Console) |
| Creating and Editing GPOs |
| Scoping GPOs |
| Group Policy Inheritance |
| Delegating Group Policy (Administering Group Policy with Group Policy Management Console) |
| Reporting on GPO Settings |
| GPO Details |
| GPO Operations |
| WMI Filters |
| Searching for GPOs |
| Group Policy Modeling |
| Group Policy Results (Administering Group Policy with Group Policy Management Console) |
| Platform Dependencies |
| GPMC Options |
| Internet Explorer Enhanced Security Configuration Considerations |
| Scripting Group Policy-related Tasks |
| Related Links (Administering Group Policy with Group Policy Management Console) |
| Maintaining the MIIS 2003 Database |
| Overview of Maintaining MIIS 2003 |
| Overview of the SQL Server 2000 Implementation for MIIS 2003 |
| Configuring SQL Server 2000 to Support MIIS 2003 |
| SQL Server 2000 Databases Used by MIIS 2003 |
| SQL Server 2000 Backup Types and Recovery Models |
| Backup Strategies for Your MIIS Database |
| Creating a New Backup Device |
| Scheduling Full Database Backups by Using the Database Maintenance Plan Wizard |
| Scheduling Differential Database Backups by Using SQL Server Enterprise Manager |
| Scheduling Backups of the System Databases |
| Backing Up the MIIS 2003 Encryption Key |
| Restoring the MIIS Database |
| Recommendations for Backing Up and Restoring the MIIS Database |
| Ensuring Failover and High Availability |
| Monitoring the MIIS Database |
| Establishing a Performance Baseline |
| Setting Alerts to Monitor System Events |
| Additional Ways to Monitor the MIIS Database |
| Optimizing the MIIS Database |
| Additional Resources (Maintaining the MIIS 2003 Database) |
| Network Load Balancing Event Messages |
| Microsoft Windows 2000 Server and Windows Server 2003 Common NLB Events |
| Microsoft Windows Server 2003-only NLB Events |
| Implementing Common Desktop Management Scenarios with the Group Policy Management Console |
| Introduction (Implementing Common Desktop Management Scenarios with the Group Policy Management Console) |
| Understanding and Using the Scenarios |
| Deploying the Scenarios |
| Configuring Specific Features |
| Switching Between Scenarios |
| Extending the Scenarios |
| Appendix A: GPO Scenario Policy Settings |
| Appendix B: Running CommonScenarios.msi |
| Key Archival and Management in Windows Server 2003 |
| Understanding Manual Key Archival |
| Understanding Automatic Key Archival |
| Understanding User Key Recovery |
| Implementing Key Archival Walkthrough |
| Migrating Exchange KMS to Windows Server 2003 CA |
| Troubleshooting - Key Archival and Management in Windows Server 2003 |
| Appendix A: Certificate Request Structure |
| Appendix B: Additional Information |
| Appendix C: Useful Commands |
| R2: Operations (R2 only) |
| ADFS Operations Guide |
| Administering Active Directory Federation Services |
| Introduction |
| Managing ADFS Components |
| Managing the Federation Service |
| Managing a Federation Server Farm |
| Changing the Location of the ADFS Directory |
| Implementing a Server Farm of Federation Servers |
| Adding a New Federation Server |
| Install prerequisite applications |
| Create a self-signed, token-signing certificate |
| Export the private key portion of a token-signing certificate |
| Install the Federation Service on an additional federation server |
| Configure event logging on a federation server |
| Removing a Federation Server |
| Remove an ADFS component |
| Managing Trust Policy on Federation Servers |
| Change the Federation Service trust policy location |
| Change the Federation Service URI |
| Change the Federation Service endpoint URL |
| Configure the Federation Service default Web pages |
| Change the primary display name for a trust policy |
| Change a claims transform module |
| Change the token lifetime for a Federation Service |
| Change the trust policy refresh period |
| Change the Windows domain trust cache refresh period |
| Managing Certificates Used by Federation Servers |
| Managing Token-signing Certificates |
| Create a self-signed, token-signing certificate |
| View the current token-signing certificate |
| Turn CRL checking on or off |
| Export the public key portion of a token-signing certificate |
| Export the private key portion of a token-signing certificate |
| Change the token-signing certificate that a federation server uses |
| Managing Verification Certificates |
| Add a verification certificate to the trust policy |
| Add a verification certificate to an account partner |
| View the current verification certificate |
| Remove a verification certificate |
| Rolling Over a Token-signing Certificate |
| Create a self-signed, token-signing certificate |
| Export the public key portion of a token-signing certificate |
| Export the private key portion of a token-signing certificate |
| Add a verification certificate to an account partner |
| Change the token-signing certificate that a federation server uses |
| Remove a verification certificate |
| Managing the Federation Service Proxy (Optional) |
| Managing a Federation Server Proxy Farm |
| Changing the Location of the ADFS Directory |
| Adding a New Federation Server Proxy |
| Install prerequisite applications |
| Install the Federation Service Proxy on an additional federation server proxy |
| Export the public key portion of a client authentication certificate |
| Add a Federation Service Proxy certificate to the trust policy |
| Configure event logging on a federation server proxy |
| Removing a Federation Server Proxy |
| Remove an ADFS component |
| Remove a Federation Service Proxy (FSP) certificate from the trust policy |
| Managing Certificates Used by Federation Server Proxies |
| Managing Client Authentication Certificates |
| Create a self-signed, token-signing certificate |
| View the current client authentication certificate |
| Export the public key portion of a client authentication certificate |
| Add a Federation Service Proxy certificate to the trust policy |
| Change the client authentication certificate that a federation server proxy uses |
| Rolling Over a Client Authentication Certificate |
| Create a self-signed, token-signing certificate |
| Export the public key portion of a client authentication certificate |
| Add a Federation Service Proxy certificate to the trust policy |
| Change the client authentication certificate that a federation server proxy uses |
| Remove a Federation Service Proxy (FSP) certificate from the trust policy |
| Managing ADFS Web Agents and Applications |
| Installing and Removing ADFS Web Agents |
| Install the ADFS Web Agent component of ADFS |
| Remove the ADFS Web Agent component of ADFS |
| Adding and Configuring a Windows NT Token-based Application |
| Add a new Windows NT token-based application to the Federation Service |
| Enable or disable a Web application |
| Set the cookie path for a Windows NT token-based application |
| Set the cookie domain for a Windows NT token-based application |
| Set the Federation Service URL for a Windows NT token-based application |
| Set the return URL for a Windows NT token-based application |
| Set the application URL for an application |
| Configure event logging for a Windows NT token-based application |
| Configure authentication methods for a federated application |
| Adding and Configuring a Claims-aware Application |
| Add a new claims-aware application to the Federation Service |
| Enable or disable a Web application |
| Set the Federation Service URL for a claims-aware application |
| Set the return URL for a claims-aware application |
| Set the application URL for an application |
| Set the cookie path for a claims-aware application |
| Set the cookie domain for a claims-aware application |
| Configure event logging for a claims-aware application |
| Configure authentication methods for a federated application |
| Managing Security for Web Applications |
| Configure authentication methods for a federated application |
| Configure the security token protection method for a federated application |
| Change the token lifetime for an application |
| Configure a policy page for a Web site |
| Backing Up ADFS Components |
| Back up ADFS components on a federation server, federation server proxy, or Web server |
| Managing ADFS Partnerships |
| Adding a New Account Partner |
| Add a new account partner by manually configuring the trust policy |
| Export an account or resource policy file to a partner organization |
| Add a new account partner by importing an existing policy file |
| Adding a New Resource Partner |
| Add a new resource partner by manually configuring the trust policy |
| Export an account or resource policy file to a partner organization |
| Add a new resource partner by importing an existing policy file |
| Configuring Windows Trust for Account and Resource Partners |
| Configure an account partner to use Windows trust |
| Configure a resource partner to use Windows trust |
| Discontinue Windows trust for an account partner |
| Discontinue Windows trust for a resource partner |
| Removing ADFS Partners |
| Delete an existing account partner |
| Delete an existing resource partner |
| Managing Partner Relationships |
| Enable enhanced identity privacy |
| Export a generic policy file to a partner organization |
| Export an account or resource policy file to a partner organization |
| Enable or disable a resource partner |
| Enable or disable an account partner |
| Configure resource account options |
| Managing Accounts and Account Stores |
| Enable or disable an account store |
| Managing Active Directory Account Stores |
| Add an Active Directory account store |
| Remove an Active Directory account store |
| Managing ADAM Account Stores |
| Prepare an ADAM instance for use with ADFS |
| Add an ADAM account store |
| Change the server name or IP address for an ADAM account store |
| Change the display name for an ADAM account store |
| Change the port number for an ADAM account store |
| Change the search base for an ADAM account store |
| Change the user name attribute for an ADAM account store |
| Enable or disable TLS and SSL for an ADAM account store |
| Using Multiple Account Stores |
| Change account store priority |
| Change the URI for an ADAM account store |
| Managing Claims and Claim Mapping |
| Exposing Account Store Attributes as Claims |
| Map an organization custom claim to an Active Directory or ADAM user attribute (custom claim extraction) |
| Map an organization group claim to an ADAM attribute and value (group claim extraction) |
| Mapping Claims as Part of Application Authorization |
| Map an organization group claim to an Active Directory group (group claim extraction) |
| Map an organization group claim to a resource group |
| Create an incoming group claim mapping |
| Create an incoming custom claim mapping |
| Create an outgoing group or custom claim mapping |
| Change the organization claim mapping of an outgoing group or custom claim |
| Change the organization claim mapping of an incoming group or custom claim |
| Creating, Deleting, and Configuring Claims |
| Create an organization group or custom claim |
| Delete an organization group or custom claim |
| Change the auditing limitation for an organization group or custom claim |
| Configure a claims transform module |
| Change the domain suffix for an incoming or outgoing e-mail claim |
| Enable or disable an organization identity claim for an account or resource partner |
| Troubleshooting Active Directory Federation Services |
| Verifying ADFS Computer Settings and Connectivity |
| Configuring ADFS Servers for Troubleshooting |
| Troubleshooting ADFS Problems |
| A certificate has been issued to the wrong site |
| IIS 6.0 Operations Guide |
| Technical Reference |
| Windows Server 2003 Technical Reference |
| A to Z Technologies List |
| New and Updated Collections |
| Technologies Collections |
| Active Directory Collection |
| Active Directory Application Mode |
| Active Directory Application Mode Technical Reference |
| What Is Active Directory Application Mode? |
| How Active Directory Application Mode Works |
| Active Directory Application Mode Tools and Settings |
| Active Directory Structure and Storage Technologies |
| Domains and Forests Technical Reference |
| What Are Domains and Forests? |
| How Domains and Forests Work |
| Domains and Forests Tools and Settings |
| Active Directory Schema Technical Reference |
| What Is the Active Directory Schema? |
| How the Active Directory Schema Works |
| Active Directory Schema Tools and Settings |
| Data Store Technical Reference |
| What Is the Data Store? |
| How the Data Store Works |
| Data Store Tools and Settings |
| DNS Support for Active Directory Technical Reference |
| What Is DNS Support for Active Directory? |
| How DNS Support for Active Directory Works |
| DNS Support for Active Directory Tools and Settings |
| Domain Controller Roles |
| Global Catalog Technical Reference |
| What Is the Global Catalog? |
| How the Global Catalog Works |
| Global Catalog Tools and Settings |
| Operations Masters Technical Reference |
| What are Operations Masters? |
| How Operations Masters Work |
| Operations Masters Tools and Settings |
| Active Directory Replication Technologies |
| Active Directory Replication Model Technical Reference |
| What Is the Active Directory Replication Model? |
| How the Active Directory Replication Model Works |
| Active Directory Replication Tools and Settings |
| Active Directory Replication Topology Technical Reference |
| What Is Active Directory Replication Topology? |
| How Active Directory Replication Topology Works |
| Active Directory Replication Tools and Settings |
| Active Directory Search and Publication Technologies |
| Active Directory Searches Technical Reference |
| What Are Active Directory Searches? |
| How Active Directory Searches Work |
| Active Directory Searches Tools and Settings |
| Service Publication and Service Principal Names Technical Reference |
| What Are Service Publication and Service Principal Names? |
| How Service Publication and Service Principal Names Work |
| Service Publication and Service Principal Names Tools and Settings |
| Active Directory Installation, Upgrade, and Migration Technologies |
| Active Directory Functional Levels Technical Reference |
| What Are Active Directory Functional Levels? |
| How Active Directory Functional Levels Work |
| Active Directory Functional Levels Tools and Settings |
| Active Directory Installation Wizard Technical Reference |
| What Is the Active Directory Installation Wizard? |
| How the Active Directory Installation Wizard Works |
| Domain Rename Technical Reference |
| What Is Domain Rename? |
| How Domain Rename Works |
| Core Operating System Collection |
| Printing Technologies |
| Network Printing Technical Reference |
| What Is Network Printing? |
| How Network Printing Works |
| Network Printing Tools and Settings |
| Recovery and Reliability Technologies |
| Recovery Console Technical Reference |
| What Is Recovery Console? |
| Recovery Console Tools and Settings |
| Emergency Management Services Technical Reference |
| What Is Emergency Management Services? |
| How Emergency Management Services Works |
| Emergency Management Services Tools and Settings |
| Shutdown Event Tracker Technical Reference |
| What Is Shutdown Event Tracker? |
| How Shutdown Event Tracker Works |
| Shutdown Event Tracker Tools and Settings |
| Backup Technical Reference |
| What Is Backup? |
| How Backup Works |
| Backup Tools and Settings |
| Shadow Copies for Shared Folders Technical Reference |
| What Is Shadow Copies for Shared Folders? |
| How Shadow Copies for Shared Folders Work |
| Shadow Copies for Shared Folders Tools and Settings |
| Volume Shadow Copy Service Technical Reference |
| What Is Volume Shadow Copy Service? |
| How Volume Shadow Copy Service Works |
| Volume Shadow Copy Service Tools and Settings |
| Scalability Factors for Shadow Copies |
| Device Management Technologies |
| Device Driver Technical Reference |
| What Is a Device Driver? |
| How Device Drivers Work |
| Device Driver Tools and Settings |
| Plug and Play Technical Reference |
| What Is Plug and Play? |
| How Plug and Play Works |
| Plug and Play Tools and Settings |
| Installation and Setup Technologies |
| Setup Technical Reference |
| What Is Setup? |
| How Setup Works |
| Setup Tools and Settings |
| Unattended Installation Technical Reference |
| What Is Unattended Installation? |
| How Unattended Installation Works |
| Unattended Installation Tools and Settings |
| Sysprep Technical Reference |
| What Is Sysprep? |
| How Sysprep Works |
| Sysprep Tools and Settings |
| Remote Installation Services Technical Reference |
| What Is Remote Installation Services? |
| How Remote Installation Services Work |
| Remote Installation Services Tools and Settings |
| Group Policy Collection |
| Core Group Policy Technical Reference |
| What Is Core Group Policy? |
| How Core Group Policy Works |
| Core Group Policy Tools and Settings |
| Group Policy Components |
| Administrative Templates Extension Technical Reference |
| What Is Administrative Templates Extension? |
| How Administrative Templates Extension Works |
| Administrative Templates Extension Tools and Settings |
| Group Policy Software Installation Extension Technical Reference |
| What Is Group Policy Software Installation Extension? |
| How Group Policy Software Installation Extension Works |
| Group Policy Software Installation Extension Tools and Settings |
| Security Settings Extension Technical Reference |
| What Is Security Settings Extension? |
| How Security Settings Extension Works |
| Security Settings Extension Tools and Settings |
| IPSec Policy Extension Technical Reference |
| What Is IPSec Policy Extension? |
| How IPSec Policy Extension Works |
| IPSec Policy Extension Tools and Settings |
| Software Restriction Policies Technical Reference |
| What Are Software Restriction Policies? |
| How Software Restriction Policies Work |
| Software Restriction Policies Tools and Settings |
| Scripts Extension Technical Reference |
| What Is Scripts Extension? |
| How Scripts Extension Works |
| Scripts Extension Tools and Settings |
| Wireless Network Policies Extension Technical Reference |
| What Is Wireless Network Policies Extension? |
| How Wireless Network Policies Extension Works |
| Wireless Network Policies Extension Tools and Settings |
| Folder Redirection Extension Technical Reference |
| What Is Folder Redirection Extension? |
| How Folder Redirection Extension Works |
| Folder Redirection Extension Tools and Settings |
| Internet Explorer Maintenance Extension Technical Reference |
| What Is Internet Explorer Maintenance Extension? |
| How Internet Explorer Maintenance Extension Works |
| Internet Explorer Maintenance Extension Tools and Settings |
| Remote Installation Services Extension Technical Reference |
| What Is Remote Installation Services Extension? |
| How Remote Installation Services Extension Works |
| Remote Installation Services Extension Tools and Settings |
| Group Policy Administrative Tools |
| Group Policy Management Console Technical Reference |
| What Is Group Policy Management Console? |
| How Group Policy Management Console Works |
| Group Policy Management Console Tools and Settings |
| Group Policy Object Editor Technical Reference |
| What Is Group Policy Object Editor? |
| How Group Policy Object Editor Works |
| Group Policy Object Editor Tools and Settings |
| Resultant Set of Policy Technical Reference |
| What Is Resultant Set of Policy? |
| How Resultant Set of Policy Works |
| Resultant Set of Policy Tools and Settings |
| High Availability and Scalability Collection |
| Clustering Technologies |
| Server Clusters Technical Reference |
| What Is a Server Cluster? |
| How a Server Cluster Works |
| Server Cluster Tools and Settings |
| Network Load Balancing Technical Reference |
| What Is Network Load Balancing? |
| How Network Load Balancing Works |
| Network Load Balancing Tools and Settings |
| Resource and Memory Management Technologies |
| 4GT Technical Reference |
| What Is 4GT? |
| How 4GT Works |
| 4GT Tools and Settings |
| PAE X86 Technical Reference |
| What Is PAE X86? |
| How PAE X86 Works |
| PAE X86 Tools and Settings |
| Windows System Resource Manager Technical Reference |
| What is Windows System Resource Manager? |
| How Windows System Resource Manager Works |
| Networking Collection |
| Core Networking Technologies |
| TCP/IP Technical Reference |
| What Is TCP/IP? |
| How TCP/IP Works |
| TCP/IP Tools and Settings |
| IPv6 Technical Reference |
| What Is IPv6? |
| How IPv6 Works |
| IPv6 Tools and Settings |
| Routing Technologies |
| Demand Dial Routing Technical Reference |
| What Is Demand Dial Routing? |
| How Demand Dial Routing Works |
| Demand Dial Tools and Settings |
| IPv4 Multicasting Technical Reference |
| What Is IPv4 Multicasting? |
| How IPv4 Multicasting Works |
| IPv4 Multicasting Tools and Settings |
| NAT Technical Reference |
| What Is NAT? |
| How NAT Works |
| NAT Tools and Settings |
| Unicast IPv4 Routing Technical Reference |
| What Is Unicast IPv4 Routing? |
| How Unicast IPv4 Routing Protocols and Services Work |
| How Unicast IPv4 Routing Works |
| Unicast IPv4 Routing Tools and Settings |
| Network Monitoring Technologies |
| SNMP Technical Reference |
| What Is SNMP? |
| How SNMP Works |
| Computer Browser Service Technical Reference |
| What Is Computer Browser Service? |
| How Computer Browser Service Works |
| Name Resolution Technologies |
| DNS Technical Reference |
| What Is DNS? |
| How DNS Works |
| DNS Tools and Settings |
| WINS Technical Reference |
| What Is WINS? |
| How WINS Works |
| WINS Tools and Settings |
| Network Configuration Technologies |
| DHCP Technical Reference |
| What Is DHCP? |
| How DHCP Works |
| DHCP Tools and Settings |
| DNS registration changes for Windows Server 2003 based DHCP Servers |
| Windows Time Service Technical Reference |
| How the Windows Time Service Works |
| Windows Time Service Tools and Settings |
| Network Access Technologies |
| Connection Manager Technical Reference |
| What Is Connection Manager? |
| How Connection Manager Works |
| Connection Manager Tools and Settings |
| IAS Technical Reference |
| What Is IAS? |
| How IAS Works |
| IAS Tools and Settings |
| VPN Technical Reference |
| What Is VPN? |
| How VPN Works |
| VPN Tools and Settings |
| 802.11 Wireless Technical Reference |
| What Is 802.11 Wireless? |
| How 802.11 Wireless Works |
| 802.11 Wireless Tools and Settings |
| Network Interoperability Technologies |
| RPC Technical Reference |
| What Is RPC? |
| How RPC Works |
| Services for Netware Technical Reference |
| What Is Services for Netware |
| How Services for Netware Works |
| Services for Netware Tools and Settings |
| Remote Access Technologies |
| Dial-up Remote Access Technical Reference |
| What Is Dial-up Remote Access? |
| How Dial-up Remote Access Works |
| Dial-up Remote Access Tools and Settings |
| Telnet Technical Reference |
| What Is Telnet? |
| How Telnet Works |
| Telnet Tools and Settings |
| Terminal Services Technical Reference |
| What Is Terminal Services? |
| How Terminal Services Works |
| Terminal Services Tools and Settings |
| Data Streaming and E-mail Technologies |
| ATM Technical Reference |
| What Is ATM? |
| How ATM Works |
| POP3 Service Technical Reference |
| What Is POP3 Service? |
| How POP3 Service Works |
| POP3 Service Tools and Settings |
| QoS Technical Reference |
| What Is QoS? |
| How QoS Works |
| QoS Tools and Settings |
| Network Security Technologies |
| Windows Firewall Technical Reference |
| What Is Windows Firewall? |
| How Windows Firewall Works |
| Windows Firewall Tools and Settings |
| Storage Technologies Collection |
| File Services Technologies |
| Disk Quotas Technical Reference |
| What Are Disk Quotas? |
| How Disk Quotas Work |
| Disk Quotas Tools and Settings |
| DFS Technical Reference |
| What Is DFS? |
| How DFS Works |
| DFS Tools and Settings |
| FRS Technical Reference |
| What Is FRS? |
| How FRS Works |
| FRS Tools and Settings |
| File Systems Technologies |
| NTFS Technical Reference |
| What Is NTFS? |
| How NTFS Works |
| NTFS Tools and Settings |
| FAT Technical Reference |
| What Is FAT? |
| How FAT Works |
| FAT Tools and Settings |
| Disk Defragmenter Technical Reference |
| What Is Disk Defragmenter? |
| How Disk Defragmenter Works |
| Disk Defragmenter Tools and Settings |
| Disks and Volumes |
| Basic Disks and Volumes Technical Reference |
| What Are Basic Disks and Volumes? |
| How Basic Disks and Volumes Work |
| Basic Disks and Volumes Tools and Settings |
| Dynamic Disks and Volumes Technical Reference |
| What Are Dynamic Disks and Volumes? |
| How Dynamic Disks and Volumes Work |
| Dynamic Disks and Volumes Tools and Settings |
| Storage Services Technologies |
| Virtual Disk Service Technical Reference |
| What Is Virtual Disk Service? |
| How Virtual Disk Service Works |
| Virtual Disk Service Tools and Settings |
| Remote Storage Technical Reference |
| What Is Remote Storage? |
| How Remote Storage Works |
| Remote Storage Tools and Settings |
| Removable Storage Technical Reference |
| What Is Removable Storage? |
| How Removable Storage Works |
| Removable Storage Tools and Settings |
| Windows Security Collection |
| Logon and Authentication Technologies |
| Digest Authentication Technical Reference |
| What is Digest Authentication? |
| How Digest Authentication Works |
| Digest Authentication Tools and Settings |
| Interactive Logon Technical Reference |
| What is Interactive Logon? |
| How Interactive Logon Works |
| Interactive Logon Tools and Settings |
| Kerberos Authentication Technical Reference |
| What Is Kerberos Authentication? |
| How the Kerberos Version 5 Authentication Protocol Works |
| Kerberos Authentication Tools and Settings |
| TLS/SSL Technical Reference |
| What is TLS/SSL? |
| How TLS/SSL Works |
| TLS/SSL Tools and Settings |
| Authorization and Access Control Technologies |
| Security Descriptors and Access Control Lists Technical Reference |
| What Are Security Descriptors and Access Control Lists? |
| How Security Descriptors and Access Control Lists Work |
| Security Descriptors and Access Control Lists Tools and Settings |
| Access Tokens Technical Reference |
| What Are Access Tokens? |
| How Access Tokens Work |
| Access Tokens Tools and Settings |
| Permissions Technical Reference |
| What Are Permissions? |
| How Permissions Work |
| Permissions Tools and Settings |
| Security Principals Technical Reference |
| What Are Security Principals? |
| How Security Principals Work |
| Security Principals Tools and Settings |
| Security Identifiers Technical Reference |
| What Are Security Identifiers? |
| How Security Identifiers Work |
| Security Identifiers Tools |
| Data Security Technologies |
| Encrypting File System Technical Reference |
| What is Encrypting File System? |
| How Encrypting File System Works |
| Encrypting File System Tools and Settings |
| IPSec Technical Reference |
| What Is IPSec? |
| How IPSec Works |
| IPSec Tools and Settings |
| PKI Technologies |
| CA Certificates Technical Reference |
| Certificates Technical Reference |
| Certificate Services Technical Reference |
| Trust Technologies |
| Domain and Forest Trusts Technical Reference |
| What Are Domain and Forest Trusts? |
| How Domain and Forest Trusts Work |
| Domain and Forest Trust Tools and Settings |
| Security Considerations for Trusts |
| Tools and Settings Collection |
| Windows Support Tools |
| Notational Conventions |
| Procedural Conventions |
| Related Information on the Internet |
| New and Removed Tools |
| Alphabetical List of Tools |
| Active Directory Management Support Tools |
| Acldiag.exe |
| Adsiedit.msc |
| Clonepr |
| Dsacls.exe |
| Dsastat.exe |
| Ldp.exe |
| Movetree.exe |
| Ntfrsutl.exe |
| Repadmin.exe |
| Replmon.exe |
| Sdcheck.exe |
| Search.vbs |
| Setspn.exe |
| Disk and Data Management Support Tools |
| Connstat.cmd |
| Devcon.exe |
| Dfsutil.exe |
| Dmdiag.exe |
| Dskprobe.exe |
| Ftonline.exe |
| Health_chk.cmd |
| Iologsum.cmd |
| Rsdiag.exe |
| Rsdir.exe |
| Topchk.cmd |
| File and Folder Management Support Tools |
| Bindiff.exe |
| Bitsadmin.exe |
| Cabarc.exe |
| Depends.exe |
| Diruse.exe |
| Efsinfo.exe |
| Filever.exe |
| Msizap.exe |
| Showaccs.exe |
| Spcheck.exe |
| Windiff.exe |
| Hardware Management Support Tools |
| Internet Services Management Support Tools |
| Httpcfg.exe |
| Httpcfg Remarks |
| Httpcfg Examples |
| Httpcfg Syntax |
| Network Services Management Support Tools |
| Browstat.exe |
| Dcdiag.exe |
| Dhcploc.exe |
| Dnscmd.exe |
| Dnslint.exe |
| Getsid.exe |
| Iasparse.exe |
| Netcap.exe |
| Netdiag.exe |
| Netdom.exe |
| Nltest.exe |
| Portqry.exe |
| Performance Monitoring Support Tools |
| Exctrlst.exe |
| Gflags.exe |
| Pviewer.exe |
| Printer and Fax Management Support Tools |
| Process and Service Management Support Tools |
| Memsnap.exe |
| Poolmon.exe |
| Remote Administration Support Tools |
| Remote.exe |
| Security Management Support Tools |
| Ksetup.exe |
| Ktpass.exe |
| Sidwalk.exe |
| Sidwalker Security Administration Tools |
| Sidwkr.dll |
| Xcacls.exe |
| Software and System Deployment Support Tools |
| Addiag.exe |
| System Management Support Tools |
| Glossary |
| Security Policy Settings |
| Account Policies |
| Local Policies |
| Event Log |
| Restricted Groups |
| System Services |
| Registry |
| File System |
| Wireless Network (IEEE 802.11) Policies |
| Public Key Policies |
| Software Restriction Policies |
| IP Security Policies on Active Directory |
| Windows Firewall Settings |
| Windows Firewall Settings: Optional Components |
| Windows Firewall Settings: Remote Administration Tools |
| Windows Firewall Settings: Server Roles |
| Windows Firewall Settings: Services |
| IIS 6.0 Technical Reference |
| Product Help |
| Security and Protection |
| Auditing |
| Authorization and Access Control |
| Authorization Manager |
| Kerberos Authentication |
| Logon and Authentication |
| Public Key Infrastructure |
| Security Configuration Wizard |
| Security Policy |
| Smart Cards |
| Windows Server 2003 Glossary |
No comments:
Post a Comment