664 INDEX
options, software, installing, 48-49
ordered-list questions (ExamGear, Training Guide
Edition software), 639
ordered-tree questions (ExamGear, Training Guide
Edition software), 640
outbound Internet access
alerts, 146
authentication, 158
caching, 145
configuring, 161-163
client access problems, troubleshooting, 169-172
client addresses, configuring, 152
custom HTML error messages, 158-160
destination address sets, configuring, 153
hierarchical access, configuring, 161
LAT, 166
local domain tables, 166
outgoing Web request properties, configuring,
147-148
packet filters, 143
policy elements, creating, 149-151
post-installation default settings, 136-138, 140-146
publishing, 145-146
routing, 144-145
rules, 146-160
bandwidth rules, 164-165
content, 153-154
evaluation, 149
protocol rules, 154-157
routing rules, 167

sites, 153-154
server chains, 168
single system configuration, 160
tools, 146-160
Outgoing Web request properties, 403
authentication methods, 148
configuring, 147-148
connections, 147
listeners, 147
P
packet filters, 17, 143, 312, 482
default packet filters, 313
IP routing, 312
logging, allowing, 424
properties, configuring/enabling, 316-317
rules, configuring, 312, 314-317
packet-based access problems, troubleshooting,
373-375
pass-throughs, VPNs, configuring for, 274-275
performance
analyzing
logging, 468-469
reporting, 468-469
reports, 451-458
optimizing, 459-464, 468-470
performance counters, 465-466
Performance Monitor
ISA Server, optimizing, 464-466
performance analysis, 460-461
performance monitoring, configuring, 461-462

perimeter arrays, distributed caching, 59
perimeter networks
firewalls, considerations, 328-330
publishing, 330
permissions
access policies, 368
configuring, 140-141
default security group file permissions, 460
object permissions, 137-141
Read permissions, limiting, 138
Service permissions, 141
phone number rules, H.323 Gatekeeper, configuring,
224-225
ping of death attacks, 18, 430
planning networks, 47-49, 51, 53-57
35 index 6/5/01 1:29 PM Page 664
INDEX 665
policies
access policies
configuring, 370-371
Enterprise, 369-371
functional framework, 364-367
permissions, 368
and/or array policies, 16
arrays, 341
bandwidth policies, configuring, 370-371
configuring, 346-347
Array level, 35-36
Enterprise level, 35-36
creating, 483

destination sets, 32
elements, 484
creating, 369-370
outbound Internet access, creating, 149-151
Enterprise ISA Server, 488
enterprise policies, scope, 340-341
modifying, 347
policy elements, creating, 369-370
policy-based rules, 31-36
ports
autodiscovery port, 403
Outgoing Web request port, 403
testing, 440-442
well-known, 432
post-installation default settings, 136-146
post-installation process, 479-480
Practice Exam mode (ExamGear, Training Guide
Edition software), 628-631
compared to Study Mode, 634-635
starting, 635
preinstallation network configuration, 58-63
preinstallation process, 478
pretesting yourself (study tips), 499
preparations for exam, 500
learning as a process, 497
study tips, 498, 500-501
active-study strategies, 498
common-sense strategies, 499
macro and micro strategies, 498
pretesting yourself, 499

processing rules, 372-373
processors, minimum system requirements, 54
promoting
Enterprise ISA Server, 488
standalone servers, 348-349
properties
configuring, 403
packet filters, configuring/enabling, 316-317
protocol definitions, 32
protocol filters, H.323 Gatekeeper, 212
protocol rules, 32-33
outbound Internet access, configuring, 154-157
protocols
H.323, 209-210
Mapping, selecting, 198
Proxy DenySitesSet, 123
Proxy DomainFilter, 123
proxy packet filters, 122
Proxy Server. See Microsoft Proxy 2.0 Server
PSTN (Public Service Telephone Networks), 209
publishing, 492
outbound Internet access, 145-146
perimeter network servers, 330
requirements, 54, 479
SSL bridging, 492
Web publishing, 492
publishing servers. See server publishing
Q-R
question types (ExamGear, Training Guide Edition
software), 636

drag and drop, 637-638
hot spot, 641
multiple choice, 637
ordered list, 639
ordered tree, 640
simulations, 640-641
35 index 6/5/01 1:29 PM Page 665
666 INDEX
Questions tab (Item Review screen), ExamGear,
Training Guide Edition software, 643-645
RAM (random access memory)
controlling caching, 469-470
minimum system requirements, 53
Read permissions, limiting, 138
Real-Time Control Protocol (RTCP), 209
Real-Time Protocol (RTP), 209
registering ExamGear, Training Guide Edition
software, 630
registration admission and status, H.323 Gatekeeper,
213-214
registration database, H.323 Gatekeeper, 212-213
registration process, H.323 Gatekeeper, 214-215
Registry, performance optimization, 459-460
relays, preventing, 196
remote access authentication, 486
remote administration, 56, 253-254
remote clients, Routing and Remote Access Service,
connecting, 246
Remote Procedure Call (RPC) filters, 33, 482
removing. See deleting, uninstalling

reports, 485
application usage reports, 37, 456-457, 485
configuring, 37
dates, 453
ISA Server, analysis, 451-458
performance, analyzing, 468-469
reports within reports, 453-454
security reports, 37, 458, 485
summaries, generation, 452
Summary reports, 37, 455, 485
traffic and utilization reports, 37, 457-458, 485
Web usage reports, 37, 455-456, 485
requirements
ExamGear, Training Guide Edition software, 629
for certification, 620
MCDBA, 620-621
MCP, 620
MCSD, 622-624
MCSE, 621-622
MCT, 624
restricting management, 341
retired certifications, 620
reverse caching, 20-21
Root CAs, installing and configuring, 290-291
routing, 494
modifying, 401-402
outbound Internet access, 144-145
Routing and Remote Access Service, 246
Routing and Remote Access Service
dial-on-demand connections, 249-252

interoperability, 487
ISA Server, compared, 245-248
remote clients, connecting, 246
routing, 246
static routes, 247-248
troubleshooting, 250-252
routing rules, outbound Internet access,
configuring, 167
RPC filters, 33, 320
RRAS. See Routing and Remote Access Service
RTCP (Real-Time Control Protocol), 209
RTP (Real-Time Protocol), 209
rule processing, H.323 Gatekeeper, 215-216
rules
application filters, 33
bandwidth rules, 33, 36-37
call routing rules, H.323 Gatekeeper, 223-228
default, 483
dial-up routing rules, creating, 240-241
outbound Internet access, 146-160
bandwidth rules, 164-165
evaluation, 149
routing rules, 167
packet filters, configuring, 312-317
processing order, 372-373
protocol rules, 33
rule processing, H.323 Gatekeeper, 215-216
server publishing, creating, 197
35 index 6/5/01 1:29 PM Page 666
INDEX 667

site and content rules, 33
Web publishing, configuring, 187-188
S
scalibility
arrays, configuring, 350-355
CARP, 350-351
scheduling, 32
caching, 22-23
exams, 619
logging, 463
Internet access, creating, 151
Secure (security level), 19
SecureNAT (secure network address translation)
clients, 15-16, 386
configuring, 407
NAT client, compared, 386
PPTP filters, 275
security
alerts, 433-435
authentication, 485-486
firewalls, system hardening, 321-327
group file permissions, 460
intrusion detection, configuring, 429-433
levels, 19
logs, 485
configuring, 424-428
monitoring
alerting, 423-435
logging, 423-435
reports, 37, 458, 485

troubleshooting, 436-442
Security Configuration Wizard, 19
Select and Place questions (ExamGear, Training
Guide Edition software), 638
server address mapping, identifying, 198
server certificates, 189-190
server chains, configuring, 168
server placement, 58
server proxy, configuring for, 193-197
content filtering, 195-197
DNS, 194
mail proxy, 194
server publishing
configuring for, 197-200
perimeter networks, 199
Service permissions, 141
Services, H.323 Gatekeeper, 212
setup logs, reviewing, migration, 117-118
Shields Up utility, 441
simulation questions (ExamGear, Training Guide
Edition software), 640-641
site and content rules, 32-33
site placement, 58
site rules, outbound Internet access, configuring,
153-154
SMTP (Simple Mail Transfer Protocol) filters, 34,
195-197, 482
SMTP buffer overrun attacks, 195
SOCKS filters, 34, 321, 482
software

installing, options, 48-49
users, needs, 48
SSL bridging, 492
SSL requests, redirecting, Web publishing, 190-193
standalone CA, certificates, requesting, 292-295
standalone servers, promoting, 348-349
Standard ISA Server, 29-30
installing, 80-82
stateful inspection, 18
static routes, Routing and Remote Access Service,
247-248
status, alerts, monitoring, 435
storage formats, logs, 424
streaming media filters, 34, 482
Study Mode (ExamGear, Training Guide Edition soft-
ware), 628, 631
compared to Practice Exam mode and Adaptive
Exam mode, 634-635
starting, 632-634
35 index 6/5/01 1:29 PM Page 667
668 INDEX
study tips, 498, 500-501
active-study strategies, 498
common-sense strategies, 499
exams, preparation, 500-501
learning as a process, 497
macro and micro strategies, 498
pretesting yourself, 499
study tools, ExamGear, Training Guide Edition
software, 627-628

summaries, reports, generation, 452
Summary reports, 37, 455, 485
system hardening, firewalls, configuring, 321-327
system requirements
See also, minimum system requirements
ExamGear, Training Guide Edition software, 629
hardware, 53-54
interoperability, 51-53
system-hardening templates, 19
T
T-120, H.323 Gatekeeper, 210
TCP/IP network cards, configuring, 61
telnet ports, testing, 440-442
Terminal services, interoperability, 487
testing
connectivity, 62
ports, 440-442
tools, 495
VPNs, 272-274
time limit on exams, 500
time management options (ExamGear, Training
Guide Edition software), 642-643
tools
outbound Internet access, 146-160
testing, 495
traffic and utilization reports, 37, 457-458, 485
trainers. See MCT
troubleshooting
access problems, 372-375
authentication, 413-414

autodetection, 412-413
clients, 411-412
dial-on-demand connections, 238-242
dial-up connections, 243, 245
firewalls, access, 330-331
ISA Server installation, 94-98
network usage, 436-442
outbound Internet access, 169-172
Routing and Remote Access Service, 250-252
security, 436-442
U
UDP bomb attacks, 18, 430
unattended setup, ISA Server installation, 90-92
Uninstall program, running, 95
uninstalling
ExamGear, Training Guide Edition software,
630-631
ISA Server, 98-99
updates, ExamGear, Training Guide Edition software,
647-648
upgrading, Microsoft Proxy 2.0 Servers, 111-124
upstream servers, 239
user-based access problems, troubleshooting, 373-375
users, 32
needs, 48
rejecting, 197
V
verification
certificates, 296
ISA Server installation, 96-97

VPN Allow Wizard, 270-272
35 index 6/5/01 1:29 PM Page 668
INDEX 669
VPNs (Virtual Private Networks), 19, 269, 494
configuring
as VPN endpoints, 269-274
for pass-throughs, 274-275
endpoints, configuring for, 275-289
Gateway to Gateway VPNs, 494-495
hardware requirements, 56
L2TP over IPSec VPNs, 297
Microsoft certificate services, configuring, 289-292
testing, 272-274
W
W3C format, logs, 425
Web Proxy Autodiscovery Protocol (WPAD), 402
Web proxy clients, 12, 15, 386-387, 408
Web publishing, 492
CARP (Cache Array Routing Protocol),
enabling, 188
configuring, 184-193
authentication methods, 189-190
destination sets, 186
listeners, 186-187
rules, 187-188
server certificates, 189-190
HTTP requests, redirecting, 190-193
SSL requests, redirecting, 190-193
Web sites
ExamGear, Training Guide Edition software,

checking, 647
Microsoft Certified Professional, 619
Microsoft Training and Certification, 620
Web usage reports, 37, 455-456, 485
Win Proxy Automatic Discover (WPAD)
protocol, 393
Windows 2000 install error message, 114
Windows NT 4.0 domains, interoperability, 487
Windows out-of-band attacks, 18
WinNuke attacks, 429
wizards
Add Destination Wizard, 224
ISA VPN Wizard, 276-283
Mail Server Security Wizard, 194
New Filter, 314
Security Configuration Wizard, 19
VPN Allow Wizard, 270-272
WPAD (Web Proxy Autodiscovery Protocol),
393, 402
35 index 6/5/01 3:47 PM Page 669
35 index 6/5/01 1:29 PM Page 670
VOICES THAT MATTER
HOW TO CONTACT US
VISIT OUR WEB SITE
On our web site, you’ll find information about our other books, authors, tables of
contents, and book errata.You will also find information about book registration and how
to purchase our books, both domestically and internationally.
EMAIL US
Contact us at:
• If you have comments or questions about this book

• To report errors that you have found in this book
• If you have a book proposal to submit or are interested in writing for New Riders
• If you are an expert in a computer topic or technology and are interested in being a
technical editor who reviews manuscripts for technical accuracy
Contact us at:
• If you are an instructor from an educational institution who wants to preview New
Riders books for classroom use. Email should include your name, title, school, depart-
ment, address, phone number, office days/hours, text in use, and enrollment, along
with your request for desk/examination copies and/or additional information.
Contact us at:
• If you are a member of the media who is interested in reviewing copies of New
Riders books. Send your name, mailing address, and email address, along with the
name of the publication or web site you work for.
BULK PURCHASES/CORPORATE SALES
If you are interested in buying 10 or more copies of a title or want to set up an
account for your company to purchase directly from the publisher at a substantial
discount, contact us at 800-382-3419 or email your contact information to
A sales representative will contact you with
more information.
WRITE TO US
New Riders Publishing
201 W. 103rd St.
Indianapolis, IN 46290-1097
CALL/FAX US
Toll-free (800) 571-5840
If outside U.S. (317) 581-3500
Ask for New Riders
FA X : (317) 581-4663
WWW.NEWRIDERS.COM
WWW.NEWRIDERS.COM

TG BM 8x9.25 6/5/01 3:43 PM Page 1
New MCSE Candidates (Who Have Not Already Passed Windows NT 4.0 Exams)
Must Take All 4 of the Following Core Exams:
Exam 70-210: Installing, Configuring
and Administering Microsoft
®
Windows
®
2000 Professional
Exam 70-215: Installing, Configuring
and Administering Microsoft
Windows 2000 Server
Exam 70-216: Implementing
and Administering a Microsoft
Windows 2000 Network
Infrastructure
Exam 70-217: Implementing
and Administering a Microsoft
Windows 2000 Directory
Services Infrastructure
Core Exams
The Road to MCSE Windows 2000
The new Microsoft Windows 2000 track is designed for information technology professionals working in a typically complex
computing environment of medium to large organizations. A Windows 2000 MCSE candidate should have at least one year of
experience implementing and administering a network operating system.
MCSEs in the Windows 2000 track are required to pass five core exams and two elective exams that provide a valid and reliable
measure of technical proficiency and expertise.
See below for the exam information and the relevant New Riders title that covers that exam.
MCPs Who Have Passed 3 Windows NT 4.0
Exams (Exams 70-067, 70-068, and 70-073)

Instead of the 4 Core Exams at Left, May Take:
Exam 70-240: Microsoft Windows
2000 Accelerated Exam for MCPs
Certified on Microsoft Windows
NT 4.0.
(This accelerated, intensive exam, which
will be available until December 31, 2001,
covers the core competencies of exams
70-210, 70-215, 70-216, and 70-217.)
ISBN 0-7357-0979-3
ISBN 0-7357-0965-3 ISBN 0-7357-0968-8
ISBN 0-7357-0966-1 ISBN 0-7357-0976-9
ISBN 0-7357-0988-2
or
MCSE Training Guide:
Core Exams (Bundle)
PLUS - All Candidates - 1 of the Following Core Elective Exams Required:
*Exam 70-219: Designing a Microsoft Windows 2000 Directory
Services Infrastructure
*Exam 70-220: Designing Security for a Microsoft Windows 2000 Network
*Exam 70-221: Designing a Microsoft Windows 2000
Network Infrastructure
PLUS - All Candidates - 2 of the Following Elective Exams Required:
Any current MCSE electives (visit www.microsoft.com for a list of current electives)
(Selected third-party certifications that focus on interoperability will be accepted as an alternative to one
elective exam. Please watch for more information on the third-party certifications that will be acceptable.)
*Exam 70-219: Designing a Microsoft Windows 2000 Directory Services Infrastructure
*Exam 70-220: Designing Security for a Microsoft Windows 2000 Network
*Exam 70-221: Designing a Microsoft Windows 2000 Network Infrastructure
Exam 70-222: Upgrading from Microsoft Windows NT 4.0 to Microsoft Windows 2000

*Core exams that can also be used as elective exams may only be counted once toward a certification; that is, if a candidate receives
credit for an exam as a core in one track, that candidate will not receive credit for that same exam as an elective in that same track.
ISBN 0-7357-0983-1
ISBN 0-7357-0982-3
ISBN 0-7357-0984-X
ISBN 0-7357-0983-1 ISBN 0-7357-0982-3
ISBN 0-7357-0984-X
WWW.NEWRIDERS.COM
TG BM 8x9.25 6/5/01 3:43 PM Page 2
ISBN: 0735709882
4 books in slipcase
US $149.99
ISBN: 1562059297
1450 pages
US $49.99
ISBN: 0735711356
Available November 2001
900 pages
US $49.99
ISBN: 073570984X
906 pages
US $49.99
ISBN: 0735709912
500 pages
US $39.99
Inside Windows 2000
Server
William Boswell
“I can’t believe how many great
books these people publish. Inside

Windows 2000 is an extremely
thorough reference for anyone
deploying or supporting Windows
2000. Don’t try to read it cover to
cover. It is much too exhaustive
for that. It is my primary reference
for Windows 2000 issues.”
—An online reviewer
Windows 2000 Security
Roberta Bragg
“Roberta Bragg is one of the
foremost experts on security.
I got this book based on her repu-
tation and was not disappointed.
Security has a lot of dark pas-
sages that can lose you, but this
book, since it is dedicated to
Win2K, covers all topics in a clear,
concise format. It is good for secu-
rity novices and experts. I have
used it to not only understand
principles but to gather reference
information. An excellent book!”
—An online reviewer
MCSE Training Guide
(70-220) Windows 2000
Network Security Design
Roberta Bragg
Exam 70-220, Designing Security
for a Windows 2000 Network

tests the skills required to ana-
lyze the business requirements
for security and design a secu-
rity solution that meets business
requirements. Security includes
controlling access to resources,
auditing access to resources,
authentication, and encryption.
Ideal for professionals looking
for comprehensive self-study
materials to get through the
exam successfully. Exam 70-220
is one of the required core
elective exams.
Inside ASP.NET
Scott Worley
Inside ASP.NET is a comprehen-
sive guide to ASP.NET develop-
ment using Microsoft's .NET
development framework. This
book presents information on
the .NET framework that is of
specific interest to Internet and
intranet developers. Each chapter
tackles a specific area of
ASP.NET development, first by
giving a detailed overview, then
presenting a series of code
examples and walk-throughs that
illustrate various applications of

ASP.NET. The chapters conclude
with an indepth look inside that
particular area of ASP.NET.
MCSE Training Guide
Windows 2000 Core
Exams Bundle
Get all the core requirements of
the MCSE 2000 exam track in
one place! This bundle contains
four Training Guides, one covering
each of the four required exams.
Each book is held up to the rigor-
ous standards of New Riders and
each title contains a companion
CD-ROM with ExamGear,
Training Guide edition, which
helps to extend your study and
offers premium exam preparation
content.
OTHER NEW RIDERS TITLES
TG BM 8x9.25 6/5/01 3:44 PM Page 3
www.newriders.com
WWW.VUE.COM
When
IT really
matters,
test with
You’ve studied the Training Guide. Tested your skills with ExamGear
™
.

Now what? Are you ready to sit the exam?
If the answer is yes, be sure to test with VUE.
Why VUE? Because with VUE, you get the best technology and even better
service. Some of the benefits are:
• VUE allows you to register and reschedule your exam in real-time,
online, by phone, or at you local testing center
• Your test is on time and ready for you, 99% of the time
• Your results are promptly and accurately provided to the certifying
agency, then merged with your test history
VUE has over 2,400 quality-focused testing centers worldwide, so no matter
where you are, you’re never far from a VUE testing center.
VUE is a testing vendor for all the major certification vendors, including Cisco
®
,
Microsoft
®
, CompTIA
®
and Novell
®
. Coming soon, you’ll find New Riders
questions and content on the VUE web site, and you’ll be able to get
your next Training Guide at www.vue.com.
HURRY! SIGN UP FOR YOUR EXAM NOW!
TEST WITH VUE. WHEN
IT REALLY MATTERS.
TG BM 8x9.25 6/5/01 3:44 PM Page 4
New Riders has partnered with
InformIT.com to bring technical
information to your desktop.

Drawing on New Riders authors
and reviewers to provide additional
information on topics you’re
interested in, InformIT.com has
free, in-depth information you
won’t find anywhere else.
As an InformIT partner, New Riders
has shared the wisdom and knowledge
of our authors with you online.
Visit InformIT.com to see what
you’re missing.
Solutions from experts you know and trust.
www.informit.com
www.informit.com
■
www.newriders.com
OPERATING SYSTEMS
WEB DEVELOPMENT
PROGRAMMING
NETWORKING
CERTIFICATION
AND MORE…
Expert Access.
Free Content.
■
Master the skills you need,
when you need them
■
Call on resources from
some of the best minds in

the industry
■
Get answers when you need
them, using InformIT’s
comprehensive library or
live experts online
■
Go above and beyond what
you find in New Riders
books, extending your knowl-
edge
TG BM 8x9.25 6/5/01 3:44 PM Page 5
TG BM 8x9.25 6/5/01 3:44 PM Page 6