Syngress knows what passing the exam means to
you and to your career. And we know that you
are often financing your own training and
certification; therefore, you need a system that is
comprehensive, affordable, and effective.
Boasting one-of-a-kind integration of text, DVD-quality
instructor-led training, and Web-based exam simulation, the
Syngress Study Guide & DVD Training System guarantees 100% coverage of exam
objectives.
The Syngress Study Guide & DVD Training System includes:
■
Study Guide with 100% coverage of exam objectives By reading
this study guide and following the corresponding objective list, you
can be sure that you have studied 100% of the exam objectives.
■
Instructor-led DVD This DVD provides almost two hours of virtual
classroom instruction.
■
Web-based practice exams Just visit us at www.syngress.com/
certification to access a complete exam simulation.
Thank you for giving us the opportunity to serve your certification needs. And
be sure to let us know if there’s anything else we can do to help you get the
maximum value from your investment. We’re listening.
www.syngress.com/certification
255_70-293_FM.qxd 9/10/03 2:40 PM Page i
255_70-293_FM.qxd 9/10/03 2:40 PM Page ii
Martin Grasdal
Laura E. Hunter
Michael Cross
Laura Hunter

Technical Reviewer
Debra Littlejohn Shinder
Technical Editor
Dr. Thomas W. Shinder
Technical Editor
Planning and Maintaining a Windows Server
2003 Network Infrastructure: Exam 70-293
255_70-293_FM.qxd 9/10/03 2:41 PM Page iii
Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or
production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results
to be obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work
is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state
to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or
other incidental or consequential damages arising out from the Work or its contents. Because some
states do not allow the exclusion or limitation of liability for consequential or incidental damages, the
above limitation may not apply to you.
You should always use reasonable care, including backup and other appropriate precautions, when
working with computers, networks, data, and files.
Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,” “Ask the Author
UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc. “Mission
Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress
Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of
their respective companies.
KEY SERIAL NUMBER
001 TH33SLUGGY
002 Q2T4J9T7VA
003 82LPD8R7FF
004 Z6TDAA3HVY

005 P33JEET8MS
006 3SHX6SN$RK
007 CH3W7E42AK
008 9EU6V4DER7
009 SUPACM4NFH
010 5BVF3MEV2Z
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293
Study Guide & DVD Training System
Copyright © 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of
America. Except as permitted under the Copyright Act of 1976, no part of this publication may be
reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of the publisher, with the exception that the program listings
may be entered, stored, and executed in a computer system, but they may not be reproduced for
publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-931836-93-0
Technical Editors: Debra Littlejohn Shinder Cover Designer: Michael Kavish
Dr.Thomas W. Shinder Page Layout and Art by: John Vickers
Technical Reviewer: Laura E. Hunter Copy Editor: Michelle Melani and Marilyn Smith
Acquisitions Editor: Jonathan Babcock Indexer: Nara Wood
DVD Production: Michael Donovan DVD Presenter: Laura Hunter
255_70-293_FM.qxd 9/10/03 2:41 PM Page iv
vv
We would like to acknowledge the following people for their kindness and support in
making this book possible.

Will Schmied, the President of Area 51 Partners, Inc. and moderator of www.mcseworld.com
for sharing his considerable knowledge of Microsoft networking and certification.
Karen Cross, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent
Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O’Donnell, Sandra Patterson, Betty
Redmond, Roy Remer, Ron Shapiro, Patricia Kelly,Andrea Tetrick, Jennifer Pascal, Doug
Reil, David Dahl, Janis Carpenter, and Susan Fryer of Publishers Group West for sharing
their incredible marketing experience and expertise.
The incredibly hard working team at Elsevier Science, including Jonathan Bunkell,
AnnHelen Lindeholm, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert
Fairbrother, Miguel Sanchez, Klaus Beran, and Rosie Moss for making certain that our vision
remains worldwide in scope.
David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey
Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive
our books.
Kwon Sung June at Acorn Publishing for his support.
Jackie Gross, Gayle Voycey,Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow,
Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their help
and enthusiasm representing our product in Canada.
Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at Jaguar
Book Group for their help with distribution of Syngress books in Canada.
David Scott, Annette Scott, Delta Sams, Geoff Ebbs, Hedley Partis, and Tricia Herbert of
Woodslane for distributing our books throughout Australia, New Zealand, Papua New
Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.
Winston Lim of Global Publishing for his help and support with distribution of Syngress
books in the Philippines.
A special thanks to Deb and Tom Shinder for going the extra mile on our core four MCSE
2003 guides.Thank you both for all your work.
Another special thanks to Daniel Bendell from Assurance Technology Management for his
24x7 care and feeding of the Syngress network. Dan manages our book network in a highly
professional manner and under severe time constraints, but still keeps a good sense of humor.

Acknowledgments
255_70-293_FM.qxd 9/10/03 2:41 PM Page v
Martin Grasdal (MCSE+I, MCSE/W2K MCT, CISSP, CTT+, A+) is an
independent consultant with over 10 years experience in the computer
industry. Martin has a wide range of networking and IT managerial experi-
ence. He has been an MCT since 1995 and an MCSE since 1996. His
training and networking experience covers a number of products, including
NetWare, Lotus Notes,Windows NT,Windows 2000,Windows 2003,
Exchange Server, IIS, and ISA Server. As a manager, he served as Director of
Web Sites and CTO for BrainBuzz.com, where he was also responsible for all
study guide and technical content on the CramSession.com Web sit. Martin
currently works actively as a consultant, author, and editor. His recent con-
sulting experience includes contract work for Microsoft as a Technical
Contributor to the MCP Program on projects related to server technologies.
Martin lives in Edmonton, Alberta, Canada with his wife Cathy and their
two sons. Martin’s past authoring and editing work with Syngress has
included the following titles: Configuring and Troubleshooting Windows XP
Professional (ISBN: 1-928994-80-6), Configuring ISA Server 2000: Building
Firewalls for Windows 2000 (ISBN: 1-928994-29-6
), and Dr.Tom Shinder’s ISA
Server & Beyond: Real World Security Solutions for Microsoft Enterprise Networks
(ISBN: 1-931836-66-3).
Van Varnell (Master CNE, MCSE, MCDBA) is a Senior Network Analyst
for Appleton, Inc. His areas of expertise are development and maintenance of
high-availability systems, storage area networks and storage platforms, perfor-
mance monitoring systems, and data center operations.Van has held high-
level positions in the industry over the 15 years of his career including that of
Windows Systems Architect for Motorola and Senior Consultant for
Integrated Information Systems.Van holds a bachelor’s degree in Computer
Information Systems and currently resides in Wisconsin with his wife Lisa

and five children (Brennan, Kyle, Katelyn, Kelsey, and Kevin). He wishes to
thank his wife and kids for being his wife and kids, and Jon Babcock of
Syngress for his patience and assistance.
Contributors
vi
255_70-293_FM.qxd 9/10/03 2:41 PM Page vi
vii
Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet Specialist
/Computer Forensic Analyst with the Niagara Regional Police Service. He
performs computer forensic examinations on computers involved in criminal
investigations, and has consulted and assisted in cases dealing with computer-
related/Internet crimes. In addition to designing and maintaining their Web
site at www.nrps.com and Intranet, he has also provided support in the areas
of programming, hardware, and network administration. As part of an
Information Technology team that provides support to a user base of over
800 civilian and uniform users, his theory is that when the users carry guns,
you tend to be more motivated in solving their problems.
Michael also owns KnightWare (www.knightware.ca), which provides
computer-related services like Web page design, and Bookworms
(www.bookworms.ca), where you can purchase collectibles and other inter-
esting items online. He has been a freelance writer for several years, and has
been published over three dozen times in numerous books and anthologies.
He currently resides in St. Catharines, Ontario Canada with his lovely wife
Jennifer and his darling daughter Sara.
Paul M. Summitt (MCSE, CCNA, MCP+I, MCP) has a Masters degree in
Mass Communication. Currently the IT Director for the Missouri County
Employees’ Retirement Fund, Paul has served as network, exchange, and
database administrator as well as Web and application developer. Paul has
written previously on virtual reality and Web development and has served as
technical editor for several books on Microsoft technologies. Paul lives in

Columbia, Missouri with his life and writing partner Mary.To the Syngress
editorial staff, my thanks for letting me be a part of this project.To my kids,
adulthood is just the beginning of all the fun you can have.
Rob Amini (MCSE, MCDBA, MCT) is currently a systems manager for
Marriott International in Salt Lake City, Utah. He has a Bachelor’s degree in
computer science and has been breaking and fixing machines since the Atari
800 was considered state of the art. In 1993 he began his professional career
by fixing IBM mainframes and various unix-flavored boxes. After a long stint
as a technician and systems admin, he gained fabled notoriety as a
255_70-293_FM.qxd 9/10/03 2:41 PM Page vii
viii
pun-wielding Microsoft trainer. Rob has continued as an instructor for more
than three years and although teaching is his first love, he tends to enjoy
technical writing more than a well-adjusted person should.When actually
not working with and programming a variety of electronic gizmos, Rob
enjoys spending every minute he can with his beautiful wife Amy and the
rest of his supportive family.
Dan Douglass (MCSE+I, MCDBA, MCSD, MCT) is a software developer
and trainer with a cutting edge medical software company in Dallas,Texas.
He currently provides software development skills, internal training and inte-
gration solutions, as well as peer guidance for technical skills development.
His specialties include enterprise application integration and design, HL7,
XML, XSL,Visual Basic, database design and administration, Back Office and
.NET Server platforms, network design, Microsoft operating systems, and
FreeBSD. Dan is a former US Navy Submariner and lives in Plano,TX with
his very supportive and understanding wife,Tavish.
Jada Brock-Soldavini is a MCSE and holds a degree in Computer
Information Systems. She has worked in the Information Technology
Industry for over 7 years. She is working on her Cisco certification track
currently and has contributed to over a dozen books and testing software for

the Microsoft exam curriculum. She works for the State of Georgia as a
Network Services Administrator.When she is not working on her technical
skills she enjoys playing the violin. Jada is married and lives in the suburbs of
Atlanta with her husband and children.
Michael Moncur is an MCSE and CNE. He is the author of several best-
selling books about networking and the Internet, including MCSE In a
Nutshell:The Windows 2000 Exams (O’Reilly and Associates). Michael lives in
Salt Lake City with his wife, Laura.
255_70-293_FM.qxd 9/10/03 2:41 PM Page viii
ix
Laura E. Hunter (CISSP, MCSE, MCT, MCDBA, MCP, MCP+I, CCNA,
A+, Network+, iNet+, CNE-4, CNE-5) is a Senior IT Specialist with the
University of Pennsylvania, where she provides network planning, implemen-
tation and troubleshooting services for various business units and schools
within the University. Her specialties include Microsoft Windows NT and
2000 design and implementation, troubleshooting and security topics. As an
“MCSE Early Achiever” on Windows 2000, Laura was one of the first in the
country to renew her Microsoft credentials under the Windows 2000 certifi-
cation structure. Laura’s previous experience includes a position as the
Director of Computer Services for the Salvation Army and as the LAN
administrator for a medical supply firm. She also operates as an independent
consultant for small businesses in the Philadelphia metropolitan area and is a
regular contributor to the TechTarget family of websites.
Laura has previously contributed to the Syngress Publishing’s Configuring
Symantec Antivirus, Corporate Edition (ISBN 1-931836-81-7). She has also con-
tributed to several other exam guides in the Syngress Windows Server 2003
MCSE/MCSA DVD Guide and Training System series as a DVD presenter,
contributing author, and technical reviewer.
Laura holds a bachelor’s degree from the University of Pennsylvania and
is a member of the Network of Women in Computer Technology, the

Information Systems Security Association, and InfraGard, a cooperative
undertaking between the U.S. Government and other participants dedicated
to increasing the security of United States critical infrastructures.
Technical Reviewer, DVD Presenter,
and Contributor
255_70-293_FM.qxd 9/10/03 2:41 PM Page ix
x
Debra Littlejohn Shinder (MCSE) is a technology consultant, trainer, and
writer who has authored a number of books on networking, including Scene
of the Cybercrime: Computer Forensics Handbook published by Syngress
Publishing (ISBN: 1-931836-65-5), and Computer Networking Essentials, pub-
lished by Cisco Press. She is co-author, with her husband Dr.Thomas
Shinder, of Troubleshooting Windows 2000 TCP/IP (ISBN: 1-928994-11-3),
the best-selling Configuring ISA Server 2000 (ISBN: 1-928994-29-6), and ISA
Server and Beyond (ISBN: 1-931836-66-3). Deb is also a technical editor and
contributor to books on subjects such as the Windows 2000 MCSE exams,
the CompTIA Security+ exam, and TruSecure’s ICSA certification. She edits
the Brainbuzz A+ Hardware News and Sunbelt Software’s WinXP News and
is regularly published in TechRepublic’s TechProGuild and
Windowsecurity.com. Deb specializes in security issues and Microsoft prod-
ucts. She lives and works in the Dallas-Fort Worth area and can be contacted
at or via the website at www.shinder.net.
Thomas W. Shinder M.D.
(MVP, MCSE) is a computing industry veteran
who has worked as a trainer, writer, and a consultant for Fortune 500 com-
panies including FINA Oil, Lucent Technologies, and Sealand Container
Corporation.Tom was a Series Editor of the Syngress/Osborne Series of
Windows 2000 Certification Study Guides and is author of the best selling
books Configuring ISA Server 2000: Building Firewalls with Windows 2000
(Syngress Publishing, ISBN: 1-928994-29-6) and Dr.Tom Shinder’s ISA Server

and Beyond (ISBN: 1-931836-66-3).Tom is the editor of the Brainbuzz.com
Win2k News newsletter and is a regular contributor to TechProGuild. He is
also content editor, contributor, and moderator for the World’s leading site on
ISA Server 2000, www.isaserver.org. Microsoft recognized Tom’s leadership
in the ISA Server community and awarded him their Most Valued
Professional (MVP) award in December of 2001.
Jeffery A. Martin (MCSE, MCDBA, MCT, MCP+I, MCNE, CNI, CCNP,
CCI, CCA, CTT,A+, Network+, I-Net+, Project+, Linux+, CIW,ADPM)
has been working with computers and computer networks for over 15 years.
Jeffery spends most of his time managing several companies that he owns and
consulting for large multinational media companies. He also enjoys working
as a technical instructor and training others in the use of technology.
Technical Editors
255_70-293_FM.qxd 9/10/03 2:41 PM Page x
Exam Objective Map
Objective Chapter
Number Objective Number
1 Planning and Implementing Server Roles and 2
Server Security
1.1 Configure security for servers that are assigned 2
specific roles.
1.2 Plan a secure baseline installation. 2
1.2.1 Plan a strategy to enforce system default security 2
settings on new systems.
1.2.2 Identify client operating system default 2
security settings.
1.2.3 Identify all server operating system default 2
security settings.
1.3 Plan security for servers that are assigned specific 2
roles. Roles might include domain controllers,

Web servers, database servers, and mail servers.
1.3.1 Deploy the security configuration for servers that 2
are assigned specific roles.
xi
MCSE 70-293 Exam Objectives Map and
Table of Contents
All of Microsoft’s published objectives for the MCSE 70-
293 Exam are covered in this book. To help you easily
find the sections that directly support particular
objectives, we’ve listed all of the exam objectives
below, and mapped them to the Chapter number in
which they are covered. We’ve also assigned num-
bers to each objective, which we use in the subse-
quent Table of Contents and again throughout the
book to identify objective coverage. In some chapters,
we’ve made the judgment that it is probably easier for the
student to cover objectives in a slightly different sequence than
the order of the published Microsoft objectives. By reading this study guide and fol-
lowing the corresponding objective list, you can be sure that you have studied 100%
of Microsoft’s MCSE 70-293 Exam objectives.
255_70-293_Obj.qxd 9/10/03 6:28 PM Page xi
xii Exam Objective Map
Objective Chapter
Number Objective Number
1.3.2 Create custom security templates based on 2
server roles.
1.4 Evaluate and select the operating system to 2
install on computers in an enterprise.
1.4.1 Identify the minimum configuration to satisfy 2
security requirements.

2 Planning, Implementing, and Maintaining a 3, 4, 5
Network Infrastructure
2.1 Plan a TCP/IP network infrastructure strategy. 3
2.1.1 Analyze IP addressing requirements. 3
2.1.2 Plan an IP routing solution. 3, 4
2.1.3 Create an IP subnet scheme. 3
2.2 Plan and modify a network topology. 3
2.2.1 Plan the physical placement of network 3
resources.
2.2.2 Identify network protocols to be used. 3
2.3 Plan an Internet connectivity strategy. 5
2.4 Plan network traffic monitoring. Tools might 3
include Network Monitor and System Monitor.
2.5 Troubleshoot connectivity to the Internet. 5
2.5.1 Diagnose and resolve issues related to Network 5
Address Translation (NAT).
2.5.2 Diagnose and resolve issues related to name 6
resolution cache information.
2.5.3 Diagnose and resolve issues related to client 4
configuration.
2.6 Troubleshoot TCP/IP addressing. 3
2.6.1 Diagnose and resolve issues related to client 3
computer configuration.
2.6.2 Diagnose and resolve issues related to DHCP 3
server address assignment.
2.7 Plan a host name resolution strategy. 6
2.7.1 Plan a DNS namespace design. 6
2.7.2 Plan zone replication requirements. 6
2.7.3 Plan a forwarding configuration. 6
255_70-293_Obj.qxd 9/10/03 6:28 PM Page xii

Exam Objective Map xiii
Objective Chapter
Number Objective Number
2.7.4 Plan for DNS security. 6
2.7.5 Examine the interoperability of DNS with third- 6
party DNS solutions.
2.8 Plan a NetBIOS name resolution strategy. 6
2.8.1 Plan a WINS replication strategy. 6
2.8.2 Plan NetBIOS name resolution by using the 6
Lmhosts file.
2.9 Troubleshoot host name resolution. 6
2.9.1 Diagnose and resolve issues related to DNS 6
services.
2.9.2 Diagnose and resolve issues related to client 6
computer configuration.
3 Planning, Implementing, and Maintaining 4, 7
Routing and Remote Access
3.1 Plan a routing strategy. 4
3.1.1 Identify routing protocols to use in a 4
specified environment.
3.1.2 Plan routing for IP multicast traffic. 4
3.2 Plan security for remote access users. 7
3.2.1 Plan remote access policies. 7
3.2.2 Analyze protocol security requirements. 7
3.2.3 Plan authentication methods for remote 7
access clients.
3.3 Implement secure access between private 7
networks.
3.3.1 Create and implement an IPSec policy. 10
3.4 Troubleshoot TCP/IP routing. Tools might include 4

the route, tracert, ping, pathping, and netsh
commands and Network Monitor.
4 Planning, Implementing, and Maintaining 8
Server Availability
4.1 Plan services for high availability. 8
4.1.1 Plan a high availability solution that uses 9
clustering services.
255_70-293_Obj.qxd 9/10/03 6:28 PM Page xiii
xiv Exam Objective Map
Objective Chapter
Number Objective Number
4.1.2 Plan a high availability solution that uses 9
Network Load Balancing.
4.2 Identify system bottlenecks, including memory, 8
processor, disk, and network related bottlenecks.
4.2.1 Identify system bottlenecks by using 8
System Monitor.
4.3 Implement a cluster server. 9
4.3.1 Recover from cluster node failure. 9
4.4 Manage Network Load Balancing. Tools might 9
include the Network Load Balancing Monitor
Microsoft Management Console (MMC) snap-in
and the WLBS cluster control utility.
4.5 Plan a backup and recovery strategy. 8
4.5.1 Identify appropriate backup types. Methods 8
include full, incremental, and differential.
4.5.2 Plan a backup strategy that uses volume 8
shadow copy.
4.5.3 Plan system recovery that uses Automated 8
System Recovery (ASR).

5 Planning and Maintaining Network Security 10, 11
5.1 Configure network protocol security. 10
5.1.1 Configure protocol security in a heterogeneous 10
client computer environment.
5.1.2 Configure protocol security by using IPSec 10
policies.
5.2 Configure security for data transmission. 10
5.2.1 Configure IPSec policy settings. 10
5.3 Plan for network protocol security. 10
5.3.1 Specify the required ports and protocols for 4
specified services.
5.3.2 Plan an IPSec policy for secure network 10
communications.
5.4 Plan secure network administration methods. 11
5.4.1 Create a plan to offer Remote Assistance to 7
client computers.
255_70-293_Obj.qxd 9/10/03 6:28 PM Page xiv
Exam Objective Map xv
Objective Chapter
Number Objective Number
5.4.2 Plan for remote administration by using 7
Terminal Services.
5.5 Plan security for wireless networks. 11
5.6 Plan security for data transmission. 10
5.6.1 Secure data transmission between client 10
computers to meet security requirements.
5.6.2 Secure data transmission by using IPSec. 10
5.7 Troubleshoot security for data transmission. 10
Tools might include the IP Security Monitor
MMC snap-in and the Resultant Set of Policy

(RSoP) MMC snap-in.
6 Planning, Implementing, and Maintaining 11, 12
Security Infrastructure.
6.1 Configure Active Directory directory service for 12
certificate publication.
6.2 Plan a public key infrastructure (PKI) that uses 12
Certificate Services.
6.2.1 Identify the appropriate type of certificate 12
authority to support certificate issuance
requirements.
6.2.2 Plan the enrollment and distribution of 12
certificates.
6.2.3 Plan for the use of smart cards for 12
authentication.
6.3 Plan a framework for planning and 11
implementing security.
6.3.1 Plan for security monitoring. 11
6.3.2 Plan a change and configuration management 11
framework for security.
6.4 Plan a security update infrastructure. Tools might 11
include Microsoft Baseline Security Analyzer and
Microsoft Software Update Services.
255_70-293_Obj.qxd 9/10/03 6:28 PM Page xv
255_70-293_Obj.qxd 9/10/03 6:28 PM Page xvi
Contents
xvii
Foreword xxxvii
Chapter 1 Using Windows Server 2003 Planning Tools
and Documentation 1
Introduction …………………………………………………………2

Overview of Network Infrastructure Planning ………………………2
Planning Strategies ………………………………………………3
Using Planning Tools ……………………………………………3
Fundamentals of Network Design ………………………………9
Analyzing Organizational Needs ……………………………………11
Information Flow Factors ………………………………………11
Management Model and Organizational Structure ………………12
Centralization versus Decentralization …………………………13
Management Priorities …………………………………………14
Availability/Fault Tolerance …………………………………15
Security ………………………………………………………15
Scalability ……………………………………………………16
Performance …………………………………………………16
Cost …………………………………………………………16
User Priorities ……………………………………………………17
Electronic Communications …………………………………17
Scheduling/Task Management ………………………………18
Project Collaboration …………………………………………19
Data Storage and Retrieval …………………………………21
Internet Research ……………………………………………23
Application Services …………………………………………23
Print Services …………………………………………………24
Graphics/Audio/Video Services ……………………………26
Reviewing Legal and Regulatory Considerations ………………26
Calculating TCO …………………………………………………27
255_70-293_TOC.qxd 9/10/03 8:53 PM Page xvii
xviii Contents
Planning for Growth ……………………………………………28
Developing a Test Network Environment ……………………………29
Planning the Test Network ………………………………………30

Implementing the Test Network …………………………………34
Documenting the Planning and Network Design Process …………36
Importance of Documentation …………………………………37
Creating the Planning and Design Document …………………37
Summary of Exam Objectives ………………………………………39
Exam Objectives Fast Track …………………………………………40
Exam Objectives Frequently Asked Questions ………………………41
Self Test ………………………………………………………………43
Self Test Quick Answer Key …………………………………………51
Chapter 2 Planning Server Roles and Server Security 53
Introduction …………………………………………………………54
1.1.1 Understanding Server Roles …………………………………………54
Domain Controllers (Authentication Servers) …………………58
Active Directory ……………………………………………58
Operations Master Roles ……………………………………59
File and Print Servers ……………………………………………62
Print Servers …………………………………………………62
File Servers ……………………………………………………62
DHCP, DNS, and WINS Servers ………………………………63
DHCP Servers ………………………………………………63
DNS Servers …………………………………………………64
WINS Servers ………………………………………………65
Web Servers ……………………………………………………65
Web Server Protocols …………………………………………66
Web Server Configuration ……………………………………67
Database Servers …………………………………………………68
Mail Servers ……………………………………………………68
Certificate Authorities ……………………………………………69
PKI ……………………………………………………………69
Certificates ……………………………………………………70

Certificate Services …………………………………………71
Application Servers and Terminal Servers ………………………75
Application Servers …………………………………………75
255_70-293_TOC.qxd 9/10/03 8:53 PM Page xviii
Contents xix
Terminal Servers ……………………………………………78
1.1 Planning a Server Security Strategy …………………………………78
1.4 Choosing the Operating System …………………………………79
Security Features ……………………………………………81
Functional Levels ……………………………………………83
1.4.1 Identifying Minimum Security Requirements
for Your Organization …………………………………………91
Identifying Configurations
to Satisfy Security Requirements ………………………………93
1/1.2 Planning Baseline Security …………………………………………94
Security Templates and Tools ……………………………………94
Predefined Templates …………………………………………95
Security Configuration and Analysis …………………………98
Group Policy Object Editor …………………………………99
Secedit ………………………………………………………100
Planning Secure Baseline Installation Parameters ………………103
Using Security Configuration and Analysis
to Analyze a Computer …………………………………103
1.2.1/1.2.2 Enforcing Default Security Settings on New Computers ……109
1.2.3
Using Security Configuration and Analysis
to Apply Templates a Local Computer ……………………109
Using Group Policy Object Editor to Apply Templates ……109
1 Customizing Server Security ………………………………………113
1.3/1.3.1 Securing Servers According to Server Roles …………………113

Security Issues Related to All Server Roles …………………113
Securing Domain Controllers ………………………………121
Securing File and Print Servers ……………………………122
Securing DHCP, DNS, and WINS Servers …………………125
Securing Web Servers ………………………………………126
Securing Database Servers …………………………………127
Securing Mail Servers ………………………………………128
Securing CAs ………………………………………………129
Securing Application and Terminal Servers …………………130
1.3.2 Creating Custom Security Templates …………………………131
Deploying Security Configurations ……………………………134
255_70-293_TOC.qxd 9/10/03 8:53 PM Page xix
xx Contents
Summary of Exam Objectives ………………………………………137
Exam Objectives Fast Track …………………………………………137
Exam Objectives Frequently Asked Questions ……………………139
Self Test ……………………………………………………………140
Self Test Quick Answer Key ………………………………………146
Chapter 3 Planning, Implementing, and Maintaining the
TCP/IP Infrastructure 147
2/2.1/2.1.2 Introduction ………………………………………………………148
Understanding Windows 2003 Server Network Protocols …………148
2.2.2 Identifying Protocols to Be Used …………………………149
Advantages of the TCP/IP Protocol Suite …………………151
The Multiprotocol Network Environment …………………153
Reviewing TCP/IP Basics ……………………………………160
What’s New in TCP/IP for Windows Server 2003 ……………164
IGMPv3 ……………………………………………………165
IPv6 …………………………………………………………165
Alternate Configuration ……………………………………166

Automatic Determination of Interface Metric ……………167
2/2.1/2.1.2 Planning an IP Addressing Strategy …………………………………171
2.1.1 Analyzing Addressing Requirements ……………………………171
2.1.3 Creating a Subnetting Scheme …………………………………173
Classful Addressing …………………………………………173
Understanding ANDing and Binary Numbering …………175
Subnetting Networks ………………………………………177
Classless Inter-Domain Routing (CIDR) …………………180
2.6 Troubleshooting IP Addressing …………………………………181
2.6.1 Client Configuration Issues …………………………………181
2.6.2 DHCP Issues ………………………………………………182
Transitioning to IPv6 …………………………………………183
IPv6 Utilities ………………………………………………184
6to4 Tunneling ………………………………………………192
IPv6 Helper Service …………………………………………192
The 6bone …………………………………………………193
Teredo (IPv6 with NAT) ……………………………………193
2/2.1 Planning the Network Topology ……………………………………193
2.1.2/2.2
Analyzing Hardware Requirements ……………………………193
2.2.1 Planning the Placement of Physical Resources …………………194
255_70-293_TOC.qxd 9/10/03 8:53 PM Page xx
Contents xxi
2/2.1/2.1.1/ Planning Network Traffic Management ……………………………194
2.4 Monitoring Network Traffic and Network Devices ……………195
Using Network Monitor ……………………………………195
Using System Monitor ………………………………………196
Determining Bandwidth Requirements ………………………198
Optimizing Network Performance ……………………………198
Summary of Exam Objectives ………………………………………200

Exam Objectives Fast Track …………………………………………200
Exam Objectives Frequently Asked Questions ……………………202
Self Test ……………………………………………………………204
Self Test Quick Answer Key ………………………………………209
Chapter 4 Planning, Implementing, and Maintaining a
Routing Strategy 211
Introduction ………………………………………………………212
2/2.1.2/3 Understanding IP Routing …………………………………………212
Reviewing Routing Basics ……………………………………213
Routing Tables ………………………………………………216
Static versus Dynamic Routing ……………………………220
Gateways ……………………………………………………222
3.1.2 Planning a Routing Strategy for IP Multicast Traffic ………223
Routing Protocols …………………………………………225
Using Netsh Commands ……………………………………233
Evaluating Routing Options ……………………………………236
Selecting Connectivity Devices ……………………………236
Switches ……………………………………………………242
Routers ……………………………………………………245
Windows Server 2003 As a Router ……………………………245
2/2.1.2/3/ Security Considerations for Routing ………………………………257
3.1/5.3.1
Analyzing Requirements for Routing Components …………259
Simplifying Network Topology to Provide Fewer
Attack Points …………………………………………………259
Minimizing the Number of Network Interfaces and
Routes ……………………………………………………260
Minimizing the Number of Routing Protocols ……………260
Router-to-Router VPNs ………………………………………263
Packet Filtering and Firewalls …………………………………268

Logging Level …………………………………………………269
255_70-293_TOC.qxd 9/10/03 8:53 PM Page xxi
xxii Contents
2/2.1.2/3 Troubleshooting IP Routing ………………………………………270
3.4
Identifying Troubleshooting Tools ………………………………271
Common Routing Problems …………………………………274
Interface Configuration Problems …………………………274
RRAS Configuration Problems ……………………………274
Routing Protocol Problems …………………………………275
2.5.3 TCP/IP Configuration Problems …………………………276
Routing Table Configuration Problems ……………………276
Summary of Exam Objectives ………………………………………277
Exam Objectives Fast Track …………………………………………277
Exam Objectives Frequently Asked Questions ……………………279
Self Test ……………………………………………………………280
Self Test Quick Answer Key ………………………………………285
Chapter 5 Planning, Implementing, and Maintaining an
Internet Connectivity Strategy 287
Introduction ………………………………………………………288
2/2.3/2.5 Connecting the LAN to the Internet ………………………………289
Routed Connections ……………………………………………289
Advantages of Routed Connections ………………………289
Hardware and Software Routers ……………………………289
IP Addressing for Routed Connections ……………………290
Translated Connections …………………………………………290
2.5 Network Address Translation (NAT) ………………………291
Internet Connection Sharing (ICS) …………………………297
2/2.3 Implementing Virtual Private Networks (VPNs) …………………300
Internet-based VPNs ……………………………………………301

How Internet-based VPNs Work …………………………301
Configuring Internet-based VPNs …………………………302
Router-to-Router VPNs ………………………………………303
On Demand/Demand-Dial Connections …………………304
One-Way versus Two-Way Initiation ………………………306
Persistent Connections ………………………………………306
Remote-Access Policies ……………………………………306
VPN Protocols …………………………………………………306
PPTP ………………………………………………………307
L2TP ………………………………………………………307
255_70-293_TOC.qxd 9/10/03 8:53 PM Page xxii
Contents xxiii
VPN Security …………………………………………………307
MPPE ………………………………………………………307
IPSec ………………………………………………………307
2/2.3 Using Internet Authentication Service (IAS) ………………………308
Advantages of IAS ………………………………………………308
Centralized User Authentication and Authorization ………308
Centralized Auditing and Accounting ………………………309
RRAS Integration …………………………………………309
Control via Remote-Access Policies ………………………309
Extensibility and Scalability …………………………………309
IAS Management ………………………………………………309
Activating IAS Authentication ………………………………310
Using the IAS MMC Snap-in ………………………………312
IAS Monitoring ……………………………………………313
IAS SDK ……………………………………………………313
Authentication Methods ………………………………………314
PPP-based Protocols ………………………………………314
EAP …………………………………………………………314

Authorization Methods …………………………………………317
Dialed Number Identification Service (DNIS) ……………317
Automatic Number Identification (ANI) and
Calling Line Identification (CLI) …………………………317
Guest Authorization …………………………………………317
Access Server Support …………………………………………318
Outsourced Dialing ……………………………………………318
2/2.3 Using Connection Manager ………………………………………318
Using CMAK …………………………………………………319
Installing and Running CMAK ……………………………319
Service Profiles ………………………………………………323
Custom Actions ……………………………………………323
Custom Help ………………………………………………324
VPN Support ………………………………………………324
Connection Manager Security Issues …………………………324
Preventing Editing of Service Profile Files …………………324
Client Operating System, File System, and Configuration …324
Preventing Users from Saving Passwords ……………………325
255_70-293_TOC.qxd 9/10/03 8:53 PM Page xxiii
xxiv Contents
Secure Distribution of Service Profiles ……………………325
Summary of Exam Objectives ………………………………………326
Exam Objectives Fast Track …………………………………………326
Exam Objectives Frequently Asked Questions ……………………328
Self Test ……………………………………………………………330
Self Test Quick Answer Key ………………………………………334
Chapter 6 Planning, Implementing, and Maintaining a
Name Resolution Strategy 335
Introduction ………………………………………………………336
2.7 Planning for Host Name Resolution ………………………………337

Understanding Host Naming …………………………………337
NetBIOS over TCP/IP ……………………………………338
Host Names …………………………………………………338
Understanding the Hosts File ………………………………339
Understanding DNS ………………………………………341
2.7.1 Designing a DNS Namespace …………………………………357
Choosing the Parent Domain Name ………………………358
Host Naming Conventions and Limitations ………………359
DNS and Active Directory (AD) ……………………………361
Supporting Multiple Namespaces …………………………363
Planning DNS Server Deployment ……………………………369
Planning the Number of DNS Servers ……………………369
Planning for DNS Server Capacity …………………………371
Planning DNS Server Placement ……………………………372
Planning DNS Server Roles ………………………………373
2.7.2 Planning for Zone Replication …………………………………377
Active Directory-integrated Zone Replication Scope ………379
Security for Zone Replication ………………………………382
General Guidelines for Planning for Zone Replication ……382
2.7.3 Planning for Forwarding ………………………………………383
Conditional Forwarding ……………………………………384
General Guidelines for Using Forwarders …………………386
DNS/DHCP Interaction ………………………………………387
Security Considerations for DDNS and DHCP ……………389
Aging and Scavenging of DNS Records ……………………391
2.7.5 Windows Server 2003 DNS Interoperability …………………392
255_70-293_TOC.qxd 9/10/03 8:53 PM Page xxiv