Z02I622884.fm Page 1 Friday, March 31, 2006 1:20 PM
all zone transfer queries (AXFR) queries
I-1
Index
Symbols and Numbers
; (semicolon), 4-36
% Processor Time counter, 12-7
* (wildcard), 15-7
. (trailing dot), 4-13
@ (at symbol), 5-35
3DES (Triple Data Encryption Standard), 10-85
80/20 rule, 7-9 to 7-10
A
A (host) resource records
default client update behavior, 4-59
dynamic updates, 5-30 to 5-31
multihomed computers, 5-48
netmask ordering, 5-48
overview of, 4-37
zone delegations, 5-59, 5-60
AAAA (QuadA) records, IPv6, 14-1
ABRs (area border routers), 9-64
access control
Allow Access setting, 10-24 to 10-25, 10-29 to
10-30, 10-35
Control Access Through Remote Access Policy
setting, 10-24, 10-25, 10-32
Deny Access setting, 10-24, 10-25, 10-29, 10-36
account policies, 11-23
ACK (acknowledgement) messages, 8-4, 8-5, 8-11 to
8-12
Action tab, Performance Logs and Alerts, 12-12
Activate menu command, scopes, 7-14
Active Directory
DHCP server authorization, 7-5
Load Zone Data On Startup option, 5-46, 5-52 to
5-53
RADIUS server configuration, 10-80
SRV (service) resource record verification, 5-15 to
5-18
Active Directory Client Extensions pack, 15-19
Active Directory–integrated zones
defining, 4-33 to 4-34
dynamic updates, 5-27 to 5-31
overview of, 5-23
replication, 5-23, 5-24 to 5-25
Replication Monitor, 6-20 to 6-24
active leases, 7-32
Add Or Remove Programs tool, 4-26
address block size, 2-22 to 2-30
in /n terms, 2-22
lesson review, 2-30 to 2-31
lesson summary, 2-31
practice exercises, 2-23 to 2-30
w.x.y.z subnet mask, 2-23
address conflicts, 8-28 to 8-29
address pools
defined, 7-9
static, 10-6 to 10-7
Address Resolution Protocol (ARP)
defined, 2-57
overview of, 2-3
troubleshooting TCP/IP connections, 3-28 to 3-29
addressing. See IP addresses
adjacency, OSPF, 9-63
administrators
DHCP Administrators group, 7-26, 7-53
DHCP server installation, 7-4
Enterprise Admins group, 7-5, 7-53
network security. See security administration
security alerts
advertisements, 9-37
aging, zones, 5-31 to 5-32
alerts
Network Monitor, 12-17 to 12-18
Performance console, 12-9 to 12-14, 12-19 to 12-20
See also Performance Logs and Alerts
algorithms
IKE security, 11-67, 11-95
RSA RC4 (Riveset-Shadmir Adleman), 10-30, 10-85
Shortest Path First (SPF) algorithm, 9-63
alias (CNAME) resource records, 4-15, 4-37 to 4-38
All Names name-checking method, 5-52
all zone transfer queries (AXFR) queries
DNS performance counters for, 6-26
Z02I622884.fm Page 2 Friday, March 31, 2006 1:20 PM
I-2
all zone transfer queries (AXFR) queries
overview of, 5-39 to 5-39
Allow Access setting, remote access, 10-24 to 10-25,
10-29 to 10-30, 10-35
Always Use Message Authenticator, 10-77
American Registry for Internet Numbers (ARIN),
2-12
AND function, Calculator, 8-31
APIPA (Automatic Private IP Addressing), 1-22, 1-25
to 1-29
address ranges, 13-4, 13-6, 13-9
defined, 1-37
DCHP addresses, 8-29
DHCP client migration, 7-14
DHCP leases and, 8-3
overview of, 1-25
remote access through DHCP, 10-6
troubleshooting, 1-27
APNIC (Asia-Pacific Network Information Center),
2-12
AppleTalk routing, 9-4, 9-19
application directory partitions, 5-25 to 5-27
defined, 5-80
application layer, TCP/IP, 2-2, 2-4
Network Monitor and, 3-11, 3-12
overview of, 2-5
application startup, Computer Management console,
12-32 to 12-33
area border routers (ABRs), 9-64
areas, OSPF, 9-64
ARIN (American Registry for Internet Numbers),
2-12
ARP (Address Resolution Protocol)
defined, 2-57
overview of, 2-3
troubleshooting TCP/IP connections, 3-28 to 3-29
ARP –a command, 2-3
ARP –d command, 2-3
Asia-Pacific Network Information Center (APNIC),
2-12
at symbol (@), 5-35
attributeSchema, 6-21, 6-33
audit logging, DHCP, 8-20 to 8-26
event codes, 8-23
lesson review, 8-25 to 8-26
log event codes 50 and above, 8-23 to 8-24
overview of, 8-20 to 8-22
server authorization events, 8-23
server logs, 8-22 to 8-25
auditing
Internet Key Exchange (IKE), 11-80
IPSec, 11-82 to 11-83
authentication
authorization vs., 10-7
defined, 10-7
demand-dial router-to-router, 9-38
mutual authentication, 16-36
network security and, 11-9
remote access, 10-7 to 10-18
RIP, 9-61
See also IAS (Internet Authentication Service)
Authentication Header (AH), 11-42
Authentication Methods dialog box, 10-16
authentication protocols
CHAP, 10-10 to 10-13
choosing, 10-9 to 10-10
configuring client side, 10-12 to 10-15
configuring server side, 10-16 to 10-18
EAP, 16-8, 16-16 to 16-17
EAP-MD5 CHAP, 10-10 to 10-13
EAP-TLS, 10-9 to 10-13, 10-16 to 10-17, 10-58,
10-87
features of, 10-11 to 10-12
MS-CHAP v1, 10-10 to 10-13, 10-15
MS-CHAP v2, 10-10 to 10-13, 10-15, 16-16 to
16-17, 16-39, 16-45
operating system support, 10-12 to 10-13
PAP, 10-10, 10-11 to 10-15
RADIUS, 10-8, 10-26 to 10-27, 10-32, 10-38, 10-67
to 10-81
SPAP, 10-10, 10-11 to 10-14
unauthenticated access, 10-10
Authentication tab, Edit Dial-In Profile dialog box,
10-17, 10-30
Authentication-Type dialog box, 10-28
authoritative answer, 4-21
authorization
authentication vs., 10-7
demand-dial router-to-router, 9-38
DHCP servers, 7-5
Kerberos and, 11-53 to 11-54
Z02I622884.fm Page 3 Friday, March 31, 2006 1:20 PM
Caller ID, remote access permissions
network security, 11-4
troubleshooting DHCP, 13-31
automatic addressing, DHCP servers, 1-25, 1-28
Automatic Private IP Addressing (APIPA)
address ranges, 13-4, 13-6, 13-9
defined, 1-37
DCHP addresses, 8-29
DHCP client migration, 7-14
DHCP leases and, 8-3
overview of, 1-25
remote access through DHCP, 10-6
troubleshooting, 1-27
Automatic Updates, 15-2, 15-18
autostatic routes, 9-36, 9-79
Autostatic Update, 16-33
AXFR (all zone transfer) queries
DNS performance counters for, 6-26
overview of, 5-39 to 5-39
B
Backup command, DHCP console, 7-32 to 7-34
backups
DHCP server database, 7-32 to 7-34, 7-38
disabling NetBIOS, 4-8
BACP (Bandwidth Allocation Control Protocol),
9-11, 9-12, 9-79
bandwidth, 9-12, 17-1
Bandwidth Allocation Control Protocol (BACP),
9-11, 9-12, 9-79
BAP (Bandwidth Allocation Protocol)
defined, 9-11
dynamic bandwidth control, 9-12
port and device properties, 9-34
remote access policies, 10-30
Basic Firewall/NAT, 9-7, 9-48
troubleshooting, 9-50
Batch mode, 7-25
binary notation, 2-7, 2-9 to 2-10, 2-16, 2-18
converting manually, 2-9 to 2-10
converting with calculator, 2-18
defined, 2-7
exercise converting, 2-18 to 2-19, 2-60
BIND Secondaries, Advanced tab of DNS server
properties, 5-46, 5-47 to 5-48
Bindings dialog box, 8-30, 8-31
block size, 2-22 to 2-30
in /n terms, 2-22
lesson review, 2-30 to 2-31
lesson summary, 2-31
practice exercises, 2-23 to 2-30
w.x.y.z subnet mask, 2-23
blocking policies
creating, 11-60 to 11-64
troubleshooting, 11-81, 11-103
BOOTP (Boot Protocol) forwarding
defined, 9-79
DHCP Relay Agent, 9-65, 9-66, 9-84
bridges, routers compared with, 9-3
broadcasts
limited broadcast addresses, 9-17, 9-18
RRAS name resolution, 9-10 to 9-11
subnetting and, 2-42
traffic, 2-35
browsing, 4-3, 4-7 to 4-8
without NetBIOS, 4-7
brute force attack, 11-6
C
cables, crossover, 1-25
Cached Lookups folder, 4-41
Cache.dns file, 5-10, 5-11
caching-only servers, 4-34 to 4-35
DNS client cache, 4-22, 4-58
DNS resolver cache, 4-58
DNS server cache, 4-23, 4-40 to 4-41
forwarding and, 5-5
overview, 4-22 to 4-23
Secure Cache Against Pollution option,
5-51
Caching Memory counter, DNS, 6-26
Calculator
AND function, 8-31
calculating host IDs per subnet, 2-42, 2-43
notation conversions and, 2-16
callbacks, 9-12, 9-33
defined, 9-79
remote access permissions and, 10-25
called router, 9-38
Called-Station-ID attribute, 9-34
Caller ID, remote access permissions, 10-25
I-3
Z02I622884.fm Page 4 Friday, March 31, 2006 1:20 PM
I-4
calling router
calling router, 9-38
canonical names (CNAME), 4-15, 4-22, 4-35, 4-37 to
4-38
Capture Trigger dialog box, 12-18
Capture window, Network Monitor, 3-7
CAs (certificate authorities), 10-58
case-sensitivity, DNS names, 4-49
certificate authorities (CAs), 10-58
Certificate Services component, 1-12
certificates
L2TP/IPSec and, 10-58 to 10-59
overview of, 1-12
Cfg setting, Secedit, 11-34
Chaddr (Client Ethernet Address) field
DHCP ACK, 8-11 to 8-12
DHCP Discover, 8-7 to 8-8
DHCP NACK, 8-12 to 8-13
DHCP Offer, 8-8 to 8-9
DHCP Request, 8-9 to 8-11
Challenge Handshake Authentication Protocol
(CHAP)
defined, 10-10
features/exam tips, 10-11 to 10-12
operating system support, 10-12 to 10-15
Change Zone Replication Scope dialog box, 5-24,
5-26, 5-27
Change Zone Type dialog box, 5-22 to 5-23
CHAP (Challenge Handshake Authentication
Protocol), 10-10 to 10-13
defined, 10-10
features/exam tips, 10-11 to 10-12
operating system support, 10-12 to 10-15
Ciaddr (Client IP Address) field, 8-7, 8-11
CIDR (classless interdomain routing), 2-9
CIFS (Common Internet File System)
defined, 1-37
functions of, 1-9
Kerberos and, 11-46
NetBIOS and, 1-9
Class field, 4-36
classes
IP address, 2-10
user, 7-35 to 7-37
classless interdomain routing (CIDR), 2-9
classSchema, 6-21, 6-33
clean install, 15-2, 15-7
client configuration,
authentication protocols, 10-12 to 10-15
demand-dial router-to-router, 9-40
DHCP server, 7-13 to 7-14, 7-16 to 7-19
network, 1-22
PPTP on VPN, 10-56 to 10-57
RADIUS, 10-75, 10-77
RADIUS proxy, 10-73 to 10-75
remote access, 10-3 to 10-22
troubleshooting DHCP, 8-27 to 8-36
troubleshooting IP addressing, 13-31
Client Ethernet Address field (Chaddr) field
DHCP ACK, 8-11 to 8-12
DHCP Discover, 8-7 to 8-8
DHCP NACK, 8-12 to 8-13
DHCP Offer, 8-8 to 8-9
DHCP Request, 8-9 to 8-11
Client For Microsoft Networks, 1-19, 3-11
Client IP Address (Ciaddr) field, 8-7, 8-11
Client Service For Netware, 1-18
CNAME (alias) resource records, 4-15, 4-22, 4-35,
4-37 to 4-38
comments, resource records, 4-36
Common Internet File System protocol (CIFS)
defined, 1-37
functions of, 1-9
Kerberos and, 11-46
NetBIOS and, 1-9
compatws security template, 11-23
Computer Browser service, 4-7 to 4-8
Computer Management console
application startup and, 12-34
Services node, 12-32 to 12-33
computer names
Disable Round Ordering option, 5-50 to 5-51
DNS clients, 4-48
Enable Netmask Ordering option, 5-46, 5-48
Enable Round Robin option, 5-50
overview of, 4-4 to 4-5
computers
APIPA addresses and, 1-22, 1-25 to 1-29
multihomed, 1-34
conditional forwarding, 5-5
conditions, remote access policy, 10-27 to 10-28
Z02I622884.fm Page 5 Friday, March 31, 2006 1:20 PM
Custom Templates
confidentiality, network security, 11-26, 11-42
configuration, client
authentication protocols, 10-12 to 10-15
demand-dial router-to-router, 9-40
DHCP server, 7-13 to 7-14, 7-16 to 7-19
network, 1-22
PPTP on VPN, 10-56 to 10-57
RADIUS, 10-75, 10-77
RADIUS proxy, 10-73 to 10-75
remote access, 10-3 to 10-22
troubleshooting DHCP, 8-27 to 8-36
troubleshooting IP addressing, 13-31
configuration, server, authentication protocols,
10-16 to 10-18
Configure A DNS Server Wizard, 4-27, 4-29 to 4-31
Configure Device dialog box
configuring VPN types, 10-54
port and device properties, 9-34
Configure Option, DHCP servers, 7-12
conflict detection, DHCP servers, 7-32
connection endpoint addressing, 9-38
connection request policies, 10-73 to 10-74, 10-87
connection-specific DNS suffixes
configuring DNS client, 4-48
overview of, 4-5
connectionless services, UDP, 2-5
connections
New Connection wizard, 1-16, 10-60 to 10-61
remote access policies, 10-28
connections, network
adding components to, 1-22 to 1-23
advanced settings, 1-19 to 1-21
APIPA, 1-25 to 1-29
automatically configured, 1-25
bridging, 1-30 to 1-32
configuring, 1-22, 1-23 to 1-32
default components, 1-17
overview of, 1-16
provider order, 1-20 to 1-21
TCP/IP settings, 1-32 to 1-34
viewing, 1-16 to 1-32
connections, TCP/IP, 3-22 to 3-34
ARP tool, 3-28 to 3-29
case scenario, 3-34 to 3-36
faulty configuration, 3-22
further reading, 13-8
lesson review, 3-32 to 3-33
lesson summary, 3-33 to 3-34
monitoring. See Network Monitor
Network Diagnostics, 3-23 to 3-26
overview of, 13-31
PathPing, 3-26 to 3-27
Ping, 3-26 to 3-27
practice exercises, 3-29 to 3-34
Tracert, 3-27, 3-28
connectivity, Internet, 12-22 to 12-31
case scenario, 12-57 to 12-58
further reading, 17-5
identifying issues, 12-22 to 12-25
lesson review, 12-30 to 12-31
lesson summary, 12-31
name resolution issues, 12-22 to 12-25
network settings verification, 12-25 to 12-28
overview of, 12-22
practice exercise, 12-28 to 12-29
tested skills/suggested practices, 17-2
troubleshooting, 17-13
constraints, 10-86, 10-87
Control Access Through Remote Access Policy
setting, 10-24, 10-25
counters, performance
% Processor Time, 12-8
Average Disk Queue Length, 12-8
AXFR (all zone transfer) queries, 6-26
DNS (Domain Name Services), 6-26 to 6-27
IXFR (incremental zone transfer) queries, 6-26
list, 6-26 to 6-27
Total Query Received, 6-27
Total Response Sent, 6-27
Create IP Security Rule Wizard, 11-67 to 11-68
credentials
remote access authentication, 10-7 to 10-8
Set Credentials command, 9-32
crossover cables, 1-25
cryptography. See encryption; public key
cryptography
Custom Templates
applying, 11-34 to 11-35
creating, 11-32 to 11-35
modifying, 11-32 to 11-34
I-5
Z02I622884.fm Page 6 Friday, March 31, 2006 1:20 PM
I-6
data capture
D
data capture, 3-6
Data Encryption Standard (DES)
defined, 10-85
remote access and, 10-30
data integrity, 10-55
data stream, 3-6
data types, 6-7
database restore flag, 8-40
databases, DHCP
backups, 7-31 to 7-33
reconciling, 8-33 to 8-34
troubleshooting, 13-39
DC security template, 11-23
Debug Logging tab, DNS server
configuring log file, 6-11 to 6-12
overview of, 5-11
debugging
DNS log, 6-3, 6-11 to 6-12, 6-16 to 6-18
Nslookup, 6-5
decimal notation
converting manually, 2-10 to 2-13
converting with calculator, 2-13
defined, 2-9
exercise converting, 2-18 to 2-19
lesson review, 2-19 to 2-20
default gateways, 2-13, 2-34
default routes, 9-16 to 9-18, 9-21
default update behavior, 4-56
defltdc security template, 11-24
delegation, zone, 5-57 to 5-66
case scenario, 5-75 to 5-77
creating, 5-61 to 5-64
example of, 5-59 to 5-60
lesson review, 5-64 to 5-66
lesson summary, 5-66
New Delegation Wizard, 5-58, 5-61
overview of, 5-58 to 5-60
records, 5-59
when to use, 5-58
Demand-Dial Interface Wizard, 9-31
demand-dial interfaces, 9-30 to 9-37
defined, 9-6
Dial-Out Hours command, 9-32
extranet/router-to-router VPNs, 10-49 to 10-50
IP routing, 9-35 to 9-37
NAT, 9-49 to 9-51
network interface properties, 9-32 to 9-34
overview of, 9-30 to 9-31
port and device properties, 9-33 to 9-34
Routing and Remote Access, 9-7
Set Credentials command, 9-32
Set IP Demand-Dial Filters command, 9-32
shortcut menu commands, 9-31 to 9-32
Unreachability Reason command, 9-32
demand-dial routing, 9-30 to 9-46
case scenario, 9-75 to 9-77
defined, 9-30
exam highlights, 9-79
IIS installation and, 9-41
interfaces. See demand-dial interfaces
lesson review, 9-45
router-to-router, 9-38 to 9-39
RRAS configuration, 9-41 to 9-43
testing configuration, 9-44
troubleshooting, 9-39 to 9-40
troubleshooting lab, 9-77 to 9-78
Deny Access setting, 10-24 to 10-25
Dependencies tab, Remote Access Connection
Manager, 12-33 to 12-34
DES (Data Encryption Standard)
defined, 10-85
remote access data encryption, 10-31
details pane, Frame Viewer window, 3-9 to 3-11
device configuration
port and device properties, 9-35
virtual private networks (VPNs), 10-49
DFS (Distributed File System), 4-7
DHCP ACK (Acknowledgement) message
DHCP leases and, 8-5
overview of, 8-11 to 8-12
DHCP Administration Tool, 13-42 to 13-43, 13-47 to
13-48
DHCP Client Identifier fields, 8-7 to 8-9
DHCP console
creating DHCP scopes, 7-6 to 7-7
disabling audit logging, 8-21
migrating DHCP servers, 7-32
reconciling DHCP databases, 8-35
server status, 7-22 to 7-23
Z02I622884.fm Page 7 Friday, March 31, 2006 1:20 PM
DHCP server logs
verifying server installation, 7-4
DHCP databases
backups, 7-31 to 7-33
reconciling, 8-33 to 8-34
troubleshooting, 13-39
DHCP Discover message
defined, 8-42
DHCP leases and, 8-3
NACK messages and, 8-13
overview of, 8-7 to 8-8
DHCP Discover packets, 9-65, 9-66
DHCP leases
analyzing DHCP messages, 8-5 to 8-7
exclusion ranges, 7-8 to 7-9
initial processes, 8-3 to 8-4
lesson review, 8-18
overview of, 7-6 to 7-7, 13-16
remote access and, 10-5
renewal, 8-4 to 8-5
reservations, 7-10
Shutdown /i command, 8-29
troubleshooting, 8-29
DHCP management, 7-22 to 7-40, 13-19 to 13-30
audit logging, 8-20 to 8-26, 8-45 to 8-46
case scenario, 7-46 to 7-47, 7-54 to 7-55
command-line, 7-24 to 7-25
connecting clients to remote servers, 7-26
database backups, 7-31 to 7-33
further reading, 13-7
host (A) resource records and, 4-34
lesson review, 7-39 to 7-40
manual compaction, 7-33 to 7-34
migrating, 7-32 to 7-33
options classes, 7-34 to 7-36
overview of, 13-19 to 13-20
servers, 7-22 to 7-24
subnet addresses, 7-30 to 7-31
superscopes, 7-26 to 7-30
tested skills/suggested practices, 13-4
troubleshooting lab, 7-48
DHCP messages
analyzing, 8-5 to 8-7
DHCP ACK, 8-11 to 8-12
DHCP Discover, 8-7 to 8-8
DHCP NACK, 8-12 to 8-14
DHCP Offer, 8-8 to 8-9
DHCP Request, 8-9 to 8-11
header fields, 8-6 to 8-7
lesson review, 8-18
DHCP NACK (Negative Acknowledgement)
message
defined, 8-42
initial lease process and, 8-5
overview of, 8-12 to 8-13
DHCP Offer messages, 8-3 to 8-4
DHCP Option field, 8-8
DHCP options
assigning, 7-11 to 7-12
overview of, 13-15
troubleshooting, 13-35
user classes and, 7-34 to 7-36
DHCP Relay Agent
configuring, 9-65 to 9-66, 13-15 to 13-16
lesson review, 9-67
overview of, 9-63 to 9-65
verifying functioning of, 9-66
DHCP Request messages, 8-9 to 8-10, 8-31
DHCP scopes, 80/20 rule, 7-9 to 7-10
Activate menu command, 7-14
activating, 7-13
configuring, 7-6 to 7-11
deactivating, 7-13
DHCP options, 7-12
exclusion ranges, 7-8 to 7-9
IP address range, 7-7 to 7-8
lesson review, 7-20 to 7-21
New Scope Wizard, 7-6 to 7-7
obtaining address from incorrect, 8-30
overview of, 7-6 to 7-7
reconciling, 8-35
redeployment, 8-29
reservations, 7-10 to 7-11
Scope Options dialog box, 7-12
subnet addresses and, 7-32
troubleshooting DHCP client, 8-29 to 8-30
verifying, 8-31 to 8-33
DHCP Server events, 8-22
DHCP server logs
event codes, 8-23
lesson review, 8-25 to 8-26
I-7
Z02I622884.fm Page 8 Friday, March 31, 2006 1:20 PM
I-8
DHCP server logs
overview of, 8-22 to 8-23
sample excerpts from, 8-24 to 8-25
server authorization events, 8-23 to 8-24
DHCP Server Properties dialog box, 7-23 to 7-24,
7-31, 8-20 to 8-21
DHCP Server role, 7-4, 7-16 to 7-18
DHCP servers, 7-3 to 7-21
audit logs, 13-36
authorization, 7-5
automatic addressing, 1-20, 7-3
benefits of, 7-3
case scenario, 7-46 to 7-47, 7-54 to 7-55
clients and, 7-13 to 7-14
connectivity problems, 12-24 to 12-26
DNS updates, 7-41 to 7-47, 7-53 to 7-54
dynamic IP addressing, 2-8 to 2-9
dynamic updates, 5-28
finding location, address, or name of, 8-31
installing, 7-4
IP addressing problems, 13-27
lesson review, 7-20 to 7-21
Manage Your Server window, 7-4
options, 7-11 to 7-13
Relay Agent configuration, 9-66
remote access, 10-5
scopes, 7-6 to 7-11, 7-13
verifying configuration, 7-14 to 7-15, 8-32 to 8-34
DHCP traffic, 8-3 to 8-19
case scenario, 8-38 to 8-39, 8-46 to 8-47
DHCP ACK, 8-11 to 8-12
DHCP Discover, 8-7 to 8-8
DHCP header fields, 8-6 to 8-7
DHCP messages, 8-5 to 8-7
DHCP NACK, 8-12 to 8-14
DHCP Offer, 8-8 to 8-9
DHCP Request, 8-9 to 8-11
exam highlights, 8-41 to 8-42
initial lease process, 8-3 to 8-4
lease renewal process, 8-4 to 8-5
lesson review, 8-18
DHCP, troubleshooting
audit logging. See audit logging, DHCP
case scenario, 8-38 to 8-39, 8-46 to 8-47
client configuration, 8-27 to 8-31
DHCP database, 8-34 to 8-35
Event Viewer and, 8-35 to 8-37
further reading, 13-5
lab, 8-40, 8-48
lesson review, 1-35 to 1-40, 8-37 to 8-38
overview of, 13-35 to 13-36
server configuration, 8-32 to 8-34
tested skills/suggested practices, 13-4
traffic analysis. See DHCP traffic
Dhcploc.exe utility, 8-29, 8-30, 12-27
dial-back security, 13-30, 13-35
Dial-In Constraints tab, remote access policy, 10-29
dial-in properties, user accounts
configuring, 10-23 to 10-26
remote access authorization, 10-32 to 10-37
remote access permissions, 10-24 to 10-26
Dial-Out Hours, demand-dial interface, 9-32
dial-up networking
applying, 10-3
authentication, 10-13 to 10-17
client-side configuration, 10-13 to 10-17
practice exercises, 10-19 to 10-22
remote access authentication, 10-8
troubleshooting, 10-39 to 10-40
dialog boxes
Add/Remove Snap-In, 11-30
Add Standalone Snap-Ins, 11-30, 11-60
Authentication Methods, 10-16
Authentication tab, Edit Dial-In Profile, 10-17,
10-30
Authentication-Type, 10-28
Bindings, 8-30, 8-31
Capture Trigger, 12-18
Change Zone Replication Scope, 5-24, 5-26, 5-27
Change Zone Type, 5-22 to 5-23
Configure Device, 9-34, 10-54
DHCP Server Properties, 7-23 to 7-24, 7-31, 8-20
to 8-21
DNS Events Properties, 6-9 to 6-10
DNS Suffix And NetBIOS Computer Name, 4-50
Edit Dial-In Profile, 10-17, 10-29
Filter tab, DNS Events Properties, 6-10
Local Area Connection Status, 8-33
Neighbors tab, RIP Properties, 9-63
Z02I622884.fm Page 9 Friday, March 31, 2006 1:20 PM
DNS monitoring
Network Connection Details, 8-33
New Reservation, 7-10 to 7-11
New Routing Protocol, 9-67
Port Status, 9-35
Reconcile All Scopes, 8-34
Reconcile, 8-34
Scope Options, 7-12
Select Attribute, 10-27 to 10-28
Select Network Component Type, 1-22 to 1-23
System Properties, 4-49
Zone Aging/Scavenging Properties, 5-31 to 5-32
Diffie-Hellman Group, 11-67
directory partitions, 6-21 to 6-22
Disable Recursion, Advanced tab of DNS server
properties, 5-8 to 5-9
Disabled option, Services console, 7-24
Distributed File System (DFS), 4-7
DNS (Domain Name System)
caching, 4-22 to 4-23
capturing name resolution traffic, 4-9
case scenario, 4-64
components, 4-14 to 4-15
DHCP client configuration, 7-14 to 7-15
DHCP server updates, 7-42 to 7-47
domain names, 4-12 to 4-13
lesson review, 4-10, 4-24 to 4-25
namespace, 4-12
NetBIOS and, 4-3 to 4-8
private domain namespace, 4-14
queries, 4-16 to 4-22
resolver cache, 4-17 to 4-18, 4-22 to 4-23, 4-58 to
4-59
roots, 4-13
troubleshooting, 4-65 to 4-66
DNS client cache
overview of, 4-22 to 4-23
viewing/clearing, 4-58 to 4-59
DNS clients, 4-48 to 4-63
case scenario, 4-64
client settings, 4-48 to 4-55
computer names, 4-49
connection-specific suffixes, 4-50 to 4-51
default update behavior, 4-56
DHCP troubleshooting and, 13-31
dynamic updates, 4-55 to 4-56
exam highlights, 4-67 to 4-68
lesson review, 4-62 to 4-63
lesson summary, 4-63
name resolution, 4-3 to 4-4, 5-13 to 5-14
NetBIOS names, 4-49
overview of, 4-48
primary suffixes, 4-50
queries, 4-16 to 4-19
recursion, 4-60 to 4-62
servers list, 4-52 to 4-54
suffix searches, 4-54 to 4-55
TCP/IP settings, 4-57 to 4-58
troubleshooting lab, 4-65 to 4-66
viewing/clearing resolver cache, 4-58 to 4-59
DNS console
defined, 4-23
general properties, 6-9 to 6-10
resource records, 4-35 to 4-40
server configuration, 4-29
zones, 4-29 to 4-31
DNS debug log, 6-11 to 6-12
DNS Events log
accessing, 5-11
troubleshooting, 6-9 to 6-10
DNS Events Properties dialog box, 6-9 to 6-10
DNS forwarders,
conditional, 5-7 to 5-8
disabling recursion, 5-8 to 5-9
interfaces, 5-4
overview of, 5-3
recursion and, 5-47
stub zones and, 5-70
when to use, 5-5 to 5-6
DNS management, 14-17
DNS monitoring, 6-20 to 6-29
case scenario, 6-29 to 6-31
further reading, 14-4
lesson review, 6-28
lesson summary, 6-28 to 6-29
overview of, 14-28
Replication Monitor, 6-20 to 6-24
System Monitor, 6-24 to 6-27
tested skills/suggested practices, 14-2 to 14-3
troubleshooting lab, 6-31 to 6-32
I-9
Z02I622884.fm Page 10 Friday, March 31, 2006 1:20 PM
I-10 DNS naming system, NetBIOS compared to
DNS naming system, NetBIOS compared to, 4-3 to
4-7
DNS Namespace, 4-12
DNS performance counters, 6-26 to 6-27
DNS queries, 4-16 to 4-22
example, 4-20 to 4-21
local resolver, 4-17 to 4-18
overview of, 4-16
querying DNS server, 4-18 to 4-19
recursion, 4-19
resolution methods, 4-16
response types, 4-22
root hints, 4-19 to 4-20
DNS Server log, 6-9 to 6-10
DNS server properties, 5-3 to 5-20
Advanced, 5-9
case scenario, 5-75 to 5-77
Debug Logging, 5-11
Event Logging, 5-11
exam highlights, 5-80
Forwarders, 5-4 to 5-9
Interfaces, 5-4
lesson review, 5-18 to 5-19
lesson summary, 5-19 to 5-20
Monitoring, 5-12 to 5-13
practice exercises, 5-13 to 5-18
properties tabs, 5-3 to 5-13
Root Hints, 5-10
Security, 5-13
troubleshooting, 5-78
DNS server properties, advanced
BIND Secondaries, 5-47 to 5-48
case scenario, 5-75 to 5-77
default settings, 5-46
Disable Recursion, 5-46 to 5-47
Enable Automatic Scavenging Of Stale Records,
5-53
Enable Netmask Ordering, 5-48 to 5-50
Enable Round Robin, 5-50
Fail On Load If Bad Zone data, 5-48
lesson review, 5-53 to 5-55
lesson summary, 5-56
Load Zone Data On Startup, 5-52 to 5-53
Name Checking, 5-51 to 5-52
overview of, 5-45
performing scavenging, 5-33
recursion and, 5-7 to 5-8
Secure Cache Against Pollution, 5-51
DNS servers, properties tabs, 4-26 to 4-47
cache, viewing and clearing, 4-40 to 4-41
caching-only, 4-34 to 4-35
case scenario, 4-64
configuring, 4-29 to 4-31
DNS client, 4-48 to 4-52
installing, 4-26 to 4-29
lesson review, 4-46
lesson summary, 4-47
practice exercises, 4-42 to 4-46
querying, 4-16 to 4-22
recursion, 4-16, 4-19, 4-60 to 4-62
resource records, 4-15, 4-35 to 4-40
tested skills/suggested practices, 14-2
troubleshooting, 4-65 to 4-66
zones, 4-31 to 34
DNS servers, troubleshooting, 4-65 to 4-66, 5-78, 6-3
to 6-19
DNS Suffix And NetBIOS Computer Name dialog
box, 4-50
DNS suffixes
connection-specific, 4-50 to 4-52
search lists, 4-54 to 4-55
DNS troubleshooting, 6-3 to 6-19
case scenario, 6-29 to 6-31
DNS Debug log, 6-11 to 6-12
DNS Events log, 6-9 to 6-10
DNS infrastructure, 5-78
Internet connectivity, 12-22 to 12-24
lesson review, 6-18 to 6-19
Nslookup, 6-3 to 6-8
DNS updates, 7-42 to 7-47
DnsUpdateProxy security group, 7-43 to 7-44
lesson review, 7-45
DNS zones. See zone transfers
Dnscmd utility, 5-26, 5-40
Dns.log file, 6-11, 6-17 to 6-18
DnsUpdateProxy security group, 13-39
DHCP server and, 7-43 to 7-44
secure dynamic updates and, 5-30 to 5-31
Z02I622884.fm Page 11 Friday, March 31, 2006 1:20 PM
encryption I-11
Domain Controller Security Policy setting, 12-36
domain controllers
adding to Replication Monitor console, 6-22
DHCP server installation and, 7-5
Domain Name System. See DNS (Domain Name
System)
domain names
fully qualified, 4-4
Name Checking option, 5-51 to 5-52
overview of, 4-12 to 4-13
DomainDnsZones, 5-25 to 5-26, 6-22
domains
geographical, 4-13
Internet, 4-13 to 4-14
logging onto with VPN connection, 10-62 to 10-63
names, 4-12 to 4-13
organizational, 4-13
private, 4-14
reverse, 4-13
dotted-decimal notation
analyzing, 2-16 to 2-17
converting, 2-10 to 2-13, 2-19
defined, 2-9
lesson review, 2-30 to 2-31
drivers, Network Monitor, 3-5
Dynamic Bandwidth Control Using BAP Or BACP,
9-12
dynamic IP internetwork, 9-60
dynamic routing, vs. static routing, 9-18 to 9-19
dynamic updates
DNS clients, 4-55 to 4-56
Kerberos and, 5-30
nonsecure dynamic updates, 5-79
performance counters and, 6-26
secure, 5-30 to 5-31
triggers, 5-30
zone configuration, 5-27 to 5-28
E
EAP (Extensible Authentication Protocol)
Protected EAP (PEAP), 10-72
EAP-MD5 CHAP (Extensible Authentication
Protocol-Message Digest 5 Challenge
Handshake Authentication Protocol), 10-10 to
10-13
EAP-RADIUS, 16-8
EAP-TLS (Extensible Authentication ProtocolTransport Level Security)
defined, 10-9
encryption, 10-30
features/exam tips, 10-11 to 10-12
operating system support, 10-14 to 10-15
PPTP used with, 10-55 to 10-57
smart card authentication, 10-15
Edit Dial-In Profile dialog box, 10-17, 10-29
EKU (enhanced key usage) extensions, 10-58
Enable Automatic Scavenging Of Stale Records,
DNS, 5-33, 5-53
Enable Broadcast Name Resolution, RRAS, 9-10
Enable Fragmentation Checking check box, RRAS,
9-36
Enable IP Router Manager check box, RRAS, 9-37
Enable Netmask Ordering, DNS, 5-46, 5-48
Enable Round Robin, DNS, 5-48, 5-50
Enable Router Discovery Advertisements check box,
9-37
encapsulation, 16-36
encryption
3DES, 10-31, 10-85
authentication protocols and, 10-9 to 10-10, 10-11,
10-13
Basic Encryption setting, 10-31
CHAP, 10-10
DES, 10-30, 10-85
EAP-MD5 CHAP, 10-10
EAP-TLS, 10-9, 10-72
MPPE, 10-31
MPPE 56-Bit, 10-31
MPPE 128-Bit, 10-31
MS-CHAP v1, 10-10
MS-CHAP v2, 10-10
No Encryption setting, 10-31
PAP, 10-10
PPP, 10-14
PPTP connections, 10-55 to 10-56
SPAP, 10-10
remote access policy profiles, 10-14 to 10-15,
10-30
types, 10-31
VPN, 10-47
Z02I622884.fm Page 12 Friday, March 31, 2006 1:20 PM
I-12 Encryption tab, remote access policies
Encryption tab, remote access policies, 10-14 to
10-15, 10-30
endpoint addressing, 9-38
Enforce Logon Restrictions setting, 16-16
enhanced key usage (EKU) extensions, 10-58
Enterprise Admins group, DHCP, 7-5, 7-52
event ID codes, DHCP server logs, 8-22 to 8-23
Event log, DNS
accessing, 5-11
troubleshooting, 6-9 to 6-10
Event Logging tab, DNS server properties, 5-11
event logs
DNS, 5-11, 6-9 to 6-10
IKE, 11-80
Kerberos at computer boot, 11-50 to 11-51
Kerberos at user logon, 11-48, 11-51 to 11-53
Kerberos monitoring, 11-58, 11-82
troubleshooting IPSec policies, 11-87
troubleshooting with, 11-79 to 11-80
Event Viewer
address conflict warning, 8-28 to 8-29
DNS event logging, 5-11
troubleshooting DHCP, 8-34 to 8-35
exclusion ranges, DHCP leases, 7-8 to 7-9
Expires After text box, SOA tab, 5-34
Extensible Authentication Protocol. See EAP
Extensible Authentication Protocol-Message Digest 5
Challenge Handshake Authentication
Protocol. See EAP-MD5 CHAP
Extensible Authentication Protocol-RADIUS, 16-8
Extensible Authentication Protocol-Transport Level
Security. See EAP-TLS
extranets, 16-2
F
Fail On Load If Bad Zone data, DNS, 5-48
failover protection, DHCP, 13-20
fast transfer format, 5-47
fault tolerance, 9-26, 9-66
File and Printer Sharing For Microsoft Networks,
1-18
file names, zones, 5-27
File or Folder Access, auditing, 11-7
file system, security templates, 11-9
filter actions
blocking, 11-71
overview of, 11-41
security associations, 11-42
filter lists
blocking, 11-64
creating, 11-62, 11-67
Filter tab, DNS Events Properties dialog box, 6-10
filtered synchronization, 12-48
filters
IP Filter Wizard, 11-68
IPSec policies, 11-41 to 11-42
peer filtering, RIP, 9-61 to 9-62, 16-35
Set IP Demand-Dial Filters command, 9-32
Task Manager, 12-5
See also packet filters
firewalls
Basic Firewall, 9-48, 9-50, 16-6
ICMP, 2-4
VPNs and, 16-50
Flags tab, Kerbtray, 11-55, 11-57
ForestDnsZones, 5-25 to 5-26
forwarders, DNS
conditional, 5-7 to 5-8
disabling recursion, 5-8 to 5-9
interfaces, 5-4
overview of, 5-3
recursion and, 5-47
stub zones and, 5-70
when to use, 5-5 to 5-6
Forwarders tab, DNS server properties, 5-4 to 5-9
FQDNs (fully qualified domain names)
defined, 4-68
Disable Recursion server option and, 5-46 to 5-47
multihomed host, 4-51 to 4-52
overview of, 4-16 to 4-17
partitions and, 5-25 to 5-26
fragmentation checking, RRAS, 9-37
Frame Viewer window, Network Monitor
details pane, 3-10
hexadecimal pane, 3-10
overview of, 3-9
summary pane, 3-9
frames
data capture, 3-8
defined, 3-3
IPX (NWLink) protocol, 1-17
full computer name, 4-5, 4-48
fully qualified domain names. See FQDNs
Z02I622884.fm Page 13 Friday, March 31, 2006 1:20 PM
infrastructure I-13
G
I
Gateway column, IP routing tables, 9-17 to 9-18
gateways
comparing gateway addresses, 9-17
defaults, 2-13
IP addresses and, 2-33
IP routing tables and, 9-18
Generic Routing Encapsulation (GRE) header, 10-56
geographical domains, 4-13
Getmac utility, 8-33
Giaddr field, 8-30, 8-40
Globally Unique Identifier (GUID), 3-8, 3-37
glue chasing, 5-60
glue records, 5-60
Gpedit.msc, 12-37
Gpupdate command-line utility, 15-15, 15-16
Grant Remote Access Permission, 10-29
graphs, System Monitor, 6-25, 6-26
GRE (Generic Routing Encapsulation) header,
10-56
GUID (Globally Unique Identifier), 3-8, 3-37
IANA (Internet Assigned Numbers Authority), 2-12
IAS (Internet Authentication Service), 10-67 to 10-82
deploying as RADIUS server, 10-75 to 10-78
lesson review, 10-81
lesson summary, 10-81 to 10-82
overview of, 10-67
practice exercises, 10-78 to 10-81
RADIUS proxy scenarios, 10-73 to 10-75
RADIUS server scenarios, 10-67 to 10-70
troubleshooting lab, 10-83
ICANN (Internet Corporation for Assigned Names
and Numbers), 4-13 to 4-14
ICMP (Internet Control Message Protocol)
defined, 2-57
firewalls and, 2-4
overview of, 2-4
ICS (Internet Connection Sharing)
dynamic DNS updates, 4-56
migrating clients for DHCP server, 7-14 to 7-16
NAT and, 9-48
private IP addresses and, 2-12
ID strings, 7-36
IDs, network,
CIDR and, 2-9
host IDs and, 2-8 to 2-9
IP addresses and, 2-7, 2-9
subnet mask notations compared, 2-11
subnet masks and, 2-9 to 2-10
iesacls security template, 11-23
IIS (Internet Information Services), 9-41
securing intranet traffic with, 11-46 to 11-47
IKE (Internet Key Exchange)
auditing, 11-80
IPSec connections, 11-42, 11-69
main mode, 11-42
quick mode, 11-42
security algorithms, 11-67
importing security templates, 11-27, 11-35
incremental zone transfer (IXFR) queries
overview of, 5-38 to 5-39
performance counters, 6-26
infrastructure
logical, 1-6 to 1-7
physical, 1-5 to 1-6
H
header fields, DHCP, 8-6 to 8-7
Help And Support Center, 3-23
hexadecimal pane, Frame Viewer window,
3-10
hisecdc security template, 11-23
hisecws security template, 11-23
hops, routing, 9-18, 9-60
host (A) resource records
default client update behavior, 4-59
dynamic updates, 5-30 to 5-31
multihomed computers, 5-48
netmask ordering, 5-48
overview of, 4-37
zone delegations, 5-59, 5-60
host capacity, network, 2-19 to 2-21
host IDs
IP addresses and, 2-7 to 2-9
per subnet, 2-20
subnetting and, 2-34, 2-36
host names, 4-4, 14-1
host route, 9-15
Z02I622884.fm Page 14 Friday, March 31, 2006 1:20 PM
I-14 infrastructure
security, 1-11 to 1-13
update, 1-13 to 1-14
See also network infrastructure
input filters, packet filtering
advanced, 9-73 to 9-74
basic, 9-73
creating, 9-71 to 9-72
defined, 9-70
overview of, 9-70
Integrated Services Digital Network. See ISDN
demand-dial links
integrity, network security, 11-26, 11-40
interactive mode, Nslookup
command-line options, 6-5 to 6-6
data types, 6-7
overview of, 6-3 to 6-5
practice exercise, 6-13 to 6-16
querying other name servers, 6-8
interfaces, demand-dial, 9-30 to 9-37
defined, 9-6
Dial-Out Hours command, 9-32
extranet/router-to-router VPNs, 10-49 to 10-50
IP routing, 9-35 to 9-37
NAT, 9-49 to 9-51
network interface properties, 9-32 to 9-34
overview of, 9-30 to 9-31
port and device properties, 9-33 to 9-34
Routing and Remote Access, 9-7
Set Credentials command, 9-32
Set IP Demand-Dial Filters command, 9-32
shortcut menu commands, 9-31 to 9-32
Unreachability Reason command, 9-32
interfaces, DNS server, 5-4
interfaces, network, 9-6
interfaces, router
adding in RRAS console, 9-6 to 9-7
enabling DHCP Relay Agent on, 9-65 to 9-68
overview of, 9-6
Route command, 9-22
interfaces, RRAS
adding, 9-6 to 9-7
configuring, 9-30 to 9-37
defined, 9-6
enabling routing protocols, 9-5
New Interface command, 9-60
shortcut menus, 9-31 to 9-32
intermittent problems, 12-3
Internet Assigned Numbers Authority (IANA), 2-12
Internet Authentication Service. See IAS (Internet
Authentication Services)
Internet Connection Sharing. See ICS (Internet
Connection Sharing)
Internet connectivity, 12-22 to 12-31
case scenario, 12-57 to 12-58
further reading, 17-5
identifying issues, 12-22 to 12-25
lesson review, 12-30 to 12-31
lesson summary, 12-31
name resolution issues, 12-22 to 12-25
network settings verification, 12-25 to 12-28
overview of, 12-22
practice exercise, 12-28 to 12-29
tested skills/suggested practices, 17-2
troubleshooting, 17-13
Internet Control Message Protocol (ICMP)
defined, 2-57
firewalls and, 2-4
overview of, 2-4
Internet Corporation for Assigned Names and
Numbers (ICANN), 4-13 to 4-14
Internet domain namespace, 4-13 to 4-14
Internet Information Services (IIS), 9-41
securing intranet traffic with, 11-46 to 11-47
Internet Key Exchange (IKE). See IKE (Internet Key
Exchange)
Internet layer, TCP/IP
Network Monitor and, 3-12
overview of, 2-3 to 2-4
Internet Protocol (TCP/IP) Properties. See TCP/IP
properties
Internet Protocol Security (IPSec). See IPSec
(Internet Protocol Security)
Internet Service Providers (ISPs), 10-26
Intranets, 4-6
IP addresses
APIPA and, 1-25 to 1-27
blocks, 2-7 to 2-31
decimal/binary notation, 2-7, 2-9 to 2-10, 2-16,
2-18
DHCP advantages, 7-3
Z02I622884.fm Page 15 Friday, March 31, 2006 1:20 PM
IPSec, Quick Mode I-15
further reading, 13-8
gateways, 2-13
lesson review, 2-5, 2-30
overview of, 13-1
private, 2-12
public, 2-12
remote access, 9-10, 10-4, 10-6 to 10-7
resolving to host names, 6-3 to 6-4
scope configuration for, 7-7 to 7-8
structure, 2-7 to 2-11
subnets, 2-15 to 2-16
tested skills/suggested practices, 13-4 to 13-5
IP addresses, configuring, 2-32 to 2-53
automatically, 2-42
case scenario, 2-53 to 2-55
lesson review, 2-30 to 2-31
practice exercises, 2-59 to 2-60
IP addresses, troubleshooting, 13-31 to 13-38
answers, 13-35 to 13-38
further reading, 13-8
overview of, 13-31
tested skills/suggested practices, 13-5 to 13-6
IP Filter Wizard, 11-68
IP (Internet Protocol), RRAS and, 9-9 to 9-10
IP Router Manager, 9-37
IP routing
general properties, 9-13 to 9-14
interface, 9-36 to 9-37
overview, 9-3
RRAS and, 9-13 to 9-14
IP Routing node, RRAS console, 9-6 to 9-7
general properties, 9-35
packet filters, 9-72
routing tables and, 9-16
using, 9-7
IP Routing Tables
default route, 9-16
host route, 9-15
network route, 9-15
reading, 9-16 to 9-18
static and dynamic routing, 9-18 to 9-19
viewing, 9-16
IP Security Monitor (Ipsecmon)
IPSec connections and, 11-42
monitoring IPSec with, 11-44, 11-73
Network Monitor and, 15-25
overview of, 15-25
practice exercises, 11-59 to 11-76
statistics, 11-43 to 11-44
troubleshooting IPSec policies, 11-80 to 11-81
Ipconfig, 1-21, 3-22
Ipconfig /all
APIPA and, 1-25, 1-26
ARP and, 3-29
case scenario, 1-36
example, 3-22
DHCP server configuration, 7-14 to 7-15, 7-19 to
7-20
DHCP troubleshooting, 8-29, 8-30
overview of, 3-19 to 3-20
Ping and PathPing, 3-26
Ipconfig /displaydns, 4-58
Ipconfig /flushdns
flushing DNS client cache, 4-58, 4-59
practice exercise, 4-9
Ipconfig /registerdns
default client update behavior, 4-56
host (A) resource records and, 4-37
Ipconfig /release, 7-32, 8-14
Ipconfig /renew
APIPA client migration, 7-14, 7-15
APIPA troubleshooting, 1-27
DHCP addresses, 8-29
DHCP leases, 8-4
subnet address changes, 7-32
Ipconfig /setclassid, 7-35 to 7-37
IPSec (Internet Protocol Security), 11-40 to
11-78
default policies, 11-43
establishing connections, 11-42
overview of, 11-41 to 11-42
security associations, 11-42
Security Monitor and, 11-43 to 11-44
See also L2TP/IPSec (Layer2 Tunneling Protocol/IP
Security)
IPSec policies, default, 11-43
IPSec, Quick Mode
defined, 11-95
overview of, 11-42, 15-25
viewing IP statistics, 11-73
Z02I622884.fm Page 16 Friday, March 31, 2006 1:20 PM
I-16 Ipsecmon
Ipsecmon. See IP Security Monitor (Ipsecmon)
IPX (NWLink) protocol, 1-17
IPX/SPX protocol, 1-9 to 1-10
ISDN (Integrated Services Digital Network) demanddial links
overview of, 10-4
Q & A, 16-48, 16-50
ISPs (Internet Service Providers), 10-26
iteration (iterative queries), 4-16, 4-19, 5-47
secure, 5-7
IXFR (incremental zone transfer) queries
overview of, 5-38 to 5-39
performance counters, 6-25 to 6-27
J
Jetpack utility, 13-20
K
KDC (Kerberos Key Distribution Center), 11-50 to
11-51, 11-53
Kerberos
authorization and, 11-53 to 11-54, 15-1
boot up and, 11-48 to 11-50
dynamic updates and, 5-30
further reading, 15-5, 15-6
Kerbtray, 11-54 to 11-57
Klist, 11-57 to 11-58
monitoring network security, 15-25
Netdiag and, 11-58 to 11-59
NTLM and, 11-47, 11-50, 11-81 to 11-82
overview of, 11-47 to 11-48
practice exercises, 11-75 to 11-76
security paradigms, 11-6
tracking logon, 11-48
user logon and, 11-51 to 11-53
Kerberos Key Distribution Center (KDC), 11-50 to
11-51, 11-53
Kerbtray.exe, 11-47 to 11-50
Kerberos at user logon, 11-51 to 11-53
Kerberos authentication role, 11-47
overview of, 11-47 to 11-48
practice exercise, 11-75 to 11-76
tracking logon, 11-48
key exchange
security methods, 11-42, 11-66
settings, 11-65 to 11-66
See also IKE (Internet Key Exchange)
keys
master key, 11-65, 11-67
preshared keys, 10-59, 10-64
Klist.exe
Kerberos’ role in authentication, 11-54
overview of, 11-57 to 11-58
practice exercise, 11-76
tracking logon, 11-48
L
L2TP/IPSec (Layer2 Tunneling Protocol/IP Security)
applying, 10-57 to 10-58
computer certificates, 10-58 to 10-59
disabling connections, 10-59
encryption and, 10-31
lesson review, 9-66
lesson summary, 9-66
packet filtering, 9-74
PPTP vs., 10-56, 10-57
practice exercises, 10-63 to 10-66
preshared keys and, 10-59
VPN connections, 10-54 to 10-55
LAN routing, 9-3 to 9-29
case scenario, 9-75 to 9-77
lesson review, 9-28
lesson summary, 9-29
overview, 9-3 to 9-4
practice exercise, 9-27
routing tables, 9-15 to 9-19
RRAS. See RRAS
scenarios, 9-19 to 9-20
static routes, 9-20 to 9-26
“layer 2” devices, 9-3
“layer 3” devices, 9-3
Layer2 Tunneling Protocol/IP Security. See L2TP/
IPSec
layers, TCP/IP, 1-12, 2-3 to 2-5
application layer, 2-5
internet layer, 2-3 to 2-4
network interface layer, 2-3
transport layer, 2-4 to 2-5
LCP (Link Control Protocol) Extensions
defined, 9-12
enabling, 10-25
LDAP (Lightweight Directory Access Protocol)
Z02I622884.fm Page 17 Friday, March 31, 2006 1:20 PM
Microsoft Web site information I-17
Kerberos at computer boot and, 11-48 to 11-49
SRV resource records and, 4-39
leases. See DHCP leases
least privilege principle, 11-12 to 11-14
legacy programs, running, 15-19
Lightweight Directory Access Protocol. See LDAP
limited broadcast addresses, 9-17, 9-18
Link Control Protocol. See LCP (Link Control
Protocol) Extensions
link state database, 9-63
loading, DNS zones
Fail On Load If Bad Zone data, 5-46, 5-48
Load Zone Data On Startup, 5-46, 5-52 to 5-53
Local Area Connection Status dialog box, 8-33
local policies, security templates, 11-32
Local Security Policy, 11-8, 15-7
Local System account, 12-34
LocalNetPriority setting, 5-48
logging
auditing. See audit logging, DHCP
DNS servers, 5-11, 6-11 to 6-12
event logs, 12-12, 12-35 to 12-36
RRAS (Routing and Remote Access), 9-7 to 9-8,
9-13
logical infrastructure, 1-6 to 1-7
logon
alerts, 12-9
auditing, 11-6 to 11-7, 11-80
rights, 12-35 to 12-36
to Windows, 10-7
tracking with Kerberos, 11-6, 11-48 to 11-49, 11-51
to 11-52
troubleshooting with Network Monitor, 11-79 to
11-80
unauthorized access, 11-6
VPN connections and, 10-62 to 10-63
Logon Events, auditing, 11-6
logs, performance
actions, 12-12 to 12-14
alerts, 12-10 to 12-11
general properties, 12-11 to 12-12
lesson review, 12-20
schedules, 12-14
loopback addresses, 9-17
Ls command, Nslookup, 6-8, 6-9
Lserver command, Nslookup, 6-8
M
MAC (Media Access Control) addresses
overview of, 13-19
verifying for reservations, 8-33
mail exchanger (MX) resource records, 4-15, 4-35,
4-38
Main Mode node, IPSec
defined, 11-95
IKE and, 11-42
practice exercises, 11-72, 11-73
management
DHCP. See DHCP management
DNS. See DNS management
IP Router Manager, 9-37
IP routing, 16-29 to 16-35
IP security policies, 11-59 to 11-64
Netsh and, 10-78, 11-59, 11-69 to 11-72
remote access, 16-20 to 16-28
remote access clients, 10-40 to 10-41
master key, 11-65, 11-67
masters, defined, 4-32
Maximum Ports setting, 10-54, 10-59
Media Access Control. See MAC addresses
Metric column, IP routing tables, 9-18
Microsoft
Calculator. See Calculator
Point-to-Point Encryption. See MPPE
SMS (Systems Management Server), 12-17
Terminal Services, 1-13, 1-20
Web site information. See Web site information,
Microsoft
Windows Explorer, 4-7, 4-8
Microsoft Encyclopedia of Networking, Second
Edition
IP addressing, 13-7
name resolution, 14-4
Microsoft Network Monitor online help, 17-4
Microsoft Web site information
IP addressing, 13-7
IPSec features for 2003, 11-41
Kerberos, 11-48
network infrastructure, 17-4
Registry settings, adding to security templates,
11-9
RRAS, 16-5 to 16-6
security templates, 11-5 to 11-6
Z02I622884.fm Page 18 Friday, March 31, 2006 1:20 PM
I-18 Microsoft Windows 2000
Microsoft Windows 2000
DHCP leases, 8-3
DNS and, 4-6
replication, 5-26 to 5-27
zone transfers, 5-37
Microsoft Windows Components Wizard
DHCP server installation, 7-4
DNS server installation, 4-26
Microsoft Windows NT 4 domains, 15-9, 15-11 to
15-14
Microsoft Windows Server 2003
Resource Kit, 17-5
security white paper, 11-23
Web Edition, 1-5
Microsoft Windows Server 2003, Online Help
network infrastructure, 17-4
network security, 15-5
Routing and Remote Access, 16-5 to 16-6
Microsoft Windows Update
accessing Catalog, 15-18
overview of, 15-18
Microsoft Windows XP, 15-2, 15-18 to 15-19
modems, 9-12, 9-16, 9-32, 9-34
monitoring, DNS server properties, 5-12 to
5-13
monitoring, network traffic
case scenario, 12-57 to 12-58
counters, 12-6
DNS. See DNS monitoring
further reading, 17-4 to 17-5
lesson review, 12-20 to 12-21
lesson summary, 12-21
Netstat, 12-14 to 12-16
Network Monitor. See Network Monitor
Networking tab of Task Manager, 12-3 to 12-6
overview of, 17-6 to 17-7
Performance Console, 12-6 to 12-14
practice exercises, 12-18 to 12-20
tested skills/suggested practices, 17-2 to 17-4
MPPE (Microsoft Point-to-Point Encryption)
defined, 10-85
encryption settings, 10-30 to 10-31
PPP connections, 10-14
PPTP connections, 10-55
MS-CHAP v1 authentication protocol
defined, 10-10
encryption, 10-13 to 10-14
features/exam tips, 10-11 to 10-12
operating system support, 10-12
MS-CHAP v2 authentication protocol
defined, 10-10
encryption, 10-13 to 10-14
features/exam tips, 10-11 to 10-12
operating system support, 10-12
Msconfig.exe (System Configuration utility), 17-24
multihomed computers, 1-34
Multibyte (UTF-8), 5-51 to 5-52
Multilink connections
defined, 9-12
overview of, 9-11
remote access policies, 10-30
multinets
defined, 7-51
overview of, 7-28
superscope supporting, 7-28 to 7-32
multipath IP internetwork, 9-60
mutual authentication, 16-36
MX (mail exchanger) resource records, 4-15, 4-35,
4-38
My Network Places, 4-3, 4-7
N
NACK (negative acknowledgement) messages
DHCP leases, 8-5
overview of, 8-12 to 8-14
superscopes, 7-31
Name Checking, DNS server properties, 5-51 to
5-52
name resolution
computer names and, 4-4 to 4-5
disabling NetBIOS, 4-7 to 4-8
DNS vs. NetBIOS, 4-3 to 4-7
further reading, 14-3 to 14-4
Internet connection, 12-22 to 12-25
lesson review, 4-10
lesson summary, 4-10 to 4-11
name suffixes and, 4-4 to 4-5
overview of, 1-11
practice exercises, 4-9
procedures, 4-6
tested skills/suggested practices, 14-2 to 14-3
traffic, capturing with Nbstat, 4-9
Z02I622884.fm Page 19 Friday, March 31, 2006 1:20 PM
network connections I-19
troubleshooting Internet connectivity, 12-22 to
12-25
troubleshooting lab, 4-65 to 4-66
See also DNS (Domain Name System)
name resolution, NetBIOS
capturing traffic, 4-9
defined, 1-11
disabling, 4-7 to 4-8
DNS vs. NetBIOS, 4-3 to 4-8
lesson review, 4-10
lesson summary, 4-10 to 4-11
Name Server resource records. See NS (Name
Server) resource records
name suffixes, 4-4 to 4-5
names, computer
Disable Round Ordering option, 5-50 to
5-51
DNS clients, 4-48
Enable Netmask Ordering option, 5-46, 5-48
Enable Round Robin option, 5-50
overview of, 4-4 to 4-5
namespace
DNS, 4-12
Internet domains, 4-13 to 4-14
private domains, 4-14
NAT (Network Address Translation)
advantages, 13-6
case scenario, 9-75 to 9-77
configuring, 9-47 to 9-58
DHCP Relay Agent and, 9-67
ICS compared with, 9-48
incoming calls and, 9-49 to 9-50
lesson review, 9-57 to 9-58
lesson summary, 9-58
overview of, 1-11, 9-47 to 9-48
packet filters and, 9-71
practice exercises, 9-51 to 9-57
troubleshooting, 9-50 to 9-51
troubleshooting lab, 9-77 to 9-78
NBT Connection performance object, 12-8
negative acknowledgement messages. See NACK
messages
Neighbors tab, RIP Properties dialog box, 9-63
NetBIOS
defined, 4-68
disabling, 4-7 to 4-8
DNS name resolution compared with, 4-3 to 4-7
NetBT (NetBIOS over TCP/IP), 1-9, 1-37
Netcap, 11-44 to 11-46
syntax, 11-45
Netdiag utility
defined, 3-25
displaying IPSec information, 11-41
overview of, 3-25
practice exercise, 3-29
reloading SRV records, 4-39 to 4-40
tests, 3-26
verifying Kerberos with, 11-58 to 11-59
Netlogon.dns, 4-39, 4-40
Netmask column, IP routing tables, 9-17
netmask ordering, DNS, 5-9, 5-48 to 5-50
Netsh utility
dynamic mode, 11-72
managing IPSec, 11-69 to 11-72
monitoring IPSec, 11-72 to 11-73
overview of, 7-25 to 7-27
practice exercises, 11-59 to 11-64
Show All command, 11-81
Show Gpoassignedpolicy command, 11-80
Show Mmsas All command, 11-72
Show Qmsas All command, 11-72
Netstat utility
lesson review, 12-20 to 12-21
monitoring network traffic, 12-14 to 12-16
NetWare Network, 1-10, 1-17, 1-20
Network Address Translation. See NAT (Network
Address Translation)
network bridging, 12-57
network clients, 1-18 to 1-19
Network Connection Details dialog box, 8-33
network connections
adding components to, 1-22 to 1-23
advanced settings, 1-19 to 1-21
APIPA, 1-25 to 1-29
automatically configured, 1-25
bridging, 1-30 to 1-32
configuring, 1-22, 1-23 to 1-32
default components, 1-17
overview of, 1-16
provider order, 1-20 to 1-21
TCP/IP settings, 1-32 to 1-34
viewing, 1-16 to 1-32
Z02I622884.fm Page 20 Friday, March 31, 2006 1:20 PM
I-20 network counters
network counters
adding, 12-8 to 12-9
Performance console, 12-9 to 12-10
Task Manager, 12-8 to 12-9
Network Destination column, IP routing tables
comparing gateway address with, 9-17
overview of, 9-17
Network Diagnostics
defined, 3-23
Netdiag utility, 3-25
Netdiag tests, 3-25 to 3-26
overview of, 3-23 to 3-24
practice exercise, 3-29 to 3-30
network IDs
CIDR and, 2-9
host IDs and, 2-8 to 2-9
IP addresses and, 2-7, 2-9
subnet mask notations compared, 2-11
subnet masks and, 2-9 to 2-10
network infrastructure, 1-5 to 1-14
Active Directory, 1-11
addressing, 1-10
case scenario, 1-35 to 1-36
certificates, 1-12
defining, 1-8 to 1-14
group policy, 1-12 to 1-13
lesson review, 1-14 to 1-15
lesson summary, 1-14 to 1-15
logical, 1-6 to 1-7
name resolution, 1-10 to 1-11
network clients, 1-18
network computer groups, 1-12 to 1-13
network connections, 1-16 to 1-23
network protocols, 1-17
network services, 1-18 to 1-19
physical, 1-5 to 1-6
public key and certificates, 1-12
remote access, 1-11
repair actions, 12-26
routing and Network Address Translation, 1-11
security, 1-11 to 1-13
update, 1-13 to 1-14
network infrastructure, maintaining
case scenario, 12-57 to 12-58
configuring update infrastructure, 12-32 to 12-57
further reading, 17-4 to 17-5
monitoring network performance, 12-3 to 12-21
overview of, 17-1 to 17-2
tested skills/suggested practices, 17-2 to 17-4
troubleshooting Internet connectivity, 12-22 to
12-31
troubleshooting server services, 12-32 to 12-41
network interface layer, TCP/IP
bridges, 9-3
Network Monitor and, 3-3
overview of, 2-3 to 2-4
network interfaces, RRAS
adding, 9-6 to 9-7
configuring, 9-30 to 9-37
defined, 9-6
enabling routing protocols, 9-5
New Interface command, 9-60
shortcut menus, 9-31 to 9-32
Network Monitor, 3-3 to 3-21
administrative tool, 3-4 to 3-5
advanced features, 3-15 to 3-16
analyzing captured data, 3-8 to 3-10
analyzing DHCP messages, 8-5 to 8-6
capture window, 3-7
case scenario, 3-34 to 3-36
components, 3-4 to 3-5
data capture, 3-8, 3-16
DHCP Discover, 8-7 to 8-8
DHCP header fields, 8-6 to 8-7
DHCP messages, 8-5 to 8-7
DHCP NACK, 8-12 to 8-14
DHCP Offer, 8-8 to 8-9
DHCP Request, 8-9 to 8-11
driver installation, 3-5
filters, 3-12 to 3-13
frames, 3-10 to 3-11, 3-16
installing, 3-4 to 3-5
interface, 3-6 to 3-7
lease renewal, 8-4 to 8-5
lesson review, 3-20
lesson summary, 3-20 to 3-21
“lite” and “full”, 12-17 to 12-18
Netcap and, 11-44 to 11-46
Z02I622884.fm Page 21 Friday, March 31, 2006 1:20 PM
notation, dotted-decimal I-21
Online Help, 17-3
OSI (Open Systems Interconnection) model, 3-11
to 3-12
Overview of, 3-3
parsers, adding, 3-15
practice exercises, 3-16 to 3-19
Select A Network window, 3-6 to 3-7
troubleshooting IPSec policies, 11-80 to 11-81
troubleshooting logon, 11-81 to 11-82
usage scenarios, 3-14 to 3-15
versions of, 3-4
network performance. See monitoring, network
traffic
network prefix subnet masks
converting between dotted-decimal and, 2-17 to
2-19
overview of, 2-17
network protocols
IPSec. See IPSec (Internet Protocol Security)
Kerberos. See Kerberos
lesson review, 1-14
lesson summary, 1-15
monitoring with Network Monitor, 3-11 to 3-12
overview of, 1-8 to 1-10
security, 11-3 to 11-4
traffic capture, 11-41 to 11-42
viewing connection components, 1-17 to 1-20
network providers, Provider Order tab, 1-20 to 1-22
network route, 9-15
network security. See security
network services, 1-8, 1-18
Network Shell utility (Netsh.exe). See Netsh utility
Network Solutions, 4-14
networking components
addressing, 1-10
case scenario, 1-35 to 1-36
connections, 1-16 to 1-32
lesson review, 1-14
lesson summary, 1-15
logical infrastructure, 1-6 to 1-7
name resolution, 1-10 to 1-11
network protocols, 1-8 to 1-10
physical infrastructure, 1-5 to 1-6
remote access, 1-11
routing, 1-11
security infrastructure, 1-11 to 1-13
update infrastructure, 1-13 to 1-14
networking, dial-up
applying, 10-3
authentication, 10-13 to 10-17
client-side configuration, 10-13 to 10-17
practice exercises, 10-19 to 10-22
remote access authentication, 10-8
troubleshooting, 10-39 to 10-40
networking performance objects
NBT Connection, 12-8
Network Interface, 12-8
RAS Port, 12-8
RAS Total, 12-9
Server, 12-9
TCPv4, 12-8
TCPv6, 12-8
Networking Services component, 1-12
New Technology Local Area Network Manager
(NTLM)
Kerberos and, 11-47, 11-50, 11-81 to 11-82
protocol, 16-8
no-refresh intervals, 5-32
Nodebug option, Nslookup, 6-5
Nominet, 4-14
Non RFC name-checking method, 5-52
None dynamic updates, 5-27
noninteractive mode, Nslookup, 6-3 to 6-4
nonsecure dynamic updates, 5-27
notation, binary, 2-7, 2-9 to 2-10, 2-16, 2-18
converting manually, 2-9 to 2-10
converting with calculator, 2-18
defined, 2-7
exercise converting, 2-18 to 2-19, 2-60
notation, decimal
converting manually, 2-10 to 2-13
converting with calculator, 2-13
defined, 2-9
exercise converting, 2-18 to 2-19
lesson review, 2-19 to 2-20
notation, dotted-decimal
analyzing, 2-16 to 2-17
converting, 2-10 to 2-13, 2-19
defined, 2-9
lesson review, 2-30 to 2-31
Z02I622884.fm Page 22 Friday, March 31, 2006 1:20 PM
I-22 notification settings, zone transfers
notification settings, zone transfers
overview of, 5-36 to 5-37
performance counters, 6-29 to 6-30
practice exercise, 5-38 to 5-39
NS (Name Server) resource records
configuring, 5-35 to 5-36
zone delegations and, 5-58
Nslookup utility, 6-3 to 6-8
data types, 6-7
defined, 6-3
interactive mode, 6-4 to 6-5
noninteractive mode, 6-3 to 6-4
options, 6-5 to 6-6
overview of, 6-3
practice exercises, 6-12 to 6-16, 6-34
querying other name server, 6-8
Set All command, 6-5 to 6-6
Set Querytype (set q) command, 6-7
Set Type command, 6-7
troubleshooting Internet connectivity, 12-23
viewing zone data, 6-8
NTLM (New Technology Local Area Network
Manager)
Kerberos and, 11-47, 11-50, 11-81 to 11-82
protocol, 16-8
NWLink protocol. See IPX (NWLink) protocol
O
Online Help
network infrastructure, 17-3
Network Monitor, 17-3
network security, 15-4
Routing and Remote Access, 16-8 to 16-9
Open Shortest Path First. See OSPF (Open Shortest
Path First) routers
Open Systems Interconnection (OSI) model, 3-11 to
3-12
options classes, 7-35 to 7-37
organizational domains, 4-13
OSI (Open Systems Interconnection) model, 3-11 to
3-12
OSPF (Open Shortest Path First) routers
areas, 9-64
lesson review, 9-68 to 9-69
overview of, 9-63 to 9-64
RIP and, 9-63 to 9-64
routing, 9-18 to 9-20, 9-26, 9-59, 16-1, 16-29
output filters, packet filtering, 9-37
basic, 9-73
creating, 9-71 to 9-72
defined, 9-70
Owner field, resource records, 4-36
P
packet filters, 9-37, 9-71 to 9-77, 10-52
advanced, 9-73 to 9-74
basic, 9-73 to 9-74
case scenario, 9-75 to 9-77, 9-84 to 9-85
creating, 9-71 to 9-72
defined, 9-70
IP Routing properties, 9-37
lesson review, 9-76 to 9-77
mixed VPNs with firewall and, 10-52
overview of, 9-70
remote access policies and, 9-72
review of, 16-20
Routing and Remote Access console and, 9-72
Pages/Sec counter, Performance console, 12-7
PAP (Password Authentication Protocol)
defined, 10-10
exam highlights, 10-11 to 10-12
operating systems supported, 10-12 to 10-13
security and, 10-14 to 10-15
parsers
adding to Network Monitor, 3-15
defined, 3-35
partitions, Active Directory–integrated zones, 6-21 to
6-22
Password Authentication Protocol. See PAP
(Password Authentication Protocol)
PathPing utility, 3-26 to 3-27
defined, 3-37
overview of, 3-26 to 3-27
troubleshooting Internet connectivity, 12-23
Tracert compared to, 3-28
Pause button, zone status, 5-22
PEAP (Protected EAP), 16-10, 16-12, 16-17
peer filtering, RIP, 9-61
perfmon.exe command, 12-8
Performance console, 12-7 to 12-14
alerts, 12-10 to 12-14, 12-19 to 12-20
general properties, 12-11 to 12-12
Z02I622884.fm Page 23 Friday, March 31, 2006 1:20 PM
PPP (Point-to-Point Protocol) I-23
lesson review, 12-20
NBT Connection object, 12-9
network counters, 6-26, 12-9
Network Interface object, 12-9
Pages/Sec counter, 12-8
RAS Port performance object, 12-9 to 12-10
starting, 12-8
System Monitor in, 6-25
Task Manager and, 12-8, 12-10
See also monitoring, network traffic
performance counters
% Processor Time, 12-8
Average Disk Queue Length, 12-8
AXFR (all zone transfer) queries, 6-26
DNS, 6-26 to 6-27
IXFR (incremental zone transfer) queries, 6-26
list, 6-26 to 6-27
Total Query Received, 6-27
Total Response Sent, 6-27
Performance Logs and Alerts
actions, 12-12 to 12-14
alerts, 12-10 to 12-11
general properties, 12-11 to 12-12
lesson review, 12-20
schedules, 12-14
performance objects, networking
NBT Connection, 12-8
Network Interface, 12-8
RAS Port, 12-8
RAS Total, 12-9
Server, 12-9
TCPv4, 12-8
TCPv6, 12-8
peripheral routers, 9-26
permissions
DHCP server authorization, 7-5
least privilege principle, 11-12 to 11-14
remote access, 10-24 to 10-25
persistent connections, NAT configuration, 9-48
physical infrastructure, 1-5 to 1-6
physical topology, 2-34 to 2-35
PIDs (Process Identifiers), 12-15 to 12-16
Ping Capture, 3-18 to 3-19
Ping utility
output, 3-18
overview of, 3-26 to 3-27
troubleshooting Internet connectivity, 12-22 to
12-23
PKI (Public Key Infrastructure), 1-12, 1-13
Point-to-Point Protocol (PPP)
dial-up networking and, 10-4
encryption, 10-14
PPP tab, RRAS, 9-12 to 9-14
See also MPPE (Microsoft Point-to-Point
Encryption)
Point-to-Point Tunneling Protocol. See PPTP (Pointto-Point Tunneling Protocol)
pointer (PTR) resource records
configuring Dynamic DNS updates, 4-55 to 4-56
default client update behavior, 4-56
defined, 4-30
FQDNs and, 4-52
overview of, 4-39
policies
account policies, 11-23
authorization scenarios, 10-32 to 10-37
blocking policies, 11-60 to 11-64
connection request policies, 10-73 to 10-75, 10-87
local policies, 11-32
See also IPSec policies; remote access policies
ports
configuring PPTP on VPN server, 10-56 to
10-57
configuring VPNs, 10-54 to 10-65
demand-dial, 9-34 to 9-35
L2TP/IPSec connections and, 10-57 to 10-59
Maximum Ports setting, 10-54, 10-59
packet filtering, 9-73 to 9-75
Port Status dialog box, 9-35
RADIUS servers, 10-76
RAS Port performance object, 12-8
TCP, 2-4
UDP, 2-5
positive answer, 4-21
Post-Setup Security Updates (PSSU), 11-28
Power Users group, 15-19
Powers of 2, 2-14 to 2-15
PPP (Point-to-Point Protocol). See also MPPE
(Microsoft Point-to-Point Encryption)
dial-up networking and, 10-4
encryption, 10-14
PPP tab, RRAS, 9-12 to 9-14
Z02I622884.fm Page 24 Friday, March 31, 2006 1:20 PM
I-24 PPTP (Point-to-Point Tunneling Protocol)
PPTP (Point-to-Point Tunneling Protocol)
overview of, 10-56 to 10-56
packet filtering and, 9-74 to 9-75
PPTP-type VPN connections, 10-57, 10-64
VPN clients, 10-56 to 10-57
VPN servers, 10-56
predefined security templates, 15-7
preferences, IP Routing, 9-15 to 9-16
preshared keys, 10-59, 10-64
primary DNS suffix
configuring, 4-56
DNS clients, 4-54
overview of, 4-5
search lists, 4-54 to 4-55
setting, 4-50
primary domain name, 4-5
primary servers
migrating, 5-23
notification, 5-38 to 5-39
Primary Server text box, SOA tab, 5-34
secondary zones and, 4-32
zone transfer initiation, 5-38 to 5-39
primary zones
overview, 4-31
reconfiguring zones as, 5-22
standard, 4-33
zone transfers and, 5-37, 5-38
principle of least privilege, 11-12 to 11-14
printer sharing, 1-9, 1-14
private domain namespace, 4-14
private IP addresses
configuring TCP/IP addressing, 13-6
local names resolved to, 14-1
overview of, 2-12, 16-20
private networks
ICS. See ICS (Internet Connection Sharing)
NAT. See NAT (Network Address Translation)
overview of, 16-36
Process Identifiers (PIDs), 12-15 to 12-16
Processes tab, Task Manager, 12-15 to 12-16
profiles, remote access policies, 10-29 to 10-30
properties
demand-dial, 9-31
devices, 9-34 to 9-35
DHCP Relay Agent, 9-68
IP addresses. See IP addresses, configuring
IP routing, 9-14 to 9-16
network interfaces, 9-32 to 9-34
ports, 9-34 to 9-35
user account dial-in, 10-23 to 10-26
zone. See zone properties
properties tabs, DNS server, 5-3 to 5-13
advanced, 5-9
debug logging, 5-11
event logging, 5-11
forwarders, 5-4 to 5-9
interfaces, 5-4
monitoring, 5-12
root hints, 5-10 to 5-11
security, 5-13
Protected EAP (PEAP), 16-10, 16-12, 16-17
protocols, authentication
CHAP, 10-10 to 10-13
choosing, 10-9 to 10-10
configuring client side, 10-12 to 10-15
configuring server side, 10-16 to 10-18
EAP, 16-8, 16-16 to 16-17
EAP-MD5 CHAP, 10-10 to 10-13
EAP-TLS, 10-9 to 10-13, 10-16 to 10-17, 10-58,
10-87
features of, 10-11 to 10-12
MS-CHAP v1, 10-10 to 10-13, 10-15
MS-CHAP v2, 10-10 to 10-13, 10-15, 16-16 to
16-17, 16-39, 16-45
operating system support, 10-12 to 10-13
PAP, 10-10, 10-11 to 10-15
RADIUS, 10-8, 10-26 to 10-27, 10-32, 10-38, 10-67
to 10-81
SPAP, 10-10, 10-11 to 10-14
unauthenticated access, 10-10
protocols, network
IPSec. See IPSec (Internet Protocol Security)
Kerberos. See Kerberos
lesson review, 1-14
monitoring with Network Monitor, 3-11 to 3-12
overview of, 1-8 to 1-10
security, 11-3 to 11-4
traffic capture, 11-41 to 11-42
viewing connection components, 1-17 to 1-20
protocols, routing, 9-59 to 9-69
Z02I622884.fm Page 25 Friday, March 31, 2006 1:20 PM
remote access, authentication I-25
adding and configuring, 9-59 to 9-60
defined, 9-59
deploying over VPNs, 10-51
DHCP Relay Agent, 9-65 to 9-68
exam highlights, 9-80 to 9-81
lesson review, 9-69
multiple-routers and, 9-21
New Routing Protocol command, 9-59
New Routing Protocol dialog box, 9-67
OSPF overview, 9-63 to 9-64
RIP, 9-60 to 9-63
provider order, network connections, 1-20
PSSU (Post-Setup Security Updates), 11-28
PSTN (Public Switched Telephone Network), 10-4
PTR resource records. See pointer (PTR) resource
records
public IP addresses, 2-12
public key cryptography, certificates and, 1-12
Public Key Infrastructure (PKI), 1-12, 1-13
Public Switched Telephone Network (PSTN), 10-4
Q
QuadA (AAAA) IPv6 records, 14-1
queries, IXFR (incremental zone transfer)
overview of, 5-38 to 5-39
performance counters, 6-25 to 6-27
query, recursive, 4-68, 6-33
query response types
authoritative answer, 4-21
negative answer, 4-22
positive answer, 4-21
referral answer, 4-21 to 4-22
Quick Mode, IPSec
defined, 11-95
overview of, 11-42, 15-25
viewing IP statistics, 11-73
R
RADIUS (Remote Authentication Dial-In User
Service)
configuring, 10-75, 10-77 to 10-78
defined, 10-85
deploying, 10-78 to 10-79
IAS, 10-75 to 10-78
lesson summary, 10-81 to 10-82
practice exercises, 10-78 to 10-81
proxies, 10-73 to 10-75
remote access authentication, 10-8 to 10-10
remote access policies, 10-26 to 10-27
scenarios, 10-67 to 10-72
Send RADIUS Accounting On and Accounting Off
Messages, 10-77
server groups, 10-73
servers, 10-76, 10-77
settings, 10-32
specifying clients, 10-76 to 10-78
support for WPS, 10-72
RAS Port performance object, 12-8
RAS (remote access servers)
access beyond, 10-38 to 10-40
authentication. See remote access, authentication
configuring Windows Server 2003 as, 16-1
RAS Total performance object, 12-9
RDATA field, 4-36
rebinding state, DHCP lease renewal, 8-5
Reconcile All Scopes dialog box, 8-34
Reconcile dialog box, 8-34
recovery options, 12-34 to 12-38, 12-39 to 12-40
recursion
configuring DNS server, 4-60 to 4-62
defined, 4-68, 5-80
disabling, 5-8 to 5-9
overview of, 4-19
recursive query, 4-68
redirection, 14-22, 14-27
referral answer, 4-21
referrals, 5-47
refresh intervals
modifying, 5-32
no-refresh, 5-32
Refresh Interval box, SOA tab, 5-34
registered IP addresses, 14-1
Registry
APIPA and, 1-25
security templates, 11-7, 11-9
Registry Key Access, auditing, 11-7
Relay Agent. See DHCP Relay Agent
remote access, authentication, 10-7 to 10-18
case scenario, 10-82 to 10-83, 10-88
client-side protocols, 10-13 to 10-17
Z02I622884.fm Page 26 Friday, March 31, 2006 1:20 PM
I-26 remote access, authentication
lesson review, 10-22, 16-7 to 16-8
overview of, 10-7 to 10-8
practice exercises, 10-19 to 10-22
protocols, 10-10 to 10-13
server-side protocols, 10-17 to 10-19
through RADIUS, 10-8 to 10-9
remote access, authorization, 10-23 to 10-46
access beyond remote access server, 10-38 to
10-40
Allow Access setting, 10-24 to 10-25, 10-29
case scenario, 10-82 to 10-83
lesson review, 10-45 to 10-46
lesson summary, 10-46
managing clients, 10-40 to 10-41
practice exercises, 10-41 to 10-45
remote access policies, 10-26 to 10-32
scenarios, 10-32 to 10-37
troubleshooting, 10-37 to 10-38
user dial-in properties, 10-23 to 10-26
remote access, configuring
dial-up networking, 10-3 to 10-4
IP address assignments, 10-4 to 10-5
private networks, 16-36 to 16-40
remote client addressing, 10-4 to 10-7
troubleshooting client access to, 16-41 to 16-51
troubleshooting RRAS routing, 16-47 to 16-51
Remote Access Connection Manager, 12-33 to 12-34
remote access, connections, 1-11
remote access policies
authorization scenarios, 10-32 to 10-37
client management, 10-40 to 10-41
conditions, 10-27 to 10-28
configuring, 16-1
creating, 10-42 to 10-44
defined at server, 10-32
extranet/router-to-router VPNs, 10-49 to 10-50
overview of, 10-26 to 10-27
permissions, 10-29
PPTP configuration on VPN server, 10-56 to 10-57
profiles, 10-29 to 10-32
Remote Access Policies node, RRAS, 10-17
removing, 10-26
Select Attribute dialog box, 10-27 to 10-28
remote access servers (RAS)
access beyond, 10-38 to 10-40
authentication. See remote access, authentication
configuring Windows Server 2003 as, 16-1
Remote Authentication Dial-In User Service. See
RADIUS (Remote Authentication Dial-In User
Service)
renewal process, DHCP leases, 8-4 to 8-5
Repair button, 8-29
Repair feature, DHCP servers, 12-25 to 12-27
replica, defined, 6-33
replication
directory partitions and, 5-25 to 5-26
overview of, 5-23 to 5-26
zone, 5-24 to 5-25
Replication Monitor (replmon.exe)
Active Directory–integrated zones, 6-21 to 6-24
lesson review, 6-28
overview, 6-20 to 6-21
Request for Comments. See RFCs (Request for
Comments)
Request Security, IPSec, 11-43
Require Security, IPSec, 11-43
Réseaux IP Européens (RIPE NCC), 2-12
reservations, DHCP
creating, 7-10 to 7-11
New Reservation dialog box, 7-10 to 7-11
options for, 7-12 to 7-13
verifying, 8-33
resolver, DNS, 4-15
Resource Kit, Microsoft Windows Server 2003, 17-3
resource records
alias (CNAME), 4-15, 4-22, 4-35, 4-37 to 4-38
CNAME (alias), 4-15, 4-22, 4-35, 4-37 to 4-38
creating, 4-35 to 4-40
defined, 4-15
DNS console, 4-35 to 4-40
formats, 4-36
host (A), 4-37, 4-59, 5-30 to 5-31, 5-48, 5-59, 5-60
mail exchanger (MX), 4-15, 4-35, 4-38
name server (NS), 5-35 to 5-36, 5-38
netmask ordering, enabling, 5-48 to 5-50
Owner field, 4-36
pointer (PTR), 4-30, 4-32, 4-52, 4-55 to 4-56
root hints, 4-19
scavenging stale, 5-32 to 5-33
service location (SRV), 5-15 to 5-18
Z02I622884.fm Page 27 Friday, March 31, 2006 1:20 PM
routing protocols I-27
start-of-authority (SOA), 4-35, 5-33
TTLs for, 5-34 to 5-35
types, 4-36 to 4-40
verification, 5-15 to 5-18
restricted groups, security templates, 11-9
Resultant Set of Policy (RSoP), 11-4, 11-5, 11-44,
11-80
retry intervals, SOA, 5-32
reverse domains, 4-13
reverse lookups, Nslookup, 6-4
RFCs (Requests for Comments)
DNS names (RFC 1123), 4-49
IPSec, 11-41
Kerberos, 11-47
Non RFC name-checking method, 5-52
router compliance (RFC 1542), 7-27, 9-65
RIP (Routing Information Protocol), 9-58 to 9-71
advantages/disadvantages, 9-60
authentication, 9-61
configuring neighbors, 9-63
configuring routing tables, 16-1
deploying over VPNs, 10-51
environment, 9-60
lesson review, 9-68 to 9-69
lesson summary, 9-69
metric for, 9-19
neighbors, 9-63
OSPF vs., 9-64 to 9-65
peer filtering, 9-61
route filtering in, 9-62
security and, 9-61
static routing and, 9-27
RIPE NCC (Réseaux IP Européens), 2-12
Riveset-Shadmir Adleman (RSA RC4), 10-30
rogue servers
defined, 7-50
detection, 3-15
troubleshooting Internet connectivity, 12-27
root domains, 4-23, 4-70
root hints
DNS server properties, 5-10
overview of, 4-19
rootsec security template, 11-23
round robin, DNS, 5-50
Route command, 9-25
route filtering, RIP, 9-62
router discovery, 9-37
router-to-router VPNs
overview of, 10-49 to 10-51
troubleshooting, 10-52 to 10-54
routers
called, 9-38
calling, 9-38
default gateways, 2-13
overview of, 16-20
peripheral, 9-26
solicitations, 9-37
routing
demand-dial. See demand-dial routing
LAN. See LAN routing loops
NAT. See NAT (Network Address Translation)
network infrastructure and, 1-11
overview of, 9-4
packet filters. See packet filters
preferences, 16-29 to 16-35
protocols. See protocols, routing
remote access, 9-4 to 9-13
remote DHCP servers and, 7-27
TCP/IP, 16-29 to 16-35
troubleshooting RRAS, 16-47 to 16-51
Routing and Remote Access. See RRAS (Routing and
Remote Access)
Routing Information Protocol. See RIP (Routing
Information Protocol)
routing, LAN, 9-3 to 9-29
case scenario, 9-75 to 9-77
lesson review, 9-28
lesson summary, 9-29
overview of, 9-3 to 9-4
practice exercise, 9-27
routing tables, 9-15 to 9-19
RRAS. See RRAS
scenarios, 9-19 to 9-20
static routes, 9-20 to 9-26
routing protocols, 9-59 to 9-69
adding and configuring, 9-59 to 9-60
defined, 9-59
deploying over VPNs, 10-51
DHCP Relay Agent, 9-65 to 9-68
exam highlights, 9-80 to 9-81
Z02I622884.fm Page 28 Friday, March 31, 2006 1:20 PM
I-28 routing protocols
lesson review, 9-69
multiple-routers and, 9-21
New Routing Protocol command, 9-59
New Routing Protocol dialog box, 9-67
OSPF overview, 9-63 to 9-64
RIP, 9-60 to 9-63
routing tables
default route, 9-16
host route, 9-15
network route, 9-15
reading, 9-16 to 9-18
static and dynamic routing, 9-18 to 9-19
viewing, 9-16
routing tables, columns
gateway, 9-17 to 9-18
interface, 9-18
metric, 9-18
netmask, 9-17
network destination, 9-17
RRAS (Routing and Remote Access)
authentication. See remote access, authentication
authorization. See remote access, authorization
broadcast name resolution, 9-9 to 9-10
clients vs. routers, 9-37
configuring. See remote access, configuring
defined, 9-3
demand-dial interfaces, 9-30 to 9-37
demand-dial routing and, 9-41 to 9-44
enabling, 9-5
further reading, 16-5 to 16-7
IAS deployment. See IAS (Internet Authentication
Service)
IP addresses, 9-9, 10-4 to 10-5
IP (Internet Protocol) and, 9-9 to 9-10
IP Routing, 9-13 to 9-14
IP routing properties, 9-13 to 9-15
lesson review, 16-1 to 16-2
logging, 9-12
managing, 16-20 to 16-28
Microsoft Windows Server 2003, 16-8 to 16-9
overview of, 9-4 to 9-5
PPP and, 9-10 to 9-12
practice exercise, 9-27 to 9-28
private networks and, 16-36 to 16-40
properties, 9-7 to 9-12
routing tables, 9-16 to 9-20
Static Address Pool option, 9-9
static routing, 9-24
TCP/IP routing, 16-29 to 16-35
tested skills/suggested practices, 16-2 to 16-4
troubleshooting, 16-41 to 16-51
VPNs. See VPNs (virtual private networks)
RRAS (Routing and Remote Access), console
adding network interfaces, 9-6 to 9-7
configuring access beyond remote access server,
10-38 to 10-40
demand-dial properties, 9-31
DHCP Relay Agents, 9-67 to 9-68
IP Routing interface properties, 9-37
IP Routing node, 9-71 to 9-72
Network Interfaces node, 9-32
overview of, 9-7 to 9-10
packet filters, 9-71 to 9-72
RADIUS authentication, 10-8 to 10-10
RADIUS clients, 10-75
RADIUS servers, 10-76 to 10-77
remote access clients, 10-40 to 10-41
remote access policies, 10-26 to 10-32
routing protocols, 9-59 to 9-60
routing protocols over VPNs, 10-51 to 10-52
server side authentication, 10-16 to 10-18
RSA RC4 (Riveset-Shadmir Adleman), 10-30
RSoP (Resultant Set of Policy), 11-4, 11-5, 11-44,
11-80
Run As shortcut menu, 1-4
Runas command, 1-4
S
Safe Mode With Command Prompt, 17-21,
17-23
SAM (Security Accounts Manager), 10-8
Save To File feature, Network Diagnostics, 3-25
scavenging
overview of, 5-31 to 5-32
performing, 5-33
stale records, 5-32
Sc.exe (Service Controller utility), 17-22, 17-24
schedules, Performance Logs and Alerts, 12-15
schema, defined, 6-33
scopes, 7-6 to 7-11
80/20 rule, 7-9 to 7-10
Activate menu command, 7-14
Z02I622884.fm Page 29 Friday, March 31, 2006 1:20 PM
security, RRAS I-29
activating, 7-13
configuring, 7-6 to 7-11
deactivating, 7-13
DHCP options, 7-12
exclusion ranges, 7-8 to 7-9
IP address range, 7-7 to 7-8
lesson review, 7-20 to 7-21
New Scope Wizard, 7-6 to 7-7
obtaining address from incorrect, 8-30
overview of, 7-6 to 7-7
reconciling, 8-35
redeployment, 8-29
reservations, 7-10 to 7-11
Scope Options dialog box, 7-12
subnet addresses and, 7-32
troubleshooting DHCP client, 8-29 to 8-30
verifying, 8-31 to 8-33
Secedit, 15-7
secondary servers
notification/zone transfer initiation, 5-38 to 5-39
secondary zones
defined, 5-23
zone transfers and, 5-37
Secret field, RADIUS servers, 10-76
Secure Cache Against Pollution, DNS server
properties, 5-51
secure dynamic updates, overview of, 5-30 to 5-31
Secure Sockets Layer. See SSL (Secure Sockets Layer)
securedc, security templates, 11-23
security
advanced settings, 10-13 to 10-17
DHCP servers, 7-4, 7-5
dial-back security, 13-32, 13-35
disabling NetBIOS and, 4-7 to 4-8
further reading, 15-5
Group Policy settings, 15-7
group policy and, 11-3 to 11-12
IKE algorithms, 11-67
infrastructure, 1-11 to 1-13
key exchange, 11-42, 11-65 to 11-66
locked-down packet filtering, 9-73 to 9-74
Microsoft Windows Server 2003, 15-5
Microsoft Windows Server 2003 white paper,
11-23
network interfaces, 9-33
network protocol. See network protocols
overview of, 15-1 to 15-2
RAS servers and, 16-1
RIP properties, 9-60 to 9-62
software updates, 15-18 to 15-21
tested skills/suggested practices, 15-3 to 15-5
Security Accounts Manager (SAM), 10-8
security administration
group policy and, 11-3 to 11-12
lesson review, 11-37 to 11-38
lesson summary, 11-38 to 11-39
network security protocols, 11-3 to 11-4
overview of, 15-7 to 15-8
practice exercises, 11-29 to 11-37
principle of least privilege, 11-12 to 11-14
security templates, 11-21 to 11-29
Security Configuration and Analysis snap-in
monitoring compliance with, 11-24 to 11-25
overview of, 11-3
practice exercises, 11-29 to 11-37
secure networks, 15-7
Security Configuration Wizard, 11-26 to 11-27
security event logs
Kerberos at computer boot, 11-48 to 11-50
Kerberos at user logon, 11-51 to 11-53
Kerberos in use, 11-48
troubleshooting IPSec policies, 11-43 to 11-44
security, network
group policy and, 11-3 to 11-12
least privilege, 11-12 to 11-14
lesson review, 11-37 to 11-38
lesson summary, 11-38 to 11-39
practice lessons, 11-29 to 11-37
protocol, 11-40 to 11-76
PSSU, 11-28
Security Configuration Wizard, 11-26 to
11-27
templates and, 11-21 to 11-26
Windows Firewall, 11-27
security, RRAS
client side authentication protocols, 10-12 to
10-15
DNS servers, 5-13
overview of, 9-8 to 9-10
RADIUS clients, 10-67 to 10-72
server side authentication protocols, 10-16 to
10-18
Z02I622884.fm Page 30 Friday, March 31, 2006 1:20 PM
I-30 Security Settings node
Security Settings node
Account Lockout Policy, 11-6
Audit Policy, 11-6
Kerberos Policy, 11-6
Password Policy, 11-6
security templates, 11-21 to 11-29
baselines, 11-22 to 11-23
list of, 11-23 to 11-24
monitoring compliance, 11-24 to 11-25
network security and, 11-25 to 11-26
snap-in and, 11-22
Select Network Component Type dialog box, 1-22
to 1-23
semicolon (;), 4-36
Serial Line Internet Protocol (SLIP), 16-42, 16-45
Serial Number text box, SOA tab, 5-33 to 5-35
Server command, Nslookup, 6-8
Server Message Block (SMB). See SMB (Server
Message Block) protocol
server services, 12-32 to 12-41
dependency options, 12-32 to 12-34
further reading, 17-3
lesson review, 12-40 to 12-41
overview of, 17-20
practice exercises, 12-39 to 12-40
recovery options, 12-34 to 12-38
tested skills/suggested practices, 17-2
servers
DHCP. See DHCP servers
DNS. See DNS servers
primary, 4-32, 5-34, 5-38, 5-86
RADIUS, 10-73, 10-76, 10-77
RAS, 10-38 to 10-40, 16-1
rogue, 3-15, 7-50, 12-27
secondary, 5-23, 5-33, 5-38 to 5-39
slave, 5-9
Service Controller utility (Sc.exe), 17-22, 17-24
service dependencies
configuring, 12-38 to 12-39
overview of, 12-32 to 12-33
service location (SRV) resource records
overview of, 4-39 to 4-40
verifying for Active Directory in DNS, 5-15 to 5-18
services. See network services
Services console
DHCP server status, 7-24 to 7-25
migrating DHCP server, 7-34
Services node, Computer Management console,
12-32 to 12-33
session ticket, 11-88
Set All command, Nslookup, 6-5 to 6-6
Set command, options available with, 6-6
Set Credentials command, demand-dial interface,
9-32
Set IP Demand-Dial Filters command, demand-dial
interface, 9-32
Set Querytype (set q) command, Nslookup, 6-7
Set Type command, Nslookup, 6-7
Shared Secret authentication, 11-104
Shiva Password Authentication Protocol (SPAP)
defined, 10-10
operating system support, 10-12
shortcut menu commands, demand-dial interfaces,
9-31 to 9-32
Shortest Path First (SPF) algorithm, 9-63
Show All command, Netsh utility, 11-81
Show Gpoassignedpolicy command, Netsh utility,
11-80
Show Mmsas All command, Netsh utility, 11-72
Show Qmsas All command, Netsh utility, 11-72
Shutdown /i command, DHCP leases, 8-29, 8-37
slave servers, 5-9
slave zones, 5-9
SLIP (Serial Line Internet Protocol), 16-42, 16-45
smart cards
EAP-TLS authentication protocol and, 10-15 to
10-16
Use Smart Card setting, 10-15 to 10-16
SMB (Server Message Block) protocol
CIFS as extension of, 1-9, 1-37
Network Monitor and, 3-12
SMS (Systems Management Server), 12-17
snap-ins
Add/Remove Snap-In dialog box, 11-30
Add Standalone Snap-Ins dialog box, 11-30, 11-60
IP security, 11-43 to 11-44, 11-60 to 11-64
RSoP, 11-4
Security Configuration And Analysis, 11-25
Security Templates, 11-22, 11-24, 11-29
SOA (start-of-authority) record
Z02I622884.fm Page 31 Friday, March 31, 2006 1:20 PM
supernetting I-31
configuring, 5-33 to 5-35
new zones and, 4-35
Software Update Services (SUS), 15-18 to 15-19
software updates, 15-18 to 15-21
solicitations, router, 9-37
SPAP (Shiva Password Authentication Protocol)
defined, 10-10
operating system support, 10-12
SPF (Shortest Path First) algorithm, 9-63
split horizon, 16-30, 16-33
SRV (service location) resource records
overview of, 4-39 to 4-40
verifying for Active Directory in DNS, 5-15 to 5-18
SSL (Secure Sockets Layer), 1-12
stack, TCP/IP, 1-17
standard primary zones, 4-32 to 4-33
start-of-authority (SOA) record
configuring, 5-33 to 5-35
new zones and, 4-35
static IP addresses
applyng, 10-25
creating reservations, 7-11
dial-up remote access connections, 10-37 to 10-38
pools, 9-7, 10-6 to 10-7
RRAS, 9-7
Static mode, Netsh utility, 11-70, 11-72
static routes
adding, 9-23 to 9-25
advantages, 9-25
designing, 9-26
disadvantages, 9-25 to 9-26
dynamic routes compared with, 9-18
guidelines, 9-20 to 9-22
linking to dial-on-demand connections, 9-39
multiple-routers using, 9-20
overview, 9-20 to 9-22
RIP vs., 9-26
Update Routes command, 9-36
statistics
IKE, 11-72
IP Security Monitor, 11-88 to 11-89
Quick Mode, 11-44, 11-73
Strict RFC name-checking method, 5-52
Strongest Encryption (MPPE 128-Bit), 10-31
stub areas, 9-64
stub zones, 5-67 to 5-75
benefits of, 5-68
case scenario, 5-75 to 5-77
defined, 4-68
DNS servers hosting, 4-32
lesson review, 5-74 to 5-75
lesson summary, 5-75
overview of, 5-67 to 5-68
practice exercise, 5-73 to 5-74
reconfiguring zone as, 5-22
updating, 5-72
when to use, 5-68 to 5-72
subnet ID, 2-36
variable length, 2-47
subnet masks
address location, 2-45
address ranges, 2-40 to 2-45
address space, 2-48
advantages of, 2-34 to 2-35
case scenario, 2-53 to 2-55
CIDR, 2-9
converting, 2-17 to 2-19
defining, 2-23
determining number, 2-37, 2-38 to 2-40
host capacity, 2-38
host IDs, 2-8
ID, 2-36
lesson review, 2-51 to 2-52
lesson summary, 2-52 to 2-53
list of common, 2-17
network prefixes and, 2-9
notations, 2-9 to 2-10
octet values, 2-15 to 2-16
overview of, 2-9 to 2-11
powers of 2, 2-14 to 2-15
practice exercises, 2-49 to 2-51
remote access authorization and, 10-7, 10-39
TCP/IP addressing, 13-3 to 13-7
variable-length, 2-46 to 2-48
suite, TCP/IP, 1-8
summary pane, Frame Viewer window, 3-9
supernetting
advantages, 2-34 to 2-35
overview of, 2-32 to 2-34
TCP/IP addressing, 13-9 to 13-10
Z02I622884.fm Page 32 Friday, March 31, 2006 1:20 PM
I-32 superscopes
superscopes, 7-28 to 7-32
creating, 7-28 to 7-29
for two local DHCP servers, 7-30 to 7-32
local multinets and, 7-29 to 7-30
New Superscope menu command, 7-29
overview of, 7-28
practice exercise, 7-39 to 7-41
remote multinets, 7-30
SUS (Software Update Services), 15-18 to 15-19
System Configuration utility (Msconfig.exe), 17-24
system error log, DHCP, 8-35 to 8-37
System log, Event Viewer
Network Monitor and, 15-31
troubleshooting server services, 12-35 to 12-36
System Monitor, DNS performance monitoring, 6-24
to 6-27
System Properties dialog box, 4-49
system services, security templates, 11-6
System Shutdown event, 11-6
Systems Management Server (SMS), 12-17
T
Task Manager
networking options, 12-3 to 12-6
overview of, 12-3 to 12-6
Performance console and, 12-9
PIDs and, 12-15 to 12-16
practice exercise, 12-18 to 12-19
TCP/IP (Transmission Control Protocol/Internet
Protocol)
case scenario, 2-53 to 2-55
configuring, 2-46, 2-50
configuring for DNS clients, 4-48 to 4-55
exam highlights, 2-56
layers, 2-2 to 2-5
monitoring network traffic. See Network Monitor
overview of, 1-8, 1-18, 2-2 to 2-5
routing, 16-29 to 16-35
subnetting. See subnet masks
supernetting, 2-32 to 2-35
variable-length subnet masks, 2-46 to 2-48
viewing advanced connection settings, 1-19 to
1-21
viewing default settings, 1-17 to 1-19
viewing network connection components, 1-16 to
1-32
TCP/IP, addressing
APIPA and, 1-25 to 1-27
blocks, 2-7 to 2-31
decimal/binary notation, 2-7, 2-9 to 2-10, 2-16,
2-18
DHCP advantages, 7-3
further reading, 13-8
gateways, 2-13
lesson review, 2-5, 2-30
overview of, 13-1
private, 2-12
public, 2-12
remote access, 9-10, 10-4, 10-6 to 10-7
resolving to host names, 6-3 to 6-4
scope configuration for, 7-7 to 7-8
structure, 2-7 to 2-11
subnets, 2-15 to 2-16
tested skills/suggested practices, 13-4 to 13-5
TCP/IP connections, 3-22 to 3-34
ARP tool, 3-28 to 3-29
case scenario, 3-34 to 3-36
faulty configuration, 3-22
further reading, 13-8
lesson review, 3-32 to 3-33
lesson summary, 3-33 to 3-34
monitoring. See Network Monitor
Network Diagnostics, 3-23 to 3-26
overview of, 13-31
PathPing, 3-26 to 3-27
Ping, 3-26 to 3-27
practice exercises, 3-29 to 3-34
Tracert, 3-27, 3-28
TCP/IP properties
alternate configuration options, 2-46
connection-specific DNS suffixes, 4-50 to 4-51
custom DNS suffix search lists, 4-54 to 4-55
default client update behavior, 4-54
DHCP clients, 7-12 to 7-13
DNS servers, 4-48 to 4-49
IP addressing, 2-7 to 2-12
TCP/IP Statistics command, 9-36
Z02I622884.fm Page 33 Friday, March 31, 2006 1:20 PM
troubleshooting I-33
TCP (Transmission Control Protocol), fast zone
transfer and, 4-34
TCPv4 performance object, 12-8
TCPv6 performance object, 12-8
telephone lines, PSTN, 10-4
templates, 11-5 to 11-6, 11-21 to 11-26. See also
security templates
Terminal Services, 1-13, 1-20
test skills and suggested practices
DHCP management, 13-5
DHCP troubleshooting, 13-6 to 13-7
DNS management, 14-2 to 14-3
DNS monitoring, 14-3
DNS server installation, 14-2
Internet connectivity, 17-3
network protocol security, 15-4 to 15-5
network security, 15-3
network traffic, 17-2
Remote Access management, 16-3 to 16-4
Remote Access routing, 16-5
Remote Access user authentication, 16-2 to 16-3
secure access, 16-4
server services, 17-3 to 17-4
software update installation, 15-3 to 15-4
TCP/IP configuration, 13-4 to 13-5
TCP/IP routing, 16-4
TCP/IP troubleshooting, 13-5 to 13-6
user access to remote access services, 16-5
TGT (Ticket Granting Ticket)
defined, 11-95
Kerberos at computer boot, 11-50 to 11-51
Kerberos at user logon, 11-51 to 11-53
Kerberos authentication, 11-53 to 11-54
Time-Out (Second) field, RADIUS servers, 10-76
time skew, 11-53
Time to Live (TTL) values
Minimum (Default) TTL box, 5-34
overview of, 4-23
resource record formats, 4-36
resource records and, 5-34
SOA resource record and, 5-34
stub zones and, 5-72
troubleshooting with Tracert, 3-28Times options,
Kerbtray, 11-53
topology
defined, 1-5
physical, 2-34 to 2-35
Total Query Received, DNS performance counter,
6-27
Total Query Received/Sec, DNS performance
counter, 6-27
Total Response Sent, DNS performance counter,
6-27
Total Response Sent/Sec, DNS performance counter,
6-27
Tracert utility
overview of, 3-27, 3-28
troubleshooting TCP/IP addressing, 13-31
traffic, broadcast, 2-35
traffic, DHCP, 8-3 to 8-19
case scenario, 8-38 to 8-39, 8-46 to 8-47
DHCP ACK, 8-11 to 8-12
DHCP Discover, 8-7 to 8-8
DHCP header fields, 8-6 to 8-7
DHCP messages, 8-5 to 8-7
DHCP NACK, 8-12 to 8-14
DHCP Offer, 8-8 to 8-9
DHCP Request, 8-9 to 8-11
exam highlights, 8-41 to 8-42
initial lease process, 8-3 to 8-4
lease renewal process, 8-4 to 8-5
lesson review, 8-18
trailing dot (.), 4-13
transfer format, fast, 5-47
transient problems, 12-3
Transmission Control Protocol/Internet Protocol
(TCP/IP). See TCP/IP (Transmission Control
Protocol/Internet Protocol)
transport layer, TCP/IP
Network Monitor and, 3-11 to 3-12
overview of, 2-4
triggers
dynamic update, 5-30
Network Monitor, 12-17 to 12-18
Performance console alerts, 12-9 to 12-13
Triple Data Encryption Standard (3DES), 10-85
troubleshooting
APIPA, 1-27
ARP, 3-28 to 3-29
Z02I622884.fm Page 34 Friday, March 31, 2006 1:20 PM
I-34 troubleshooting
Basic Firewall/NAT, 9-50
blocking policies, 11-81, 11-103
client configuration, 8-27 to 8-36, 13-31
DHCP. See DHCP, troubleshooting
DHCP authorization, 13-31
DCHP databases, 13-39
DHCP leases, 8-29
DHCP options, 13-35
demand-dial routing, 9-39 to 9-40
dial-up connections, 10-37 to 10-38
dial-up networking, 10-39 to 10-40
DNS. See DNS troubleshooting
event logs and, 11-86 to 11-87
intermittent problems, 12-3
Internet connectivity. See Internet connectivity
IP addresses, IP addressing, troubleshooting
IPSec, 11-44, 11-82 to 11-83
Kerberos, 11-75
logon issues, 11-85 to 11-86
NAT, 9-50 to 9-51
network protocols. See network protocols,
troubleshooting
network traffic. See Network Monitor
RAS clients, 16-41
server services. See server services
TCP/IP connections. See TCP/IP connections
VPNs, 10-52 to 10- 10-54
troubleshooting labs
demand-dial routing, 9-39 to 9-40
DHCP, 7-49, 8-38 to 8-39
DNS, 6-31 to 6-32
IAS, 10-83
IPSec, 11-90 to 11-93
name resolution, 4-65 to 4-66
NAT configuration, 9-77 to 9-78
TTL (Time to Live) values
Minimum (Default) TTL box, 5-34
overview of, 4-23
resource record formats, 4-36
resource records and, 5-34
SOA resource record and, 5-34
stub zones and, 5-72
troubleshooting with Tracert, 3-28
tunneling, VPN, 16-36
Type field, resource records, 4-36
U
UDP (User Datagram Protocol) ports, 2-5
Unauthenticated Access option, PAP, 10-10, 10-11
unicast messages, RIP, 9-63
Unicode, 5-51
unnumbered connections, 9-25
Unreachability Reason command, demand-dial
interface, 9-32
update infrastructure, 1-13 to 1-14
Update Routes command, IP routing, 9-36
updates
default client, 4-56
DNS. See DNS updates
Dynamic DNS, 4-55 to 4-56
software, 15-18 to 15-19
updates, dynamic
DNS clients, 4-55 to 4-56
Kerberos and, 5-30
nonsecure dynamic updates, 5-79
performance counters and, 6-26
secure, 5-30 to 5-31
triggers, 5-30
zone configuration, 5-27 to 5-28
upgrades, predefined security templates, 15-7
user accounts, dial-in properties
authorization, 10-32 to 10-37
practice exercises, 10-41 to 10-45
remote access permissions, 10-24 to 10-25
user classes, 7-35 to 7-37
User Datagram Protocol (UDP) ports, 2-5
UTF-8 (Multibyte), 5-52
V
variable-length subnet masks (VLSMs)
lesson review, 2-51 to 2-52
lesson summary, 2-52 to 2-53
overview of, 2-46 to 2-48
practice exercises, 2-49 to 2-51
vendor classes, 7-35
virtual private networks (VPNs), 10-47 to 10-66
case scenario, 10-82 to 10-83
configuring, 10-54 to 10-59
deploying routing protocols over, 10-51
deployment scenarios, 10-48
extranet/router-to-router, 10-49 to 10-51
Z02I622884.fm Page 35 Friday, March 31, 2006 1:20 PM
zone properties I-35
lesson review, 10-66
lesson summary, 10-66
mixed, 10-52
overview of, 10-47 to 10-50
remote access, 10-49
troubleshooting, 10-52 to 10-54
VLSMs (variable-length subnet masks)
lesson review, 2-51 to 2-52
lesson summary, 2-52 to 2-53
overview of, 2-46 to 2-48
practice exercises, 2-49 to 2-51
VPNs, 10-47 to 10-66
case scenario, 10-82 to 10-83
configuring, 10-54 to 10-59
deploying routing protocols over, 10-51
deployment scenarios, 10-48
extranet/router-to-router, 10-49 to 10-51
lesson review, 10-66
lesson summary, 10-66
mixed, 10-52
overview of, 10-47 to 10-50
remote access, 10-49
troubleshooting, 10-52 to 10-54
VPNs (virtual private networks), practice exercises
adding VPN access as remote policy condition,
10-59 to 10-60
creating connection through L2TP/IPSec, 10-63 to
10-64
creating PPTP-type VPN connection, 10-60 to
10-62
logging onto domain through, 10-62 to 10-63
testing L2TP/IPSec configuration, 10-65
W
WANs (wide area networks)
managing DHCP with Netsh, 7-25
security, 16-2
static routing and, 9-19
WAP (Wireless Access Point), 10-69 to 10-70
Web Edition, Microsoft Windows Server 2003, 1-5
Web site information, Microsoft
IP addressing, 13-7
IPSec features for 2003, 11-41
Kerberos, 11-48
network infrastructure, 17-4
Registry settings, adding to security templates,
11-9
RRAS, 16-5 to 16-6
security templates, 11-5 to 11-6
wide area networks (WANs)
managing DHCP with Netsh, 7-25
security, 16-2
static routing and, 9-19
wildcard (*), 15-7
Windows Explorer, 4-7 to 4-8
Windows Update
catalog, 15-18
overview of, 15-18
WINS tab, zone properties, 5-36
WINS (Windows Internet Name Service)
configuring with WINS tab, 5-36
lookup counters, 6-26
Wireless Access Point (WAP), 1-69 to 10-70
Windows Firewall, 11-27
wireless networks
authentication, 10-70 to 10-72
ISP, 10-72 to 10-73
policies, 11-9
workgroups, 4-7
Y
Yiaddr (Your IP Address) field, 8-7, 8-8 to 8-9
Z
Zone Aging/Scavenging Properties dialog box, 5-31
to 5-32
zone delegation, 5-57 to 5-66
case scenario, 5-75 to 5-77
creating, 5-61 to 5-64
example of, 5-59 to 5-60
lesson review, 5-64 to 5-66
lesson summary, 5-66
New Delegation Wizard, 5-58, 5-61
overview of, 5-58 to 5-60
records, 5-59
when to use, 5-58
zone properties, 5-21 to 5-44
aging, 5-31 to 5-32
case scenario, 5-75 to 5-77
dynamic updates, 5-27 to 5-31
Z02I622884.fm Page 36 Friday, March 31, 2006 1:20 PM
I-36 zone properties
exam highlights, 5-80
file names, 5-27
lesson review, 5-43 to 5-44
lesson summary, 5-44
name server (NS) options, 5-35 to 5-36
no-refresh intervals, 5-32
opening dialog box, 5-22 to 5-23
practice exercises, 5-39 to 5-42
refresh intervals, 5-32
replication, 5-25 to 5-27
scavenging, 5-33
start-of-authority (SOA) tab, 5-33 to 5-35
transfer options, 5-36 to 5-39
WINS options, 5-36
zone status, 5-22
zone type, 5-22 to 5-23
zone transfers
BIND compatibility and, 5-47 to 5-48
configuring, 5-39 to 5-41
DNS performance counters for, 6-25 to 6-27
Fail On Load If Bad Zone data, 5-46
Microsoft Windows 2000, 5-37
notification settings, 5-36 to 5-39, 6-29 to 6-30
Nslookup and, 6-8
zones
Active Directory–integrated, 4-33, 5-23 to 5-25,
5-27, 5-38, 5-39
creating, 4-30 to 4-31
DomainDnsZones, 5-25 to 5-26, 6-22, 6-30
file names, 5-27
ForestDnsZones, 5-25 to 5-26
forward lookup, 4-29 to 4-30
loading on startup, 5-46
New Zone Wizard, 4-31
primary, 4-31, 5-22 to 5-23, 5-36 to 5-37
reverse lookup, 4-29 to 4-30
secondary, 4-32, 5-7, 5-9, 5-22 to 5-23, 5-33 to
5-34
slave, 5-9
standard, 4-32 to 4-33
status of, 5-22
stub, 4-32, 5-67 to 5-75