MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure [Electronic resources]: Exam 70-293 Study Guide نسخه متنی

Exam Objectives Fast Track

Planning and Implementing Active Directory Security

A forest trust is a trust between two Windows Server 2003 forests.

Explicit Allow permissions cannot be overridden by inherited Deny permissions.

ACLs are used to protect schema objects from unauthorized use in AD.

External trusts can be set up using AD domains and trusts for authentication purposes when you do not want to create a transitive forest trust or you need access to Windows NT 4 domains.

Planning and Implementing Wireless Security

RADIUS is managed through the Routing and Remote Access (RRAS) MMC.

PEAP is used with wireless clients.

EAP-MS-CHAP v2 is one of the strongest authentication methods and allows users to change their passwords.

WLANs are the most common wireless networks used in corporate and school environments. The 802.11b standard can carry data up to 22 Mbps, and 802.11a and 802.11g can carry data up to 54 Mbps.

A LAN port takes on one of two roles during network access, as either an authenticator or supplicant.

Monitoring and Optimizing Security

Object-based access control allows administrators to apply audit settings for files, folders, services, and Registry keys.

Security policies can be used to control password policies, lockout policies, Kerberos policies, and other aspects of security.

Kerberos policies can be used only on domain user accounts.

User rights and user permissions are different. Rights are attached to a user or group account and are not object-based. Permissions are attached to specific objects. User rights allow clients to perform specific tasks on their machines or on the network.

Planning a Change and Configuration Management Framework

Secedit is used at the command prompt to automate security configuration tasks.

Local Security Policy is used to configure security policies on a nondomain controller. These policies apply only to the local machine.

Security templates are used to configure security policies according to preset definitions and can be imported into Group Policy.

The Security Settings extension to Group Policy is used to configure security on an OU, a site, or a domain.

Planning a Security Update Infrastructure

MBSA scans for security vulnerabilities in the operating system and other Microsoft components, including IIS, Exchange Server, SQL Server, Internet Explorer, and Windows Media Player.

The command-line program for running MBSA is mbsacli.exe.

MBSA gives administrators a report after a scan has been completed. This report explains what security issues were discovered and how to correct them.

Microsoft SUS is used to apply security updates from a centralized location within the LAN, giving administrators more control and providing more efficient downloading of updates.