Windows Server 2003 Active Directory and Security Design
Price: Contact SST for pricing | Duration: 5 Days
Prerequisites: Completion of Windows Server 2003 and XP System Administration course or equivalent knowledge.
Description: This hands on Windows 2003 Network Security and Active Directory Design and Administration course will allow the students to make strategic decisions about planning and securing a Windows 2003 network infrastructure in an enterprise environment. It provides support professionals with the skills necessary to effectively design, install, and support a variety of network services, security measures and protocols needed in a managed network. Included in the content of this course are Certificate Services, wireless networking, DNS and WINS name resolution services, encryption, routing, Web services, group policy and firewall implementation. In addition, software and desktop deployment with Group Policy and the firewall and caching services of ISA Server 2004 are introduced. On completion, students will fully understand design, implementation, security, maintenance, and recovery of a Microsoft Active Directory network.
Remote Access
- Dial-up Access
- Virtual Private Networks
- Authentication Protocols
- Tunnels
- Securing Remote Access
- Remote Access Policies
- Point to Point Tunneling Protocol (PPTP)
- Layer 2 Tunneling Protocol (L2TP)
- Demand-Dial
- PAP, CHAP, EAP, SPAP, MS-CHAP
- Configuring RRAS to use RADIUS
- Internet Authentication Service (IAS)
- NetBIOS Names
- Broadcasts
- LMHOSTS
- Static Routing
- Dynamic Routing
- RIP
- OSPF
- Routing and Remote Access Service
- Using Built-In Templates
- Applying Templates
- Configuring Audit Policies
- Configuring User Rights Assignment
- Configuring security Options
- Troubleshooting Security Templates
- Windows Backup Utility
- Safe Mode Set Up
- Advanced System Recovery
- Repair Command Console
- IP Security Monitor
- Kerberos Support Tools
- Event Viewer
- Network Monitor
- Certificate Authorities
- Renewals
- Certificate Templates
- Certificate Revocation Lists (CRLs)
- Archival and Recovery of Keys
- Deploying Certificates
- Revoking Certificates
- CA Maintenance
- Active Directory in an Enterprise Network
- Conducting Organizational Analysis
- Architectural Overview of Active Directory
- Design, Planning and Implementation of a DNS Naming Strategy
- Active Directory Domain Planning
- Design, Planning and Implementation of Trees and Forests
- Planning a Domain Controller and Global Catalog Strategy
- Trust Relationships
- Design, Planning and Implementation of OU's
- Basic Kerberos and LDAP
- Application Partitions
- Understanding and Planning Operations Masters
- Troubleshooting Operations Masters
- Transferring and Seizing Roles
- Dcpromo
- Migrating from NT4 Domains
- Migrating from Windows 2000 Active Directory
- Utilities to assist in the Implementation of Active Directory
- Migration Tools
- Adding domain controllers
- Planning Policies
- Group Policy vs. Local Computer Policy
- Desktop Restrictions
- Software Deployment
- Combining Policies
- Editing Policies
- GPO Link
- Group Policy Objects (GPOs)
- Default Inheritance and Precedence
- GPupdate, GPresult, FAZAM, RSoP
- Group Policy Management Console
- DNS Introduction
- DNS Components
- Domain Name Space
- Name Servers
- Resolving a DNS Query
- Planning DNS
- Installing Microsoft DNS Server
- HOSTS
- Win2003 DNS Server Installation
- Dynamic DNS
- Integration with Active Directory
- Active Directory Required Components
Security Threats
- Sniffers and Probes
- Buffer Overrun
- Viruses, Trojans, Back Doors
- Social Engineering
- Choosing a Connection
- Firewalls
- Performance Issues
- Planning Policies
- Securing Communication
- Authentication Headers (AH)
- Encapsulating Security Payload (ESP)
- Configuring Authentication and Encryption
- Troubleshooting IPSec Implementations
- Monitoring Security
- Trust Relationships
- Authentication Protocols
- Web Users
- Delegating Authentication
- NTLM Authentication
- Kerberos Authentication/Security Policy
- Planning Authentication
- Integrating 802.11 into a Network
- WEP vs WPA
- Securing Wireless Transmissions
- Implementing Encryption and Authentication
- Deploying Wireless Access to Clients
- ISA Server Architecture
- ISA Server Installation
- ISA Server Configuration
- ISA Administration and Management
- Client Configuration and Access
- ISA as a VPN Server
- Performance and Optimization
- Troubleshooting ISA Server
- User Authentication
- Authentication Protocols
- Internet Authentication Service (IAS)
- Remote Access Policies
- Packet Filters
- Routing Protocols
- VPN
- Demand-Dial Routing
- Setting up a WINS Server
- Setting up a WINS Client
- WINS Manager
- The WINS Database
- WINS Replication
- Backing up the WINS Database
- Integrating WINS and DNS
- Win2003 WINS Server Installation
- Sites, Site Links, Site Link Bridges, Connectors and Subnets
- Understanding the Active Directory Topology and Structure
- Replication
- Update Sequence Numbers (USN)
- Defining the Active Directory Schema
- Administering the Active Directory Schema
- Schema Modification
- Object Classes and Attributes
- Deactivating Schema Objects
- Domain Operating Modes
- Operations Master Roles
- FSMO Maintenance
- How Active Directory Stores System Data
- Performance Monitoring of Active Directory
- Backup and Restoration of Active Directory
- Performance Tuning
- Directory Modification Tools
- Global Catalog Server
- Searching the Global Catalog
- Adding Global Catalog Servers
- AD-Aware Applications
- Preparing the Directory
- Post-Integration Tasks
- DNS and Active Directory
- Object ACL and Permissions
- Delegating Management in an OU
- Certificates