Network Services Group .:.

Managing a Microsoft Windows 2000 Network Environment

Published: July 25, 2002

Introduction

The goal of this five-day, instructor-led course is to provide the knowledge required by system administrators, network administrators, and IT professionals who implement, manage, and troubleshoot existing network and server environments based on the Microsoft® Windows® 2000 operating system.

These skills are generally required in medium to large organizations that maintain 200 to 26,000 user desktops and servers, spanning two to 100 physical locations by using local area networks (LANs) and the Internet or intranets. Additionally, this course provides the skills and knowledge that Microsoft Certified Systems Administrator (MCSA) certification candidates need to prepare for Microsoft Certified Professional Exam 70-218: Managing a Microsoft Windows 2000 Network Environment .

Audience

This course is intended for system administrators, network administrators, and IT Professionals who focus on performing desktop and server installation and configuration tasks, and network and operating system management tasks in a Windows environment. The technical support specialist is a secondary audience for this course, because the course deals with troubleshooting tasks, hardware and software installations, configurations, upgrades, and some network and system operations tasks.

At Course Completion

After completing the course, students will be able to:

•	Publish and maintain printers and shared folders.
•	Delegate administrative control of an organizational unit.
•	Install and configure the Domain Name System (DNS) service.
•	Identify Active Directory® directory service replication latency issues and resolve conflicts that result from replication.
•	Implement Group Policy to centrally manage users and computers.
•	Manage users' desktops and software by using Group Policy.
•	Implement security settings and account policies by using Group Policy.
•	Implement and manage Web-based services in an intranet.
•	Implement Remote Access Service (RAS) and manage remote access by using remote access policies.
•	Implement and manage the Dynamic Host Configuration Protocol (DHCP) service.
•	Implement name resolution for client computers by using DNS and Windows Internet Name Service (WINS).
•	Troubleshoot client computer startup and user logon problems.

Prerequisites

Before attending this course, students must have completed:

•	Course 2151—Microsoft Windows 2000 Network and Operating System Essentials .
•	Course 2152—Implementing Microsoft Windows 2000 Professional and Server .

Microsoft Certified Professional Exams

This course helps you prepare for Microsoft Certified Professional Exam:

•	70-218: Managing a Microsoft Windows 2000 Network Environment .

Student Materials

The student kit includes a comprehensive workbook and other necessary materials for this class.

The following software is provided in the student kit:

•	Microsoft Windows 2000 Professional (Evaluation copy)
•	Microsoft Windows 2000 Advanced Server 120 (Evaluation copy)

Course Outline

Module 1: Introduction to Managing a Windows 2000 Network

Take a closer look: Download Sample Module 1 (Portable Document Format, 589 KB).

The following topics are covered in this module:

•	Windows 2000 Network Management Tasks
•	Using Active Directory for Centralized Management
•	Delegating Administrative Control
•	Managing Network Resources

This module provides students with an introduction to administering a Windows 2000 network. The module provides a foundation for the course by introducing the concepts of centralized management and decentralized administration of a Windows 2000 network.

After completing this module, you will be able to describe the methods for administering a Windows 2000 network.

Module 2: Introducing Active Directory

The following topics are covered in this module:

•	Overview of Active Directory
•	Active Directory Logical Structure
•	Active Directory Physical Structure

This module provides students with an introduction to implementing and administering a Windows 2000 network by using Active Directory. The module introduces the concepts of Active Directory and its logical and physical structures. This module also provides an overview of how Active Directory enables the centralized management and decentralized administration.

After completing this module, you will be able to:

•	Describe the function of Active Directory.
•	Describe the logical structure of Active Directory.
•	Describe the physical structure of Active Directory.

Module 3: Managing Shared Network Resources

Take a closer look: Download Sample Module 3 (Portable Document Format, 891 KB).

The following topics are covered in this module:

•	Introduction to Publishing Resources
•	Setting Up and Managing Published Printers
•	Implementing Printer Locations
•	Maintaining Printer Resources
•	Setting Up and Administering Published Shared Folders
•	Monitoring Access to Shared Folders
•	Troubleshooting User Access to Network File Resources
•	Troubleshooting Published Resources
•	Best Practices

This module provides students with the knowledge and skills necessary to publish resources, including shared folders and printers, in Active Directory. Publishing resources makes it easier for users to locate resources on a network, and provides security-enhanced and selective publication of network resources to users.

After completing this module, you will be able to:

•	Describe the purpose of publishing resources in Active Directory.
•	Set up and administer published printers in Active Directory.
•	Set up printer locations for published printers.
•	Set up and administer published shared folders in Active Directory.
•	Differentiate between the object that is published in Active Directory and the actual shared resource.
•	Monitor access to shared folder.
•	Troubleshoot common problems with publishing resources in Active Directory.
•	Apply best practices for publishing resources in Active Directory.

Module 4: Delegating Administrative Control

The following topics are covered in this module:

•	Introduction to Delegating Administrative Control
•	Controlling Access to Active Directory Objects
•	Delegating Administrative Control of Active Directory Objects
•	Managing Computer Accounts
•	Customizing Microsoft Management Consoles (MMCs)
•	Setting Up Taskpads
•	Best Practices

This module provides students with the knowledge and skills necessary to manage the permissions and access levels on directory objects and properties in Active Directory. The module also describes how to delegate specific authority over portions of Active Directory to groups of users, without exposing the information in Active Directory to unauthorized access.

After completing this module, you will be able to:

•	Describe key concepts for delegating administrative control.
•	Control access to Active Directory objects.
•	Delegate administrative control of Active Directory objects.
•	Manage computer accounts.
•	Create and deploy customized consoles.
•	Use and configure taskpads.
•	Apply best practices to delegating administrative control.

Module 5: Managing DNS

The following topics are covered in this module:

•	Overview of the DNS Query Process
•	Creating Zones
•	Configuring Zones
•	Configuring DNS Updates
•	DNS Name Resolution in Active Directory
•	Maintaining and Troubleshooting DNS Servers
•	Best Practices

This module provides students with the knowledge and skills necessary to install, configure, and troubleshoot DNS in a Windows 2000 network.

After completing this module, you will be able to:

•	Describe the DNS query process.
•	Create zones.
•	Configure zones.
•	Configure DNS updates.
•	Describe the process of DNS name resolution in Active Directory.
•	Maintain and troubleshoot DNS servers.
•	Apply best practices to managing DNS.

Module 6: Examining Active Directory Replication

The following topics are covered in this module:

•	Introduction to Active Directory Replication
•	Replication Components and Processes
•	Using Sites to Optimize Active Directory Replication
•	Identifying Replication Problems by Using Event Viewer
•	Backing Up and Restoring Active Directory

This module provides students with the knowledge and skills necessary to identify Active Directory replication components and the replication process. The module describes how to optimize Active Directory replication, and identify and resolve potential replication conflicts. This module also describes how to back up and restore the Active Directory database and the effects of replication on a restore.

After completing this module, you will be able to:

•	Identify the importance of replication in a Windows 2000-based network.
•	Describe the components of replication and the replication process.
•	Describe how sites enable you to optimize Active Directory replication.
•	Identify replication problems by using Event Viewer.
•	Back up and restore Active Directory, and also perform an authoritative restore.

Module 7: Implementing Group Policy

The following topics are covered in this module:

•	Group Policy Structure
•	Working with Group Policy Objects
•	How Group Policy Settings Are Applied in Active Directory
•	Modifying Group Policy Inheritance
•	Troubleshooting Group Policy
•	Best Practices

This module provides students with an introduction to Group Policy in the Windows 2000 operating system, and the general knowledge and skills to implement Group Policy settings. Students will learn about the structure of Group Policy, and how to create and link Group Policy objects (GPOs). This module also explains how Group Policy settings are applied to Active Directory, and how to delegate control of GPOs.

After completing this module, you will be able to:

•	Identify the structure of Group Policy in a Windows 2000-based network.
•	Identify the options provided by Windows for creating, linking, and managing GPOs.
•	Describe how Group Policy is applied in Active Directory.
•	Modify Group Policy inheritance.
•	Delegate administrative control of GPOs.
•	Apply best practices to the implementation of Group Policy.

Module 8: Using Group Policy to Manage the Desktop Environment

The following topics are covered in this module:

•	Introduction to Managing User Environments
•	Using Administrative Templates in Group Policy
•	Assigning Scripts by Using Group Policy
•	Using Group Policy to Redirect Folders
•	Troubleshooting User Environment Management
•	Introduction to Managing Software Deployment
•	Deploying Software
•	Managing Software
•	Identifying Solutions to Software Deployment Problems
•	Best Practices

This module provides students with the knowledge and skills necessary to use Group Policy to manage user environments, and install, modify, repair, and remove software more efficiently. Students will learn to manage user environments by configuring the Administrative Template settings, using Group Policy to run scripts at designated times, and redirecting folders to a central location. They will also learn how software installation policies take advantage of the Microsoft Windows Installer to deliver software to computers.

After completing this module, you will be able to:

•	Describe key tasks in configuring and managing user environments.
•	Use Administrative Templates in Group Policy to assign registry-based policies to control and configure user and computer environments.
•	Control user environments by using Group Policy to assign scripts, such as startup, shutdown, logon, and logoff.
•	Use Group Policy to redirect user folders to a central network location.
•	Troubleshoot the management of user environments by using Group Policy.
•	Explain how Software Installation and Maintenance uses Group Policy and Windows Installer to manage software.
•	Deploy software by using Group Policy.
•	Manage software by configuring deployment options, managing file extension associations, and assigning software categories.
•	Identify solutions to common problems that are associated with software deployment.
•	Apply best practices to managing the user environment, redirecting folders, and managing software deployment.

Module 9: Managing Network Security

The following topics are covered in this module:

•	Securing the User Environment by Using Group Policy
•	Configuring Account Policies by Using Group Policy
•	Analyzing Security Log Files to Detect Security Breaches
•	Helping to Protect the Logon Process
•	Examining Service Packs, Hotfixes, and Antivirus Software
•	Best Practices

This module provides students with an appreciation of the challenges that are involved in maintaining a security-enhanced and reliable system.

After completing this module, you will be able to:

•	Use Group Policy to apply security policies to help protect the user environment.
•	Use Group Policy to configure password and logon account policies.
•	Analyze security log files to detect security breaches.
•	Help protect the logon process by using smart cards.
•	Apply service packs, hotfixes, and antivirus software.
•	Apply best practices to application of service packs and hotfixes.

Module 10: Managing Web Services

The following topics are covered in this module:

•	Overview of Internet Information Services
•	Configuring Web Server Properties
•	Creating Web Sites and Virtual Directories
•	Managing Web Site Content
•	Identifying and Configuring User Authentication
•	Configuring User Access to Web Pages
•	Configuring Web Browsers
•	Maintaining a Web Server

This module provides students with knowledge of the purpose and benefits of using Internet Information Services (IIS) 5.0.

After completing this module, you will be able to:

•	Describe the service provided by IIS.
•	Configure Web server properties.
•	Create Web and File Transfer Protocol (FTP) sites and virtual directories.
•	Manage Web site content.
•	Configure authentication to a Web and FTP site.
•	Configure access to Web pages.
•	Configure browsers for Internet and intranet access.
•	Maintain and update an IIS server.

Module 11: Managing Remote Access

The following topics are covered in this module:

•	Overview of Remote Access in Windows 2000
•	Configuring the Remote Access Server
•	Configuring Authentication Protocols
•	Configuring Encryption Protocols
•	Configuring Routing and Remote Access for DHCP Integration
•	Examining Remote Access Policies
•	Examining Remote Access Policy Evaluation
•	Creating a Remote Access Policy
•	Configuring the Remote Access Client
•	Best Practices

This module provides students with the knowledge and skills necessary to configure a remote access server and clients in a Windows 2000 network, and to support remote access to a Windows 2000 network through the use of remote access policies and profiles.

After completing this module, you will be able to:

•	Describe the remote access process and protocols.
•	Configure inbound connections on a remote access server.
•	Configure authentication protocols for remote access sessions.
•	Configure encryption protocols for remote access sessions.
•	Configure the Routing and Remote Access service for DHCP integration.
•	Configure outbound connections on a remote access client.
•	Explain remote access policy and profile concepts.
•	Describe the process of remote access policy evaluation.
•	Create a remote access policy and configure a remote access profile.

Module 12: Implementing and Managing DHCP

The following topics are covered in this module:

•	Overview of DHCP
•	Installing the DHCP Service
•	Authorizing the DHCP Service
•	Creating and Configuring a Scope
•	Configuring DHCP in a Routed Network
•	Support DHCP
•	Best Practices

This module provides students with the knowledge and skills necessary to configure automatic Internet Protocol (IP) addressing in a Windows 2000 network by using DHCP.

After completing this module, you will be able to:

•	Define DHCP and describe how to use it on a network.
•	Install the DHCP service.
•	Authorize the DHCP service.
•	Create and configure a scope.
•	Configure DHCP in a routed network.
•	Support DHCP on a network.
•	Apply best practices to implementing and managing DHCP.

Module 13: Implementing Name Resolution

The following topics are covered in this module:

•	Introduction to Name Resolution
•	NetBIOS Name Resolution
•	Using WINS for NetBIOS Name Resolution
•	Host Name Resolution
•	Configuring Name Resolution for Client Computers
•	Using DNS for Host Name Resolution
•	Troubleshooting Name Resolution
•	Best Practices

This module provides students with the knowledge and skills necessary to configure, use, and troubleshoot name resolution. Students will learn what name resolution is and the difference between network basic input/output system (NetBIOS) and Transmission Control Protocol (TCP) host names. They will learn how to configure a computer to use NetBIOS and DNS name resolution services, and how to use Windows utilities to troubleshoot name resolution problems.

After completing this module, you will be able to:

•	Describe the key concepts of name resolution.
•	Describe the differences between NetBIOS and host names.
•	Explain the mechanisms used to perform name resolution.
•	Configure a computer to use name resolution services.
•	Troubleshoot name resolution problems.
•	Apply best practices to implementing name resolution.

Module 14: Troubleshooting Client Computer Startup and User Logon Problems

The following topics are covered in this module:

•	The Startup Process for Clients Running Windows 95 and Windows 98
•	The Windows NT-Based Startup Process
•	Using Advanced Startup Options to Start the Computer
•	Using the Last Known Good Configuration to Start the Computer
•	Using the Recovery Console
•	Troubleshooting the User Logon Process

This module provides students with the skills and knowledge necessary to troubleshoot client startup and user logon problems.

After completing this module, you will be able to:

•	Describe the Microsoft Windows 95–and Windows 98–based boot process and the required files.
•	Describe the Microsoft Windows NT®–based boot process and the required files.
•	Use safe mode, last known good, and advanced boot options to troubleshoot startup problems.
•	Install and use the Recovery Console to start the computer.
•	Describe common Windows NT-based boot process errors.
•	Describe and troubleshoot the user logon process.