PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2008 by Grandmasters All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher.

  Library of Congress Control Number: 2008927270 Printed and bound in the United States of America. 1 2 3 4 5 6 7 8 9 QWT 3 2 1 0 9 8 Distributed in Canada by H.B. Fenn and Company Ltd. A CIP catalogue record for this book is available from the British Library. Microsoft Press books are available through booksellers and distributors worldwide. For further infor- mation about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to tkinput@microsoft.com. Microsoft, Microsoft Press, Access, Active Directory, ActiveX, BitLocker, ESP, Excel, Forefront, Hyper-V, InfoPath, Internet Explorer, OneCare, Outlook, PowerPoint, ReadyBoost, SharePoint, SQL Server, Visual Studio, Windows, Windows NT, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book.

  Acquisitions Editor: Ken Jones Developmental Editor: Laura Sackerman Project Editor: Victoria Thulman Editorial Production: nSight, Inc. Technical Reviewer: Roazanne Murphy Whalen

  

This book is dedicated to my beautiful fiancée, Maria. Thank you for your

love and support and especially for your patience through another

long project that tied up our evenings and weekends.

  

—John Policelli

Somewhat unusually I wrote my part of this book and, more or less at the same time,

underwent a quadruple cardiac bypass operation. This book is dedicated to

the skilled team of doctors and nurses that got me smoothly through the

procedure and back to work (if not quite fully fit) in record time. I

would also like to acknowledge the helpfulness and considerable

ability of my co-author Orin Thomas, who stepped in

and completed tasks for me in a most professional

fashion when I was unable to do so.

  

—Ian McLean

I dedicate my contribution to this book to

my wife Yaneth and my son Anthony.

  

—Paul Mancuso

For Ross and Veronica. You mean the world to me.

  

All my love,

—David R. Miller

  About the Authors Orin Thomas Orin Thomas (MCSE, MVP) is an author and systems administrator who

  has worked with Microsoft Windows Server operating systems for more than a decade. He is the coauthor of numerous self-paced training kits for Microsoft Press, including MCSA/MCSE Self-Paced Training Kit (Exam 70-

  290): Managing and Maintaining a Microsoft Windows Server 2003 Environ- ment, second edition, and a contributing editor for Windows IT Pro

  magazine.

  John Policelli John Policelli (Microsoft MVP for Directory Services, MCTS, MCSA,

  ITSM, iNet+, Network+, and A+) is a solutions-focused IT consultant with more than a decade of combined success in architecture, security, strate- gic planning, and disaster recovery planning. He has designed and imple- mented dozens of complex directory service, e-Messaging, Web, networking, and security enterprise solutions. John has spent the past nine years focused on identity and access management and provided thought leadership for some of the largest installations of Active Directory Domain Services in Canada. He has been involved as an author, technical reviewer, and subject matter expert for more than 50 training, exam-writing, press, and white paper projects related to Windows Server 2008 identity and access management, networking, and collaboration.

  Ian McLean Ian McLean (MCSE, MCITP, MCT) has more than 40 years’ experience in

  industry, commerce, and education. He started his career as an electron- ics engineer before going into distance learning and then education as a university professor. He currently provides technical support for a gov- ernment organization and runs his own consultancy company. Ian has written 22 books in addition to many papers and technical articles. Books he has previously coauthored include MCITP Self-Paced Training Kit

  (Exam 70-444): Optimizing and Maintaining a Database Administration Solution Using Microsoft SQL Server 2005 and MCITP Self-Paced Training Kit writing, Ian annoys everyone by playing guitar very badly. However, he is forced to play instru- mentals because his singing is even worse.

  J.C. Mackin J.C. Mackin (MCITP, MCTS, MCSE, MCDST, MCT) is a writer, editor,

  consultant, and trainer who has been working with Microsoft networks for more than a decade. Books he has previously authored or coauthored include MCSA/MCSE Self-Paced Training Kit (Exam 70-291): Implementing,

  Managing, and Maintaining a Microsoft Windows Server 2003 Network Infra- structure, MCITP Self-Paced Training Kit (Exam 70-443): Designing a Data- base Server Infrastructure Using Microsoft SQL Server 2005, and MCITP Self- Paced Training Kit (Exam 70-622): Supporting and Troubleshooting Applica- tions on a Windows Vista Client for Enterprise Support Technicians. He also holds a master’s degree in Telecommunications and Network Management.

  When not working with computers, J.C. can be found with a panoramic camera photograph- ing medieval villages in Italy or France.

  Paul Mancuso Paul Mancuso (MCITP, MCSE: Security and Messaging, MCT, CCSI,

  CCNP, VCP, CCISP) has been in the IT field lecturing, writing, training, and consulting for more than 20 years. As co-owner of National IT Train- ing and Certification Institute (NITTCI), Paul has extensive experience in authoring training materials as well as four books. Books he has recently coauthored include MCITP 70-622 Exam Cram: Supporting and Trouble-

  shooting Applications on a Windows Vista Client for Enterprise Support Tech- nicians for Que Publishing; and Designing a Messaging Infrastructure Using Exchange Server 2007 for Microsoft Press. He has recently taken up golf and enjoys hacking up luscious green golf courses in his spare time.

  David R. Miller David R. Miller (SME; MCT; MCITPro; MCSE Windows NT 4.0, Windows

  2000, and Windows 2003: Security; CISSP; LPT; ECSA; CEH; CWNA; CCNA; CNE; Security+; A+; N+) is an information technology and network engineering consultant; instructor; author; and technical editor of books, curricula, certification exams, and computer-based training videos. He reg- ularly performs as a Microsoft Subject Matter Expert (SME) on product lines including Windows Vista, Windows Server 2008, and Microsoft Exchange Server 2007. He is the principal author of the information systems security book titled Security Administrator Street Smarts for Sybex and Wiley Publish- ing and is scheduled to write the second edition of this book in summer 2008. David is writing

  MCITP 70-622 PRO: Supporting and Troubleshooting Applications on a Windows Vista Client for Enterprise Support Technicians and MCITP 70-632 PRO: Supporting and Troubleshooting Applica- tions on a Windows Vista Client for Consumer Support Technicians for Que Publishing, due to be

  released in the first half of 2008. In addition to this book, he is an author on another Microsoft Certified IT Professional book for Microsoft Press, entitled MCITP 70-237 PRO: Designing Mes-

  saging Solutions with Exchange Server 2007. The two Microsoft Press books are due to be pub- lished in the first half of 2008.

  Table of Contents Contents at a Glance

  1 Planning Name Resolution and Internet Protocol Addressing . . . . . . . . . 1

  2 Designing Active Directory Domain Services . . . . . . . . . . . . . . . . . . . . . . 79

  3 Planning Migrations, Trusts, and Interoperability. . . . . . . . . . . . . . . . . . 141

  4 Designing Active Directory Administration and Group Policy Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

  5 Designing a Network Access Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

  6 Design a Branch Office Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

  7 Planning Terminal Services and Application Deployment. . . . . . . . . . . 333

  8 Server and Application Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

  9 Planning and Designing a Public Key Infrastructure . . . . . . . . . . . . . . . 391

  10 Designing Solutions for Data Sharing, Data Security, and Business Continuity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

  11 Designing Software Update Infrastructure and Managing Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549

  Table of Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv

  Lab Setup Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi Preparing the Computer Running Windows Server 2008 Enterprise. . . . . . . xxvi Preparing the Computer Running Windows Vista . . . . . . . . . . . . . . . . . . . . . . xxvi

  Using the CD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii How to Install the Practice Tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii How to Use the Practice Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii How to Uninstall the Practice Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix

  Microsoft Certified Professional Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx

1 Planning Name Resolution and Internet Protocol Addressing . . . . . . . . . 1

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Lesson 1: Planning Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

  Planning Windows Server 2008 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Using New DNS Features and Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Planning a DNS Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

  Lesson 2: Planning Internet Protocol Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 Analyzing the IPv6 Address Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

  What do you think of this book? We want to hear from you!

Microsoft is interested in hearing your feedback so we can continually improve our books and learning

resources for you. To participate in a brief online survey, please visit:

  Table of Contents

  Investigating the Advantages of IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Implementing IPv4-to-IPv6 Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Planning an IPv4-to-IPv6 Transition Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Using IPv6 Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Configuring Clients Through DHCPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Planning an IPv6 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Configuring IPv6 Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

  Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Case Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

  Case Scenario 1: Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Case Scenario 2: Implementing IPv6 Connectivity . . . . . . . . . . . . . . . . . . . . . . . 77

  Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Configure DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Configure IPv6 Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

  Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

2 Designing Active Directory Domain Services . . . . . . . . . . . . . . . . . . . . . . 79

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Lesson 1: Designing AD DS Forests and Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

  Designing the Forest Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Designing the Domain Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Designing Functional Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Designing the Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Designing Trusts to Optimize Intra-Forest Authentication. . . . . . . . . . . . . . . . 103 Designing AD DS Forests and Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

  Lesson 2: Designing the AD DS Physical Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Designing the Site Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Designing Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

  Table of Contents

  Designing the Placement of Domain Controllers . . . . . . . . . . . . . . . . . . . . . . . 122 Designing Printer Location Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Designing the Active Directory Domain Services Physical Topology . . . . . . . 130 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

  Chapter Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Case Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

  Case Scenario 1: Designing the AD DS Forest . . . . . . . . . . . . . . . . . . . . . . . . . 138 Case Scenario 2: Designing AD DS Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Case Scenario 3: Designing the Placement of Domain Controllers . . . . . . . . 138

  Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Implement Forests, Domains, and the Physical Topology . . . . . . . . . . . . . . . . 139 Watch a Webcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Read a White Paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

  Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

3 Planning Migrations, Trusts, and Interoperability. . . . . . . . . . . . . . . . . . 141

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Lesson 1: Planning for Migration, Upgrade, and Restructuring. . . . . . . . . . . . . . . . 143

  Migration Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Upgrading an Existing Domain to Windows Server 2008 . . . . . . . . . . . . . . . . 145 Cross-Forest Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Planning Forest Migration to Windows Server 2008 . . . . . . . . . . . . . . . . . . . . 148 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

  Lesson 2: Planning for Interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Planning AD FS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Microsoft Identity Lifecycle Manager 2007 Feature Pack 1. . . . . . . . . . . . . . . 154 Planning for UNIX Interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Planning for Interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

  Table of Contents

  Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Case Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

  Case Scenario: Phasing Out a UNIX-Based Computer at Tailspin Toys . . . . . 166 Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

  Plan for Domain or Forest Migration, Upgrade, and Restructuring . . . . . . . . 166 Plan for Interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

  Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

4 Designing Active Directory Administration and Group Policy Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Lesson 1: Designing the Active Directory Administrative Model . . . . . . . . . . . . . . . 171

  Delegating Active Directory Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Using Group Strategy to Delegate Management Tasks . . . . . . . . . . . . . . . . . . 178 Planning to Audit AD DS and Group Policy Compliance . . . . . . . . . . . . . . . . . 191 Planning Organizational Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Creating a Forest Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

  Lesson 2: Designing Enterprise-Level Group Policy Strategy . . . . . . . . . . . . . . . . . . 200 Planning a Group Policy Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Controlling Device Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Planning Authentication and Authorization. . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 Implementing Fine-Grained Password Policies . . . . . . . . . . . . . . . . . . . . . . . . . 219 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

  Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Case Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

  Case Scenario 1: Designing a Delegation Strategy . . . . . . . . . . . . . . . . . . . . . . 224 Case Scenario 2: Planning Authentication and Authorization . . . . . . . . . . . . 225

  Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

  Table of Contents

  Designing the Active Directory Administrative Model. . . . . . . . . . . . . . . . . . . 226 Designing Enterprise-Level Group Policy Strategy . . . . . . . . . . . . . . . . . . . . . . 226

  Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

5 Designing a Network Access Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Lesson 1: Perimeter Networks and Remote Access Strategies . . . . . . . . . . . . . . . . . 230

  Designing the Perimeter Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 Deploying Strategic Services in the Perimeter Network . . . . . . . . . . . . . . . . . 236 Designing a Remote Access Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 Designing a RADIUS Solution for Remote Access . . . . . . . . . . . . . . . . . . . . . . . 245 Designing a RADIUS Solution for a Mid-Size Enterprise . . . . . . . . . . . . . . . . . 250 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

  Lesson 2: Network Access Policy and Server and Domain Isolation . . . . . . . . . . . . 255 Network Access Protection Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Considerations for NAP Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Planning NAP IPsec Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Planning NAP VPN Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 Planning NAP 802.1x Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Planning NAP DHCP Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Domain and Server Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

  Chapter Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Case Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

  Case Scenario: Designing a NAP Solution for a Large Enterprise . . . . . . . . . . 282 Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

  Implement VPNs, RADIUS Solution, and NAP Enforcement . . . . . . . . . . . . . . 283 Watch a Webcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Read a White Paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

  Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

  Table of Contents

  

6 Design a Branch Office Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 Lesson 1: Branch Office Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

  Branch Office Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Branch Office Communications Considerations . . . . . . . . . . . . . . . . . . . . . . . . 304 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

  Lesson 2: Branch Office Server Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Overview of Security for the Branch Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Securing Windows Server 2008 in the Branch Office . . . . . . . . . . . . . . . . . . . . 310 Security Overview for the Information System in the Branch Office . . . . . . . 311 Securing Windows Server 2008 in the Branch Office . . . . . . . . . . . . . . . . . . . . 312 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

  Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Case Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

  Case Scenario 1: Contoso Trucking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 Case Scenario 2: Contoso Trucking, Part 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 Case Scenario 3: Contoso Trucking, Part 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

  Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 Branch Office Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 Read a White Paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

  Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

  

7 Planning Terminal Services and Application Deployment . . . . . . . . . . 333

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Lesson 1: Planning a Terminal Services Deployment . . . . . . . . . . . . . . . . . . . . . . . . . 334

  Planning a Terminal Services Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334 Terminal Services Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Deploying Applications Using Terminal Services Web Access . . . . . . . . . . . . . 340 Planning the Deployment of Applications by Using RemoteApp . . . . . . . . . . 341 Planning the Deployment of Terminal Server Farms. . . . . . . . . . . . . . . . . . . . . 342

  Table of Contents

  Planning the Deployment of Terminal Services Gateway Servers . . . . . . . . . 343 Planning Terminal Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346

  Lesson 2: Planning Application Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Planning the Deployment of Applications by Using Group Policy. . . . . . . . . 348 Planning Application Deployment with System Center Essentials . . . . . . . . . 350 Planning the Deployment of Applications by Using SCCM 2007 . . . . . . . . . . 351 Planning Application Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

  Chapter Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Case Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

  Case Scenario: Planning a Terminal Services Strategy for Wingtip Toys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

  Provision Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

8 Server and Application Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Lesson 1: Planning Operating System Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . 362

  Virtual Server 2005 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Hyper-V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 Managing Virtualized Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366 Candidates for Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Planning for Server Consolidation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Designing Virtual Server Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

  Lesson 2: Planning Application Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Microsoft SoftGrid Application Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . 379

  Table of Contents

  Planning Application Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

  Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388 Case Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

  Case Scenario: Tailspin Toys Server Consolidation . . . . . . . . . . . . . . . . . . . . . . 388 Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

  Windows Server Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389 Plan Application Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

  Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

9 Planning and Designing a Public Key Infrastructure. . . . . . . . . . . . . . . 391

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 Lesson 1: Identifying PKI Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393

  Reviewing PKI Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393 Identifying PKI-Enabled Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394 Identifying Certificate Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395 Reviewing the Company Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398 Assessing Business Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Assessing External Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Assessing Active Directory Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Assessing Certificate Template Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 401 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402

  Lesson 2: Designing the CA Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Planning the CA Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

  Lesson 3: Creating a Certificate Management Plan . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Selecting a Certificate Enrollment Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Creating a CA Renewal Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 Defining a Revocation Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

  Table of Contents

  Planning a PKI Management Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

  Chapter Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Case Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

  Case Scenario: Planning a PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

  Watch a Webcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 Read a White Paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

  Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

10 Designing Solutions for Data Sharing, Data Security, and Business Continuity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429 Lesson 1: Planning for Data Sharing and Collaboration . . . . . . . . . . . . . . . . . . . . . . 431

  Planning a DFS Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431 DFS Namespaces Advanced Settings and Features . . . . . . . . . . . . . . . . . . . . . 434 DFS Replication Advanced Settings and Features . . . . . . . . . . . . . . . . . . . . . . . 436 Overview of the DFS Design Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438 Planning a SharePoint Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Designing a Data Sharing Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

  Lesson 2: Choosing Data Security Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448 Protecting Volume Data with BitLocker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448 Choosing a BitLocker Authentication Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 449 BitLocker Security Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450 Planning for EFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 Using AD RMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 Designing Data Storage Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458

  Table of Contents

  Lesson 3: Planning for System Recoverability and Availability . . . . . . . . . . . . . . . . . 459 Planning AD DS Maintenance and Recovery Procedures. . . . . . . . . . . . . . . . . 459 Seizing Operations Master Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Using Network Load Balancing to Support High-Usage Servers . . . . . . . . . . 464 Using Failover Clusters to Maintain High Availability . . . . . . . . . . . . . . . . . . . . 467 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

  Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 Case Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

  Case Scenario: Designing Solutions for Sharing, Security, and Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

  Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 Watch a Webcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 Read a White Paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

  Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

11 Designing Software Update Infrastructure and Managing Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

  Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 Lesson 1: Designing a Software Update Infrastructure . . . . . . . . . . . . . . . . . . . . . . . 477

  Microsoft Update as a Software Update Solution . . . . . . . . . . . . . . . . . . . . . . . 477 Windows Server Update Services as a Software Update Solution . . . . . . . . . 478 System Center Essentials 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 System Center Configuration Manager 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . 487 Windows Server 2008 Software Update Infrastructure. . . . . . . . . . . . . . . . . . . 488 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

  Lesson 2: Managing Software Update Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . 496 Microsoft Baseline Security Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496 SCCM 2007 Compliance and Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500 Planning and Deploying Security Baselines . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 Role-Based Security and SCE Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505

  Table of Contents

  Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 Chapter Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 Case Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509

  Case Scenario 1: Deploying WSUS 3.0 SP1 at Fabrikam, Inc. . . . . . . . . . . . . . 509 Case Scenario 2: Security Policies at Coho Vineyard and Coho Winery . . . . 510