Mastering Windows 2000/2002 Server

A guide to planning, installing, and running Windows 2000 and 2003 Server in your network

a two-day course by Mark Minasi, author of Mastering Windows 2000 Server from Sybex

Register for a public class • On-Site or Public?  •  Course Objectives  •  Course Duration  •  Prerequisites •  Course Outline  •  A Shorter Class?  •  Course Materials  •  Arranging a Class • Audiocassettes/CDs

On-Site or Public?

We primarily offer this class as a two-day on-site class — in other words, your company hires Mark to come teach it on-site.  However, we are also offering Mastering Windows 2000 Server:  A Guide to Planning, Installing, and Running Windows 2000/.NET Server in Your Network as a public class in a number of U.S. and Canadian cities.   If you're interested, signup info and other details are at www.minasi.com/pubsems.htm.

We will schedule future public seminars based on interest.  If you don't have enough people in your company to justify bringing Mark on-site but would like to attend the class then you can help us decide which cities (if any) could produce enough sales to make a public class worthwhile.  We plan to cover this material in two fact-packed days using lecture and demonstration.  Attendees receive both a copy of Mastering Windows 2000 Server, 4th Edition and printouts of preliminary new sections intended for the next edition.

Course Objectives

To introduce your current NT administrators and technical IT managers to the benefits (and, inevitably, sometimes the negative aspects) of Windows 2000.  As Windows 2000 includes nearly forty million lines of program code, there are so many new features and gotchas that current NT experts could spend months trying to figure out which of the new 2000 functionality is useful — and only then could they start planning!

This course saves you time and money in two basic ways.  First, I designed it to be as brief as possible, saving money in terms of instructor time and lost employee productivity hours.  Second, the course reduces the amount of time that your admins need to get up to speed on Windows 2000 by pointing out the parts of 2000 that offer the greatest potential gains, helping you to "cherry-pick" the best new technologies.  Third, the more I work with 2000 and 2002 the more I'm convinced that most books and courses take the wrong tack:  for example, Active Directory should not be your first task — DNS should!

Course Duration

In the perfect world, I'd like to spend five days with your NT/2000 technicians — but I know how understaffed most IT shops are nowadays, so I've tried to whittle the information down to the absolute basics, the things that I feel that current NT techies need to know in order to get started making 2000 work in your enterprise.  Two very information-packed days will show them what to expect on the road ahead, where the smooth pavement ends and the potholes begin.

What About a Shorter Class?

Only have one day?  Hey, look, the customer's always right — give us a buzz and I'll remove enough content to make a day's worth of material.  I've even got specific 90-minute short pieces if you'd prefer that.  (See www.minasi.com/talks.htm for a list.)

Prerequisites

To save time, I've designed this course to build upon existing NT 4.0 administrator knowledge, so you should have a good working knowledge of NT administration and infrastructure.  On the other hand, if you don't yet have NT experience then it's easy for me to add that material — I've been teaching NT classes since 1993 — but of course then I'll need more time with the students.

Course Outline

1. Overview
   1. Main goals of Windows 2000
      1. For Server
      2. For Professional
   2. How Microsoft did in achieving those goals
   3. Major effects to expect — both new benefits and new requirements
   4. How to roll out — Professional first, Server first?  (Or wait for Service Pack 38?)
      
   
   
2. Creating a Sturdy Infrastructure:  DHCP, WINS and DNS under 2000 ... But Mostly DNS

   When discussing Windows 2000 preparation, many people start from Active Directory.  But that's putting the cart before the horse — because anyone who's done it can tell you that if you do an AD without first building a sturdy DNS infrastructure, you're doomed to fail.

   For the past five years, most NT networks have relied upon three important bits of "plumbing:"  the Dynamic Host Configuration Protocol (which simplifies putting unique Internet addresses on every computer), the Domain Naming System (which keeps track of every computer's Internet name), and the Windows Internet Naming Service (which keeps track of every computer's Microsoft networking name — yes, every NT PC has two names).  Windows 2000 brings some important changes to both DHCP and WINS, and this talk tells you what those changes are and how to get the most out of them.  But the really big story is DNS.  DNS was once a sort of afterthought in NT networks.  But in 2000-based networks, DNS is now a central repository of essential network information, so the majority of the talk focuses on DNS.  So this section is a complete tutorial on the inner workings of DNS:  how DNS works, how it manages and replicates its data, how to design a DNS structure that works best for your company, and how to secure it and make it ready for Active Directory.

   In this section, you'll first learn how DNS works: how its hierarchy of names functions, how it stores and replicates its data, and how to design an effective architecture of DNS servers.  Then you'll learn about how Microsoft's Windows 2000 DNS servers go beyond the basics and extend DNS's power.  Finally, you'll learn how to build a Windows 2000-based DNS architecture that can coexist with an existing non-Windows 2000 DNS structure.

   1. DHCP, WINS and DNS overview
   2. DHCP under 2000:  everything gets better
      1. DHCP servers must be authorized by AD
      2. Effects of a mixed AD/non-AD environment
      3. Authorizing a DNS server
      4. DHCP servers now have a command-line interface
      5. DHCP servers will now register DNS
   3. WINS under 2000:  yes, it's still around, and probably will be for a while — but it works better now
   4. What's in a name:  WINS versus DNS names
   5. Understanding the DNS hierarchy
   6. Zones versus domains:  what's a "zone," anyway?
   7. Private or public root?
   8. How DNS resolutions work, and how 2000 improves them
   9. Where DNS stores and replicates its databases
      1. Primary and secondary zones
      2. RFC-compliant replication strategies
      3. Incremental versus full zone replication
      4. "AD integrated" replication
   10. DNS designs:  delegation, forwarders and slaves
   11. Internal and external names:  how to build different DNS names on your internal network that are not exposed externally
   12. DNS and Active Directory
       1. AD needs
       2. Must you use a Microsoft DNS?
       3. Problems with Microsoft DNS and a "standard" primary zone
       4. One solution:  AD integrated zones
       5. Using an alternative:  building a Linux-based Dynamic DNS server
       6. Living with BIND:  using a Win2K-based child domain
          
   
   
3. Active Directory Concepts and Planning

   Windows 2000's "big show" is Active Directory.  This section explains its pieces and basic concepts, then illustrates how to use it to exploit its delegation abilities and how to plan and use an AD structure.

   1. Domains in AD:  how they're different from and similar to NT 4.0 domains
   2. Groups in AD:   how they're different from and similar to NT 4.0 groups
   3. Fine-grained administrative control I:  understanding organizational units
   4. Fine-grained administrative control II:  understanding and using delegation
   5. Replication I:  how AD replicates in a one-site world
   6. Multiple domains in a tree
   7. Multiple domains in a forest
   8. Who holds the power:  understanding the types of administrators in W2K
   9. Design issues:  empty forest roots, enterprise administrators
   10. Migration issues
       1. Types: In-Place versus "Clean and Pristine"
       2. Tools
       3. Understanding SID histories
          1. What they are
          2. How they work
          3. Potential problems with SID histories
          4. "Re-ACLing" instead of SID histories
   11. Re-working domain structures
   12. Consolidating NT 4.0 domains into AD domains with Active Directory Migration Tool (ADMT)
       1. Finding ADMT
       2. Installing ADMT
       3. ADMT capabilities
       4. ADMT limitations
       5. Using ADMT
   13. How the Global Catalog works to accomplish logons and speed authentication — and what you need to do to keep it running
   14. Employing sites to control bandwidth problems
   15. Replication II:  how AD replicates in a multi-site world — creating sites, site links, and site link bridges
   16. Overall design summary and advice
       
   
   
4. Remote Support Tools in 2000

   It's 3 AM and there's trouble at the office ... but the office is 20 miles away.  Isn't there some way to administer the network from home while you're still in your pajamas?  Third parties have always offered good remote support tools, but Windows 2000 now includes a wealth of remote control power.  This section explains how to use Windows 2000's built-in tools to produce "action at a distance," so you can fix that problem and get back to bed in record time.

   1. Windows Terminal Server and Services  
      1. How Terminal Services work
      2. Where it's useful
      3. Protocol issues:  RDP versus ICA
      4. Licensing: the confusing part
      5. Using TSAC (Terminal Server Advanced Client)
      6. Web-based Terminal Services
   2. Windows Management Instrumentation-based remote tools, including Manage Computer
   3. 2000 and Telnet
      1. Telnet authentication
      2. What can you do with Telnet?
      3. What good is the command line, anyway? A summary of Resource Kit command-line tools
      4. Telnet on Windows 2000 Professional
   4. Built-in remote control with NetMeeting 3.0:  replacing PCAnywhere
      1. Platforms that support NetMeeting 3.0
      2. Setting up NetMeeting
      3. Activating Net Meeting Remote Desktop Sharing
         
   
   
5. Intellimirror:  Finally, Tools for Support Staff!

   Over the years, Microsoft operating systems have made life easier for developers with a protected 32-bit programming environment, and easier for users with a simple-to-use graphical user interface.  But there hasn't been much to make our lives easier as support people — until now.  This section explains the strengths and weaknesses of the built-in support tools included with Windows 2000.  (Note: this section does not cover one Intellimirror technology, the Remote Installation Service, as we cover that in the later "rollout" section.)

   1. The support problems that Microsoft sought to solve
   2. What you'll need to exploit these technologies (W2K Pro, Server, Active Directory)
   3. Restricting disk quotas
   4. How offline files work and how they can make your network faster and more reliable
   5. Introducing group policies:  GP mechanics
      1. How policies work:  DLL-based versus Registry-based
      2. Local policies
      3. Numbers of policies versus numbers of effects (policy planning)
      4. Policy precedence:  sites, domains, OUs
      5. Policy order within a container:  which policy applies first in a domain?
      6. Fine-tuning policies:  policy filtering
      7. Altering precedence -- no override and block policy inheritance
      8. Where policies live:  the Group Policy Template and the Group Policy Container
   6. Using group policies to protect user data, simplify rollouts and support roaming users with folder redirection
   7. Using group policies to distribute software
   8. Group policy design issues
   9. Group policy troubleshooting
   10. Great resource kit tools for policy troubleshooting
   11. Centralized software deployment
   1. The problem:  you must be an admin to install much software
   2. The cause:  why you've got to be an admin
   3. The solution:  two technologies
   4. The MSI package format
   5. The Windows Installer Service
   6. Controlling the Installer Service with policies
   7. Publishing versus assigning and the Class Store
   8. Lower-tech answers: the ZAP file
   9. Creating MSI packages of your own
   10. Why some apps won't work under 2000:  how Windows File Protection (WFP) works, and how it sometimes keeps older apps from functioning
   11. Working around WFP's limitations the undocumented way with DLL redirection
   12. So is SMS dead?
       
    
6. Windows 2000 Storage

   It doesn't get as much play as Active Directory, but Windows 2000's new storage tools are pretty neat.  This section shows you how to use them to their fullest.

   1. Basics:  FAT32 support, NTFS is now safe for boot drives (with Recovery Console)
   2. Distributed File System (Dfs)
      1. How it works
      2. Setting it up
      3. What you need AD for
      4. What clients need to access Dfs shares
      5. Fault tolerant Dfs
   3. Reparse points — get rid of those drive letters (or most of them, anyway)
   4. Remote Storage Manager
   5. Encrypting File System
      1. How it works
      2. Setting up recovery agents
      3. How secure is EFS?
         
   
   
7. Rollout Tools:  From Empty Hard Disk To Working Computer in Twenty Minutes or Less

   Machine upgrades and new staffing mean that support people spend a lot of time putting an operating system and a suite of applications on a computer.  Furthermore, it's unfortunately true that one of the most effective troubleshooting techniques in the Windows and NT world is "wipe the hard disk and re-install," which means even more installation time.  Tools like Ghost and Drive Image Pro simplify a rollout task but suffer from the "every machine needs a unique SID" problem, as well as Microsoft's reluctance to support any system rolled out with Ghost or Drive Image Pro.  Windows 2000 offers three different technologies intended to simplify rollouts.

   1. Scripting Windows 2000 installation:  overview
   2. Scripting installs:  building scripts with Setup Manager, then adding the necessary tweaks
   3. Doing winnt.sif installs
   4. Expanding scripts:  exploiting the OEMPREINSTALL features to customize and extend an installation
   5. Rolling out new applications automatically with WinInstall LE
   6. Using the script to install extra applications
   7. Understanding Remote Installation Service:  design, procedures, limitations and strengths
      1. How RIS works
      2. Setting up RIS images
      3. Controlling access to RIS images
      4. Undocumented RIS
         1. Rolling out Server with RIS
         2. Using $OEM$ features with RIS
         3. Modifying the Client Wizard to collect more information and roll out servers quickly
   8. Borrowing from RIS:  how Single Instance Store can help manage space
   9. Finding and using Sysprep 1.1
      
   
   
8. Useful 2000 Tools

2000 comes with a real wealth of tools and features that haven't gotten much attention largely because many of us have been focused on the new big things.  This section ends the class with a description of some of the more useful — and often undocumented — tools.

1. Windows File Protection
   1. How it protects system files from overwriting
   2. How to disable it
   3. How to disable it for just one application
2. APCOMPAT solves version number problems for Windows 2000
3. Driver Verifier lets you test a driver before you trust it
4. Recovery Console
5. pathping
6. runas: Unix's SU comes to 2000

Certification Preparation

This is not an "exam cram" class.  My goal in this class is to help your network professionals acquire essential job-related skills rather than to focus on particular testing concepts.  Don't misunderstand — there's nothing wrong with exam-focused classes — but this class isn't one of them.  Its focus is to help your administrators plan for and learn to manage a 2000/2002-based network.

Course Materials

The class works from PowerPoint presentations.  Clients are strongly urged to purchase Mastering Windows 2000 Server from Sybex for students. That's not necessary for public class students, as they receive the book as part of their course registration.

Arranging a Course

Please contact our office at (757) 426-1431 or Assistant@Minasi.com to discuss scheduling and fees.  Or, if you don't have enough people for a private class, sign up for a public class at www.minasi.com/pubsems.htm.