Вы находитесь на странице: 1из 1312

Microsoft

Windows Server 2003



2-
Microsoft
Windows Server 2003

U N L E A SH E D
SECOND EDITION

Rand H. Morimoto
Kenton Gardinier
Michael Noel
Omar Droubi

201 West 103rd Street,


Indianapolis, Indiana, 46240 USA
Microsoft
Windows Server 2003


2-

-
2005
32.973.26-018.2.75
M79
681.3.07


. ..
.. , .. , ..
.. , ..
:
info@williamspublishing.com, http://www.williamspublishing.com

, , , , , , , .
M79 Microsoft Windows Server 2003. , 2- . : . .
. : , 2005. 1312 . : . . . .
ISBN 5-8459-0776-4 (.)

, , Windows Server 2003.
Windows Server 2003
() .
. -
, ,
Windows Server 2003;
Active Directory; , , -
; Windows Server
2003; ; -
; Windows Server 2003.
-
.
32.973.26-018.2.75

-
.

, ,
, -
Sams Publishing.
Authorized translation from the English language edition published by Sams Publishing, Copyright 2004
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording or by any information storage retrieval system,
without permission from the Publisher.
Russian language edition published by Williams Publishing House according to the Agreement with R&I
Enterprises International, Copyright 2005

ISBN 5-8459-0776-4 (.) , 2005


ISBN 0-672-32667-1 (.) Sams Publishing, 2004

5

43
44
45
47
48
I. Windows Server 2003 51
1. Windows Server 2003 53
2. ,
,
Windows Server 2003 89
3. Windows Server 2003 123
II. Active Directory Windows Server 2003 147
4. Active Directory 149
5. Active Directory Windows Server 2003 181
6. 209
7. Active Directory 233
8. Active Directory
Novell, Oracle, Unix NT4 263
III. 291
9. 293
10 . DHCP, WINS 329
11 . Internet IIS 6 361
IV. 397
12 . 399
13 . 427
14 . Windows Server 2003 447
15 . 465
V. Windows Server 2003 485
16 . Windows NT4 Windows Server 2003 487
17 . Windows 2000 Windows Server 2003 527
18 . Windows Server 2003 571

6

VI. Windows Server 2003 597


19 . ,
Windows Server 2003 599
20 . Windows Server 2003 631
21 . Windows Server 2003 655
22 . Windows Server 2003 709
23 .
Windows Server 2003 749
24 . Windows Server 2003 787
25. Microsoft
Windows Server 2003 807
VII. 833
26 . 835
27. Windows Server 2003 877
VIII. 923
28.
Windows Server 2003 925
29 .
947
IX. 977
30 . 979
31.
( ) 1031
32 . Windows Server 2003 1091
33 . 1129
X. , 1171
34 . 1173
35 . 1213
XI. Windows 1237
36 . Windows SharePoint 1239
37 . Windows Media 1271
CD-ROM 1304
1305

7

43
44
45
47
48

I. Windows Server 2003 51


1. Windows Server 2003 53
Windows Server 2003 54
Windows .NET Framework Windows Server 2003 54
Windows .NET Framework 55
Windows Server 2003 55
Windows Server 2003 56
Windows Server 2003 Active Directory 57
Windows Server 2003 57
Windows Server 2003 59
? 60
Windows Server 2003 NT4 Windows 2000 60
Windows 2000 Windows Server 2003 61
Windows Server 2003 Windows NT4 62
Windows Server 2003 62
Windows Server 2003 Web 62
Windows Server 2003 Standard 63
Windows Server 2003 Enterprise 63
Windows Server 2003 DataCenter 64
Windows Server 2003 65
Windows Server 2003 65
, 66
67
68
70
Active Directory 71
Windows Server 2003 71
71
72
IPSec NAT Traversal 73
Windows Server 2003 73
74
DFS 74
74

8

75
75
76
76
77
77
78
78
79
Windows Server 2003
Feature Pack 79
79
80
Active Directory
80
Directory Services Markup Language Windows 81

Active Directory 81
Services for NetWare 5.0 SP2 81
Windows SharePoint 82
Windows 82
Windows 82
Windows 2003 83
Active Directory v2.0 83
83
84
84
Microsoft 84
85
Windows 2003 85
Windows Server 2003 86
86
2. ,
,
Windows Server 2003 89
90

Windows Server 2003 91
91
92

Windows Server 2003 93
95
97
99
: 100
102

9

103
: 104
: 104

105
Windows Server 2003 107
108
: 108
109
111
111
: 113
? 114
115
:
116
116
117
118
118
/: 119
119
Windows Server 2003 119
120
120
3. Windows Server 2003 123
124
124
: 124
126
, 126
128
Windows Server 2003 129
129
130
131
131
131
132
133
134
134
134
135
Windows Server 2003 135
Windows Server 2003 136
137

10

137
137
137
138
Windows Server 2003 139
139
139
139
140
143
Windows Server 2003 143
143
144
145
Windows Server 2003
145
146
146
II. Active Directory Windows Server 2003 147
4. Active Directory 149
150
Microsoft 151
Active Directory 151
Active Directory 152
, NT 4.0 152
Microsoft Internet 154
Active Directory 154
Active Directory 154
Active Directory 155
Active Directory 156
Active Directory 156
Windows Server 2003 Active Directory 157
Windows 2000 157
Windows 2000 157
Windows Server 2003 157
Windows Server 2003 158
Active Directory 159
Active Directory X.500 159
AD 159
161
161
161
162
163
164
164
166

11

OU? 167
Active Directory 167
? 169
Active Directory 170
, - 170
170
DNS Active Directory 171
DNS 171
DNS 173
DNS DNS, AD 173
AD DNS DNS 173
Active Directory 174
Kerberos 174
Internet v6 174
175
Active Directory Windows Server 2003 175
Active Directory Windows Server 2003 175
176
176
Active Directory 176
176
177
Active Directory 177
, Windows Server 2003 178
178
179
5. Active Directory Windows Server 2003 181
Active Directory 182
183
184
() 185
185
Windows Server 2003 186
187
188
188
189
191
191
193
194
194
195
196
197
198
199

12

199
200
201
202
203
204
Active Directory 204
204
205
206
208
208
6. 209
210
212
: 213
214
OU 217
OU 217
OU NT 218
OU 219
OU 219
OU 219
OU 222
223
223
224
224
225
225
- 225
228
231
231
7. Active Directory 233
Active Directory 234
Active Directory 234
235
235
236
236
236
237
SMTP- IP- 240
Active Directory 241
Windows Server 2003 241

13

241
243
244
245
246
247
248
248
248
249
250
250
251
SMTP- IP- 251
SMTP- 251
Windows Server 2003 251
252
/
253
254
254

255
255
IPv6 Windows Server 2003 255
IPv6 256
IPv6 256
IPv6 257
IPv6 258
IPv6 259
259
259
260
262
262
8. Active Directory
Novell, Oracle, Unix NT4 263
Services for Unix 3.5 264
Services for Unix 265
Services for Unix 265
Services for Unix 266
Services for Unix 3.5 266
Interix Services for Unix 269
Interix 269
Interix 269
Unix NFS Windows 270
NFS 270

14

NFS 270
NFS 271
SFU 271
271
SFU 271
Services for Unix 272
Telnet 272
MMC Services for Unix 273
ActivePerl 5.6 SFU 273
Windows NetWare Services for NetWare 273
Gateway Services for NetWare 274
Services for NetWare 274
Services for NetWare 5.02 SP2 275
NetWare 276
Microsoft 277
279
Microsoft 279
MIIS 279
(IIFP) 280
SQL Server MIIS 281
MIIS 281
MIIS 282
282
Microsoft 282
MIIS 284
MIIS 285
MIIS 286
MIIS 2003 289
289
290
III. 291
9. 293
294
DNS 294
DNS 295
DNS 295
DNS 296
DNS 297
DNS Windows Server 2003 297
DNS 297
DNS 300
301
301
(A) 301
(NS) 302
(SRV) 303
(MX) 304

15

(PTR) 304
(CNAME) 304
304
DNS 304
306
306
306
307
- 307
308
309
310
DNS- 310
311
311
DNS 312
DNS 312
312
313
314
314
315
WINS 316
Microsoft DNS 317
, Active Directory 317
317
Unicode 317
DNS Windows Server 2003 318
DNS 318
DNS 318
318
_msdcs 319
DNS Active Directory 319
DNS Active Directory 320
Active Directory DNS, Microsoft 320
Active Directory 320
SRV 321
DNS 322
DNS
322
DNS 323

HOST 323
NSLOOKUP 323
IPCONFIG 324
TRACERT 325
DNSCMD 326
326

16

327
10 . DHCP, WINS 329
330
330
330
331
331
Windows Server 2003 332
332
DHCP 332
DHCP: RARP BOOTP 332
DHCP 333
DHCP 334
IP- 334
DHCP 335
DHCP DNS 336
DHCP 336
DHCP, Windows Server 2003 338
DHCP 338
DHCP 340
DHCP 340
DHCP 50/50 340
DHCP 80/20 342
DHCP 100/100 342
344
DHCP- 344
DHCP 344
DHCP 344
DHCP 345
DHCP 345
Netsh 345
DHCP 346
DHCP 347
DHCP 347
DHCP 348
Internet- Windows 349
, Microsoft NetBIOS 349
WINS DNS 349
WINS Windows Server 2003 350
WINS 351
WINS 352
352
WINS 353
NetBIOS LMHOSTS 354
, WINS 355
WINS 355
WINS 355

17

WINS 357
357
Active Directory 357
/ 358
358
359
360
360
11 . Internet IIS 6 361
IIS 6 362
IIS 364
364
365
IIS 366
IIS 367
IIS 368
IIS 368
Web- 369
Web- IIS 370
Web- 370
373
375
375
IIS 6 376
IIS 377
377
378
FTP 378
FTP 379
FTP- 380
FTP 380
IIS 383
SMTP 383
NNTP 384
Internet 384
IIS 385
Windows Server 2003 385
Web- 385
IIS 386
Web- 386
SSL 387
FTP 390
IIS 391
IIS 392
Internet Explorer
393
394

18

395
IV. 397
12 . 399
Windows Server 2003 400
Trustworthy Computing Microsoft 400
Common Language Runtime 400
401
401
401
402
Run As 403
- 404
405
405
406
406
406
407
408
409
NTFS 410
NTFS 411
411
412
413
413
414
414
SUS: Windows Update 414
415
415
SUS 416
416
SUS 417
SUS 420
SUS 421
422
SUS 425
425
425
13 . 427
Windows Server 2003 428
428
429
429
429

19

VPN 430
430
PPTP L2TP 430
L2TP/IPSec 431

Internet 431
VPN 433
435
435
436
Windows Server 2003 436
- 438
439
PKI Kerberos 439
Internet 439
IPSec 439
IPSec 440
NAT Traversal IPSec 440
IPSec
Windows Server 2003 441
IPSec 442
IPSec 443
IPSec 443
IPSec 444
445
446
14 . Windows Server 2003 447
.NET 448
.NET 449
PREP ID 450
452
453
.NET 455
.NET Passport 455
456
.NET 456
456
Web- 457
.NET 458
458
.NET 458
Cookie- .NET Passport 459
460
.NET Passport 460
461
461
.NET Passport for Kids 461

20

462
462
463
15 . 465
466
466
467
467
468
470
473
473
474
475
476
Security Configuration and Analysis 476
Microsoft 478
479
Windows 481
482
482
V. Windows Server 2003 485
16 . Windows NT4 Windows Server 2003 487
Windows Server 2003 488
488
Windows NT4 Windows Server 2003 492
492
493
,
Windows NT4 494
Windows Server 2003 495
SAM NT 4.0 495
496
Windows NT4 496
Active Directory 497
498
499
500
501
Windows NT4
Windows Server 2003 501
Windows NT4 Windows
Server 2003 503
Windows Server 2003 503
Windows
NT4 Windows Server 2003 506

21

Windows Server 2003


Active Directory 508
508
Windows NT4 509
Windows NT4
Active Directory 510

Active Directory 511
Active Directory Microsoft 511
Active Directory 512
Active Directory 512
NT4 Active Directory 517
Active Directory 520
Active Directory 523
524
524
17 . Windows 2000 Windows Server 2003 527
Windows Server 2003 528
528
528
529
530
: 530
531
531
531
532
532
533
Active Directory Windows 2000 534
536
Active Directory adprep 537
539
539
541
Windows 2000 543
Windows 2000 543
543
AD- DNS 546
Active Directory
547

547
547

Active Directory 2.0 552
ADMT 2.0 553

22

Windows 2000 Windows Server 2003


ADMT 2.0 553
ADMT 554
ADMT 2.0 554
559
562
566
569
569
569
18 . Windows Server 2003 571
572
573
574
576
580
580
580
581
Windows 581
582
583
583
584
584
, , ,
587
588

588
589
589
Windows Server 2003 590
590
591
592
592
593
594
595
VI. Windows Server 2003 597
19 . ,
Windows Server 2003 599
600
600
601

23

601
Active Directory 601
602
603
604
606
608
610
Active Directory Windows Server 2003 611
611
Active Directory 612
613
613
613
614
AD 615
615
616
618
618
618
620
621

622
622
623
626
628
629
630
20 . Windows Server 2003 631
Windows Server 2003 632
, 633
634
HKEY_LOCAL_MACHINE 634
HKEY_CLASSES_ROOT 637
HKEY_CURRENT_CONFIG 637
HKEY_CURRENT_USER 638
HKEY_USERS 639
Windows Server 2003 639
640
641
Favorites 642
642
643
644

24

644
646
646
646
647
647
649
650
652
652
652
652
653
21 . Windows Server 2003 655
656
656
656
657
657
, : 658
(RSoP) 658
658
658
GP 659
659
659
660
660
660
661
661
662
663
663
664
664
665
665
Group Policy 665
665

667
668
669
669

670

25

GPO: , ,
670
671
671
HTML- Settings 672
WMI 672
GPMC 673
GPMC Resultant Set of Policies 673
Resultant Set of Policies 673
RSoP
673
Windows 674
WMI 674
WMI 675
Group Policy 676
677
677
:
678
679
679
(My Documents) 680
681
681
682
683
gpupdate.exe 683
gpresult.exe 683
683
GPOTool.exe 684
FRSDiag.exe 684
Sonar.exe 685
686
686
Microsoft 687
687
Outlook 687
Outlook 688
690
691
Outlook 691
Outlook 693
Outlook 693
Group Policy 696
696
Group Policy 697
698
698

26

699
699
700
Group Policy 701
701
701
Windows 702
702
704
706
706
707
708
22 . Windows Server 2003 709
Windows Server 2003 710
710
714
715
715
716
717
Windows Server 2003 719
720
721

Active Directory Users and Computers 722
Telnet 722
723
723
Microsoft 724
Windows Server 2003 724
DHCP WINS 724
DNS 726
726
Windows Update 727
728
728
Windows Server 2003 729
730
733
733
741
743
746
747
747

27

23 .
Windows Server 2003 749
750
751
752
752
752
752
753
VBScript 754
Visual Basic 754
Active Directory 757
Active Directory 758
Active Directory 759
Active Directory 759
759
MMC ADSI Edit 760
MMC Active Directory Schema 763
764
765
767
767
Exchange 2000 Active Directory 768
769
Ldifde.exe Csvde.exe 769
770
Active Directory 771
ActiveX 771
ADO 771
MMC Active Directory Users and Computers 772
Windows Server 2003 772
Windows Management Instrumentation 773
WMI 773
774
775
776
778
780
CSV- 782
784
785
785
24 . Windows Server 2003 787
788
789
789
790

28

790
790
791
791
792
793
793
794
794
795
Active Directory 795
796
796
797
( ) 797
798
798
798
799
799
799
800
800
801
801
801
802
802
802
803
803
803
804
804
804
804
805
805
805
805
25. Microsoft
Windows Server 2003 807
Microsoft 808
MOM 808
809
809
MOM 809

29

MOM 810
MOM 811
811
811

811
MOM 813
MOM 813
MOM 814
815
815
817
818
MOM 2000 Resource Kit 818
MOM 819
819
819
MOM 820
MOM 820
MOM 821
MOM 821
DCAM D-DCAM 821
822
822

823
823
824
MOM 825
826
MOM 826
MOM 827
MOM 827
828
828
MOM 828
MOM 828
MOM 830
831
831
VII. 833
26 . 835

Windows Server 2003 836
Ethernet 837
1.5 838
NAT Traversal Universal Plug and Play 838

30

838
839
SNMP RRAS 839
839
, 840
(Mprdim.dll) 840
840
840
IP- (Iprtmgr.dll) 841
IPX- (Ipxrtmgr.dll) 841
841
IP- 842
(Rtm.dll) 842
842
IP- (Ipfltdrv.sys) 842
IP- 842
IP- 843
IPX- (Nwlnkflt.sys) 843
IPX- (Nwlnkfwd.sys) 843
Windows Server 2003 843
, VPN- 844
RRAS 845
PPTP 846
EAP-TLS 846
L2TP/IPSec 846
847
VPN 847
Windows Server 2003 847
848
2 848
IP Security 849
PPTP L2TP/IPSec 850
L2TP/IPSec PPTP 851
PPTP L2TP/IPSec 851
852
853
VPN- 854
855
855
855
856
NAT Traversal 856
RRAS 857
MMC Routing and Remote Access 857
Netsh 860
862
862
863

31

864
864
865
RQS.EXE RRAS 866
867
868
CM 872
873
873
875
875
876
27. Windows Server 2003 877
878
879
879
880
881
881
882
883
884
884
886
887
887
887
888
888
888
889
890
891
891
891
892
892
893
895
897
898
Local Security Policy 898
Computer Management 898
Active Directory Users and Computers (Dsa.msc) 899
Terminal Services Configuration (Tscc.msc) 899
Group Policy 902
903

32

904
905
906
907
907
908
910
RDP 910
911
911
911
GPO 912
912
913
914
916
916
916
WMI 917
917
918
919
919
32-
Windows- RDP 919
Web- 919
MMC Remote Desktops (Tsmmc.msc) 920
920
921
922
VIII. 923
28.
Windows Server 2003 925
926
926
927
927
928
RIS 928
RIS 929
RIS 929
DHCP RIS 931
931
Windows XP 932
932
933
933

33

Windows XP 934
RIS 935
936
Windows XP 937
938
XP 2000 938
939
939
939
940
940
Group Policy 941

942
943
Windows XP 944

Active Directory Users and Computers 944

Windows Server 2003 945
945
946
29 .
947
948
948
949
950
950
951
951
952
952
953
, ,
953

954
954
955
956

956
957
957
958
959

34

959
960
962
963
966
968
971
973
974
IX. 977
30 . 979
Windows Server 2003 980
980
981
981
981
982
982
985
985
986
989
990
993
995
Performance 995
Fsutil.exe 995
995
997
: 997
Windows 997
1000
DFS 1000
DFS 1001
FRS 1002
DFS 1003
NTFS
DFS 1003
DFS 1003
DFS 1004
1004
1005
DFS 1007
DFS 1007
DFS 1007
DFS 1008
1009

35

DFS 1010
DFS Active Directory 1011
DFS 1012
DFS 1013
DFS 1013
DFS 1014
FRS 1014
FRS SONAR 1015
DFS 1016
1016
1017
FRS 1017
DFS 1017
DFScmd.exe 1018
1018
1019
Remote Storage 1019
Remote Storage 1020
1024
DFS Windows Server 2003 Backup 1025
1026
1028
1029
1029
31.
( ) 1031
1032
1032
1033
1034
1034
Windows Server 2003 1035
, 1035
1039
Microsoft 1039
1040
1041
1041
1041
1042
1044
1044
1046
1047
1048
1051
1052

36

1052
Cluster.exe 1052
1052
1053
1055
1057
1058
1060
1060
1061
1062
1063
1063
1065
1066
1067
1068
1069
1072
1075
1077
1078
1078
1078
1079
NLB 1079
1080
1080
1081
1081
NLB 1082
1082
NLB- 1084
NLB- 1085
NLB 1086
1086
NLB- 1087
1088
1088
1088
32 . Windows Server 2003 1091
1092
1092
: 1094
1094
1095
1095

37

1095
1096
1096
1097
1097
1097
1098
1098
1099
1099
1099
1099
1100
1100
1101
, 1101
Windows Server 2003 1102
1103
1103
Windows Server 2003 1103
1104
1104
Windows Server 2003 1105
Windows Server 2003 Backup (ntbackup.exe) 1105
Remote Storage 1106
1106
1107

Windows Server 2003 Backup (ntbackup.exe) 1107
1108
1108
1111
Remote Storage 1112
Remote Storage 1113
1114
1114
1115
1115
vssadmin.exe 1115
Windows Server 2003 1116
( RAID-) 1116
1117
1118
Internet- Windows 1119
1120
1121
Internet 1122
Remote Storage 1123

38

1124
Windows Server 2003 Backup
Remote Storage 1124
1124
Windows Server 2003 1125
1125
1126
1127
1127
33 . 1129
1130
1130
1131
1131
1131
1132
1132
1132
1132
1133
1134
1134
1135
1136
1136
1137
RAID- 1137
1138
1138
1138
1138
1140
1140
1140
1141
1142
ASR 1144
1146
Windows Server 2003 1146
1146
1149
Internet- Windows 1150
1152
Windows Server 2003 1152
NTBackup.exe 1152
1153
Internet 1155

39

IIS 1156
1156
Windows Server 2003 1156
Active Directory 1157
Active Directory 1157
1164
Remote Storage 1166
1167
99,999% Windows Server 2003 1168
1168
1169
1169
X. , 1171
34 . 1173
1174
1175
1175
1176
1176
1177
1178
1179
1181
1181
1182
1183
1185
1185
1186
1187
, 1187
1188
1192
1192
1193
, 1193
Windows Server 2003 1195
Netmon 1195
Netmon 1196
Netmon 1197
1198
, Windows Server 2003 1199
TCP/IP 1200
1209
, 1210
1210

40

Dr. Watson for Windows 1211


1211
1212
35 . 1213
1214
1215
1215
1217
1218
1218
1222
1223
1224
1228
1228
1229
Windows 1233
1234
1234
Windows 1235
1236
1236
XI. Windows 1237
36 . Windows SharePoint 1239
SharePoint 1240
WSS: SharePoint 1240
SharePoint 1241
SharePoint 1241
SharePoint Microsoft 1242
Windows SharePoint 1243

WSS 1243
WSS 1244
WSS 1244
Windows SharePoint 1244
WSS 1245
1245
WSS- 1246
Windows SharePoint 1248
Windows SharePoint 1251
Microsoft Word 1251
Windows SharePoint 1252
1254
1256
SharePoint 1256
SharePoint 1258

41

1259
WSS 1259
1260
1261
1262
Microsoft Office 2003 1262
SharePoint 1264
1265
SharePoint 1265

1266
WSS- 1267
SharePoint 1268
1268
FrontPage 2003 1269
1270
1270
37 . Windows Media 1271
Windows Media 1272
Windows Media 1273
Windows Media 1273
Windows Media 1274
Windows Media 1275
Windows Media
1275
1276
1278
1278

1279
1281
1281
1282
1284
1285

1285

1288
Windows 1288
Windows 1289
Windows 1291
1291
1292
1292
- 1295
1295

42

1295
Windows 1297

Windows 1297
Windows 1298
Microsoft Producer 1299
Microsoft Producer 1299
Microsoft Producer 1300
1302
1302
- 1304
1305

43


(Rand Morimoto) -
25 , Windows 2003, Exchange
2003, , BizTalk Server .
Convergent Computing -
, -, -
Microsoft -
Windows Server 2003
. 50 -
,
, Windows
Server 2003, -
.
(Michael Noel)
10 Windows,
Exchange SharePoint, .
Exchange Server 2003 Unleashed SharePoint Portal Server 2003 Unleashed, -
Sams Publishing, ,
Windows 2000, Exchange 2000 Microsoft.
Convergent Computing,
, -
.
(Kenton Gardinier)
-
10 . Con-
vergent Computing. -
Windows Server 2003, Exchange Server 2003 SharePoint Portal Server 2003
.
. web-.
Windows, Exchange, -
, , -
. ,
. , -
MCSE, CISSP MCSA.
(Omar Droubi) Northern California
Computer and Network. 1994 , ,
Microsoft. -
, Win-
dows Server 2003/Exchange Server 2003 . -
Windows- .
MSCE CCNA,
Microsoft Exchange 2000 Microsoft, , -
, Windows 2000.

44

. , -
: !
. , , MBA, MCSE

. ,
.
, MCSE+I, MCSA

, , , ,
, , .
, MCSE, CISSP, MCSA

,
.
, MSCE, MCT, CCNA

45

. , , MBA, MCSE
,
.
(Neil Rowe), . -
Sams Publishing (Mark Renfrow), (Andrew
Beaster) (Seth Kerney)
.
(Chris Amaris),
, .
, .
, , -
, ,
Convergent Computing, , -
, , ,
. -
,
Windows 2003.
,
( )
.
, , ,
.
, ,
.
!

, MCSE+I, MCSA
, !
,
. -
Convergent Computing,
. -
. ! -
Sams, , .
, , .
, , ! ,
.
, , (Val) -
(Liza Ulanovsky). !

46

, MCSE, CISSP, MCSA


, -
. -
Sams Publishing -
, . (John Krebs) -
(Tiffany Phillips) RHI, (Kevin Williams)
(Jason Mauer) Microsoft, Convergent Comput-
ing , -
,
Windows Server 2003.
- (John McMains) -
.
, -
. , ,
.

47


, , .
, ,
. -
, .
. -
, Web-
. , , -
, ,
.
, ,
. -
. -
:
E-mail: info@williamspublishing.com
WWW: http://www.williamspublishing.com
:
: 115419, , / 783
: 03150, , / 152

48

2003 Windows Server


2003 . -
Windows,
(Service Packs), Windows Server 2003
Microsoft (Feature Packs). 2003 , -
, -
. , Windows
Server 2003,
, .
,
, , , -
Windows Server 2003 -
.
, ,
.
Windows 2003 Resource Kit , -
,
Windows
2003. , ,
,
( - -
).
(, ) Windows Whistler -
Windows 2000 1999 .
, , , , -
Windows Server 2003.
Windows Server 2003.
11 , -
Windows Server 2003 .
:
I. Windows Server 2003. Windows
Server 2003, , , -
Windows Server 2003,
- . -
, -
, , , Windows
Server 2003.
II. Active Directory Windows Server 2003. -
Active Directory. -
Active Directory .
,
, Win-
dows Server 2003 Windows 2000. , -

49

, Windows
2000 Active Directory, . -
,
.
III. . DNS, DHCP,
IIS , , -
. , II, ,
-
, Windows Server 2003; -
,
Windows Server 2003.
IV. . , -
Windows Server 2003. -
: , ,
(Encrypting File System EFS) -
; , ,
IPSec NAT Traversal; Windows .NET -
; , -
Active Directory.
V. Windows Server 2003. .
Windows NT Windows Server 2003
Windows 2000 Windows Server 2003.
,
.
VI. Windows Server 2003.
Windows Server 2003.
(
Windows 2000) . -
, ,
Windows Server 2003 . -
, Windows 2000,
, ,
Windows Server 2003
. , -
.
VII. .
Windows Server 2003,
(Routing and Remote
Access RRAS) Windows Terminal Services.
Windows Server 2003

. -
.

50

VIII. . -
Windows Server 2003 ,

, -
.
, -
Windows Server 2003.
IX. .
, Windows Server 2003 -
, , Microsoft -
.

(Distributed File System DFS), ,
, -
(Automated System Recovery ASR).
-
.
X. , . -
, , -
, -
Windows Server 2003.
XI. Windows. -
, -
Windows SharePoint Services
Windows Media Services.
, Windows Server 2003 -
,
,
Windows Server 2003.

Windows
Server 2003 I

...
1.
Windows Server 2003
2.
,
,

Windows Server 2003
3. Windows
Server 2003
Windows Server 2003
53
1


Windows Server 2003 1
...
Windows Server 2003
Windows
Server 2003
?
Windows Server 2003
Windows Server 2003

Windows Server 2003

Windows Server 2003





Windows Server 2003
Feature Pack
Windows 2003

Windows
Server 2003
Windows Server 2003
54
I

Windows
Server 2003
-
, , -
Windows Server 2003
, - Microsoft. -
Windows Server 2003 Windows 2000
Windows 2000 Windows 2003. -
, -

Windows.
Windows Server 2003 -
Windows XP -
Windows 2000 . -
, Windows Server 2003 -
, , Windows Server 2003
Windows 2000
, Windows Server 2003 , -
,
.
-
Windows Server 2003, , -
.
, Windows Server 2003 ,
, Windows 2003 ,
, -
, Windows, -
Windows Server 2003
.

Windows .NET Framework


Windows Server 2003
Windows Server 2003 ,
,
Windows Server 2003 Windows .NET Framework. ( -
) , .
2001 Microsoft
Windows .NET Framework, -
. Windows Server 2003 -
, ,
. Windows Server 2003 Windows
.NET Framework.
Windows Server 2003
55
1

Windows .NET Framework


Windows .NET Framework , -
,
. Windows .NET Framework
Visual Basic, Visual C,
Web-, -
ODBC (Open Database Connectivity
), Microsoft SQL Microsoft Access.
Windows .NET Framework ASP.NET.
ASP.NET Web-. -
,
, .
,
Web-, .
ASP.NET -
; -
: VBScript, JScript, Visual Basic .NET, C#, Visual Basic .
ASP.NET -
,
, . Windows .NET Frame-
work , -
Web-.
, Windows .NET Framework
,
Windows .NET Framework.
regsrv32 ,
XML- .
Windows .NET Framework Web-
. ,
,
, -
.
Windows Server 2003,
Outlook Web Access Exchange 2003 SharePoint 2003,
(Directory Services Mark-up Lan-
guage, DSML), .NET Framework
Feature Pack.


Windows Server 2003
Windows .NET Framework -
, Windows Server 2003 -
. -
, Windows Server 2003 :
Windows Server 2003
56
I

.
Windows Server 2003 -
-
. Windows Server 2003
( -
12), (. 30)
( 3).
Web-. Windows Server 2003 Web-
Web- Windows
NT Windows 2000. Web-
HTML Windows Server 2003 Web-
, Web-
(. 31).
. Windows Server
2003 , Windows
Server 2003, . , -
Windows Server 2003: Windows -
( 27), -
Windows - ( 37)
, DNS DHCP (. 9 10).
, Microsoft Exchange, -
SharePoint, BizTalk Server 2004 ISA Server 2004 -
Windows Server 2003.
Windows .NET. Windows Server 2003 -
-
Windows .NET Framework. IIS (Internet In-
formation Server Internet) 6 (-
11), Windows .NET
Windows Server 2003.
Windows Server
2003 , , , -
. Windows Server 2003
,
Windows.


Windows Server 2003
Windows Server 2003 , -
.
, , Novell NetWare Windows NT (-
), Windows Server 2003
.
Windows Server 2003
57
1

Windows Server 2003 , -


, Windows Server
2003 , -
. 2030 -
Windows Server 2003 .
-
, , -
.
, Windows Server 2003 -
,
, , Web-.
, Windows Server 2003,
Active Directory, -
Windows .

Windows Server 2003


Active Directory
, -
Windows 2000, Active Directory. Active Directory
,
, -.
-
.
Active Directory, ,
, -
. -
, -
, , , -
.
Windows Server 2003 Active Directory,
, -
-
, .
, Windows Server 2003
,
,
. Active Directory Windows
Server 2003, Active Directory,
II Active Directory.

Windows Server 2003



Windows Server 2003 , -
. -
Windows Server 2003
58
I

, ,
Windows Server 2003 -
, -

, Web- .
Windows Server 2003,
, , ,

. -
. -
, -
(. 35), (. 19),
(. 33), (. 12) -
(. 5).
Windows Server 2003 ,
, :
.
Microsoft Windows, -
.
. -
Active Directory.

Active Directory, -
.
DNS. (Domain Name Service DNS) -
, , DNS- -
, .
DHCP. (Dynamic Host
Configuration Protocol DHCP) .
Windows Server 2003 , -
DHCP.
. , -
. Win-
dows Server 2003 , -
, .
.

-
. Windows
Server 2003
.
.
, Windows Server
2003 , -
.
Windows Server 2003
59
1

Web-.
Web Web-, Windows Server 2003 -
.
.
, , Windows
Server 2003 -
.
(DFS).
, -
. Windows Server 2003 -
, -
.
-
, Windows Server
2003 .

Windows Server 2003



-
DNS, DHCP, , Windows
Server 2003
Windows-.
Microsoft, ,
Microsoft Exchange Microsoft SQL Windows Server 2003.
Windows Server 2003 , -
, ,
, -
,
.
Windows -
;
Windows Server 2003 -
, Windows Server 2003. -
, , ,
, Web -
, , Windows Server 2003 ,
,
-
. -
-
, -
. , , ,
-
, -
Windows Server 2003
60
I

, -
.
, ,
, ,
Windows 2000. Windows 2000
, ; -
Windows 2000, -
Windows Server 2003, -
.
, Windows Server 2003 -
, Windows 2000, ,
Windows 2000, ,
Windows Server 2003.

?
Windows Server 2003 2003 ,
,
. Microsoft -
; ,
Windows 2003 ,
Windows NT4 Windows 2000. , ,
-
.
, Windows
Server 2003, -
. , -
, ,
,
.
Windows Server 2003 -
, Windows
Server 2003, . -
Windows Server 2003, Windows Server 2003
Windows NT4 Windows 2000, Windows 2000 Windows
Server 2003 Windows NT4 Windows Server 2003.

Windows Server 2003 NT4


Windows 2000
Windows Server 2003,
, Windows Server 2003,
Windows Server 2003, Windows Server 2003 - .
Windows Server 2003 -
Windows NT4 Windows 2000.
Windows Server 2003 -
Windows Server 2003
61
1

Windows Server 2003.


Windows Server 2003 .
,
,

.
Windows
Server 2003
Windows Server 2003 Active Directory.

Windows 2000
Windows Server 2003
, Windows 2000 Active Directory,
Active Directory Windows Server 2003 -
, , Win-
dows Windows Server 2003. Windows
Server 2003, Windows Server 2003 Active Directory, -
RIS , Windows Server
2003 Windows Server 2003.
, , Windows 2000
Windows NT4 Windows 2000, -
. , Windows Server 2003 -
Active Directory, Windows 2000, , -
, , , ,
Windows Server 2003. -
Windows 2000 , Windows
Server 2003 Windows 2000 Active Directory
Windows Server 2003 Windows 2000
Active Directory Windows Server 2003 Active Directory .
Windows NT4 Windows 2000, -

(Backup Domain Controller BDC) Windows NT4 (Domain Con-
troller DC) Windows 2000, Windows Server 2003
Windows 2000 Windows Server 2003, -
() Win-
dows Server 2003.
, , ,
17,
. - Win-
dows 2000 Windows Server 2003 -
.
Windows 2000 Windows Server 2003 -
Active Directory, , -
. Windows
Server 2003 , 17, -
Windows Server 2003
62
I

Active Directory .
Windows Server 2003,
Windows Server 2003.
Windows
Server 2003. , , -
. 17.

Windows Server 2003


Windows NT4
, Windows NT4, -
, Windows NT4 Windows 2000 Windows
NT4 Windows Server 2003. , -
Windows Server 2003 ,
. ?, -
Windows Server 2003, -
. Windows NT4 Windows Server 2003
,
Active Directory. Windows Server
2003 .
Windows 2000,
Windows
Server 2003. Windows 2000 Active Directory
Windows 2003 Active Directory -
.
Windows Server 2003, -
, Windows
2003. , Windows NT4
Windows Server 2003, , , Win-
dows 2000 Windows Server 2003 ,
Windows 2000 Windows NT4 Windows Server 2003.
, , , -
Windows NT4 Windows Server 2003,
16.

Windows Server 2003


Windows Server 2003
. Server Advanced Server
Windows Server 2003: Web, Standard (),
Enterprise () DataCenter ( ).

Windows Server 2003 Web


Windows Server 2003 Web - -
Web- -
Windows Server 2003
63
1

, Web-.
Web- ,
.
Windows Server 2003 Web Web-

Web- Web- -
. Win-
dows Windows Server 2003
. ,
Web- -
, Web-.
Windows Server 2003 Web 2
Web-.


, Windows Server 2003 Web
, (DNS,
DHCP, ), Web : -
, . -
, Web-, Windows Server 2003 -
Standard.

Windows Server 2003 Standard


Windows Server 2003 Standard
. Standard
,
, Web-,
(Terminal Services), -
4 .
Standard -
, , (DNS, DHCP,
), . -
Standard -
, Standard
.
, -
- . 35 -
Windows
Server 2003.

Windows Server 2003 Enterprise


Windows Server 2003 Enterprise ,
/ -
. 32
64- Itanium, Enterprise -
Windows Server 2003
64
I


, SQL Server
.
, Windows Server 2003 -
, -
, Enterprise
. -
27.
Enterprise , 8 ,
, , -
99,999% 24 , 7
, . Windows Server 2003 -
Enterprise -
, -
, , Win-
dows Server 2003.
, Windows Server 2003 Enterprise -
Standard,
Microsoft, Win-
dows, Windows -
Windows. , -
Enterprise.

Windows Server 2003 DataCenter


Windows Server 2003 DataCenter -
, 8 64 -
, 8 . DataCenter -
, -

.
35 ,
.
(scale-out) , -
, (scale-
up) , -
. Web-,
, .
-
Windows Server 2003. -
, , -
, ,
. Windows Server 2003
DataCenter , ,
, , -
.
Windows Server 2003
65
1

DataCenter , 8 , -
864 -
, -
-
. ,
, -
, 99,999%.


Windows Server 2003 DataCenter -
, DataCenter -
32- .
DataCenter -
,
.

Windows Server 2003


Microsoft Windows Server
2003 , ,
. , Windows
Server 2003 .
, -
Windows, -
-
.

Windows Server 2003


, Windows Server 2003
(Graphical User Interface GUI) Win-
dows XP. , , -
Windows. Windows
XP, -
, Windows NT
Windows 2000, XP- ,
. , -
: -
Windows Server 2003 .


.NET Server
Windows Server 2003 -
. Windows
Server 2003 ,
, GUI
Windows Server 2003
66
I

. , ,
, -
, -
. -
-
Windows, XML ,
, , ,
, ,
. 23 ,
-
.

,
Windows Server 2003 , -
. -
,
. -
(drag-and-drop)
.

Windows Server 2003 -


,
. Windows 2000 -
, , -
Move ()
. ,
,
Active Directory Users and Computers Windows 2000,
, -
Active Directory.

,

Windows Server 2003, -
, ,
.
, -
: Windows Server 2003 , -
, . ,
, -
, , , . Win-
dows , ,
Windows Server 2003
67
1

-
<Enter>, ,
, .


, Windows Server 2003,
. -
Windows Server 2003 Microsoft -
(Trustworthy Computing Initiative), ,
Microsoft -
. , Windows Server
2003 ,
, Windows Server 2003
Windows, -
.
IV .
12 , Win-
dows Server 2003 ,
, -
.
Windows ,
.
Windows Windows , -
, . -
, ,
12.

IPSec

IPSec
Windows 2000, -
, - . 13
IPSec
,
, . 13

( 802.1X), Windows Server 2003. Windows Server 2003

-
WEP (Wired Equivalency Protocol -
), 802.11 -
.
, , Windows Server 2003
.
Windows Server 2003
68
I

Microsoft
Windows Server 2003
Microsoft (Microsoft Passport) .
Microsoft, -
Windows XP, -
.

, Web-
.
Microsoft Windows Server 2003
Windows Server 2003,
. , ,
, Web- ,
Windows Server 2003.
Microsoft Windows Server 2003 -
14.



, , -
, Windows Server 2003, -
, -
. -
, .
,
, , -
. ,
,
, , -
.



Windows Server 2003 -
-
. Windows 2000 -
,
,
. -

(WAN) , -
; , -
.
Windows Server 2003
Windows Server 2003
69
1

,
. : -
,
, , -
, -
, .



Windows Server 2003 -
. -

.
-
, -
.
Windows 2000
PAS (Partial Attribute Set -
). , -
, , , 5000 ,
, 5001 .
Windows Server 2003 -
, -
.
5001- . -
-
Windows Server 2003, 7.



, -
Windows Server 2003, -
,
. Windows 2000
.
-
, Windows 2000 -
.
Windows Server 2003 ,
.

,
100 /c 1 /c -
, .
, -
Windows Server 2003
70
I

Windows Server 2003



.

7,
Active Directory, 35, -
.


Windows Server 2003 ,
Windows. -
Windows ,
Microsoft. ,
Windows Server 2003, IPv6, Web- XML IETF
(Internet Engineering Task Force Internet).

IPv6
Windows Server 2003 IPv6 (Internet Protocol version 6
Internet, 6), Internet -
TCP/IP. IPv4 (
Internet 4). Internet
, Internet- -
IPv6, .
, IPv6 -
IPSec (Internet Protocol Security Internet).
IPv6 IPv4,
. IPv6 Windows Server 2003
IPv6, IPv4
Internet.
IPv6 7.

Web- XML
Windows Server 2003 Web-, -
XML Web-, -
Web- . Web- -
, Web- -
. XML ,
. XML -
, IP-, -
,
.
Web- XML XML
Web-,
Web- XML. Web- XML Microsoft
, Web- .
Windows Server 2003
71
1

IETF
Windows Server 2003 ,
IETF. IETF ,
. Microsoft -
Internet-. -
IETF, Microsoft
.


Active Directory
Windows Server 2003 -
Active Directory. Active Directory Windows 2000 -
.
, .
Windows Server 2003 -
Active Directory. -
, ,
.


Windows
Server 2003
Windows Server 2003 , -
. -
,

.


Windows Server 2003
(Volume Shadow Copy).
.

( ) , -
, . ,
, -
.
-
.
30.
Windows Server 2003
72
I



.
-
, ,
. , -
, ,
. -
,
,
.
Windows Server 2003
.
, , -
, -
. , -
, ,
, -
.
, -
.



-
. Windows NT4 Windows 2000
, (Recycle Bin), -
. ,
.
Windows Server 2003 -
.
,
.
,
-
.
Windows Server 2003.


, -
Windows 2000, ,
- , -
. Windows Server 2003
, -
Windows Server 2003
73
1

-
.
-
, DCPromo,
. -
. -
, ,
-.
3
,
.

IPSec NAT Traversal


Windows Server 2003 -
IPSec NAT Traversal (NAT-T). IPSec (Internet
Protocol Security Internet) -
- -
-. , IPSec -
Internet . NAT (Network Address Transla-
tion ) .
IP-
. ,
, -
, IP-. ,
IPSec , -
, Windows 2000.
Windows Server 2003 IPSec NAT Traversal, -
IPSec -
. IPSec NAT Traversal -
-
, .
IPSec NAT Traversal 26.


Windows Server 2003
Win-
dows Server 2003 ; -
, -
. , , -
, .

(Distributed File System DFS), -
, DFS, , -
.
Windows Server 2003
74
I



Windows Server 2003 -
, Windows 2000.
.
, -
, - .
,
,
-
, -
. ,
.
Windows Server 2003
-
- -
, . -
, .
DFS , -
,
, ,
DFS. -
, .
DFS ,
, DFS -
DFS 30 .


DFS
DFS , , -
, -
. DFS, DFS, -
DFS -
. DFS
30.


-
. -
Windows -
. Windows Server 2003 -

.
Windows Server 2003
75
1


,
.
3.



Windows Server 2003
. , -
, Windows (Remote
Desktop Client),
. Windows Server 2003 -
,
,

(Session Directory), -
, Internet.
,
27, -
, , , .


Windows Server 2003 -
, -
.
-
Citrix Systems.
Windows Server 2003, ,
.



;
,
. -

. C:,
-, , -
, -
.
Windows Server 2003
76
I



-
. , -
-
, -

, .


Windows Server 2003 ,
, , -
. -
,
.
Windows : -
. , , -
, ,

. , Windows Server 2003
, -
. -

, -
.
Windows Server 2003 -
, .


Windows Server 2003 ,
.

, ,
,
,
.
, -

, , -
, , . -
Windows -
,
.
Windows Server 2003
77
1


, , ,
, ,
.
, , -
, -
.


Windows Server 2003 (Session Di-
rectory),
, - -
Internet, . -
, -
.
, -
, 32 -
.

.
, -
, ,
. ,
, , .
,
-
. -
, , 10
. 10
, , -
, -
. , ,
, ,
. -
, 27.

Windows Server 2003 , -


. -
, , -
-
.
3 33.
Windows Server 2003
78
I


(Automatic Server Recovery
ASR) , Windows
Server 2003,

. ASR -
, ,
-
,
, ASR ,
.
ASR , -
.
ASR , , ,
Windows.
ASR, , -
- Windows Server 2003
. ASR 33.


Windows Server 2003
(Remote Installation Services RIS) . RIS -
, RIS-, -
. RIS Win-
dows 2000, .
RIS . -
, , -
, . , -
, ,
-,
RIS. ,
.
RIS -
.
, Exchange,
SQL, ,
RIPrep RIS- .

, .


RIS- ,
-
. RIPrep
. 33.
Windows Server 2003
79
1

RIS , -

.
33, RIS 3
.


, Windows Server 2003 -
(Out-of-Band Management), -

RS-232 Win-
dows Server 2003. , Win-
dows , (blue screen), -
.
,
.
-
, . -

.


Windows Server 2003
Feature Pack
Microsoft -
,
. Microsoft
, Windows 2003, -
(Feature Pack).
:
http://www.microsoft.com/windowsserver2003/downloads/featurepacks/default.mspx
Feature Pack ,
, Active
Directory,
.


Feature Pack,
, (Group Policy
Management Console GPMC). -
, Active Directory -
, GPMC -
Windows Server 2003
80
I

Windows Server 2003. GPMC -


.

, , -
.
, GPMC -
, ,
. GPMC -
21.



(Software Update Service SUS), -
-
Windows 2000 2003, Windows
2000 Windows XP. Windows -
Web- Microsoft Windows, -
, , . -

-
, -
.
,
IT-
. , , -
-
. Microsoft -
22.

Active Directory


Active
Directory .
Active Directory (Active Directory in Application Mode ADAM)

, Active Directory
. ADAM
-
. ADAM, -

ADAM Active Directory. ADAM -
5.
Windows Server 2003
81
1

(Identity and Integration Feature


Pack IIFP) Active Direc-
tory. , -
, , , -
Exchange 2003, IIFP -
,
. IIFP
Active Directory 2000, Active Directory 2003 Active Directory
2000 Active Directory 2003.
Active Directory ADAM, -
. IIFP 8.

Directory Services Markup


Language Windows
(Directory Services Markup Language DSML)
Active Directory SOAP,
Web-. Active
Directory Web-, XML. -
Web--
. DSML 23.



Active Directory

,
, -
Active Directory Users and Computers MMC,

.
Active Directory ,
, -
, -
Active Directory Users and Computers MMC.
Active Directory -
28.

Services for NetWare 5.0 SP2


Microsoft
.
Windows Server 2003 Service Pack 2 Services for NetWare
(SfN). SfN Windows 2003 Novell NetWare.
Windows Server 2003
82
I

. SfN
8.

Windows SharePoint
,
Windows 2003, Win-
dows SharePoint, 36. Windows
SharePoint (Windows SharePoint Services WSS)
, -
, ,
.
, WSS -
, Microsoft -
Windows 2003.
Windows SharePoint , SharePoint
Portal 2003 (SharePoint Portal Server SPS). SPS WSS
. WSS -
-
.

Windows
Windows (Rights Management Services RMS)
-
, -
. RMS
,
-
, .
Windows 15.

Windows
Windows (Windows System Resource Manager
WSRM) , Microsoft,
.
, ,
-
, WSRM
.
, -
, , 90% -
10 , , -
WSRM , , 15%,

. WSRM -
Windows Server 2003
83
1

,
, :
, . -
, -
, -
. WSRM 27.

Windows
2003
, Microsoft -
, -
, , .
, Windows 2003,
http://www.microsoft.com/windowsserver2003/downloads/default.mspx.

Active Directory v2.0


Active Directory (Active Directory Migration Tool ADMT) -
Windows 2000 1.0 -
. Windows Server 2003 ADMT v2.0 -
,
(ACL) NT4 Win-
dows 2000 Windows Server 2003. ADMT, -
,
, ADMT v2.0
.
, ADMT v2.0 Active Directory,
. -
Active Directory
. , -
, ,
Active
Directory, . ADMT v2.0 -
-
17.


Windows 2000 Windows Server 2003
. Windows 2000
, ,
, , -
(, , -
, ), -
. Windows Server 2003 -
Windows Server 2003
84
I

NetBIOS, -
DNS.
, , -
, -
, . -
. -
,
, .
, -
, . -
17.


Windows 2003 -
Windows-.
,
Windows Server 2003
, , -
. 18.


Microsoft -
Windows 2003.
,
.
,
SQL.
Microsoft , -
, -
Microsoft (Microsoft Operations Manager),
-
. 22.

Microsoft
Microsoft (Microsoft Operations Manager MOM) -
Microsoft, -
Windows-, Windows Server 2003 -
, MOM Windows 2003. -
Windows Server 2003 .
,
Active Directory, Internet Information Service, Windows
. -
(Operations Manager Resource Kit) Microsoft, -
MOM, (Server Status
Windows Server 2003
85
1

Monitor SSM), MOM -


.
MOM MIIS 2003
MIIS 2003, -
Active Directory , MIIS.
Microsoft 25.


, ,
, sonar.exe frsdiag.exe, -
. -
Windows ,

. -
, , -
,
.
Windows
2003 , -
, , .
30, 21.


Windows 2003
Windows 2003,
Windows 2003, -
, Windows
2003 .
Microsoft, -
, Windows 2003 -
Windows 2003 Windows 2003.
-
Windows 2003 ,
Windows 2003.
, 26 -
, (VPN) -
,
.

-
-
.

, -
Windows Server 2003
86
I

. -
GPO MMC
,
. ,
, 21.
, Windows
Server 2003, , , -
, SMTP DNS, ,
, -
34. -
Microsoft,
,
, -
.

Windows
Server 2003
, -
, , Win-
dows Server 2003, -
. Windows
Server 2003 Windows NT4 Windows 2000,
.
Windows Server
2003
.


Windows,
Microsoft Windows Server 2003, .
, Windows Server 2003,
, IPv6, Web- XML IETF.

.
, ACL
NT4 Windows 2000 Windows
Server 2003, Active Directory (ADMT) 2.0.
Windows Server 2003

.
Windows Server 2003
87
1

(SUS) -

, .
-
-
Windows 2003.
-
Windows 2003. -
,
Windows 2003, , -
, ,
Windows 2003.
Windows 2003 -
Windows 2003 ,
, ,
.
SUS -
-
, .


,
,


2
Windows Server 2003

...


Windows Server 2003

Windows Server 2003
:

:

:

:

:


/:

Windows Server 2003
90
I

-
, -
,
. , -
,
. -

.
,
Windows Server 2003 -
. , , , -
,
, Microsoft.
,
: , -
.
, , , ,
, NT4 Windows 2000, , -
, .


Windows Server 2003 -
,
.
, -
.
-
,
, , -
.
, ,
, . -
, -
, .
, -
,
, , .
Windows Server 2003 -
, , , -
, ,
, , .

91
2



Windows Server 2003
Windows Server 2003, -
, -
. -
, ,
, , , -
.

:
, -
(Distributed File System DFS) (Volume
Shadow Copy) Windows Server 2003. ,
, , -
, -
.
,
. -
,
.
,
-
.


, -
. -
,
, (,
, ); (-
) 50 000 . ,
10 000 , -
( , ,
). -
1000 ,
IT- .
-
, . -
-
, , -
.
Windows Server 2003
92
I

, -
Web- , -
, -
, . -
, ,
. -
, , , -
: -
.
-
, .
-
, -
, . ,
, -
, , -
. , -
, -
.
, ,
- , -
. -
, .


-
, , ,
.


50 000
-
. -
, . -
-
.
,
, -
.
(Network Operating System
NOS) IT-, .

, , -
. -
.

93
2


,
. -

.

, -
. ,
,
, Internet, -
, ,
.
, ,
(Client Relationship Management CRM),
. ,
, ,
, , . IT-
, , -
-
.
-
. , -
, -
.

, .
,
, .
,
.



, 30
, ,
, .



Windows Server 2003
Windows Server 2003
,
1000 . -
Windows Server 2003
94
I


.
, -
, ,
, , -
.
,
(50 000 , 10 000 , 1000 ). -
,
, .

. , -
, 99,99% -
,
, , .
: -

VPN -
.
-
. ,
IT-
. ,
, -
-
-
.
1000 ,
,
, , Windows Server
2003.
Exchange, Web-,
Windows Server 2003 .NET. -

Internet, , Windows .NET.
: -
. , -
( ) .
, -
. -
,
.
, . -
$500 000 , $250 000? , , $100 000
$250 000? , -
, .

95
2


.

, ,
. , , -
:
? ,
,
.
, , -
(NOS) -
,
.
, , -
.
(
, -
) , -
(, ). -

,
, , -
, NOS. Windows Server
2003 ,
, -
, .
,
. 99,99%
,
. ,
, -
NOS.
, , -
. : -
, -
. -
.
:
?
?
?
-
?
?
Windows Server 2003
96
I

-
.
:
.
.
,
.
,
-
, -
, .
, .

-
.
Exchange:
( Windows
2000 Windows Server 2003), Windows Active Direc-
tory. ,
SharePoint (SharePoint Team Services STS), , STS
Active Directory ,
Windows Server 2003 -
Active Directory Windows Server 2003.
, , , NOS
, -
. -

.
-
, .
, ,
. -
-
, -
, .
, (),
NOS . ,
.
8, Windows Server 2003 -
, -
NT 4 Server Windows 2000. -
, NOS, -
. ,
, -
Windows Server 2003 .

97
2

, -
. -
, . -
, .



; -
, .
, -
, , -
. ,
, .
,
, -
. -
, ,
.
,
, . -
, , -

. , -
.
, -
, ,
,
. , -
, ,
.
,
, ,
,
( + = ).
,
. ,
, ,
(
).
NOS ,
.

,
. , -
, , ,
Windows Server 2003
98
I

.
, -
, , , -
.
, , -
,
.

, -
, .
, -
( )
. -
,
,
.
,
-
-
.
. , -
,
,
.
, -
, ,
. ,
: , .
,
, , , ,
.
, -
.
( )
, .
, -
, - . -
-
, , , -
.

,
.
,

, .

99
2

, , ,
.

; :
.



.
-
. -
, ,
, , -
.
,
.
, , -
,
.
, ,
, .
, , -
, , , IT-
, -
.
-
.
,
. , Windows Server 2003 -
-
. , -
, -
.

, ,
. -
, Windows Server 2003
-
. 90%
, 10% .
,
. , -
,
.
-
Windows Server 2003
100
I

, -
. -
-
,
, .
, -

.
,
- -
. ,
, -
.
, -
, . -
, , -
, . -
,
,
, ,
.
, -
, ,
. ,
, , .

:

Windows Server 2003
. -
, 50 000
1000 . ,
, -
.
( ) -
. -
, -
, Win-
dows Server 2003.
,
, , -
. -
. , 200,
,

101
2

(Hewlett-Packard, IBM, Cisco),


, , . , -
-
. ,
, -
.
,
. ,
, -
, -
. ,

.
,
.
, -
,
.
IT-, ,
.
, -
, . -
,
, -
-
.
, .
, .
, NOS,
, .
, ,
( , -
, , , -
), -
.
, -
,
, -
, -
.
,
. , -
,
. -
.
Windows Server 2003
102
I


. , , -
(Service Level Agreement SLA),
IT- -
.
-
, , ,
.
, .
, , , -
, :
,
, ,
.


, ,
, -
, . -
, .
, :
DNS, WINS DHCP? VPN VLAN?
? ?
: T1, T1, T3, ATM? -
?

? -
, -
. -
, ,
.

, -
.
-
. , , -
.
, , -
, ?
. -
, -
-
? ,
.
, -

103
2

. :
-
, ?
,
(WAN). , -
? Active Directory,

(OU), -
? .
Internet? -
Internet, , , -
?
,
.


, -
Windows Server 2003,
.
, -
,
( ? ?).
, , ,
.
, , -
, , ,
. -
-
, , ,
.
.

, -
.
, ,
-
.
Microsoft Exchange, / -
, .

. -
, - / -
,
. -
.
Windows Server 2003
104
I

, ,
, ,
. -
, ,
RAID-.
.



, -
. , -
.
,
. -
, ;
, , ,
. ,
,
.
, ,
, -
. : -
, (),
, , (-
/).

:

, -, -
, . -
, -
, -
.

, -
, .

Windows Server 2003.
-
, .

105
2

Windows Server 2003,


, , -
.
. -
, , -
.

. -

, , -

.
-
. :
, ( ,
, ),
.
, , -
, .
, -
, , , -
, .

, ,
, -
.



,
. , , -
, , -
.
. -
, -
, -
.
-
.
.
Windows Server 2003 (, , ).
. 50 000
1000 ,
.
Windows Server 2003
106
I

. , -
, -
, , -
.
. , -
(
).
. .
, , -
Windows Server 2003.
. .
,
. -
,
, .


, ,
. .
-
, .



.
1000 , -
,
.

-
,
. , -
,
. ,
.
, -
: ?.


, -
( )
, .
,

107
2

. -
, ,
.


-
Windows Server 2003 , -
. , -
, ,
Windows Server 2003 ( ,
, DNS),
. , -
.
, ,
, ,
.
, ,
.


-
. -
,
.
, . , -
.

Windows Server 2003


,
Windows Server 2003 . ,
-, ,
Windows Server 2003 .

. ,

. , , , -
, -
.
, -
.
, .
-
. -
( , , -
, ) -
Windows Server 2003
108
I

( NOS, -
), .
, ,
: -
.



. ,
, ,

, , - , -
.
, (-
), ,
.
, ,
, -
. ,
. -
$500 000, -
$250 000,
, , . -
-
, , -
.
-
, ,
.
, -
. -
, -
, . ,
.

. , ,
.

:


-
. , -
, . ,

109
2

,
, . , -
, -
, .
, , ,
, , -
-
. - -
.
,
, , -
. , -
. -
, , , -
.


, ,
,
.
, -
, , -
.
, Microsoft Project,
. ,
. 2.1, . , -
, ,
, , -
. .

1 Windows Server 2003 139 . 15.04.04 . 01.09.04


2 7 . 15.04.04 . 23.04.04
6 15.5 . 24.04.04 . 13.05.04
25 13 . 14.05.04 . 29.05.04
39 ( 1) 30.25 . 02.06.04 . 10.07.04
52 ( 2) 30.25 . 10.07.04 . 18.08.04
65 ( 1 2) 10 . 19.08.04 . 01.09.04

. 2.1.
-
, ,
, .
: , -
Windows Server 2003
110
I

-
.
. ,
, ,
. 2.2.
, . 2.2
, -
. ,
, , -
.
, . ,
( Gantt chart),
. -
, -
.

1 Windows Server 2003 139 . 15.04.04 . 01.09.04


2 7 . 15.04.04 . 23.04.04
6 15.5 . 24.04.04 . 13.05.04
7 : 0 . 24.04.04 . 24.04.04
8 1 . 24.04.04 . 24.04.04
9 0 . 25.04.04 . 25.04.04
10 1 . 25.04.04 . 25.04.04
11 Windows Server 2003 1 0.25 . 28.04.04 . 28.04.04
12 Windows Server 2003 2 0.25 . 28.04.04 . 28.04.04
13 1 0.25 . 28.04.04 . 28.04.04
14 2 0.25 . 28.04.04 . 28.04.04
15 1 0.25 . 29.04.04 . 29.04.04
16 2 0.25 . 29.04.04 . 29.04.04
17 7.5 . 29.04.04 . 06.05.04
18 2 . 07.05.04 . 08.05.04
19 3 . 09.05.04 . 13.05.04
20 0 . 13.05.04 . 13.05.04
21 : 0 . 13.05.04 . 13.05.04
22 ( ) 0 . 13.05.04 . 13.05.04

. 2.2.

111
2


IT-
, , .
, ,
Windows Server 2003. -
, , -
, .

, ,
, -
. ,
. Microsoft Project -
-
; .
, -
, -
, .



, . -
, -
, .
.
,
, , .
Microsoft Project
, , - 20 .
. -
,
.
. -
.
,
.
, .
. -
, , -
NOS -
.


,
. ,
.
Windows Server 2003
112
I

-
.
. Win-
dows Server 2003 ( ).
. .
.
,
.
. , -
, (
) .
. -
, Microsoft Project
.
. , -
.


, -
, .
.
, -
.


,
, ,
-
. ,
, ,
, -
, . -
.


, -
. -
, , , -
.


,
, .
-

113
2

.
, .

, .
, -
, -
Windows Server 2003, -
.

, , .


, , -
, -
. -
-
Windows Server 2003 1
.

. ,
, ,
, -
.
,
, , .


, -
, , -
, . -
,
, . , -
, -
, ;
. ,

, . ,
.

:

,
,
.
Windows Server 2003
114
I

, - -
, .
,

.
, , ,
. -
, ,

, . -
,
.
, ,
, -
.
, -
, ,
. -
- , .

?
, -
.

. Windows Server
2003, , , -
.
.
, -
.
,
-
.
Windows Server 2003: NOS , -
,
.
. -

.
;
Windows Server 2003, 18.

-
, .
, -

115
2

, . ,
, ,
, ,
.



, ,
. , -
.
, , ,

.
-
.
(As Built), -
.
,
,
(Computer Management) Windows Server
2003, : -
, , , -
, .
-
(Disaster Recovery DR). , -
, -
. ,
,
, ,

(, ), -
-
.
-
,
. , -
( !), -
. -
,
.
-
, . -
, -
.
Windows Server 2003
116
I

,
,
.
, -
,
,
, -
.

:


, ,
-
. , , -
, , -
.

,
. ,
Windows Server 2003. , -
, .


, , -
-
, -
. -
.
.
, -
,
, ,
.

.

, , ,
, .
.


-
Windows Server 2003 .
,

117
2

SharePoint,
Active Directory.
, ,
,
.
, , -
, .

.
-
;
. -
, ,
, , , .



,
.

-

,
, .
510 - (
IT-, ).
.
-
1%, 3%, 5%, 10% -
. -
,
, , -
-
.
,
,
, (,
) ,
.

-
-
, -

.
Windows Server 2003
118
I

.
, - ,
; ,
, , ,
- .
-
.

-
, , -
.
, ,
, -
, ( -
, -). -
, -
-
,
.


-
- -
.
, IT-
, -
. -
, -
.

-
, - . ,
,
, ,
.

-
. ,
, -
-

119
2

, -
. -
-,
, .

/:


10% , -
, ,
.
.



, -
, : -
, , -
, , , -
.
-
; .
, -
. , -
.
, -
, .


Windows Server 2003
, ,
,
, .
(
32), ( 22), -
( 25), ( 35) Win-
dows Server 2003.
,
, -
, ,
. ,
.
Windows Server 2003
120
I

.
, . -
Windows Server 2003, ,
50 000 ,
10 000 , 1000 . , -
, . -
, -
, , -
.

, .
,
, -
, . , -
, . ,
, , -
, .
,
, ,
.
,
. -
, , ,
, 1020%.
, -

.

.

Windows Server 2003. -
,
, , -
.
; .
,
.


-
, , ,
.

121
2


, -
.
Windows
Server 2003, , ,
.
.
-
.
( -
50 000 , 10 000 , 1000 ).


, , -
Windows Server 2003.
, , -
, .
-
.
, -

,
.
.
,
.
,
.
, ,
, .


, -
, ,
.
, -
.
, -
Windows Server 2003 -
.
, .
Windows Server 2003
122
I

, -
, .
,
.
-
.


, -
-
.
, , , -
.


, -
, .
, -
.
.


, Win-
dows Server 2003. , ,
.

.
.
-
.

/
, , -
,
.
.
,
, .
.

Windows Server 2003


3
...



Windows Server 2003
Windows Server 2003



Windows Server 2003
Windows Server 2003

Windows Server 2003


Windows Server 2003
124
I

Windows
Server 2003. Microsoft
. , -
,
, - -
Plug and Play. , -
IRQ, -
. , Windows
Server 2003
Microsoft.
.
, .
, -
, .



Windows Server 2003, -
.
.



, ,
. , ,
() -
(), . -

( ). . 3.1 -
Windows Server 2003.

Windows, -
, . .

?
,
, .
, , , -
- , -
.
Windows Server 2003
125
3

3.1.


133 133
x86
733
Itanium
550 733
128 128
256 256
4 32
x86
64
Itanium
4 8
1.5 1.5
x86
2.0
Itanium

, -
. -
, .
,
( ), , -
.
.
, .


?
, Windows,
, , , .
.
, , -
. , -
Windows, ,
Windows Server 2003.
, ,
, -
.
Windows Server 2003
126
I

Windows Server 2003, -


. Workstation Home
Windows Server 2003 .
Windows 2000
Windows NT 4.0 Server ( Service Pack 5 ). . 3.2 -
Windows Server 2003.

3.2. Windows Server 2003


Windows Server 2003
Windows NT 3.51 , NT 4.0
Service Pack 5
Windows NT 4.0 Server ,
Service Pack 5 .
Windows 2000 Server
Windows 2000 Advanced Server
Windows 2000 Professional , -

Novell NetWare , -
Novell (Novell Directory
Service NDS) Windows


, (Domain Controller
DC), . , -
, .
- -
. -
.
Windows 2000, -
. -
. DCPromo -
. , ,
Active Directory .

,

Windows Server 2003 -
(Setup Wizard), .
, -
.
, , ,
, : .
Windows Server 2003
127
3


, .

. ,
. 63
, Windows 2000 15
. -
, Internet. AZ ( -
), 09 (-).
, (Domain Name Sys-
tem DNS) Microsoft ,
Internet (, Unicode ), -
, Micro-
soft DNS.
Internet, .



, .
, , -
.
, Microsoft, :
? , ,
,
. -
.
.

.

IP-
Windows Server 2003
, .
TCP/IP
(Transmission Control Protocol/Internet Protocol -
/ Internet). -
, Internet. TCP/IP -
IP- .
IP-.
IP- (Automatic Private IP Addressing
APIPA). APIPA -
, DHCP (Dynamic Host Configuration Protocol
), -
IP-. IP-
IP- LINKLOCAL.
Windows Server 2003
128
I

169.254 169.254.x.x. ,
APIPA, DHCP-, -
, DHCP.
IP-. IP- DHCP-.
IP-
. -
IP-, , , -
(Domain Name System DNS)
Windows (Windows Internet Naming Service WINS). -
, -
, (lease). -
, IP- DHCP-.
. -
, ,
, .
IP-.
IP-. , ,
. ,
, , , -
. IP- ,
.


-
, -
-
. ,
, .
-
, . -
.
, -
,
.


, ,
. ,
, ,
. -
/ , -
.
Windows Server 2003
129
3


Windows Server 2003
Micro-
soft, Windows Server 2003 -
.
, . -
<F8> , -
.
,
. , -
.
.


Windows -
: NTFS FAT. ,
,
. 3.1.

. 3.1. Windows Server 2003

NTFS FAT -
. .
-
25 ! ,
. Quick Format -
,
.
Windows Server 2003
130
I

, .
, , .

FAT NTFS
Windows-:
FAT NTFS? FAT (File Allocation Table
) MS-DOS.
Windows 95 SR-2, FAT16 FAT32, -

.
FAT32 2 , Windows Server
2003 : 32 .
: 4 (2 FAT16).
,
FAT. -, , Windows Server 2003 -
, ,
NTFS (, Windows 95). -, , -
(, DOS
Win95) .

!
, , -
, , - !

NTFS (NT File System NT) -


Windows Server 2003, Windows 2000 Windows NT.
NTFS NTFS5, NT 4.0 Ser-
vice Pack 4.
. -
, .
Windows Server 2003 16 ( 4 ),
16 ( 64 ). , NTFS
, -
, -
. , -
Windows Server 2003? :
FAT , NTFS.



. , -
(Graphical User Interface GUI).
Regional Options ( ) -
(Standards and Formats). -
, , .
Windows Server 2003
131
3

Location () , -
, .
Languages ()
. ,

, .


.
-
. , Windows Server
2003 Registered To ( ).
. Name
() (, -
), Organization () .


Windows,
(product key) .

.
Windows Server 2003 ,
. Windows Server 2003
.



, -
Microsoft ( Internet
). . , -

Windows (Windows Scripting Host WSH)
Windows (Windows Management Instrumentation WMI).



Microsoft (, Open Select), . -
, .


-
. Windows Server 2003, Windows 2000
NT, : Per Server (
) Per Device ( ).
Windows Server 2003
132
I


, , Per
Server. Per Server
Per Device, Per Device Per Server .


Per Server -
, . , -
,
(Client Access License CAL), ,
, . -
CAL, -
, -
Access Denied ( ).
,
Windows Server 2003,
. Web-
(Remote Access Service RAS).
,
Windows Server 2003, -
.


Per Device CAL
( ),
. , Windows,
Macintosh Unix Windows.
-
;
Windows, CAL.
,
. CAL -
Per Server, ,
Windows-.


,
, Organization () Personalize
Your Software ( ). (,
Windows Server 2003
133
3

, ) . ,
, .


, -
, , Administrator ().

.
( ) .
. -
Password (), Confirmation (-
).
Windows, -
127 .
, .
, Microsoft ,
Windows, . 3.2.

. 3.2. -

,
.



. ,
, .
, , -
.
Windows Server 2003
134
I


. -
, -
, Internet. Typical Settings (
) Custom Settings ( ).


Typical Settings -
.
Microsoft, -
, TCP/IP .
, TCP/IP -
DHCP-. , -
IP-. DHCP- ,
IP- (Automatic Private IP Address APIPA).
, , -
, , , , -
TCP/IP .
IP- .


Custom Settings -
. Client for Microsoft Networks (
Microsoft), File and Printer Sharing for Microsoft Networks ( -
Microsoft) Internet- (TCP/IP).
Custom Settings , -
, / , -
.

,
. -
,
.
, , ,
, -
. .


Next ()
,
. -
Windows Server 2003.
Windows Server 2003
135
3


<Ctrl+Alt+Delete>,
Windows Server 2003. -
.
OK.

Windows Server 2003


Windows Server 2003 ,
, -
, Start () All ProgramsActivate
Windows ( Windows). Windows -
Internet .

Windows Internet
Internet,
Next. : -
Microsoft. Windows -
. , Microsoft ( )
, , .
Yes, I Want to Register and Activate Windows at the Same Time
(, Windows ), -
Collecting Registration Data ( ), -
. 3.3.

. 3.3. Windows
Windows Server 2003
136
I

Next. -
Internet . No, I
Dont Want to Register Now; Lets Just Activate Windows (, -
; Windows) ( -
Internet) . -
Windows.
OK, Windows.

Windows Server 2003


Windows Server 2003 Yes, I Want to
Telephone a Customer Service Representative to Activate Windows (,
Windows)
Next. Windows
.
, ,
. -
.
,
4, . 3.4.

. 3.4. Windows Server 2003

Windows Server 2003


Windows Server 2003
. , -
.
Windows Server 2003
137
3


- . -

.


- Windows Server 2003
.
Check System Compatibility (
). , -
, Web- .


, -
, -. -
Microsoft Internet,
.
. -
, Microsoft. , -
( IIS), -
. Finish ().


, Perform
Additional Tasks ( ). -
(Remote Desktop Connection RDC),
-
.


,
, . -
, :
1. Windows Server 2003 Install Win-
dows Server 2003, Enterprise Edition Server ( Windows Server 2003,
Enterprise).
2. . Upgrade (-
) Next.
3. I Accept This
Agreement ( ) Next.
4. ,
. 25-
Windows Server 2003
138
I

- Windows.
Next.
5. Windows Server
2003. , -
Details (). ,
, Save As ( ).
6. , -
, Next.
7. -
.


Windows, -
,
.

Windows -
, .



Windows Server 2003 -
. , -
(Remote Installation Services RIS), (System
Preparation Sysprep), (Remote Installa-
tion Preparation RIPrep), -
( (Systems Management Server
SMS)), ,
. . 3.3.

3.3.
Unattend RIS Sysprep GP/SMS
X X X
X X
X X X
X X
- X X X

Active Directory X X

-
.
Windows Server 2003
139
3


Windows Server 2003
, Windows
Server 2003 . -
(unattend.txt) , -
. -
, , IP-, DNS.
-
, , . Windows
Server 2003 , -
.


,
. -
,
.
.
,
, . -
, ,
, .



deploy.cab \support\tools
- Windows. -
.
Windows Server 2003 -
,
. , -
.


, -
. -
Windows Server 2003, .
, .
1. - Windows Server 2003 .
<Shift>,
-.
Windows Server 2003
140
I

2. My Computer ( ), -
-
Explore ().
3. support\tools deploy.cab, -
.
4. ,
Extract ().
5. , ( -
), Extract.
6.
Setupmgr.exe.
7. ,
.


, -
. Setupmgr.exe
.

unattend.txt
unattend.txt ,
.
unattend.txt,
:
;SetupMgrTag
[Data]
AutoPartition=1
MsDosInitiated="0"
UnattendedInstall="Yes"
[Unattended]
UnattendMode=FullUnattended
OemSkipEula=Yes
OemPreinstall=Yes
TargetPath=\WINDOWS
[GuiUnattended]
AdminPassword=xxxxxxxx
EncryptedAdminPassword=Yes
OEMSkipRegional=1
TimeZone=4
OemSkipWelcome=1
[UserData]
ProductKey=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
FullName="Rand Morimoto"
OrgName="Convergent Computing"
ComputerName=WNS-Server-One
Windows Server 2003
141
3

[Display]
Xresolution=800
YResolution=600
[LicenseFilePrintData]
AutoMode=PerServer
AutoUsers=10
[TapiLocation]
CountryCode=1
Dialing=Tone
AreaCode=510
[SetupMgr]
DistFolder=C:\windist
installation
DistShare=windist
[Components]
accessopt=On
calc=On
charmap=On
clipbook=On
deskpaper=On
templates=On
mousepoint=On
paint=On
freecell=Off
hearts=Off
zonegames=Off
minesweeper=Off
solitaire=Off
spider=Off
indexsrv_system=On
msnexplr=Off
certsrv=Off
certsrv_client=Off
certsrv_server=Off
iis_www=Off
iis_ftp=Off
iis_smtp=Off
iis_smtp_docs=Off
iis_nntp=Off
iis_nntp_docs=Off
reminst=Off
rstorage=Off
TerminalServer=On
wms=Off
wms_admin_asp=Off
wms_admin_mmc=Off
wms_server=Off
chat=On
Windows Server 2003
142
I

dialer=On
hypertrm=On
cdplayer=On
mplay=On
media_clips=On
media_utopia=On
rec=On
vol=On
[Identification]
JoinDomain=companyabc
DomainAdmin=companyabc\administrator
DomainAdminPassword=password
[Networking]
InstallDefaultComponents=No
[NetAdapters]
Adapter1=params.Adapter1
[params.Adapter1]
INFID=*
[NetClients]
MS_MSClient=params.MS_MSClient
[NetServices]
MS_SERVER=params.MS_SERVER
[NetProtocols]
MS_TCPIP=params.MS_TCPIP
[params.MS_TCPIP]
DNS=No
UseDomainNameDevolution=No
EnableLMHosts=Yes
AdapterSections=params.MS_TCPIP.Adapter1
[params.MS_TCPIP.Adapter1]
SpecificTo=Adapter1
DHCP=No
IPAddress=10.100.100.10
SubnetMask=255.255.255.0
DefaultGateway=10.100.100.1
DNSServerSearchOrder=10.100.100.50,10.100.100.51
WINS=Yes
WinsServerList=10.100.100.60
NetBIOSOptions=0
, -
,
Windows Server 2003 .
Windows Server 2003
143
3


unattend.txt, -
unattend.bat.
(unattend.txt) , (\\WINSERVER\windist\I386).
winnt32 , ,
.


( ) Windows, -
.

unattend.bat
unattend.bat , -
.
, ,
, , :
@rem SetupMgrTag
@echo off
set AnswerFile=.\unattend.txt
set SetupFiles=\\WIN2KSERVER\windist\I386
\\WIN2KSERVER\windist\I386\winnt32 /s:%SetupFiles% /unattend:%AnswerFile%

Windows Server 2003



, -
, . -
(Remote Installation Services RIS) -
(Remote Installation Prepara-
tion RIPrep) (System Preparation Sysprep),
Xcopy -
,
(Automated Deployment Services) -
.
,
:
,
.
( ).


, RIS, -
, .
Windows Server 2003
144
I

(RIPrep)
.
PXE
. -
PCI, PXE, .
RIS IP- DHCP-.
RIS-, , , Active Directory,
, . RIS- -
, RIS-. RIS-
Startrom.com, OSChoice.
, , OSChoice .



Windows Server 2003 Microsoft -
RIS. RIS Windows 2000, Win-
dows XP Professional 32- Windows Server 2003. -
.
, . -
RIS , -
; -
. , -
Windows Server 2003,
.

, RIS
RIS
PXE 1.0 PXE 2.0.
(Network Interface Card NIC), PXE -
RIS. , ,
Windows.


: (-
) , -
() . (Security Identifier SID),
IP- , -
.

(System Preparation), Sysprep. -
, , ,
SID, IP- . , -
-.
,
.
Windows Server 2003
145
3

Sysprep,
, .
Sysprep,
.
.
, -
. -,
. -
: .


Sysprep, Microsoft -
, . -
factory,
. , -
Windows Server 2003, IIS. -
PnP, -
Plug and Play. - 510 .

, -
Windows Server 2003 , -
(Automated Deployment Services ADS).
ADS
(Preboot Execution Environment PXE), -
(Remote Installation Service RIS). ADS -
RIS , ADS .
ADS -
, -
.
ADS Micro-
soft :
http://www.microsoft.com/windowsserver2003/downloads/featurepacks/default.mspx

Windows Server 2003




: Windows Server 2003 -
Active Directory (Systems Management Server
SMS) . -
.
Windows Server 2003
146
I

SMS -
, -
Windows Server 2003.
SMS, -
,
.
.

Windows Server 2003 -


Windows.

, -
.


, -
.
( )
.

, .
.
-
.

Internet: AZ ( ), 09 (-).

.
, -
.
NTFS, -
.
, ,
Per Server.

.
,
RIS, Sysprep, RIPrep,
( SMS).

Active Directory
Windows
Server 2003
II

...
4. Active Directory
5. Active Directory
Windows Server 2003
6.


7. Active
Directory
8. Active
Directory
Novell, Oracle, Unix NT4
Active Directory
149
4

Active
Directory
4
...

Active Directory
Active Directory
Active Directory



Active Directory
Active Directory
DNS Active Directory
Active Directory
Active Directory Windows
Server 2003
Active Directory Windows Server 2003
150
II

Windows Server 2003 Active


Directory Microsoft.
Active Directory Windows,
Microsoft. -
Active Directory Windows Server
2003 .
, Windows Server 2003
Active Directory: -
, , ,
Active Directory.
, -
Active Directory .
, Active Direc-
tory Windows Server 2003.


-

. -
, ,
. , -
, , -
, .
.
.
-
.
Internet

. MVS PROFS (IBM),
Grapevine WHOIS.
, -
,
.
, .
, ,
Novell GroupWise Directory, Lotus Notes /etc/aliases Unix.
-
Novell,
Novell (Novell Directory Services NDS).
NetWare,
NetWare/NT. NT -

NDS .
NT Microsoft Active Directory.
Active Directory
151
4

(Lightweight Directory
Access Protocol LDAP) Internet
. -
, -
TCP/IP, , -
. Active Directory -
, LDAP.


Microsoft
Exchange 5.5 , -
. Active Directory -
Exchange.
, Active Directory Jet,
Exchange 5.5, Active Directory
.
Microsoft Internet
.
,
.

Active Directory
Active Directory . -
Internet, -
:
TCP/IP. -
, IPX/SPX NetBEUI, TCP/IP
. TCP/IP
Internet
, , -
. Active Directory Windows Server 2003 -
TCP/IP .
. -
(Lightweight Directory Access Protocol LDAP)
Internet -
. Active Directory -
LDAP.
. (Domain Name
System DNS) -
, (, www.microsoft.com) IP-,
(, 207.46.230.218). Active Directory -
DNS .
Active Directory Windows Server 2003
152
II

. , -
Internet, ,
. -
, Windows Server
2003 Active Directory . Win-
dows Server 2003 Active Directory IPSec, Kerberos,
(Secure Sockets
Layer SSL). , Microsoft -
-
, .
.
, -

. Active Directory Win-
dows Server 2003 ,
. , Windows Server
2003 -
, Windows 2000:
, , -
-
Windows XP.

Active Directory
Windows 2000, Active Directory -
,
. Active Directory -
, NT 4.0, -
Microsoft.

, NT 4.0
Windows NT 4.0, -
Windows, -
, -
. Windows NT , ,
,
. , -
.
, NT 4.0 :
. -
,
, . -
, -
, Windows NT . ,
,
Active Directory
153
4

/ . -
NT. -
-
. ,
Active Directory -
.
NT 4.0 -
.
. , A B, -
B C, A C, -
A C. ,
, , -
( -
) , . 4.1.


NT

NT



NT

NT

. 4.1. Windows NT4


,
NT 4.0, , -
,
, , -
.
,
(Primary Domain Controller PDC) Windows NT -
NT. PDC -
, -
. -
, NT 4.0 44 000.
Active Directory Windows Server 2003
154
II

Windows 2000 Active Directory


. Windows Server 2003
Windows 2000, Active Directory,
1925 VI .

Microsoft
Internet
Windows 2000, Windows Server 2003, -
Microsoft ,
Internet. , ,

. -
TCP/IP,
NetBEUI . Windows Server 2003
Microsoft Internet .

Active Directory
Active Directory
.
, -
.
.
Active Directory X.500,
.
Active Directory, , Windows 2000,
. Active Directory,
.

Active Directory
Active Directory (AD)
Active Directory. AD Windows NT.
.
Active
Directory .
Active Directory -
. ,
-
. ,
. -
,
, , ,
Active Directory, -
.
Active Directory
155
4


AD Windows 2000 AD Windows
Server 2003 , .
-
Windows Server 2003, Active Directory -
Windows Server 2003.
Active Directory 5.

Active Directory
Active Directory , -
. Active
Directory . . 4.2 -
Active Directory companyabc.com, asia.companyabc.com
europe.companyabc.com .

companyabc.com

asia.companyabc.com europe.companyabc.com

. 4.2. Active Directory -


Windows Server 2003
, -
NT 4.0, -
. ,
asia companyabc, europe -
companyabc, asia europe.
.


Windows Active Directory , -
, -
. -
. -
.
.

, ,
companyabc.com , -
. , europe
Active Directory Windows Server 2003
156
II

, -
asia companyabc .
, europe -
.
.

Active Directory
. -
, .
-
.
. , microsoft.com
msnbc.com , -
( ) -
.
Active
Directory, , -
. , -
.


Active Directory .

. Microsoft MS02-001, -
2002 , , -
. SIDHistory
. ,
. SID ,
. , Active Directory -
.

Active Directory
Windows NT 4.0 , -
NT (NT LAN Manager NTLM). -
-. -
, , -
-, ,
, L0phtcrack, -
.
Windows 2000 Windows Server 2003 , -
Kerberos, . -
Kerberos -
, NTLM. Kerberos
Active Directory , AD
Windows.
Active Directory
157
4

Windows
Server 2003 Active Directory
, Windows 2000
Windows NT, Windows Server 2003
Active Directory Windows Server 2003.
Windows
2000 Windows NT4. Windows Server 2003 -
.


Windows 2000
Windows Server 2003 Active Directory Windows 2000, -
(Mixed mode), ,
Windows Server 2003 -
Windows NT Windows 2000.
, -
,
. -
.


Windows 2000
Active Directory Windows 2000, -
(Native mode) Windows 2000, Windows Server 2003 -
Windows 2000.
Windows 2000 Windows Server 2003.


Windows Server 2003
(Interim mode) Windows Server 2003 Active
Directory Windows Server 2003 , -
Windows NT 4.0. , -
Windows Server 2003 . ,
NT 4.0 Active Directory Windows Server 2003, -
Interim mode Windows Server 2003 -
, Active Directory Windows 2000.
-
NT.
Active Directory Windows Server 2003
158
II


Windows Server 2003
Active Directory -
Windows Server 2003. -
,
, -
.
Windows Server 2003. ,
, Windows Server 2003.
.
1. Windows Server 2003.
2. Administrative Tools ( )
Active Directory Domains and Trusts ( Active
Directory).
3.
Raise Domain Functional Level (
).
4. Raise Domain Functional Level, . 4.3,
Windows Server 2003 Raise ().
5. OK OK, .
6. 15 .
7. , Raise
Forest Functional Level ( )
.

. 4.3. -
Windows Server 2003

Windows Server 2003, Windows Server 2003 -
, Active
Active Directory
159
4

Directory Windows Server 2003. , Windows Server


2003 , ,
Windows 2000 Windows NT.

Active Directory
Active Directory -
. Active Directory -
, .
, , -
.

Active Directory
X.500
Active Directory , , -
X.500. , X.500 -
,
(Directory Information Tree DIT).

_._._.com. X.500
, -
(Directory System Agent DSA). Active Directory Microsoft
X.500, AD -
X.500, X.500 OSI, -
TCP/IP, Active Directory.

AD
(schema) Active Directory
.
AD , -
, Active Directory. , -
(Discretionary Access Control List DACL),
Active Directory. ,

. -
,
AD.


Active Directory User (), Printer (),
Computer () Site () . -
,
. , User
FirstName () LastName () .
Active Directory Windows Server 2003
160
II

, : ,
. ,
Active Directory, , , -
, . ,
Active Directory, , -
1000 .


Active Directory
-
.
Microsoft Exchange, ,
. Active Directory Windows 2000 Active Directory Windows
Server 2003 , , Win-
dows Server 2003.


Active Directory
Active Directory
Active Directory (Active Directory Service
Interfaces ADSI). Active Directory,
LDAP. -
ADSI, . 4.4, ,
. -
, , , .

. 4.4. Active Directory


ADSI
Active Directory
161
4


(Directory Service Protocol), -
Active Directory, Internet
(Lightweight Directory Access Protocol LDAP),
RFC-1777. LDAP Active
Directory. LDAP- -
.
: .


(distinguished name) Active Directory
, Active Directory. ,
James Bond :
CN=James Bond,OU=Marketing,DC=COMPANYABC,DC=COM
CN (Common Name )
, . OU (Organizational
Unit) , . DC
(Domain Controller) DNS- Active Directory.


-
, . -
:
OU=Marketing,DC=COMPANYABC,DC=COM
OU=Marketing. -
-
.



NT 4.0, Active Directory
(Domain Controllers DC).
(Backup Domain Controller BDC) -
, -
, . ,
,
(multi-master replication).



(global catalog) Active
Directory, . -
Active Directory Windows Server 2003
162
II

, AD,
. -
, , -
, , , .
, GC
GC/DC Active Directory,
. -
, -
(Global Catalog Caching) , -
, -
. , ,
Exchange 2000
,
.
-
, -
, ,
. -
Active Directory.


Windows 2000 Windows Server
2003 , -
, Windows NT PDC.
- , -
.
(Operations Master OM), -
(Flexible Single Master Operations FSMO), :
(Schema master). AD
AD . , -
-
. Active Directory .
(Domain naming master).
Active Directory. OM
,
.
.
PDC (PDC emulator). PDC , -
: , ,
NT . -
Windows 2000 Windows Server 2003 .
, , PDC, -
(
PDC NT). Active Directory
PDC.
Active Directory
163
4

RID (RID master). Active Directory,


, -
(Security ID SID). SID SID , -
, -
(Relative ID RID), .
SID, -
RID , RID.
, RID . RID
, ,
-
RID. Active Directory RID .
(Infrastructure master)
.
, DC -
. -
, , ,
. -
, -
. -
, -
, .
, -
. , -
.
OM
. -
(Change Schema Master) Active
Directory. - ,
RID OM
ntdsutil, -
. 4.5. , -
, OM -
, .
22 33.



, Windows 2000, -
Windows Server 2003,
Windows NT.
Windows NT ,
.
, , , .
Windows 2000 ,
Active Directory Windows Server 2003
164
II


. ,
Windows. , Windows
Server 2003 , ,
, -
.

. 4.5. ntdsutil Active Directory


-
Active
Directory. -
, . , -
, , -
, , . ,
,

: .
.


, , -
Windows NT. , , -
. -
, , -
, .
. 4.6 companyabc companyxyz -
, .
Active Directory
165
4

companyabc.com companyxyz.com

asia.companyabc.com europe.companyabc.com japan.companyxyz.com

. 4.6. ,


, -
. (shortcut trust)
, -
. . 4.7 -
asia.companyabc.com europe.companyabc.com,

.
,
Active Directory . -
(external
trust); -
.

companyabc.com

asia.companyabc.com europe.companyabc.com

. 4.7.


Windows 2000
, -
, . Windows Server 2003 -
, -
. -
5.
Active Directory Windows Server 2003
166
II


LDAP, (Organiza-
tional Unit OU) , -
Active Directory
LDAP. Active Directory
,
. . 4.8 -
,
(, ). -
-
.

. 4.8. ,
-

, -
-
. -
. ,
, -
-
. -
, ,
.
, . 6
, -
.
Active Directory
167
4

OU?
, -
Active Directory.
, , -
Active Directory . -
, . ,
, , Active Directory
.
: -
. -
, , -
, .
, -
,
. ,
-
. -
, -
OU . ,
OU -
.
, OU -
, .
Active Directory : -
OU,
.

Active Directory
, Active Directory, -
-
. , ,

. , ,
,
. ,
.
,
.
, -
.

. , -
, , -
Printer Admins, -
Active Directory Windows Server 2003
168
II

. -
, , ,

Printer Admins. -
.
Active Directory , -
, Windows NT, . -
: . Active Directory
: . -
. -
, -
. , Active Directory
, :
(Machine Local Groups).
, ,
Windows NT 4.0. -
.
, .
,
, , -
.
(Domain Local Groups).
Windows NT -
, .
,
Windows 2000.
,
.
(Global Groups).
. ,
, -
. -
, -
, .
(Universal Groups). -

.
. -, -
, (Native) . -
, -
, . -
, Windows Server 2003

.
Active Directory
169
4


6,
( , )
-
, ,
.

, -
, ,
.
-
, . -
, -
, -
.
, -
, -
-
. ,
,
, .

?

, -
. , OU ,
- -
. , ,
,
OU
OU. -
. -
, Japanese Office Users (
), . -
Active Directory. ,
, -
, OU.
, -
, , OU
,
. -
6.
Active Directory Windows Server 2003
170
II

Active Directory
Active Directory , -
.
-
. ,
Microsoft. Ac-
tive Directory , ,
AD.

, -

Active Directory , -
(site). , ,
T1 . -
, , -
, (site link).
,
,
.

, -
,
Active Directory.
, , -
(bridgehead) . . 4.9
Active Directory Windows Server 2003. ,
.
-
. Active Directory -
,
, .
7.



, (originating write).
.
, .
, , , . -
-
. -
, -
, 7.
Active Directory
171
4

DC -




NY
C-
BO
S
C
DC SFO-NY
DC - DC

YC
DC DC -

-N

DF


SF

O- -
DFW

-


DC - DC

. 4.9. ,

DNS Active Directory


Microsoft Active Directory, -
(Domain Name System
DNS). Active Directory DNS, -
, .
Microsoft , , -
DNS Internet, ,
Internet.
, DNS, Active Directory -
DNS, -
: DNS, AD, -
DNS. , Active Directory
DNS, , Unix BIND 8.2.x .
DNS Active Directory Windows Server 2003
DNS. DNS Windows Server 2003 -
9.

DNS
DNS, , -
, DNS . ,
Active Directory Windows Server 2003
172
II

europe.companyabc.com, asia.companyabc.com companyabc.com -


DNS. DNS
Active Directory Internet , microsoft.com
msn.com , -
, .

()
DNS, Internet,
.
, ,
Internet Active
Directory. Active Directory -
, , -
Internet. ,
Exchange, Outlook Web Access,
mail.companyname.com .
,
name@companyname.com. ,
Windows Server 2003
.

()

, -
. Active Directory -
, Internet. ,
DNS cco.com, , Active
Directory internal.cco -
. , -
,
.com, .net, .gov .
, , cucamonga.funkychicken.


, -
Internet,

. ,
companyabc.com, , -, -
. , -
, Active Directory
. Internet, ,
,
VPN, ,
DNS Internet,
.
Active Directory
173
4

DNS
(Dynamic Domain Name System DDNS) -
, DNS
DNS . DDNS Windows Server 2003 -
DNS , -
DHCP,
. DDNS
Active Directory, -
.


DDNS Windows Server 2003
Active Directory Windows,
. DNS- Unix -
DNS , . DDNS
DNS Active Directory
DNS .

DNS DNS,
AD
DNS
.
Unix BIND DNS - DNS,
, DNS Windows Server 2003.
Active Directory DNS, -
DNS Active Directory. DNS -
Active Directory, -
. DNS Active Directory,
DNS . Active Directory Windows Server
2003 DNS, AD, , -
, -
. DNS 9.

AD DNS DNS
, Active Directory,
DNS,
Unix BIND. , -
DNS Windows 2000 , DNS
SRV (BIND 8.2.x ).
, IT- -
Microsoft Unix, -
. , Windows Server 2003
. DNS Windows Server 2003
9.
Active Directory Windows Server 2003
174
II

Active Directory
, Active Directory Windows Server
2003, -
, Windows NT 4.0. Windows Server 2003 -
; , -
Internet (Internet Information Server IIS),
Code Red Nimbda.
Windows Server 2003
Microsoft (secure by default),
. , Microsoft

, . -
Windows Server 2003 -
.

Kerberos
Kerberos -

.
,
,
, .
Kerberos ,
: ,
. ,
.
. -
, .
Windows Server 2003, -
Microsoft Internet. -
Kerberos 12.

Internet v6

Internet
Microsoft, Microsoft, -
, ,
. IIS, Index Server, -
-
Code Red Nimbda. Microsoft -
Windows Server 2003 Internet.
11.
Active Directory
175
4



Active Directory, , ,
Windows Server 2003, . Active
Directory , , -
IPSec,
- . , -
, ,
, , -
.

Active Directory
Windows Server 2003
Active Directory -
Microsoft
Microsoft .NET . , Windows Server 2003
Active Directory. , Active
Directory -
.

Active
Directory Windows Server 2003
Active Directory , -
Active Directory. -
, ,
, Active Directory -
. Active Directory -
.
Active Directory -
, -
. , ,
Windows Server 2003,
Windows Server 2003. , , -
.
,
. -
, ().
, 5.
Active Directory Windows Server 2003
176
II



(Configure Your Server Wizard CYS), -
Windows 2000 Server, .
Windows 2000 , Windows Server 2003 -
, -
, .
,
(Routing and Remote Access
Server RRAS).



Active Directory Windows Server 2003
Active Directory.
-
. , -
,
Windows Server 2003.

.


Active Directory
Active
Directory , .
, -
. Active Directory Windows Server 2003 -
. -

.


, Active Directory, ,
Active Directory Windows Server 2003 -
,
. , -
.
Active Directory
177
4



Windows 2000 -
.
Active Directory. , , -
. ,
5000 5001- -
,
5001 . Windows Server 2003 -
. -
Windows Server 2003 5001- .

Active Directory
Windows Server 2003 Active
Directory (Active Directory in Application Mode ADAM). AD -
-
. Active Directory -
ADAM ,
-
.
ADAM , Active Directory, -
X.500
AD, ,
AD. , , ADAM
-
.
ADAM -
(),
. ADAM
Windows Server 2003 Windows
NT. ADAM NT
.
ADAM Microsoft
Active Directory: -
NOS, ,
AD, NOS, . ADAM -
AD -
, ,
, ( ) -
.
ADAM ,
ADAM, -
, . , -
ADAM Windows Server 2003
Active Directory Windows Server 2003
178
II

Windows XP Professional. ADAM ,


.
ADAM Active Directory,
, -
AD, ADSIEdit, LDP.exe Microsoft
(Microsoft Management Console MMC). ,
,
AD AD.
, ADAM Active
Directory, , NOS, - -
.
Active Directory Windows Server 2003,

.

,
Windows Server 2003
, , Active Directory Win-
dows Server 2003 :
AD DNS . DNS, -
Active Directory, .
, AD ,
DNS.
AD. Windows Server 2003 -
, Active Directory, -
.
AD. Windows Server 2003 -
, -
: ACL, -
.

Microsoft .NET,
, . -
Active Directory Windows 2000 Microsoft -
. ,
, Active Directory
Windows 2000,
.NET Services .
Active Directory
179
4


:
.
,
Internet.
DDNS, DNS
Unix.

Active Directory.
, -
, ,
.
OM
ntdsutil.
, -
,
.
-
.

Active
Directory Windows
Server 2003 5
...
Active Directory


Windows Server 2003










Active
Directory
Active Directory Windows Server 2003
182
II

Active Directory
Active Directory Windows Server 2003 -
. -
, Active Directory, -
. -
Active Directory ,
. -
, , Windows
Server 2003, .
Active Directory . , -
.
, Active Directory -
.
Active Directory, Windows Server 2003,
.
(federated forests) Windows
Server 2003.
,
.

.
, ,
Windows 2000
. Active
Directory . , -
, -
Active Directory. , ,
Active Directory, .
- , -
Active Directory.
Windows 2000 , Windows Server 2003
,
. , AD -
.

Active Directory, ,
Active Directory. Active Directory,
. -
, , -
, . , -
Windows Server 2003, -
Windows 2000.
Active Directory Windows Server 2003
183
5


Active Directory Windows Server 2003
, (trust). -
NT 4.0 , (
). , -
-
. , , , NT 4.0 -
. , -

. Active Directory -
,
. Active Directory Windows Server 2003
. AD -
, , , ,
.


(transitive trusts) -
Active Directory.
Active Direc-
tory Windows NT , -
. , A B,
B C, A C. -
Windows, -
-
.


(explicit trust) , -
-
. -
- .
NT 4.0 , -
,
. -
Active Directory -
-
. Active Directory
NT .


(shortcut trusts)
,
. , -
, , -
Active Directory Windows Server 2003
184
II

, .
5.1.
.
,
, .

companyabc.com

asia.companyabc.com europe.companyabc.com

sales.asia.companyabc.com sales.europe.companyabc.com

. 5.1. -

. 5.1 , -

(sales) companyabc.com.
, , -
.



-
,
Active Directory.
Windows 2000, -
Windows Server 2003 -
-
. -
.


Active Directory
(Domain Name
System DNS), Active Directory. Active Directory
Active Directory Windows Server 2003
185
5

DNS, . -
, , , microsoft.com,
. -
. , Internet
? -
? ,
.

()

Active Directory
DNS,
Internet. microsoft.com,
. -
: Internet,
Internet. ,
, CompanyABC,
(User Principal Name UPN) Vera@companyabc.com.
,
, .
, , -
. Active Directory -
,
.
, Internet,

DNS-. , , ,
, -
. ,

, . -
. ,
-
.


,
Active Directory, ,
Internet. -
, UPN
. , -
. , -
, , -
Internic: .com, .net, .biz, .info .
Active Directory Windows Server 2003
186
II

, , , , -
moogoo.funk, .
,
Internet, .
internalnetwork.net, -
Internet , -
, DNS- ,
. , -
,
ISP (Internet service provider
Internet), DNS DNS-, -
Internet. , -
,
.net .org, - ,
, .
,
, ,
( network.msft),
.internal, .


Windows Server 2003
Active Directory
Active Directory Windows
2000. Windows Server 2003 Active Directory , -
Active Directory
. .
.
Windows Server 2003
Active Directory.

Active Directory. Active Direc-
tory Windows Server 2003
, , ,
.

.
, . ,
, .
.
Windows Server 2003
-
. -
Active Directory Windows 2000. -
Active Directory Windows Server 2003
187
5

-
, Active Directory -
, ,
.
Microsoft .
.
-
- , -
. Windows 2000
DC,
.
Windows Server 2003 ,
(, -),
, ,
(dcpromo), .
,
, .

-
.
. -
-
. (Terminal Services
Remote Administration) Windows Server 2003, -
.
, -
. 500
, .
, ,
,
.


Active Directory -
.
. , , -
Active Directory.
,
, ,
. -
.
Active Directory -
. , Active Directory
, . 5.2. , ,
.
Active Directory Windows Server 2003
188
II

CompanyABC
companyabc.com
.
CompanyABC -
-
. . 5.2. -
-
, .
Active Directory
. Active
Directory Windows Server 2003. , -
, . -
:
.
.
.
.
.
.
.
AD , -
AD. -
, -
, .
; ,
.


Active Directory -
. -
.
, .
, -
, , . -
, NT,
, . -
,
Active Directory -
.


,
. -
Active Directory Windows Server 2003
189
5

, -
. ,
. -

. ,
NT 4.0 Active Directory

.
, -
, . -
IT-
.
NT , -
. Active Directory, -
, -

. Active Directory.
- Active Directory -
, , -
. -
,
. , -
, , , -
. -
, -
Active Directory.
, . ,
, -
,
.
, -
,
. ,
.
, -
, .
, ,
. -
.


, -
A 500
.
, -
Active Directory Windows Server 2003
190
II

. A
NT-
.
IT- Active Directory -
.
, -
.
Active Directory A
Active Directory, companya.net. -
,
.
NT 4.0 Active Directory,
5.3. A -
, -
, -
, , .

companya.net

. 5.3. Active Directory



-
, -
, -
-
. -
6.
Active Direc-
tory. ,
, . 5.4.
Active Directory Windows Server 2003
191
5


companya.net


. 5.4. , -

-
, .
7.
-
, , -, -
, . -
OU , -
AD, -
.



, , . -
. -
: -
.
Active Directory -
. -
, , -
. B -
A; .
.



, Active Directory Windows
Server 2003 ,
Active Directory Windows Server 2003
192
II

.
,
.
. -
IT-
,
.
-
.
, NT, -
. , Active Directory,
, -
AD.
. -
-
,
.
. ,
-
, Active
Directory Windows Server 2003 Active Directory. -
-
.
-
-
.
DNS. -
Active Directory
, Internet,
hotmail.com microsoft.com, -
.
, .
.
, ,
. ,
,
.
. -

, . -
, -
.
-
, .
Active Directory Windows Server 2003
193
5

, -
, NT-,
.


, -
, . B -
, , . -
,
.
, A
B; IT- -
. B Windows Server
2003 Active Directory -
.
IT-
, B -
Active Directory -
A B, . 5.5.

companyb.com

subsidiarya.companyb.com subsidiaryb.companyb.com

. 5.5. Active Directory


-
,
DNS.
, -
, . -
, -
IT- -
.
, NT -
Active Directory, , -

. ,
.
Active Directory Windows Server 2003
194
II



, Active Directory -
.
DNS
. ,
AD -
, . -
Active Directory -
DNS. ,
DNS Active Directory -
. , . 5.6 , Microsoft
Active Directory,
, DNS.



hotmail.com msn.com msnbc.com
microsoft.com

sales.microsoft.com service.microsoft.com

. 5.6. Active Directory -




microsoft.com . -
, microsoft.com ,
DNS, .
, .



-
DNS, ,
. ,
DNS .
, DNS,
Active Directory ,
. Active Directory -
, DNS Active Directory.
Active Directory Windows Server 2003
195
5

,
, , . -
, , .
-
, IT-.


,
, AD. A
,
, . -
DNS
, , -
,
. -
:
citya.org
firedeptcitya.org
policeofcitya.org
cityalibrary.org
Active
Directory, ,
.
Active Directory citya.org.
, ,
. 5.7.



cityalibrary.org citya.org firedeptcitya.org policeofcitya.org

. 5.7. Active Directory -



, -
.
-
.
, -
, -
. -
. -
, DNS
, DNS.
Active Directory Windows Server 2003
196
II

Active Directory Windows Server 2003 -


.

,
.

,
Windows Server 2003. -
,
Windows Server 2003, -
. , -
Windows 2000. , -
, Active Directory .
.
Active Directory, -
, -
. -
AD. ,
Active Directory
, . 5.8, -
.

. 5.8.
, -

-
, , -
, .
, -
-
, -
. , , , AD:
Active Directory Windows Server 2003
197
5

, .
, .
- ,
.
-
.
Active Directory Windows 2000
, .
, SIDHistory
, ,
. , -
-
, SIDHistory.
. 5.9
-
SIDHistory. , ,
,
.
NT,
.
NT, Windows Server 2003 -
, Windows Server
2003. ,
-
.

AD AD

. 5.9.




Active Directory . , ,
AD - -
, -
Active Directory Windows Server 2003
198
II

, -
, -
.


, -
, -
A
. Active Directory Win-
dows Server 2003.
companyb.net. conglomeratea.net, ,
: asia, europe na.
A A
.
A Active Directory Windows Server 2003 -
Active Directory, -
suppliera.com
DNS supplierabranch.org, -
.

, -
. -
, . 5.10.
, , NT 4.0, -
, -
.
.
, , -
.

conglomeratea.net


suppliera.com supplierabranch.org

asia.conglomeratea.net na.conglomeratea.net

europe.conglomeratea.net sales.suppliera.com

A
A

. 5.10.
Active Directory Windows Server 2003
199
5


Active Directory , -
, .
, ,
. ,
. -
, . 5.11.



abcschema.root

companyabc.com

. 5.11.
,
,
.
. 5.11 companyabc.com -
, abcschema.root -
, .
,
.
-
. , -
, -
. -
,
FSMO, , .



. ,
, -
, , . ,
Active Directory Windows Server 2003
200
II

,
.
-
,
. Windows Server 2003
, -
, -
. , root.network,
compaq.com ,
hp.com, root.network.
,
. ,

.
, . 5.12, -
. Active Directory
, .

microsoft.com


msn.com root.msft hotmail.com

redmond.microsoft.com asia.msn.com

tokyo.microsoft.com europe.msn.com

sales.redmond.microsoft.com

. 5.12. ,

,
, . -
:
.
,
.


D ,
-. ,
.
Active Directory Windows Server 2003
201
5

,
.
D Active Directory Windows
Server 2003 -
. -
-
, , .
Active Directory ,
,
. , -
. 5.13.

companyd.com
rootd.peer

IT-

. 5.13.


companyd.com. rootd.peer
.
. -
-
.


(placeholder domain),
(sterile parent domain),
-
. , , -
. 5.14, , -
, .
Active Directory Windows Server 2003
202
II

companyabc.com

asia.companyabc.com na.companyabc.com europecompanyabc.com

, AD

. 5.14.
. -, -
, , -
, . -, -
,
. -
,
. -
, , -
,
.


E -
, , -, -, --, , , -
, , .
-, --,
. Active Directory -
, -
. 5.15.
.
, - -
,
. ,
, -
.
Active Directory Windows Server 2003
203
5

companye.com

E

- --
sa.companye.com europe.companye.com

- -
na.companye.com asia.companye.com

. 5.15. Active Directory


. -
,
,
Active Directory. ,
.
- Active Directory
.
, -
.
.
-

, - -
.
, -
, LDAP , -
, Active Directory, .

. -
, -
, . Active Directory
, ,
. -
, ADAM, 4.
Active Directory Windows Server 2003
204
II


E
. -
E;
. Active Directory
, -
, . -
Active Directory .
-
, , , -
IT-.
-
companye.com, , .
, -
companye.com , .

Active
Directory
Active Directory Windows Server 2003 -
/ -
. Active Directory -
: -
.

Active Directory (, companyabc.com), NetBIOS (NT),
. ,
.
Windows Server 2003 -
, , -
, , -
Windows Server 2003. -
Active Directory,
,
. Active Directory
Windows 2000 ,
, .
Active
Directory .


.
, -
.
Active Directory Windows Server 2003
205
5

.
. ,
, -
. -
,
Active Directory, 16 17.
.
-
Active Directory ,
. .
. -
, -
. , -
.
Exchange 2000/2003.
-
Exchange 2000 - .
-
. -
.



, -
, .
Windows Server 2003.
,
, , -
Windows Server 2003,
Windows Server 2003. -
, , ,
, Windows Server 2003.
DNS. () DNS
,
. , -
NetBIOS.
.
Windows Server 2003 ( ) -
.
.
, . -
, Active Directory, -

, .
Active Directory Windows Server 2003
206
II


.
, , -
, -
.
-
. -
. , , ,

.

1:
, , Rendom ( Re-
name domain; , Microsoft -
Rendom Random ). Rendom
, . , -
rendom /list,
XML-
Domainlist.xml, . 5.16.
XML- ,
, , , ,
.

. 5.16. XML-

2:
()
XML, /list, -
. , CompanyABC
CompanyXYZ, XML, . 5.16,
companyabc companyxyz. NetBIOS, DNS.
Active Directory Windows Server 2003
207
5

3:

XML- , -
rendom /upload. -
-
, .

4:

, -
,
. , rendom /prepare,
, , ,
Active Directory, , , -
. ,
/prepare , .
, - -
.

5:


, -
rendom /execute. execute -
. -
. -
,
, ,
.



Windows NT, -
.

6: ,

Rendom rendom /clean,


, ,
.
-
, DNS. -
, -
Active Directory Windows Server 2003
208
II

netdom. -
.
1. ( Start () Run (),
cmd.exe).
2.
netdom /add:
3.
netdom /makeprimary:
4. .
5.
netdom /remove:
.
DNS-
, , server1.companyabc.com server1.companyxyz.com.

, -
, Active Directory
, Windows 2000. , -
, -
. Active Directory -
.


Active Directory .
,
Internet.
.
,
.
-
Active Directory.
.
, -
.
, , -
.

6
...


OU
OU
OU

OU


Active Directory Windows Server 2003
210
II

, Active
Directory (AD) Windows Server 2003
. (OU),
. -
OU . -
OU , -
.
OU
Active Directory Windows Server 2003.
, OU Windows 2000, Win-
dows Server 2003 OU
, , . -
(GC),
OU
.
Active Directory
Windows Server 2003 -
Active Directory. , -
.
OU .


(. 6.1) -
, Active Directory -
. -
(Lightweight Directory Access Protocol LDAP),
Active Directory, LDAP Active Directory
-
.
Active Directory -
OU , -
. -

Users, - -

Computers, . 6.1.
. Active Directory

Users Computers Active Directory -
, Container.
, Container ,
. , Group Policies,
OU,
OU.

211
6

Active Directory -
LDAP, OU.

Active Directory, -
LDAP- Active Directory. , . 6.2
OU Users
LDAP:
CN= ,OU=Users,OU=,DC=companyabc,DC=com


OU , OU -
OU. , OU, ,
. Microsoft
10 . -
, , -
.

OU
.
OU, - OU
AD . -
OU.

companyabc.com

. 6.2. Active Directory


Active Directory Windows Server 2003
212
II


-
Active Directory, OU
. ,
, , , Active Directory
OU. -
, , /
.
IT-, -
, OU .
, , -
OU, -
OU OU, .
,
Active Directory. ,
.

Microsoft , OU. OU,


-
. -
OU. :
. OU
,
, . -
, , , -
, .
. OU
. ,
OU. -
.
, .
. Active Direc-
tory (Security ID SID), -
. OU
(Access Control Entry ACE) , ,
. ,

.
, .
. ( -
Microsoft Exchange)
-

213
6

, .
, -
.
, .

:
Windows Server 2003 : -
. ,
(scopes): , , .


(security
group). -
, . -
. ,
Marketing,
. 6.3. -
.

. 6.3. -

,
Windows, NT Windows 2000. ,
, Windows Server 2003 -
.
, -
(SID) , Active
Active Directory Windows Server 2003
214
II

Directory SID. SID -


. ,
, -
, .


(distribution group) Windows Server 2003
Windows 2000 Active Directory. -
, SMTP (Simple
Mail Transfer Protocol ) , -
. Windows Server 2003 -
, Active Directory
( LDAP).

Exchange 2000. ,
Exchange 2000, -
.


Active Directory
, .
, -
.


Active Directory -
(mail-enabled group).
,
SMTP- . -
Exchange 2000 -
. Exchange 2000/2003 ,
, Exchange,
SMTP-.
,
,
. , Marketing,
, -
, Exchange -
.


Active Directory (scope) . -
, -
-

215
6

. -
:
.
.
.
.

Active Directory, ,
.
,
.


(machine local groups) ,
; , -
, . , -
Power Users, Administrators , -
. -
.
,
, . -
,
.


Active Directory .
dcpromo ,
, .
.
, , -
.


(domain local groups)
; , -
, . -
Windows NT.
Active Di-
rectory .
:
;
;
( AD Native);
(, Native).
Active Directory Windows Server 2003
216
II

, -
,
/ . -
, .


(global groups)
NT, . -
:
;
( Native).
-

. , -
, -
.


(universal groups) Windows
2000 Windows Server 2003.
.

.

Windows Server 2003 Windows Native 2000
Windows Server 2003 Interim Windows 2000 Mixed. , -
Windows NT4 (BDC) -
, .
-
, ,
. , -
Windows 2000 Active Directory
. ,
.
, .
Windows Server 2003 -
,
.

. , -
Windows Server 2003.

217
6

OU
, Windows Server 2003,
.
. ,
Active Directory, OU . -
OU,
, OU
. -
, OU,
.

, .
, -
.


SID , -
. , -
, , , -
, , .

(. 4 5),
OU .

OU
Active Directory, OU
, -
OU. ,
OU
. . 6.4. -
,
OU, - Active Directory
. -
, -
. 6.4.

OU , . 6.5.
,

OU, .
-
, -
. 6.5. -
OU. - -
-
,
-
OU, -
OU
. ,
Active Directory Windows Server 2003
218
II

, LDAP- -
. OU
OU .

OU
NT
OU Active Directory NT.
. ,
CompanyABC. NT
NT, , . 6.6. -
IT-.

. 6.6. Windows NT4


Windows Server 2003 CompanyABC -
, . 6.7, -
, -
NT.

companyabc.com

- -

. 6.7. Windows Server 2003




219
6

NT4.0
, .
, IT- -
NT. Active Directory
OU, -
IT-.

OU


Active Directory. , -
-
OU.
OU , , , ,
. OU , -
. -
,
OU.
, OU . , -
OU .
.
, , -
OU . -
,
OU.

OU
OU. -
- OU ,
. -
, OU.
OU Windows 2000 Active Directory. -
OU Windows 2000 Win-
dows Server 2003 . OU
, Windows 2000.

OU

, OU
Active Directory -
. NT 4.0 -
, Active Directory
. .
Active Directory Windows Server 2003
220
II

NT -
. -
. , IT-
//
OU.
.
1. Active Directory Users and Computers -
(OU), -
, Delegate Control (
).
2.
Next ().
3. Add (), ,
.
4. .
5. Next.
6. Delegate the Following Common Tasks ( -
) . 6.8 Create
(), Delete () Manage User Accounts (
) Next.
7. Finish (), .

. 6.8.

. , -

OU. -
OU,
. ,

221
6

, . -
-
, :
1. Active Directory Users and Computers -
(OU), -
, Delegate Control.
2.
Next.
3. Add, , -
.
4. .
5. Next.
6. Create a Custom Task to Delegate ( -
) Next.
7. Delegate Control Of ( ) Only the Fol-
lowing Objects in the Folder ( ).
8. Users Objects ( )
Next.
9. Property-Specific ( ).
10. Permissions () Read and Write Phone
and Mail Options ( ),
. 6.9, Next.
11. Finish, .
, . -
Active Directory
, Windows Server 2003.

. 6.9.
Active Directory Windows Server 2003
222
II

OU
,
-
. , -

. ,
Active Directory,
.
.
, OU
-
OU OU .
, -
. -
, ,
:
1. Active Directory Users and Computers
Properties ().
2. Group Policy (-
).
3. , ,
Properties.
4. Security ().
5. Read () Apply Group Policy (
) Authenticated Users Group (
), .
6. Add (), ,
.
7. .
8. Read Apply
Group Policy, . 6.10.
9. 68 , -
.
10. , Close (),
.
11. 110 .
,
, -
OU . ,
,
OU.

223
6

. 6.10.
Read Apply Group Policy


, -
, . -

-
.


, :
-
. -
,

.
,
. 6.11.
.
(Marketing Global Finance Global),
. -
Printer1, . -
Marketing Finance Printer1.

,
.
Active Directory Windows Server 2003
224
II

Finance Global

Printer1 DL
Printer1
Marketing Global


. 6.11.
Windows Server 2003.
,
, , , .
, -
, .
, -
Windows Server 2003.


, -
Native,
Mixed. ,
. SID , -
, Mixed -
, .


Active Directory, -
, ,
. ,
-
, . -
, - , -
.


,
,
. -
.

225
6


Windows 2000 Mixed Windows Server 2003 Interim
. , Native
, -
.


, ,
SMTP- . ,
SID, , ,
. -
, Exchange 2000/2003. -
.


NT BDC Mixed Interim -
. , -
.


OU , -
, - -
. -
, OU . -
, OU . -
, OU
.

-
CompanyA -, .
-
T1. IT- -
50% .
, -
:
;
;
;
.
NT, . 6.12.
,
.
Active Directory Windows Server 2003
226
II

NT -
: IT_NT

IT_NT
SALES_NT
MANUF_NT MNGMT_NT SALES_NT

DESIG_NT
MNGMT_NT

OU DESIG_NT MANUF_NT
-

, IT-
. 6.12. -
Windows NT4

AD, -
, .
Active Directory companya.com, -
OU, , ,
. 6.13.

companya.com

IT

. 6.13.
, Ac-
tive Directory Active Directory (Active Directory Migration
Tool ADMTv2). 16 17.
OU -
,
, . 6.14. , -
(. OU -

227
6

) ,
/
OU.

. 6.14.


-
, -
. :
IT Global
Sales Global
Manufacturing Global
Design Global
Management Global
,
, :
Printer1 DL
FileServer3 DL
VidConfServer1 DL
Printer3 DL

.
. , Prinrer3
. ,
. ,
Printer3 DL, Design Global Sales Global
Printer3 DL , . 6.15.
Active Directory Windows Server 2003
228
II

Design Global

Printer3 DL

Sales Global

. 6.15.

.
Printer3 IT-,
Printer3 DL IT Global. -
.

-, -
-
, -
. ,
OU . -
OU,
.
, CompanyB.
, -
, , -, , ,
(. 6.16).
. ,
, -
.
, - .

OU

AD CompanyB , -
, OU -

229
6

. OU
, . -
OU, . 6.17.

-
-

. 6.16. CompanyB

companyb.com

. 6.17. -

Active Directory Windows Server 2003
230
II



-
OU. , Europe
OU DL .
, OU
,
OU.

CompanyB . IT-
, -
. , Berlin IT Admins Global Kiev IT Admins
Global, IT-
.
Europe OU DL,
. 6.18. OU .
-
OU.

Berlin IT Admins
Global
Europe OU DL

Kiev IT Admins
Global

. 6.18.

, -
, -

.
, -
, ,
, . ,
IT-
OU, -
Europe OU DL. -
. , OU
OU, -
.

231
6

- -
, , . -
- -
,
. Active Directory
,
(OU) . -
, -
.


OU -
Users Computers.
OU .
OU 10 , 3
.
OU , -
.

.
,
.


Exchange 2000/2003.
,
.
, SID
.

Mixed.
.

Active Directory
7
...
Active Directory
Active Directory

IPv6 Windows Server 2003

Active Directory Windows Server 2003
234
II

Active Directory
-
, . -
.
, ,
Active Directory (AD), , .
Windows Server 2003 Active Directory,
Windows 2000, .
Active Directory,
AD.
Active Directory Windows Server 2003 -
, Windows 2000.
,

(DC). , DC (DC
Promotion from Media) -
, DC.
, ,

, -
. , -
IPv6, .
Windows Server 2003 -
, . -
, -
-
.
Active
Directory Windows Server 2003, . -
Active Directory
, . ,
, AD, , -
IPv6 (Internet- 6).

Active Directory

. Active Directory
Windows Server 2003 , -
,
, .
Active Directory , -
-
. Active Directory -
, Active Directory.
Active Directory
235
7

Active Directory
.
WAN, -
.

Active Directory , , -
.
, (multimaster replication),
.
, -
. -
. , - ,
. -
Active Directory
(Update Sequence Number USN).



, .
, - ,
. -
.

. ,
,
.
. USN
Active Directory
. USN 64- , -
Active Directory. USN
, . -
USN,
. . , -
Server2 Server1
USN, Server2, -
, . -
.
USN , USN -
,
. , -
USN,
.
Active Directory Windows Server 2003
236
II


USN -
Active Directory. -
.
(replication collision) -
, - , ,
. , -
Server1,
Server2 , Server1
, . -
.



Active Directory. -
.
, -
. -
.
,
Active Directory , -
, .


Windows Server 2003 . -
DC Windows (Windows
Time Service), .


-
(Knowledge Consistency Checker KCC) Active Directory
.
. , -
, -
(Primary Domain Controller PDC), , -
.
.
Windows Server 2003 -
. -
, .
1. Active Directory Sites and Services.
2. Sites \ <_> \ Servers \ <_> \ NTDS Settings
(\<_>\\<_>\ NTDS), _
.
Active Directory
237
7

3. NTDS Settings (
NTDS) New Active Directory Connection
( Active Directory).
4. .
5. .

Properties (),
, . 7.1. ,
, .


, , Active Di-
rectory KCC . ,
,
, .

. 7.1.


, Active Directory,
, AD ,
. ,
,
, .
, AD . -
() . -
, -
Active Directory Windows Server 2003
238
II

, .
-
:
1. Active Directory Sites and Services.
2. Sites \ <_> \ Servers \ <_> \
NTDS Settings, _ , , -
.
3.
Replicate Now ( ),
. 7.2.

. 7.2.
, -
, repadmin. -
Windows Server 2003 .
repadmin -
,
. -
,
. . 7.3 -
, Active Directory
.
repadmin, replmon, -

.
. . 7.4 -
, -
Active Directory.
Active Directory
239
7

. 7.3. , -
repadmin

. 7.4. replmon

,
. ,
, -
.
.
1. Active Directory Sites and Services.
2. Sites \ <_> (\<_>).
Active Directory Windows Server 2003
240
II

3. NTDS Site Settings (


NTDS) Properties.
4. Change Schedule ( ).
5. Four Times Per Hour ( ),
. 7.5.
6. , ,
, NTDS Site Settings Properties
( NTDS).

. 7.5. -

, , -
.
.

SMTP- IP-
Active Directory Windows Server 2003
IP- (RPC), SMTP-.
SMTP-, AD . -
, SMTP-
AD Internet. , SMTP -
, ,
Windows Server 2003, -
VeriSign. -
AD, Internet.
IP- .
-
(Remote Procedure Call RPC),
,
(WAN).
Active Directory
241
7

Active Directory
Active Directory (site). -
Exchange 5.5: AD
.
. , -
, -
, .
Active Directory.

Windows
Server 2003
Windows 2000 .
Windows Server 2003 , -
-
:
.
.
.
ISTG.
.
.
.

.


Active Directory -
, . ,
, ,
.
Active Directory ,
-
. , , . 7.6.
Server1 Server2, Site1, -
10.1.1.x. Server3 Server4 10.1.2.x.
Client1, IP- 10.1.2.145,
Active Directory Server3 Server4, ,
.
. .
1. Active Directory Sites and Services.
2. Sites \ Subnets (\).
Active Directory Windows Server 2003
242
II

3. Subnets -
New Subnet ( ).
4. IP-, .
10.1.2.0 C
(255.255.255.0).
5. , . , . 7.7, -
Site2.
6. .

1 2

10.1.1.0/24 10.1.2.0/24

Server1 Server2 Server3 Server4

10.1.2.145/24

Client1

. 7.6.

. 7.7.
Active Directory
243
7


Windows 2000 DC. -
-
Active Directory Client ( Active Directory). AD -
, Windows 9x NT -
, .


Active Directory , -
, .
.
(site link) , -
.
, -
WAN. -
,
.
,
, : SMTP IP
(. SMTP- IP-).
-
. , WAN -
, . -
-
WAN.
, IP- , -
Site1 Site2. , -
,
18:00 06:00 .
1. Active Directory Sites and Services.
2. Sites \ Inter-Site Transports \ IP (\ -
\IP).
3. IP -
New Site Link ( ), ,
. 7.8.
4. .
Site1 Site2 SL.
5. Sites in This Site Link ( -
).
6. .
7.
Properties.
8. Change Schedule ( ).
Active Directory Windows Server 2003
244
II

. 7.8.
9. . -
06:00 18:00
Replication Not Available ( ),
. 7.9.
10. , .

. 7.9.


(bridge), -
,
.
, . ,
A B, B C, C
A.
Active Directory
245
7

. ,
,
.
,
.
1. Active Directory Sites and Services.
2. Sites \ Inter-Site Transports \ IP (, , SMTP).
3. IP ( SMTP) -
Properties.
4. Bridge All Site Links ( -
), . 7.10.
5. , .

. 7.10.


, -
.




(Knowledge Consistency Checker KCC),
-
15 . KCC ,
Active Directory Windows Server 2003
246
II

. KCC : KCC, -
, (Inter-Site
Topology Generator ISTG), .
Windows Server 2003
, ISTG,
, Active Directory.
, Active Directory, 5000.


ISTG,
ISTG , -
Windows Server 2003, -
Windows Server 2003.


Active Directory , -
,
. (site cost), -
Active Directory . , ,
, . -
-
.
. . 7.11
Active Directory, .

7
DC


DC DC 7

5 DC DC

15

DC
5
DC
DC
DC
DC

DC
5
3

DC DC
DC

. 7.11.
Active Directory
247
7

. 7.11 -
, 15.
-
, -
,
( ) 17. -
Active Directory.




, -
, -
.
(preferred site link bridgeheads) , -
. , -
.
Active Directory -
. , . -
Site1 Site2 SL -
.
1. Active Directory Sites and Services.
2. Sites \ <_> \ Servers \ <_> (\
<_>\\<_>), _ , -
.
3. <_>
Properties,
, -
. 7.12.
4. ,
,
Add (),
. 7.12.
5. , -
.
-
.

,
-
(Operations Master OM),
PDC, . 7.12.
,
Active Directory Windows Server 2003
248
II

. , , ,
. ,
, , -
, , , -
-
.



, .
, , , -
, .
, T1, ,
,
.
,
.



Windows Server 2003 -
, .
,
. ,
, -
.
- Windows Server 2003 -
WAN . Active Directory

WAN. , , -
- .
. 7.13 , AD -
WAN . , -
, WAN.
WAN , WAN -
, -
.


.
, , -
.
Active Directory
249
7

. 7.13. WAN


Windows 2000/XP Windows, AD Client, -
DNS. , DNS -
,
, . -
, , DNS, -
. 9.



LAN ,
,
. ,
, , -
. -
.
, .
, -
,
, .
-
, -
.
.
Active Directory Windows Server 2003
250
II


, , , -
, . Windows
Server 2003
-
.

,
. -
, -
.


AD, -

, , -
. ,

.



,
WAN .
WAN, , -
.
WAN
. -

, .
, , -
, . ,
, -
, . 7.14.

10

Site2 Site1

10

. 7.14.
Active Directory
251
7


-
WAN. -
, , ,
. , ,
, ,
, . ,
WAN .
, .

SMTP- IP-
Active Directory -
IP,
RPC .
SMTP. , -
, , ( -
), SMTP , RPC -
. SMTP
Internet, -
, .
SMTP ,

, , Internet. SMTP -
(Certificate Authority CA), ,
, .

SMTP-

, , Internet.
, -
(VPN), SMTP,

Internet. ,
SMTP.
SMTP
,
SMTP.
, SMTP.


Windows Server 2003
Windows 2000 , -
-
Active Directory Windows Server 2003
252
II

. -
, . Windows Server 2003 -
, Active Directory , -
AD.



Windows Server 2003 ,
, ,
- . ,
-
WAN, -
, Windows 2000 -
, . -
,
GC .
, GC/DC ,
. -
.
- -
GC.
dcpromo /adv (dcpromo /adv), -
, . 7.15.

. 7.15. DCPromo
-
dcpromo ,
. DCPromo
, -
Active Directory
253
7

. DCPromo WAN -
,
.


Active
Directory ( 30 ),
DCPromo . -
, , , , -
.


/

Active Directory
. , -
. Windows Server 2003
, -
(linked-value replication). -
, Active Directory.
Windows Server 2003 -
, . , -
. -


. , -
.
, -

. Active Directory Windows 2000 -
, -
.
, . -
, , -
, ,
. -
, -
AD, -
.
,
, , , -
.
.

.
Active Directory Windows Server 2003
254
II

1. Active Directory Sites and Services.


2. Sites \ <_> (\<_>).
3. NTDS Site Settings (
NTDS) Properties ().
4. Enable Universal Group Membership Cashing (
), . 7.16.
5. , .

. 7.16.


(lingering objects), , -
, ,
, . -
, -
.
, . Windows Server 2003
, .


AD ,
. -
,
. Windows Server 2003
, -
.
Active Directory
255
7



Windows 2000 -
. -
, -
. Windows Server 2003
,
.



KCC, (InterSite
Topology Generator ISTG), AD
5000 . Windows 2000
ISTG AD 1000 . -
, Active Directory -
Windows Server 2003,
Windows Server 2003.

IPv6 Windows Server 2003


Internet,
, .
Internet Protocol,
232 . ,
Internet. -
IP-,
(dotted-decimal format) (, 12.155.166.151).
Internet. -
, ,
(Network Address
Translation NAT), .
, Internet- 4
(IPv4) , , -
, IPSec QoS. IPv4.

Internet-, Internet 6 (IPv6).
IPv4, -
(2128). -
Internet-, , -
.
Windows Server 2003 IPv6, -
. -
IPv6, , ,
Active Directory Windows Server 2003
256
II

, , -
.

IPv6
, IPv6 , .
IPv4 ; -
128- , . -
, , IPv6,
.
IPv6 ,
Internet. , IPv6.
. ,
IPv4 IPv6, .
- , IPv4
4 294 967 296 . IPv6 340 282 366 920 938 463 463 374 607
431 768 211 456 . , IPv6
, -
.
. IPv6- , -
. ,
IPv4,
. , -
IPv6
IPv4.
. -
, ,
IPv6- .
IPv6 Internet-
(Automatic Private Internet Protocol Addressing APIPA) -
, Windows IPv4.
IPSec QoS. IPv6 -
IPSec -
, (Quality of Service
QoS), .

IPv6
, IPv6- 128 32-
IPv4. -
. , , 128-
IPv6- :
111111101000000000000000000000000000000000000000000000000000000000000010000011
00001010011111111111111110010001000111111000111111
Active Directory
257
7


16- :
1111111010000000 0000000000000000
0000000000000000 0000000000000000
0000001000001100 0010100111111111
1111111001000100 0111111000111111
16- ,
IPv6-:
FE80:0000:0000:0000:020C:29FF:FE44:7E3F
, IPv6 IPv6-, -
, . -
, 020C 20C. -
, IPv6 .
:
FE80::::20C:29FF:FE44:7E3F


IPv6- , -
.

IPv6 , IPv4:
,
. , IPv4, IPv6.

IPv6
Windows Server 2003 IPv6,
. , -
:
Netsh interface ipv6 install
-
(Network Components), :
1. Start () Control Panel ( ).
2. Network Connections ( -
).
3. , -
IPv6, Properties ().
4. Install ().
5. Protocol (), Add (-
).
6. Microsoft TCP/IP version 6, . 7.17.
7. , Close (),
.
Active Directory Windows Server 2003
258
II

. 7.17. IPv6
IPv4- IPv6-
.
ipconfig /all, . 7.18.

. 7.18. IPv4- IPv6-

IPv6
IPv6 . ,
-
IPv4. , ,
IPv4 IPv6 .
IPv6 Windows Server 2003 IPv4 -
. - .
Active Directory
259
7

IPv6
IPv4, (, Internet).
IPv6.
Windows Server 2003 -
.
(Intrasite Automatic Tunnel Addressing Protocol ISATAP) -
IPv6 -
. , 6--4 (6to4), -
IPv6- , Internet.
-
IPv6.

IPv6
-
. -
, IPSec, NAT -
, .
, ,
IPv4. , , Windows Server 2003 -
IPv6.


Active Directory Windows Server 2003 , -
. -
WAN, , ,
, WAN.
, , -
, .
AD
Windows Server 2003.


CompanyA
(). ,
, . WAN -
, . 7.19.
Windows Server 2003 -
.
Active Directory , -
, .
, WAN,
. -
Active Directory Windows Server 2003, . 7.20.
Active Directory Windows Server 2003
260
II

DC DC


DC DC -
-

512 /
DC
DC
512 / DC
DC
( PDC) -

-

256 /
128 /
DC DC

DC DC

. 7.19. WAN . 7.20.


CompanyA CompanyA

-

. PDC
, . -
, -
.
CompanyA ,
, -
WAN.


CompanyB
, , . -
-
. WAN WAN
, . 7.21.
CompanyB Windows Server 2003 Active
Directory. Active Direc-
tory . , ,
.
-
, WAN ,
, DCPromo.
, . 7.22, ,
WAN . -
,
WAN.
Active Directory
261
7



128 /
128 / 64 /

64 /

T1 128 /
64 /
T1


T1 64 /
128 /
128 /

256 /
64 /

. 7.21. WAN CompanyB

DC DC DC
15 15 20

20
DC DC
DC
DC DC
DC DC
DC DC 5 10
20
DC DC
5 DC
DC DC
DC DC
DC 15
DC DC 5 20
DC
DC DC
15
DC DC DC
10
20

DC DC
DC

. 7.22. CompanyB
, , -
CompanyB
, -
. ,
,
Active Directory Windows Server 2003
262
II

,
WAN .
-
-. -

, .
CompanyB -
WAN , ,
, AD.

Active Directory
Windows Server 2003 -

. , Windows
Server 2003 IPv6, -
-
-
.


, KCC,
.
, , DNS, -
SRV.
repadmin replmon -
Active Directory.
IPv6 , Windows XP
Windows Server 2003 , IPv6.
IPv6 ISATAP 6--4
IPv4 IPv6.
AD 95/98/NT,
.
, -
-
.
SMTP, , -
, ( ).

Active Directory
Novell,
Oracle, Unix NT4
8
...
Services for Unix 3.5

Interix Services for Unix

Unix NFS Windows
SFU

Services for Unix
Windows NetWare
Services for NetWare

Microsoft

MIIS
Active Directory Windows Server 2003
264
II

Microsoft , , , -
, , -
. -
-
Microsoft. Windows Server 2003
Microsoft -
, Microsoft Unix, Novell, Oracle
.
: Services for Unix (SFU) 3.5, Ser-
vices for NetWare (SFNW) 5.02 SP2 Microsoft
Identity Integration Server (MIIS) 2003. -
Windows Server 2003, -
Microsoft .
-
, . ,
,
Windows Server 2003, -
.

Services for Unix 3.5



Unix Windows -
, ,
. , -
;
, -
, , .
-
.
Unix Windows, Samba ,
Linux/Unix Windows NT. -
, Microsoft , -
Unix, , , Unix
.
Services for Unix . -
Microsoft , , -
Unix, .
, -
, Unix- Windows, -
,
Windows Server 2003.
Active Directory Novell, Oracle, Unix NT4
265
8

Services for Unix


Services for Unix . -

, .
, 1.x 2.x, .
.
Services for Unix 3.0.
Unix -
. 3.0 Interix -
Windows- POSIX,
Unix Windows Server.
SFU 3.5,
SFU 3.0. -
:
Active Directory Windows Server
2003.
.
Interix.
Interix ( 100%).
Windows Server 2003.

Services for Unix


Unix, Services for Unix (SFU),
, -
Unix. -
Services for Unix, -
. SFU -
.
Interix
NFS
NFS
NFS
Telnet
Telnet
PCNFS
NIS


NIS-
Active Directory Windows Server 2003
266
II

,
.
.


Services for Unix
Services for Unix Unix,
-
Unix:
Sun Solaris 7.x 8.x
Red Hat Linux 8.0
Hewlett-Packard HP-UX 11i
IBM AIX 5L 5.2


SFU Sun Solaris, Red Hat Linux, HP-UX
IBM AIX.
Unix.

Windows 2000
(Server Professional), Windows XP Professional Windows Server 2003 ( ).
Services for Unix , -
, .
:
NIS Active Direc-
tory. , -
NIS.
NFS NFS .

.
NIS NIS- Unix
SFU- Windows.
,
Unix , NIS-
NIS Windows.
NIS
, .

Services for Unix 3.5


Services for Unix -
Microsoft. -
.
Active Directory Novell, Oracle, Unix NT4
267
8

Services for Unix 3.5 -


Microsoft Web- Services for Unix :
http://www.microsoft.com/windows/sfu
SFU 3.5 .
1. - .
, setup.exe -
- SFU.
2. Next ().
3. Next.
4. .
Next.
5. Custom Installation ( )
Next.
6. . (. 8.1)
, Client for NFS.

. 8.1.

7.
.
Next. -
, ( GNU C++
ActivePerl).
8. , -
, Interix, , -
Interix .
, , . 8.2,
Next.
Active Directory Windows Server 2003
268
II

. 8.2. Interix
9. (User Name Mapping
Service),
.
. , -
Next.
10. NIS-
. ,
, . 8.3, Next.

. 8.3. -

11. Next.
, .
12. Finish (),
Yes (), .
Active Directory Novell, Oracle, Unix NT4
269
8

SFU
.

Interix Services for Unix


Services for Unix,
. Interix -
Services for Unix. Interix POSIX
Windows, Unix -
Windows. Interix , -
POSIX, Windows Server 2003, .
Interix Unix
Windows. , ,
Unix, -
: grep, tar, cut, awk . , -
, , Unix-,
Wintel, Win-
dows Unix.
SFU 3.5 Interix. -
/, -
,
. , Interix SFU 3.5
, Active Directory
Windows Server 2003.

Interix
Unix, , Interix,
,
Korn C, , Unix. SFU -
-
,
.
, Win-
dows , Unix.


Interix
Interix Unix
grep, man, env, pr, nice, ps, kill . -
, Unix (. 8.4), Interix -

, Unix.
Active Directory Windows Server 2003
270
II

. 8.4. Interix C


Unix NFS Windows
Services for Unix -
Unix Windows Server 2003,

. NFS, NFS-
NFS -
.

NFS
Windows NFS (Gateway for
NFS) (Network File System
NFS) Unix. NFS Windows Server 2003 -
NFS,
NFS- Unix -
NFS-.
NFS (gateway shares), -
Windows
\\server1\marketing, ,
NFS. ,
SFU
.

NFS
NFS (Server for NFS)
NFS. Windows- -
NFS, NFS- SMB- Windows. -
, Windows Server 2003 -
NFS- Unix .
Active Directory Novell, Oracle, Unix NT4
271
8

NFS
NFS (NFS Client) -
Windows, NFS
. NFS- Windows,
. NFS-
Windows-, UID GID , -
SFU. , -
Unix NFS net mount.

SFU
(Single Sign-In SSI), -
, ,
. , -
-
. Services for Unix -
SSI ,
.


(User Name Mapping) -
Active Directory Windows Server 2003
Unix. -
,
.
, , Unix -
, Windows .
-
Windows -
Unix. , ,
Active Directory Windows Server 2003 -
(root) Unix.

SFU
,

. ,
MMC SFU, . 8.5,
, -
.
,
Active Directory , -
Unix-. -
, -
Unix:
Active Directory Windows Server 2003
272
II

Solaris 7 and 8
Red Hat Linux 6.2, 7.0 and 8.0
HP-UX 11
Unix ,
SFU. SFU 3.5
, -
.

. 8.5.

Services for Unix


Services for Unix -
. ,
Telnet, ActivePerl 5.6
MMC Admin Services for
Unix. , SFU -
.


Telnet
Services for Unix Telnet. -
, Windows- Telnet, Tel-
net, Windows Server 2003 Windows XP. Telnet
SFU inetd, Interix -
Active Directory Novell, Oracle, Unix NT4
273
8

Windows- Telnet. Telnet


Unix
NT LAN (NTLM).

MMC Services for Unix


Services for Unix, NFS, -
Microsoft (Microsoft Management Con-
sole MMC), . 8.6. Windows -
MMC
SFU.

. 8.6. MMC Services for Unix


ActivePerl 5.6 SFU
Services for Unix ActivePerl 5.6, -
Perl 5.6 Unix. Perl
Windows, ActivePerl 5.6
Windows (Windows Scripting Host WSH),
Perl WSH-.

Windows NetWare
Services for NetWare
Microsoft -
NetWare (Network Operating System
Active Directory Windows Server 2003
274
II

NOS) Windows. NetWare


Microsoft.
Gateway Services for NetWare (GSNW) Services
for NetWare (SFNW), -
.

Gateway Services for NetWare


Windows Novell -
Gateway Services for NetWare ( NetWare, GSNW) -
, Windows Server 2003
Novell NetWare. GSNW
:
Windows NetWare.
NetWare - Windows.
GSNW:
Windows Server 2003 Exchange
NetWare.
, ,
NetWare
NetWare, GroupWise.
Novell Microsoft Win-
dows Server 2003.
Microsoft,
Novell, NetWare,
GSNW.


Windows- GSNW
NetWare. .

Services for NetWare


Services for NetWare (SFNW) 5.02 Service Pack 2 (SP2)
Novell Windows.
SFNW :
NetWare (FPNW).
Microsoft (MSDSS).
(FMU).


Services for NetWare Windows Server 2003. -
Service Pack 2 SFNW 5.02
Windows Server 2003.
Active Directory Novell, Oracle, Unix NT4
275
8

Services for NetWare 5.02 SP2


SFNW . -, ,
MSDSS, -
Active Directory. ,
, .
-
. SFNW .
1. SFNW 5.02 MSDSS.MSI.
2. , , -
. .
3. Next ().


, -
, . -
, .

4. , AD ,
. 8.7. , MSDSS.

. 8.7. AD MSDSS
5. Finish ().
6. , ,

repadmin.
MSDSS.MSI.
7. Next.
8. , Next.
9. Microsoft Directory Synchronization Services (
Microsoft), . 8.8,
Next.
10. Next.
11. Custom Install ( )
Next.
12. , . 8.9, Next.
Active Directory Windows Server 2003
276
II

. 8.8. MSDSS

. 8.9. SFNW
13. Next, .
14. Finish,
Yes (), .
Services for NetWare . -
Administrative Tools ( ),
. 8.10.

NetWare
NetWare , Win-
dows- NetWare. Net-
Ware , -
Novell. Novell -
, -
Active Directory Novell, Oracle, Unix NT4
277
8

FPNW. FPNW FPNW -


NetWare ,
Windows.

. 8.10. Services for NetWare


Start ()
FPNW.
Novell 3.12,
NetWare.
Windows Server 2003, FPNW, -
, Novell 3.12.
Novell Microsoft Windows Server 2003.
Novell, Windows Server
2003, , Win-
dows Server 2003 FPNW.

Microsoft
Microsoft (Microsoft Directory Synchronization
Services MSDSS) , Ac-
tive Directory, Novell (Novell Directory Services NDS). MSDSS
, Active Directory, Net-
Ware, NDS -
Novell 3.x.
Active Directory , -
NDS, Active Directory
Active Directory Windows Server 2003
278
II

Novell, MSDSS ( ) Active Directory


-
(OU) NDS . MSDSS OU
Novell
Active Directory.
MSDSS . -
, Active Directory, -
NDS. Active Directory NDS
, -
. NDS Active Directory
( ).
MSDSS .
Active Directory -
NDS.
Windows Server 2003 NDS -
.
MSDSS .
, , ,
Active Directory, NDS NetWare.
(Session Manager). -
. ,
NDS, -
.
(Object Mapper).
(, , , )
.
DirSync (DirSync Provider). -
DirSync (/). -
(Lightweght Directory Access Protocol LDAP)
Active Directory NetWare NCP NDS NetWare.
MSDSS, Active Directory
( ).
MSDSS.
Novell Windows Server 2003.
DNS, DHCP ISS . -
Windows Server 2003
MSDSS.
Novell Windows Server 2003.
DNS, DHCP ISS .
MSDSS
AD NDS.
Active Directory Novell, Oracle, Unix NT4
279
8



(File Migration Utility FMU) -

NetWare Windows Server 2003.
MSDSS, FMU , -
(ACL), . FMU -
, ,
NDS Active Directory. -
, MSDSS,
, NetWare,
Windows, -
. FMU -
.


Windows
NetWare Windows. -
NTFS Novell,
, .


Microsoft
-

, . -
, , -
, ,
-
Microsoft (Microsoft Identity Integration Server MIIS) 2003.

MIIS
MIIS Microsoft .
(metadirectory) , -
. 1996 ,
(Burton Group, http://www.tbg.com) ,
. -
, -
.
Microsoft -
Microsoft (Microsoft Metadirectory Services MMS). -
, . -
Active Directory Windows Server 2003
280
II

, -
.
3.0 , -
Microsoft (Microsoft Identity Integration Server
MIIS) 2003. MIIS ,
, -
, -
, :
Active Directory Windows 2000/2003
Active Directory (ADAM)
Windows NT 4.0
Novell NDS eDirectory
SunONE/iPlanet Directory
Lotus Notes Domino
Microsoft Exchange 5.5
ERP
PeopleSoft
SAP
Microsoft SQL Server
dBase
Oracle
Informix
DSMLv2
LDIF, CSV, ,
/
, LDAP.
MIIS 2003 -
Web- -
. , -
,
.


(IIFP)
MIIS, Microsoft
(Identity Integration Feature Pack
IIFP) Microsoft , -
Active Directory, (Global Address
List GAL) Exchange 2000/2003 Active Directory (Active
Directory in Application Mode ADAM).
MIIS, AD,
Active Directory Novell, Oracle, Unix NT4
281
8

, MIIS. -
AD, IIFP. IIFP
Web- Microsoft MIIS
http://www.microsoft.com/miis.

SQL Server MIIS


MIIS IIFP Microsoft SQL Server
2000. -
, .
MIIS, -
SQL Server. -
SQL MIIS.

MIIS
, ,
, -
MIIS. MIIS -

/ .
MIIS, .
(Management Agent MA). , -
. , Active Di-
rectory MIIS -
Microsoft Active Directory.
(Connected Directory CD). , MIIS
MA.
Microsoft Exchange 5.5.
(Connector Namespace CS). -
, , -
.
(Metaverse Namespace MV).
, , -
.
(Metadirectory). MIIS
.
(Attributes). , -
. -
, , , , ,
.
MIIS ,
. -
-
, , , , -
Active Directory Windows Server 2003
282
II

, . ,
, -, -

, MIIS
. , - -
, ,
MIIS. MIIS
(identity management). -
MIIS , -

.

MIIS
MIIS 2003 , -
MMS. -
MIIS -
. -
.

. -
,
, , -
, -
.
MA , -
.


, -
, .
Full Import ( ), Delta Import ( ), Export Apply Rules
( ) Full Import and Re-Evaluate Rules (
). MIIS
-
, . -
,

. .


Microsoft
MIIS 2003 , -
. MIIS Enterprise MIIS,
Enterprise Windows Server 2003, SQL Server 2000 Enterprise. -
Active Directory Novell, Oracle, Unix NT4
283
8

MIIS 2003. -
.
1. - MIIS , -
Install Microsoft Identity Integration Server 2003 (
Microsoft), . 8.11.

. 8.11. MIIS
2. Next ().
3. I Agree (
). Next.
4. Complete Installation ( )
Next.
5. , SQL Server. , -
, . 8.12, Next.

. 8.12. SQL Server MIIS


Active Directory Windows Server 2003
284
II

6. , MIIS, -
Next.
7. , MIIS, . 8.13,
Next.

. 8.13. MIIS
8. Start (), .
9. ,
. 8.14. , . -
.

. 8.14. MIIS
10. MIIS Finish ().
MIIS -
, ,
.


MIIS
MIIS .

.
Active Directory Novell, Oracle, Unix NT4
285
8

, ,
-
. MIIS , -
.
MIIS .


MIIS
MIIS -
. , MIIS
.
, , ,
.
,
intranet-. MIIS
Active Directory LDAP,
:
1. MIIS 2003.
2. ,
Active Directory LDAP.
3.
, . 8.15.
4. , Active
Directory
.

. 8.15. MA
Active Directory Windows Server 2003
286
II

5. , -
, ,
-
. -
.
6. -
. , ,

. ,
, ,
. -
,
, , Active Directory -
.
7. MA
,
,
. , -
. MA -
.
8. MA -
-
.
-
, .
,
MIIS . -
,
.
, -
.


MIIS
(provisioning) MIIS
, -
, -
. , Active Directory -
, Active Directory
. , MA -
, -
.
MIIS -
,
Active Directory Novell, Oracle, Unix NT4
287
8

. , HR PeopleSoft
, -
, . 8.16.

:
NDS:
x4288

ADAM:

MIIS
NT
NT:


MIIS
HR PeopleSoft:
Lastname=
Firstname=
JobTitle=-
Extension=x4288 UPN AD/Exchange 2003 UPN:
EmploeeID=12345678 Vera.Serdyuchka@companyabc.com

LDAP:

. 8.16. MIIS

MIIS. -
-

.
, -
. MIIS -
Windows NT. , ,
Exchange Server 2003,
Active Directory.
1. MIIS Enterprise.
2. Windows NT 4.0.
3. MA NT 4.0, ,
, .
4. NT MA
MIIS, . 8.17.
5. MA Active Directory Exchange Resource.
6. , MA Active Directory, MIIS
, , . 8.18.
Active Directory Windows Server 2003
288
II

. 8.17. MA NT

. 8.18. MA
7. Visual Studio .NET 2003 DLL-
, -
. DLL-
MVExtensionExchange.
8. DLL- ,
. 8.19.
9. -
.
Active Directory Novell, Oracle, Unix NT4
289
8

. 8.19. DLL--

, ,
Exchange Server 2003 Exchange 2000 .
(SID) NT -
,
. -
MIIS Exchange

.

MIIS 2003
MIIS ,
-
. MIIS
, -
. - MMS
, , MIIS
, -
.
/ Microsoft, ,
MIIS , .

Microsoft -
, .
Services for Unix, Services for NetWare -
Microsoft -
Active Directory Windows Server 2003
290
II

. ,
-
,
, Windows Server 2003.


Microsoft
.
AD MSDSS
Services for NetWare.
NetWare -
NTFS .
,
AD.
NIS, Windows Server -
NIS- Unix.
Interix Unix -
Windows.
NIS Active
Directory, NIS AD -
.
NFS NFS .
NIS -
, .


III

...
9.
10. DHCP, WINS

11. c
Internet IIS 6

293
9

9
...


DNS
DNS Windows
Server 2003

DNS

DNS-
DNS
Microsoft DNS
DNS Windows Server 2003
DNS Active Directory
DNS

294
III



( )
(NOS). -
-
. , ,
NOS -
.
Windows Server 2003 -
(Domain Name System DNS)
Active Directory Windows Server 2003. DNS
Windows Server 2003
(Request for Comments RFC), -
DNS.
, Windows Server 2003 -
DNS, RFC.
DNS -
Windows Server 2003. -
DNS Active Directory -
. -
DNS, Windows Server 2003. ,
DNS
DNS Active Directory.

DNS
-.
, . , -
, . -
, , . -
,
.
.
.
TCP/IP ,
10.1.2.145,
IP-.
, -
, , www.microsoft.com.
DNS ,
-
, (Resource Record
RR), .

295
9

DNS . -
( ) (),
( ), -
(IP-). -
, DNS. ,
, DNS Windows Server
2003, .

DNS
Internet
HOSTS, Internet -
IP-. -
HOSTS-. Internet
, -
.
1983 -
RFC (Domain Name System DNS),
Internet. -
HOSTS -
, DNS-, -
Internet, ,
, . -
, DNS, -
.
Windows NT 4.0 Microsoft
DNS, RFC, DNS. Windows 2000
Microsoft DNS
. ,
(OC), WINS -
. Microsoft DNS ,
-
, , Unix BIND. -
,
DNS.

DNS
DNS Internet, -
Internet. ,
. -
DNS -
, DNS Windows Server 2003.

296
III

DNS
DNS ,
, -
. -
(.) (Fully Qualified Domain
Name FQDN), server1.sales.companyabc.com, -
DNS. . 9.1 -
CompanyABC DNS.

.com
.edu .net .org

companyabc.com
microsoft.com

sales.companyabc.com

. 9.1. DNS
(root),
(.) Internet (Internet Registra-
tion Authority). DNS -
.com, .net, .gov, .fr , -
, . -
, .edu,
.com.
DNS.
DNS, , -
, companyabc, . 9.1. -
DNS,
.
DNS , ,
. , sales.microsoft.com
microsoft.com. , DNS -
.

297
9

DNS
, DNS,
(namespace) DNS. , microsoft.com
marketing.companyabc.com. , -
. Internet -
. .com, .net, .org -
, .
Internet, .
, , -
, , dnsname.local companyabc.internal.
Active Directory,
.
, Internet.

DNS Windows
Server 2003
, Windows Server 2003 -
DNS, .
DNS,
.

DNS

DNS, -
Configure Your Server Wizard
( ), Configure a DNS Server Wizard
( DNS).
.
, DNS.
DNS Windows Server 2003 -
. DNS
Windows Server 2003, . DNS -
, , , 7.
1. Start () All ProgramsAdministrative ToolsConfigure
Your Server Wizard ( -
).
2. Next ().
3. , ,
Next. .

298
III


, 3, -
, DNS Active Direc-
tory .
421.

4. DNS Server Component ( DNS)


Next.
5. Install DNS Server ( DNS) Run the Configure
a DNS Server Wizard to Configure DNS ( -
DNS DNS), Next.
6. DNS -
- Windows Server 2003.
OK.
7. Configure a DNS Server Wizard (
DNS), . 9.2. (, -
DNS , , Start
Run () dnswiz.exe.)

. 9.2. DNS
8. DNS
Next.
9. Create Forward and Reverse Lookup Zones (Recommended
for Large Networks) ( (-
)) Next.
10. Yes, Create a Forward Lookup Zone Now (Recommended) (, -
()) Next.
11. Primary Zone (
) Next. ,
Store Zone in Active Directory ( Active Directory).

299
9

12. Zone Name ( ) Next.


13. -
. Create a
New File with This File Name ( )
, . Next.
14.
. , -
Allow Both Nonsecure and Secure Dynamic Updates ( -
, ), Next.


DNS-,
. , -
.

15. . -
Yes, Create a Reverse Lookup Zone Now (,
) Next.
16. Primary Zone Next.
17. -
Next. ( ,
IP- . , IP- C
10.1.1.0/24, 10.1.1, . 9.3.)

. 9.3.
18. ,
. Create a New File
with This File Name Next.
19. .
Allow Both Nonsecure and Secure Dynamic Updates
Next.

300
III

20. ,
, DNS.
No, It Should Not Forward Queries (, -
) Next.
21. , . 9.4,
, DNS.
, Finish ().



DNS, 21, .
, -
. , , OK
DNS .
.

. 9.4. -
DNS

DNS
DNS
DNS. TCP/IP
DNS-, DNS ,
.
:
1. Start Control PanelNetwork Connections (
).
2. Network Connections ( )
< > (
, , -
DNS) Properties ().

301
9

3. Internet Protocol (TCP/IP) ( Internet


(TCP/IP)).
4. , Use the Follo-
wing DNS Server Address ( DNS-),
IP- DNS- Preferred DNS Server (
DNS-).
5. DNS Alternate
DNS Server ( DNS-).
6. OK, .


Windows 2000 , DNS- -
DNS.
(island problem) Windows DNS. -
, Windows Server 2003 ,
DNS- , -
. .


DNS (Re-
source Record RR).
-
. , DNS ,
DNS -
RR.
DNS.
DNS, Active Directory Windows
Server 2003, .
DNS RR.


DNS (Start of Authority SOA) , -
. SOA
-
. SOA , -
(Time to Live TTL), , DNS,
, . 9.5.

(A)
,
A. RR IP-
, . 9.6.

302
III

. 9.5. SOA

. 9.6.
DNS A,
IP- -
.

(NS)
(Name Server NS) , -
DNS DNS- .
SOA, -
NS-, , -
DNS-.

303
9


, NS, IP- -
.
A. NS A . -
, NS server1.companyabc.com,
A server1 companyabc.com.

(SRV)
(Service SRV) , ,
. Active Directory
SRV, : -
, LDAP Kerberos. SRV DNS -
. SRV -
, . , LDAP-
SRV, , LDAP-
. SRV Active
Directory,
, . 9.7.


SRV DNS , -
DNS , Unix BIND 4.1.x NT 4.0 DNS. -
, DNS, Active Directory Windows
Server 2003, SRV. Unix BIND -
8.1.2 .

. 9.7. SRV
Active Directory

304
III

(MX)
(Mail Exchanger MX) , -
SMTP. MX -
,
, . , MX -
companyabc.com, , user@companyabc.com, -
, MX.

(PTR)
DNS (Pointer
PTR). , ,
IP-, IP-.
DNS PTR , IP-.
PTR .

(CNAME)
(Canonical Name CNAME) -
, DNS
. ,
A . CNAME ,
sfoexch01.companyabc.com
mail.companyabc.com.


DNS , , -
.
:
AAAA. IP- 128- IPv6, -
. 9.8. IPv6
.
ISDN. DNS ISDN.
KEY. ,
.
RP. (Responsible Person) .
WKS. (Well Known Service).
MB. , .

DNS
(zone) DNS DNS,
DNS. DNS -
, -

305
9

. , -
- , , -
, . . 9.9 , -
DNS ,
DNS.
, DNS
. , -
, -. -
. -
Internet .,
.

. 9.8. AAAA

.com

companyabc.com
companyxyz.com

asia.companyabc.com europe.companyabc.com


east.asia.companyabc.com sales.europe.companyabc.com
west.asia.companyabc.com

. 9.9. DNS

306
III


, DNS, , -
(caching-only) .
, -
-
DNS .


, (forward lookup zone) -
DNS. -
IP- . ,
Server1, IP- -
, DNS 10.0.0.11 IP- .


.
. ,
. -
CNAME, .


(reverse lookup zone)
. IP-
.
. -
, .
PTR, -
.


DNS ( Active Directory)
DNS- , , , -
. DNS- -
, .
,
, .
.
DNS
companyabc.com:
1. DNS MMC, Start Administrative
ToolsDNS (DNS).
2. DNS \ <_> \ Forward Lookup Zones (DNS\
<_>\ ).

307
9

3. Forward Lookup Zones ( -


) New Zone ( ).
4. Next.
5. Primary Zone. -
AD, Store the Zone in Active Directory (-
Active Directory), , Next.
6. Next.
7. , ,
Create New File with This File Name ( )
Next.
8. , .
, Do Not Allow Dynamic Updates ( -
) Next.
9. Finish, .


(secondary zone) -
. DNS
, . -
DNS .
-
, .

-
- Microsoft DNS . - (stub
zone) ,
,
. - NS, SOA
. (glue records) A, -
NS IP-
. , - -
, .
. 9.10, - ,
. , -
, .
Windows Server 2003 -, .
-.
1. DNS MMC, Start Administrative
ToolsDNS.
2. DNS \ <_> \ Forward Lookup Zones.
3. Forward Lookup Zones
New Zone.

308
III


companyabc.com companyabc.com
Server1 Server2 Server3
192.168.0.11 192.168.0.12 192.168.0.13
NS-
-

NS server2.companyabc.com SOA A SOA A


A A
A server2.companyabc.com NS A NS A
A A
NS server3.companyabc.com NS A NS A
A A A A A A
A server3.companyabc.com A A
A A A A
A A
A A A A A A
A A
A A A A
A A A A
A A

. 9.10. -
4. Next.
5. Stub Zone (-).
AD, Store the Zone in Active
Directory ( Active Directory), ,
Next.
6. - Next.
7. Create a new File with This File Name (
) , , -
. Next.
8. IP- ,
. Add (),
. 9.11, Next.
9. Finish, .
- SOA, NS -
, .


DNS -
, (zone transfer).
, .
DNS ,
Active Directory.
DNS- , DNS-
. -
, -
.

309
9

1. DNS MMC, Start Administrative


ToolsDNS.
2. DNS \ <_> \ Forward Lookup Zones.
3. -
Properties.
4. Zone Transfers ( ).
5. Allow Zone Transfers ( ) -
Only to the Following Servers ( ).
6. IP- , ,
. 9.12.
7. , OK.


IP-, -
Only to Servers Listed on the Name Servers Tab ( , -
) , -
Name Servers ( ).


, DNS -
, (Asynchronous Zone
Transfer AXFR) . -
DNS ,
- . DNS -
AXFR, .

. 9.11. - . 9.12.

310
III



(incremental zone transfer IXFR) ,
DNS
DNS-.
AXFR, , -
, .
IXFR ,
SOA DNS-, .
. , , ,
, 45,
55, IXFR -
, 45 55. -
, -
, AXFR. ,
25, 55, -
AXFR, . 9.13.

= 50

Server1
Server2
50 55

Server2

= 55 = 45

Server1
Server3
45 55
Server1 Server3



= 25


,

Server1 Server4
Server4

. 9.13. IXFR

DNS-
DNS , -
.
DNS : -
.

311
9


(resolvers),
, DNS.
DNS-, -
.
, .
. -
. 9.14.

3
Server2
(
)
2
5
1
4
6
8 Server3

Server1 ( )
Client1
7


Server4
( Microsoft DNS Server)

. 9.14.


DNS , -
DNS-, ,
. -
,
.
, . 9.14, Client1 CompanyABC
Web- Web- www.microsoft.com.

Server1. Server1 companyabc.com
microsoft.com, DNS-
, DNS-. Server2
microsoft.com, Server1 -
Server3, .com.
Server3 ,
microsoft.com Server4,
Server1. Server1 Server4 -
, Server4 www IP-.

312
III

, Server1 Client1,
IP-, Client1
www.microsoft.com.
DNS -
DNS, .

DNS
DNS , -
. , -
DNS, -
DNS Microsoft.

DNS
DNS DNS,
.
DNS
, . DNS
-
DNS . DNS,
DNS
.
,
Windows 2000/XP , DNS -
(NT/9x) -
DHCP.
, -
10.


Time to Live (TTL, )
( ), -
DNS-, . -
DNS. -
TTL -
, DNS-.
Client1 IP-
www.microsoft.com, DNS- ,
, IP-
. -
, DNS- IP-
, Client1 TTL.
-
DNS-.

313
9

TTL , -
. TTL -
, .
TTL SOA. Windows
Server 2003 .
1. DNS MMC, Start Administrative
ToolsDNS.
2. DNS \ <_> \ Forward Lookup Zones \ <_>.
3. SOA .
4. Minimum (Default) TTL ( ()
) , . 9.15.
5. , OK.

. 9.15.


DNS -
. -
, , , -
IP-.
Windows Server 2003 .
DNS, AD, , -
. -
Kerberos, ,
.
DHCP -
: DHCP-

314
III

. ,
DHCP- DNSUpdateProxy. -
, DNS. -
, DHCP- -
, -
. , ,
.
SRV , -
, , DHCP- -
. DHCP , -
, .


DNS
, -
, IP-
DNS-
. (scavenging)
-

. -
, Windows Server 2003
,
.
1. DNS
MMC, Start Ad-
ministrative ToolsDNS.
2.
-
Properties.
3. Advanced (- . 9.16.
).
4. Enable Automatic Scavenging of Stale Records (
).
5. , . 9.16,
OK, .
DNS,
.
.


DNS
Internet, Internet

315
9

.com, .net, .uk . DNS -


,
(Root Hints), , -
.
,
.
\%systemroot%\system32\DNS\cache.dns
Web-:
ftp://ftp.rs.internic.net/domain/named.cache

(forwarders), , , -
.
,
, -
Internet. -
, -
DNS- Internet-. -
DNS- Active Directory
AD DNS- DNS-
, , Unix BIND.
, -
, DNS- .

. , -
companyabc.com companyxyz.com,
DNS-, Internet
, .
, ,
,
. , -
.
DNS Windows Server 2003 ,
, .
1. DNS MMC, Start Administrative
ToolsDNS.
2.
Properties.
3. Forwarders ().
4. DNS Domain ( DNS) ,
. , , New ().

316
III

5. IP- Selected domains forwarder IP ad-


dress list ( IP- ),
. 9.17.
6.
, Do Not Use Re-
cursion For This Domain ( ).
7. , OK.

. 9.17.

WINS
WINS, DNS -
WINS DNS. -
DNS DNS-,
WINS-. DNS
WINS .
WINS DNS .
1. DNS MMC, Start Administrative
ToolsDNS.
2. DNS \ <_> \ Forward Lookup Zones.
3. -
Properties.
4. WINS.
5. Use WINS Forward Lookup (
WINS).
6. IP- () WINS, Add (-
), OK, .

317
9

Microsoft DNS
Active Directory Windows Server 2003 -
, Windows 2000 DNS.
, , ,
-
DNS, Windows 2000.
DNS Windows 2000,
DNS Windows Server 2003 DNS.

, Active Directory
DNS, Windows 2000,
DNS, AD--
. Active Directory, ,
DNS. Active Directory -
DNS. -
Kerberos DNS -
, , DNS- -
.
Windows Server 2003 AD- , -
. , ,
Active Directory, .
.


, DNS
(Dynamic DNS DDNS)
.
Windows 2000 DNS, Windows Server 2003.

Unicode
Windows 2000 Windows Server 2003 -
Unicode DNS , -
Unicode, -
. DNS- , -
: ,
.


DNS Microsoft Unicode,
DNS DNS,
Unicode -
DNS (, Unix BIND) .
az, AZ, 09 (-).

318
III

DNS Windows Server 2003


, DNS Windows 2000, Windows Server 2003
DNS
Microsoft . -

DNS Windows Server 2003.

DNS

, DNS Windows Server 2003
Active Directory AD. -
,
AD- . -
, DNS
.
, Windows 2000, AD- -

.
.
, , -
, -
.

DNS
DNS -
, -
DNS. ,
Active Directory. ,
DNS MMC
Configure a DNS Server ( DNS-).


Windows 2000 -
(island problem), DNS-,
DNS-. IP- DNS-
DNS, DNS- -
, IP-.
DNS- .
DNS Windows Server 2003 -
DNS, -
IP- .
DNS- DNS- , -
.

319
9

_msdcs

Active Directory -

SRV DNS. SRV Active Di-
rectory, _msdcs.
Windows Server 2003 _mscds DNS, -
. 9.18. , , -
, DNS-.
SRV .
Windows 2000 _msdcs -
DNS, -
. SRV -
, DNS-
,
.

. 9.18. _msdcs

DNS Active Directory


DNS Active Directory. - -
.
, Active Directory
X.500, DNS. , Ac-
tive Directory DNS -
. -
Active Directory
DNS Active Directory.

320
III

DNS Active Directory


Windows 2000, DNS -
Active Directory.
, -
Active Directory.
Active Directory
DNS.
DNS, -
DNS ,
AD.
DNS . -
AD-
, DHCP- . ( -
.) , -
DNS DNS.

Active Directory DNS,


Microsoft
Active Directory -
DNS, Microsoft -
SRV-. , Active Directory -
Unix BIND 8.1.2 . -
, Microsoft,
DNS Active Directory Win-
dows Server 2003, -
.
, DNS, ( -
) Active Directory -
, DNS Active Directory , -
. Windows Server 2003
DNS, -
.


Active Directory
Active Directory -
. ,
, -
, -
Windows 2000 DNS.
-
, -
, .

321
9

DNS -
, . 9.19. Windows Server 2003
DNS- , -
.
.

AD CompanyABC
abcroot.local companyabc.com

DNS- DNS-

abcroot.local companyabc.com
AD-- AD--

companyabc.com abcroot.local

. 9.19. DNS -

SRV
Active Directory DNS.
, Active Directory
SRV, , -
. , Windows Server 2003 SRV -
,
DNS.
, -
. , SRV -
, -
. , -
: Active
Directory , DNS
SRV .
, SRV SRV,
. , , , -
WAN, -
.
,
, . 9.20. -

322
III

- .
,
. ,
. -
SRV -
.

. 9.20. SRV

DNS
DNS , ,
.
DNS
. -
DNS .


DNS
,
(Event Viewer) , .
Windows Server 2003 ,
DNS, , -
DNS MMC. -
, DNS,
.

. -
,
. ,
.

323
9

1. DNS MMC, Start Administrative


ToolsDNS.
2.
Properties.
3. Debug Logging ( ).
4. Log Packets for Debugging ( -
).
5. OK.

DNS

Preformance (), Sys-


tem Monitor ( ) Performance Logs and Alerts (-
) , -
, , .
DNS, ,
, .


HOST
Windows 2000
, ,
.
, .
, .
, -
ipconfig /flushdns.
HOSTS, -
IP-.
\%systemroot%\system32\drivers\etc.
DNS, , -
HOSTS DNS.


NSLOOKUP
NSLOOKUP ,
, DNS. , -

DNS. NSLOOKUP -
DNS-
. , www.companyabc.com,

324
III

nslookup www.companyabc.com. NSLOOKUP -


. , , . 9.21,
MX SOA, -
:
1. , Start All ProgramsAcces-
soriesCommand Prompt (
).
2. nslookup <Enter>.
3. set query=mx <Enter>.
4. <> <Enter>.
5. set query=soa <Enter>.
6. <> <Enter>.

. 9.21. MX NSLOOKUP
NSLOOKUP . -
nslookup /? . NSLOOKUP
-
.


IPCONFIG
DNS
IPCONFIG, TCP/IP.
DNS IPCONFIG . -
.
ipconfig /flushdns.
flushdns. -
, , ,
IP-,
.

325
9

ipconfig /registerdns. registerdns -


DNS,
.
ipconfig /displaydns. , . -
-
, .


, , Windows 2000
. , , NT 4.0,
IPCONFIG, , Win9x, -
WINIPCFG. ,
, ? (ipconfig /?).


TRACERT
TRACERT , -
DNS- . ,
TRACERT www.microsoft.com, , DNS-
. TRACERT , .
DNS- TTL, 1.
TTL 1, , -
-
. TTL 1, .
.
, ,
. 9.22. , , -
DNS- Internet.

. 9.22. TRACERT

326
III


DNSCMD
DNSCMD DNS
MMC. -
(Support Tools) Windows Server 2003,
, -
. ,
- Windows Server 2003 ( -
\support\tools). ,
DNSCMD /? (. 9.23).

. 9.23. DNSCMD

DNS ,
. Windows Server 2003 DNS
, DNS Windows
2000. DNS Active Directory
DNS Internet ,
-
.

327
9


Active Directory DNS Windows
2000/2003. DNS Windows,
SRV, , , BIND 8.1.2 .
,
, -
, DNS -
.
, DHCP -
DNS .
,
.
DNS-, DNS- ,
DNS-.
DNS
, -
Unicode DNS (, Unix BIND) .
az, AZ, 09 (-).

DNS , -
, .

DHCP, WINS

10
...





DHCP, Windows
Server 2003
DHCP
DHCP
DHCP
Internet- Windows
WINS
,
WINS



330
III


,
.
,
- .
(Dynamic Host Configuration Protocol
DHCP) Internet- Windows (Windows Internet Naming Service WINS),
,
- .
, , DHCP WINS,
, ,
. -

.
DHCP WINS,
Windows Server 2003, -
. , ,
.

,
,
Windows Server 2003. -
, -
, , -
Windows Server 2003.


, -
, -
. , -
, -
(Network Operating System NOS).
() -
-
, .
TCP/IP (Transmission Control Protocol/Internet Protocol -
/ Internet)
.

Internet, -
DHCP, WINS
331
10

Microsoft Win-
dows 2000. Windows Server 2003 TCP/IP -
,
Microsoft.
TCP/IP , IP-
10.23.151.20. IP-
.
, DHCP Windows Server 2003.
DHCP Windows Server 2003 -
TCP/IP . DHCP -
, .


.
, IP-,
.
Windows Server 2003 .
(Domain Name System DNS) IP- -
(Fully Qualified Domain Name FQDN), -
Active Directory Internet DNS.
( ) Windows Server 2003
9.
Microsoft Net-
BIOS IP- WINS. ( -
) Windows Server 2003,
NetBIOS, WINS .
, ,
. ,
Internet- Windows.



. -
, -
.
Active Directory , Windows Server 2003
. , -
-
, -
, Active Direc-
tory .
,
Windows Server 2003. -
, -
.

332
III


Windows Server 2003
Windows Server 2003
. ,
.
, DHCP,

WINS, -
.
, -
DHCP.



DHCP ,
. , -
.
DHCP.

DHCP
, TCP/IP, , -

. TCP/IP -
,
. (IP-)
, -
TCP/IP.
IP- . -
,
.
-
IP- -
. DHCP: RARP BOOTP.

DHCP: RARP BOOTP


IP- -
(Reverse Address Resolution Pro-
tocol RARP). RARP IP- -
. , ,
-
IP-, , TCP/IP
.
DHCP, WINS
333
10

RARP (Bootstrap Protocol


BOOTP), IP-

cookie 64- BOOTP,
, , DNS- .
RARP,
: -
, .

DHCP
(Dynamic Host Configuration Proto-
col DHCP) BOOTP.
DHCP BOOTP,
cookie, -
, DNS-, WINS- .
DHCP . -
, IP-
. , UDP- 67,
, IP-
(. 10.1).
IP-, , -
. DNS WINS, ,
. , -
, IP- -
, .

10.1.2.242

DHCP- DHCP-

DHCP-, -
UDP- 67, DHCP-
IP- ,
- . IP-.
IP-.

. 10.1. IP- DHCP



334
III

DHCP
DHCP DHCP-.
IP- , DHCP.
- Windows 2000 -
TCP/IP -
.
, DHCP -
DHCP-, IP- .
Windows DHCP,
. IP- DHCP-
Windows.

IP-
Windows 2000 -
, , , IP-
. , IP-
(Automatic Private IP Addressing APIPA).
APIPA IP- 169.254.0.0/16, -
TCP/IP .
APIPA , -
, -
. DHCP- ,
,
APIPA. , -
.
Microsoft , -
APIPA . :
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
<>\IPAutoconfigurationEnabled:REG_DWORD=0
, .
1. , Start () Run
() regedit.
2.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Tcpip\Parameters|Interfaces\
<>
( ).
3. <> -
NewDWORD Value ( DWORD).
4. DWORD: IPAutoconfigurationEnabled.
5. , 0.
6. OK, .
DHCP, WINS
335
10


Windows XP APIPA
IP, IP- -
DHCP. .

DHCP
DHCP- DHCP -
,
. , -
DHCP -
DHCP-, . -
, Cisco ip-helper -
, IP- ,
. -
, Windows,
(Routing and Remote Access),
DHCP (. 10.2).


DHCP -
DHCP -
DHCP-. , -
DHCP.

2

DHCP-.

- -
3 4 5 1 2 7 8 9

1 3

1 2 6

DHCP
DHCP- 10 11


1 -
2 DHCP 3
1 -
DHCP. DHCP-.

. 10.2. DHCP

336
III

DHCP DNS
DNS Windows Server 2003 -
DNS DNS (Dynamic DNS
DDNS). 9.
DNS Windows Server
2003 DDNS DHCP.
Windows 2000 -
. DHCP , -
DDNS , .
DHCP Manager
( DHCP) MMC.

DHCP
DHCP . Windows Server 2003
Configure Your Server Wizard ( -
). DHCP -
New Scope Wizard ( ),
(scope) DHCP.
Windows Server 2003 DHCP- .
1. Start All ProgramsAdministrative ToolsConfigure Your
Server Wizard (
).
2. Next ().
3.
Next. .
4. DHCP Server (DHCP-) Next.
5. , . 10.3, -
Next.

. 10.3. DHCP
DHCP, WINS
337
10

6. New Scope Wizard,


. Next.
7. . , ,
10.1.1.0/24 Scope. Next.
8. , -
IP-. , , -
. 10.4. Next.
9. .
,
. Next.
10. . -
DHCP. Next.
11. DHCP
. , WINS-
DNS-. Yes, I Want to Configure These Options
Now (, ) -
Next.
12. IP- , ,
Next.
13. DNS-,
Next.
14. WINS-,
Next.
15. , :
. , ,
. Next.

. 10.4. -


338
III

16. , Finish ().


17.
DHCP-, . 10.5. -
, Finish.


DHCP
, DHCP .
, ,
DHCP DHCP- Win-
dows Server 2003, , DHCP.

. 10.5. -
DHCP

DHCP, Windows
Server 2003
, Windows Server 2003 DHCP -
. -
Windows 2000,
, DHCP Windows 2000.


DHCP
Windows Server 2003
DHCP ( ) . DHCP

DHCP, WINS
339
10

,
MMC.
DHCP
.
1. DHCP, Start All ProgramsAdminis-
trative ToolsDHCP ( DHCP).
2.
Backup ( ), . 10.6.

. 10.6. DHCP
3. OK. -
.
4. DHCP, 1.
5.
Restore ().
6. , -
, Yes (). -
.


DHCP -
,
DHCP- . , DHCP
( Windows Server 2003) -
, -
DHCP .

340
III

DHCP

DHCP, Windows Server 2003
Windows XP IP-, -
DHCP. IP-
APIPA, .
, , -
. , -
DHCP. IP-
, . -
Windows XP, :
1. Start Control Panel ( ).
2. Network Connections ( ).
3. -
Properties ().
4. TCP/IP Properties.
5. Alternate Configuration (-
).
6. Static IP Information ( IP-)
OK.
7. Close (), .

DHCP
DHCP . DHCP
, .
DHCP
DHCP.
, DHCP - -
DHCP- -
. -
DHCP
. -
, -
, , .

DHCP
50/50
50/50 DHCP-,
. DHCP-
, IP-
, IP-.
DHCP, WINS
341
10

50/50 . 10. 7. , -
200 , 192.168.1.0/24. DHCP-
, . 1 -
, IP-, 192.168.1.1
192.168.1.125. 2 ,
192.168.1.126192.168.1.254.

192.168.1.0/24

200
50%
:
: 192.168.1.1-192.168.1.254
: 192.168.1.126-192.168.1.254
1
50%
:
: 192.168.1.1-192.168.1.254
: 192.168.1.1-192.168.1.125
2

. 10.7. 50/50
IP- , -

.
, DHCP -

IP-. ,
.
, , -
, .
DHCP- , -
. ,
,
DHCP.
DHCP -
, -
, ,
. -
,
, IP-
. , ,
.

342
III

DHCP
80/20
80/20 50/50, ,
, DHCP-
, 20% IP- .
, 20% ,
, .
, 80% , -
,
(. 10.8).

192.168.1.0/24
200
80%
:
: 192.168.1.1-192.168.1.254
: 192.168.1.204-192.168.1.254
1

20%
:
: 192.168.1.1-192.168.1.254
: 192.168.1.1-192.168.1.203

2

. 10.8. 80/20
1 2
, 1 .
, 1
,
.
, 80% .
50/50, -
DHCP-,
.

DHCP
100/100
DHCP Windows Server 2003 100/100 -
DHCP.
,
.
DHCP, WINS
343
10

100/100 -
DHCP-, -
.
IP- , -
.
. 10.9 10.2.0.0/16 750 . -
DHCP-,
. 10.2.1.1 10.2.8.254.
1 IP-, 10.2.1.1
10.2.4.254. 2 IP-, -
10.2.5.110.2.8.254. , -
, 1000
.

10.22.0.0/16

750
100%
: A
: 10.2.1.1-10.2.8.254
: 10.2.4.255-10.2.8.254
1 10.2.1.255
10.2.2.255
10.2.3.255
100%
: B
: 10.2.1.1-10.2.8.254
: 10.2.1.1-10.2.4.255
10.2.5.255
2 10.2.6.255
10.2.7.255

. 10.9. 100/100
DHCP ,
, -
IP- .
. -
IP- , -
. ,
. , DHCP-
, -
.

IP- , -
. , ,
IP-. , -
IP-, , , -
(10.x.x.x ..), .

344
III

. 10.9, , -
, .


IP-, 10.x.x.x 192.168.x.x,
IP- ,
IP-,
.
DHCP, IP-.


DHCP- DHCP
, .
,
, , .
, DHCP , -
DHCP .
.
-
.

DHCP-
DHCP
. ,
, .
, -
, . -
31.

DHCP
DHCP
. , DHCP -
.
DHCP.
Windows Server 2003,
Windows 2000. DHCP
.

DHCP
DHCP ,
. , -
.
. , -
. DHCP . 10.10.
DHCP, WINS
345
10

. 10.10. DHCP

DHCP
,
IP-. IP- ,
,
, Web- -
.


DHCP
, -
. -
DHCP , Windows
Server 2003
DHCP Administrators ( DHCP).
, ,
DHCP-.

Netsh
Windows Server 2003 , -
.
, -
( Unix), -
, -
.

346
III

Netsh ,
DHCP,
MMC.
Netsh
netsh /?. . 10.11.

. 10.11. Netsh

DHCP
DHCP dhcp.mdb \%systemroot%\system32\dhcp.
Microsoft JET,
Exchange Server, Active Directory Microsoft.
, -
JET, DHCP
,
. DHCP
( ) ,
, . -
DHCP- ,
dhcp.mdb.
Windows Server 2003 dhcp.mdb DHCP
jetpack. DHCP-,
,
, . 10.12.
cd %systemroot%\system32\dhcp
net stop dhcpserver
jetpack dhcp.mdb tmp.mdb
net start dhcpserver
DHCP, WINS
347
10

. 10.12. DHCP


-
DHCP Microsoft JET.
. -
, , ,
.

DHCP
DHCP . -
, . -
DHCP- ,
IP-, -
IP-.
. ,
-
DHCP, , -
. -
, 802.11b, ( -
) .
,
DHCP
.

DHCP
DHCP , -
DHCP
. Windows
2000 DHCP-, Active
Directory. DHCP- -
IP-.

348
III

, -
Windows NT 4.0 Linux. -
DHCP- -
.
DHCP- Windows Server 2003 ,
Active Directory,
DHCP. -
.
1. DHCP (DHCP Manager), Start All
ProgramsAdministrative ToolsDHCP (
DHCP).
2.
Authorize (), . 10.13.
3. DHCP- , -
.

. 10.13. DHCP-

DHCP
DHCP Active
Directory, SVR-.
.
DNS AD- DNS ,
, . -
DHCP ,
-
.
DHCP, WINS
349
10

DHCP Windows Server 2003 -


DHCP- Active Directory,
DNSUpdateProxy. , -
DNS. , -
.
: DHCP-
, , -
. -
SVR DNS, , Ker-
beros , ,
. , DHCP -
. ,
DHCP-
DNSUpdateProxy.

Internet- Windows
Internet- Windows (Windows Internet Naming Service WINS)
Microsoft . Microsoft -
,
NetBEUI.
, -
, -
. TCP/IP
NetBIOS- IP-.
WINS.

,
Microsoft NetBIOS
WINS NetBIOS
IP-. 16- NetBIOS, WINS,
: , .
Microsoft WINS , -
NetBIOS
(Domain Name System DNS). -
WINS,
( Windows 2000),
Microsoft, DFS, WINS. -
, WINS Windows,
, .

WINS DNS
DNS WINS WINS
DNS. , , , DNS- -

350
III

client1.companyabc.com, DNS-
WINS , ,
WINS. Client1 -
DNS, WINS, DNS- IP-, -
WINS, companyabc.com,
. 10.14.

1
1. DNS-
client1.companyabc.com.

4
2 2. DNS-
DNS- DNS,
WINS.
3
3. WINS
CLIENT1 DNS-.

WINS 4. DNS- IP-,
companyabc.com.
client1.companyabc.com = 10.1.2.165

. 10.14. WINS DNS


DNS-,
. WINS- DNS-
, .
1. , DNS, DNS
MMC, Start All ProgramsAdministrative ToolsDNS (
DNS).
2. DNS \ <_> \ Forward Lookup Zones (DNS\
<_>\ ).
3.
Properties.
4. WINS.
5. Use WINS Forward Lookup (
WINS).
6. IP- () WINS OK, -
, . 10.15.
DNS 9.

WINS Windows Server 2003


Windows Server 2003 WINS -
, -
:
DHCP, WINS
351
10

. 10.15. -
DNS WINS

WINS.
WINS , -
NetBIOS -
. Windows Server 2003 WINS -
,
.
WINS -
. , -
, -
. WINS -
.
, Windows Server 2003,
WINS Windows 2000: -
, , -
.

WINS
Windows Server 2003, -
WINS Configure Your Server
Wizard ( ). -

. -,
Windows Server 2003 .

352
III

WINS
WINS -
, .
1. Start All ProgramsAdministrative ToolsConfigure Your
Server Wizard ( -
).
2. Next ().
3. , ,
Next. .
4. Server Roles ( ) WINS Server ( WINS)
Next.
5. Summary () Next.
6. Windows Server 2003,
Next.
7. Finish ()
, . 10.16.

. 10.16. WINS



WINS,
, IP- -
, .
WINS, .
-
.
DHCP, WINS
353
10

(push partner) - WINS


WINS, , WINS.
(pull partner) WINS, . ,
1 2, -
2 1, .
/ WINS -
. , -
, , , -
WINS, / WINS
. 10.17.

EURWINS01

REDWINS01

TOKWINS01

SFWINS01 SFWINS02

BAKWINS01

LAWINS01 LAWINS02

HONWINS01

SDWINS01

. 10.17. / WINS

WINS
WINS -
, .
, -
. WAN ,

354
III

WINS .
/ , . -
, 30 ., .
1. WINS, Start All ProgramsAdministrative
ToolsWINS ( WINS).
2. Replication Partners ( ).
3. Push/Pull Partner (
/) ( , )
Properties.
4. Replication Interval ( ) -
, . 10.18, OK, -
.

. 10.18. WINS
, . 10.18, -
/: , -
.

NetBIOS
LMHOSTS
IP- NetBIOS Windows
WINS.
Windows. -
NetBIOS. IP-
, . -
nbtstat -R ( R).
DHCP, WINS
355
10

, WINS -
LMHOSTS, . LMHOSTS -
, .
WINS,
( \%systemroot%\system32\drivers\etc ).

,
WINS
, WINS
, Net-
BIOS, Windows. Windows Server 2003 -
WINS ,
WINS .

WINS
WINS .
.
WINS . WINS -
, , 510 , -
, , WINS. WINS
, -
-
WINS.
, -
. ,
WINS.

WINS
WINS
Windows Server 2003.
WINS. -

.
WINS -
. WINS -
, -
WINS. WINS . 10.19.
. 10.19 1 2
CompanyABC. IP- 10.1.1.11 10.1.1.12,
IP Pri-
mary WINS ( WINS) Secondary WINS ( WINS).
1 2 -
/.

356
III

10.1.1.11 10.1.1.21

1 1

10.1.1.12 10.1.1.22

2 2

. 10.19. -
WINS
1 2 WINS -
/ . IP-
10.1.1.21 10.1.1.22. 1 1
/ . -
WINS ,
. 10.19.
WINS -
(
), 1 2 IP- -
, . 10.20.

X
1
10.1.1.11

X
/
IP-
10.1.1.12

2 2
. 10.20. WINS
/
1 2, IP- .
WINS ,
. ,
IP-, - .
. IP-
, WINS . -
DHCP , -
, WINS
DHCP, WINS
357
10

DHCP.
WINS, -
WINS.

WINS
DHCP, WINS
Microsoft JET , , . -
WINS
. WINS wins.mdb
\%systemroot%\system32\wins. ,
:
cd %systemroot%\system32\wins
net stop wins
jetpack wins.mdb tmp.mdb
net start wins



Windows Server 2003
Active Directory.
-
, , , -
.
-
Active Directory . -
4 5.

Active Directory
Active Directory Active Di-
rectory. Active Directory Windows Server 2003
, -
, .
1. Active Directory Sites and Services ( Active
Directory).
2. Sites \ <_> \ Servers \ <_>.
3. NTDS Settings ( NTDS)
Properties.
4. Global Catalog ( ), .
10.21.

358
III

. 10.21. -


/
, -
,
. -
,
, .
, / (GC/DC)
(WAN) , Windows
Server 2003 .


, Active
Directory ,
,
.
-
GC/DC,
,
. :
, GC/DC,
, GC/DC.
DHCP, WINS
359
10

-
:
1. Active Directory Sites and Services.
2. Sites \ <_>.
3. NTDS Site Settings
( NTDS) Properties.
4. Enable Universal Group Membership Caching (
),
. 10.22.

. 10.22. -



, -
DC GC/DC . -
GC/DC
-
. Windows Server
2003 :
, 50 . DC -
.
, 50100 . DC -
.

360
III

, 100200 . GC
DC.
, 200 . 100 -
DC GC/DC.
, -
. , , -
Microsoft Exchange, . -
Active
Directory .

DHCP WINS , -
Windows Server 2003. ,

Active Directory. ,
, -

, .


DHCP .
DHCP
Microsoft JET.
DHCP WINS.
,
WINS.
WINS -
.
DC GC/DC -
.
Active Directory, 50 ,
.
Active Directory, 50 100 ,
.

Internet
IIS 6 11
...
IIS 6
IIS
IIS
IIS



FTP

IIS
IIS
IIS

Internet Explorer


362
III

Internet (Internet Informa-


tion Services IIS) -
. IIS 6 .
, ,
.NET, Microsoft.
-
Web- ,
Microsoft IIS.
Microsoft , -
. Microsoft
IIS ,
.

IIS 6
IIS . -
.NET, , -
.
IIS 5 , inetinfo.exe, IIS 6 -
:
Http.sys. HTTP .
Web- Http.sys,
HTTP-. Http.sys -
IIS . Http.sys
: TCP-, ,
(Quality of Service QoS) -
IIS.
Web- (Web Administration Services WAS).
-
.
World Wide Web (World Wide Web Publishing Service W3SVC). -
, WAS
IIS . WAS
.
/ . -
, , -
Web-. WAS -
Http.sys. -
IIS .
IIS (IIS Admin Service). -
Web , FTP, SMTP, NNTP -
IIS.
IIS Web-,
Web-.
Internet IIS 6
363
11

IIS -
:

IIS, -
,
Web-.
64- Web-
. 64-
.
. -
Internet (Internet Service Pro-
vider ISP) (Application Service Provider ASP).
-
.

IIS 6 ,
.

IIS (IIS Lockdown Wizard). -
IIS.
IIS .
( .htm, .jpg ),
, ,
(Active Server Pages ASP), .
IIS .
Web-.
, Web-
Web-, .
IIS FTP. , -
,
. -
.
(Secure
Sockets Layer SSL): , -
.
IIS Kerberos .
IIS , -
. -
,
.
IIS ,
.NET (.NET Passport).

364
III

, ,
-
Web- .
IIS 6
XML (eXtensible Markup Language
). XML -
.
Web-,
.
Windows (Windows Mana-
gement Interface), .
IIS ,
.

IIS
IIS,
. -
IIS, -
:
.
IIS .
IIS,
.
, ,
.
,
, -
.
,
.
IIS .


-
, . -
-
. -
. , IIS
, 1 ,
RAID- 15 000 /.
Internet IIS 6
365
11



Web,
.
Web- , Web- -
99,999%. -
(Service Level Agreements SLA).
(,
), Web- -
.
Web-
Windows Server 2003 . -
, Web- -
Web- Windows Server 2003 -
(Network Load Balancing NLB). NLB -
,
Microsoft. -
(, IIS, -
, , ), . 11.1.

IBM-



ASP

IIS

. 11.1.

366
III

IIS
, , Microsoft -
IIS . ,
, -
Web-, IIS, -
.
IIS . -
: Add or Remove
Programs ( ) , -
Manage Your Server Wizard ( ), -
Windows Server 2003.
IIS Add or Remove Programs
, .
1. Start Control Panel ( ), -
Add or remove Programs ( ).
2. Add or Remove Programs
Add/Remove Windows Components (
Windows).
3. Windows Components Wizard ( Windows)
Application Server ( ). -
, , Details ().
4. Application Server ( ),
. 11.2, (,
ASP.NET, COM+, Internet ).
,
. Internet Information Services (IIS) (-
Internet (IIS)) Details.

. 11.2. -

Internet IIS 6
367
11

5. , . -
, .
OK.
6. Next () Windows,
IIS.
7. Finish ().
IIS , -
:
1. Manage Your Server Wizard ( ) -
Add or Remove a Role ( ).
2. Configure Your Server Wizard ( -
) Next. Windows Server 2003 -
.


. -
.

3. Web Application Server (IIS, ASP.NET) ( Web-


(IIS, ASP.NET)), Next.
4. FrontPage Server Extensions ( -
FrontPage) Enable ASP.NET ( ASP.NET)
Next.
5. Next,
IIS.
6. Finish.
,
, -
.

IIS
Windows Windows Server 2003 -
IIS. Windows Server 2003
, IIS, .
.
IIS Windows Server 2003 , -
. Web-, IIS 6, -
.
Web- IIS,
Windows. -
Windows IIS, -
Web-,
, . Web- .

368
III

IIS
IIS 5.
.

IIS
IIS Web- .
Web- , -
. IIS Windows Server 2003
.
IIS Internet Information
Services, All ProgramsAdministrative Tools ( -
) Start.

IIS
Web-,
IIS , -
. IIS, . 11.3,
IIS.

. 11.3. IIS
, .
Application Pools ( ). -
, . -
, -
IIS. -
, Web- .
, DefaultAppPool ( ) -
.
Internet IIS 6
369
11

Web Sites (Web-). Web-, -


Web-. Default Web Site .
Web Service Extensions ( Web-). Web-
, Web- IIS. ,
FrontPage Server
Extensions ( FrontPage) ASP.NET.
, Web-,
. 11.4.

. 11.4. Web-

Web-
, IIS 10 000 Web- Web-
. Web-
, , , -
. Web-,
Internet, IP- -
. IP-
Web-,
Internet, .
Web-
IP- , ,
Web- Internet
Web-. , , http://www.companyabc.com, -
Web-
. , Web-, -
http://www.companyabc.com/NewWebSite/.

370
III

Web- IIS
Default Web Site Web Sites (Web-
) IIS. ,
Web-.
Web-, :
1. Web Sites. -
NewWeb Site (Web-), , Web-
XML-, NewWeb Site (From
file) (Web- ( )).
XML-.
2. Web Site Creation Wizard
( Web-). Next ().
3. Web- Next.
4. ,
IP- , TCP (Host Header) Web-
. Next.
5. ( Browse ())
.
Next.
6. . -
Read (), Run scripts ( ), Execute (),
Write () Browse (). Next.
7. Finish.

Web-
ISS Web Sites Default Web
Site Properties -
Web-. ,
Web-, -
.
Web-.
Default Web Site Properties ( Web-), -
. 11.5, Web-. -

. .
Web Site (Web-).
, .
Web-, IP- TCP SSL.
.
W3C Extended Log File Format ( -
W3C).
Internet IIS 6
371
11

. 11.5. Web-
Performance (). ,
. 11.6,
(/) -
. -
, Web- , -
Web-.
Web- .

. 11.6.
Performance

372
III

ISAPI Filters ( ISAPI). ISAPI ,


HTTP-.
, Web-.
Home Directory ( ). -
Web-. Default Web Site
, Web-
. , . 11.7, -
Web-: Read (), Write (), Browsing
(), Script source access ( ), Indexing
() Application logging ( ). ,
,
.

. 11.7. -
Web-

Documents ().
Web- . -
Web-.
Directory Security ( ). ,
. 11.8, , -
IP- ,
. , -
,
. ,
IIS.
HTTP Headers ( HTTP).
Web-. Web-,
, HTTP, -
Internet IIS 6
373
11


Internet (Multipurpose Internet Mail Extensions MIME).
Custom Errors ( ). -
HTTP.
Web-.

. 11.8. Directory Security


, Service (), -
Web Sites Properties.
IIS IIS 5. , -
HTTP
. . 11.9.



Web-,
, , -
. Web-,
.
-
, Web-. , , Web-
CompanyABC (http://www.companyabc.com) Web- -
, . -
CompanyXYZ Web- :
http://www.companyabc.com/companyxyz/

374
III

. 11.9. HTTP
IIS -
.
1. Web-,
, NewVirtual Direc-
tory ( ). Virtual
Directory Creation Wizard ( -
) Next ().
2. Next.
3. Web-
Next.
4. (Read, Run scripts, Execute, Write Browse)
Next.
5. Finish.
Web-, ,
. -
. 11.10. , Web- -
.
: Virtual Directory ( ), Docu-
ments (), Directory Security ( ), HTTP Headers (-
HTTP) Custom Errors ( ). -
,
Web-.
Internet IIS 6
375
11

. 11.10.

Web- , Web-
. IIS
. -
Web- IIS Web-.


IIS :
IIS 5. Http.sys -
. (application pool)
Http.sys (worker process).
URL-, -
. , DefaultAppPool
Application Pools ( ).
Web- Web-
. ,
- -
. -
.
, -
IIS -
.

376
III

IIS 5 ,
IIS ( -
IIS 5). , -
. -
, -
, . ,
, .


IIS 6 -
. IIS 6 (IIS 4 5)
IIS 5. -
.

IIS 6
Web- . ,
Web- .
.
, Web- -
- .
Web-
, -
. ,
(recycling) -
IIS 6. IIS 6
Web-
-
Web-.
Web-, -
. -
, -
.
Recycling () Properties -
, . 11.11, -
( 1 740 , 29 ),
,
.

:
Web (Web Administration Services WAS)
, . -
, (overlapping recycling), -
.
, WAS .
Internet IIS 6
377
11

. 11.11.
,
. -
. , Web- -
ISAPI. , Web-
, , -
.

IIS
, IIS 6, -
. , WAS -
.
.
-
-
.
, WAS
, .


, .
, , , -
.
-
. -
Performance () . -

378
III

, -
:
Idle Timeout ( ). -
. -
20 .
Kernel Requests Queues ( ).
.
, -
1000.
CPU Utilization ( ).
, -
. . , -
-
.
Web Gardens (Web-). -
.


IIS , Active Server Pages,
ASP.NET, COM+, Java, Common Gateway Interface (CGI) FastCGI. -
, -
. -
IIS. , ASP
ASP.NET IIS -
, , -
.


FTP
FTP (File Transfer Pritocol )
TCP/IP,
, .
FTP IIS, FTP,
FTP IIS.
FTP , .
1. Add or Remove Programs ( -
) .
2. Add or Remove Programs
Add/Remove Windows Components (
Windows).
3. Windows Components Wizard ( Windows)
Application Server ( ).
Internet IIS 6
379
11

4. Details (), Application Server (


), . 11.12, IIS.
5. Details File Transfer Protocol
(FTP) Service ( FTP).
6. OK.
7. Next , Windows Server 2003
FTP.
8. Finish ().

. 11.12. Web- IIS

FTP

IIS FTP -
FTP. ISP ASP,
. FTP
Web- FTP-.

FTP.
FTP , -
.
FTP FTP-,
, . , -
FTP, . -
FTP , FTP-
. -
, FTP
, , -
, .

380
III


FTP Active Directory
Active Directory ( Active Directory) -
FTP.
FTP- . , -
Active Directory FTP
IPSec, SSL.
FTP FTP-. -
Isolate Users ( -
) . ,
.

FTP-
Default FTP Site. -
FTP- ( Default FTP Site) .
1. FTP Sites (FTP-)
NewFTP Site (FTP-).
XML- FTP- FTP Site (From
File) (FTP- ( )).
2. FTP Site Creation Wizard ( FTP-)
Next (), FTP-.
Next.
3. IP- , FTP. FTP
21. Next.
4. -
FTP. : ,
Web-
Active Directory. Next.


FTP -
.

5. FTP, Next.
6. FTP- ( ) -
Next.
7. Finish ().

FTP
11.13 11.14,
FTP. FTP
Sites (FTP-). FTP-.
Internet IIS 6
381
11

. 11.13. FTP-

. 11.14. FTP

FTP Sites -
FTP-. FTP-
.
FTP Sites .
FTP Site (FTP-). .
FTP-.

382
III

Security Accounts ( ).
-
.
Allow Anonymous Connections ( -
), . 11.15, -
SSL.
Yes () .
, SSL.

. 11.15. -

Messages (). FTP -


FTP-.
:
Use of this FTP Site is by permission only. All uploads and downloads
must adhere to the data transmission policies is Company ABC.
FTP- .

, Company ABC.
, - -
:
You have been disconnected because a maximum user limit has been reached.
Please try again later.
-
. .

FTP-.
Internet IIS 6
383
11

Home Directory ( ). Web Site


Home Directory ( Web-), Home Directory FTP
FTP-.
(Unix MS-DOS).
MS-DOS.
Directory Security ( ). -
TCP/IP IP-. -
FTP IP- IP-.
FTP Sites FTP- .
FTP- :
FTP Site (FTP-). -
IP- .
Home Directory ( ). -
FTP.


IIS
IIS -
.
, .
IIS . , -
, IIS. SMTP, NNTP
Indexing ().

SMTP
(Simple Mail Transport Protocol)
, -
Web-. Web- IIS -
. SMTP, :
1. Add or Remove Programs .
2. Add or Remove Programs
Add/Remove Windows Components.
3. Windows Components Wizard Appli-
cation Server ( ).
4. Details, Application Server ( -
) IIS.
5. Details SMTP Service (
SMTP), . 11.16.
6. OK.
7. Next , Windows Server 2003
SMTP.
8. Finish.

384
III

. 11.16. SMTP

NNTP
IIS NNTP -
.
. -
, .
News Service ( ) -
(Network News Transfer Protocol NNTP), -
. -
,
, , . -
( ) NNTP-
. NNTP-
Internet.
( ) .
-
NNTP-
. -
, SMTP-, -
, NNTP, SMTP.

Internet
Windows Server 2003, -
IIS. Web-,
Web-.

C
, PDF-
(Adobe Acrobat), Web-. Windows Server 2003
, ,
Adobe. http://support.adobe.com -
iFilter.
Internet IIS 6
385
11

IIS
, IIS , -
.
Web-
. , IIS -
( -
).
Microsoft ,
.
Web-. ,
. Web- -
; .

Windows Server 2003


Windows Server 2003
.
, ( Windows Server 2003, -
) .
Web- Windows Server 2003 -
NTFS .
NTFS ,
, . -
Windows Server 2003.
, Web- Windows Server 2003,
, .
, , -
Windows Server 2003, -
.


Windows Server 2003 IV.

Web-
, IIS -
( .htm, ), -
. IIS
. , Active Server Pages,
ASP.NET.
, -
.
1. IIS (IIS Manager) Web- -
Web Service Extensions ( Web-).

386
III

2. Web Service Extensions () ,


, Allow (), Prohibit (-
).
Web Service Extensions
, .

IIS
-
. IIS :
.
Web- .
Windows.
Active Directory. -
, , .
. , -
Windows, . -
Windows Server 2003 -
.
.
. -
.
.NET Passport. .NET Passport Web-
, Microsoft.
Web-, ,
Microsoft, -
.NET Passport . -
, .NET Passport.
.NET Passport 14.
Authentica-
tion Methods ( ), . 11.17.
, Edit () Directory Security (
) Web-.

Web-
Windows Server 2003 Web- FTP-
( ),
,
.
Event Viewer.
IIS , -
,
, .
Internet IIS 6
387
11

. 11.17. -

SSL
(Secure Sockets Layer SSL) -
, -
, Web-
, . SSL
,
.
IIS SSL, IIS 6 . -
SSL IIS. IIS Windows Server 2003 -
:
SSL 50%
. SSL ,
.
SSL .
Windows Server 2003 -
SSL. (-,
) -
Windows Server 2003.
SSL ,
. .
SSL.
. SSL
(Public Key Infrastruc-

388
III

ture PKI). ,
(Certificate Authority CA).
SSL.
. SSL ,
, CA.
SSL
SSL . -
.


SSL , -
. -
- SSL, SSL,
.

IIS, SSL Web-,


Web-. SSL
IIS, Administrative Tools Start.
SSL Web- , -
. -
CA, PKI. SSL Web-
, :
1. Internet Information Services (IIS) Manager ( -
Internet (IIS)), ,
Web-, Web-, .
2. Web-
Properties.
3. Directory Security Server Certificate (
).
4. Web Server Certificate Wizard ( -
Web-) Next.
5. Create a New Certificate ( ), -
Next.
6. Prepare the Request Now, But Send It Later ( -
, ), Next.
7.
( ). 1024 ( ) .
, .
Next.
8. Next.
9. IIS, Web-, Common
Name ( ). Internet,
server.domain.com.
URL-, -
Web-. Next.
Internet IIS 6
389
11

10. Country/Region (/), -


State/Province (/) City/Locality (/), -
. Next.
11. Next.
12. Request File Summary ( ) -
. Next,
Finish, .

CA. -
CA, :
1. URL- , -
(, http:///certsrv).
2. , -
, , -
.
3. Request a Certificate ( ).
4. Advanced Certificate Request (-
).
5. Submit a Certificate Request ( )
CMC PKCS #10 base-64
PKCS #7 base-64.
6. Submit a Certificate Request or Renewal Request (
) Browse for a File to
Insert ( )
.
7. Certificate Template ( )
, Web Server (Web-),
. 11.18. Submit ().
8. Certificate Issued ( )
Download Certificate ( ), -
Save (), -
.
SSL :
1. Internet Information Services (IIS) Manager Web-
, .
2. Web-
Properties.
3. Directory Security Server Certificate
( ).
4. Web Server Certificate Wizard
Next, Process the Pending Request and Install the

390
III

Certificate ( ). -
Next.
5. , ,
Next.
6. SSL Port ( SSL) SSL ( -
443) Next.
7. , Next. -
, Finish; - ,
Back () .

. 11.18.


FTP
FTP . -
. , -
,
, -
.
FTP
, .

HTTP. HTTP , FTP,
.
Internet IIS 6
391
11

FTP
FTP VPN-
(IPSec L2TP). ,
. VPN-
, .

FTP
, -
, FTP- -
FTP.
, FTP- . -
FTP , FTP- -
.
.

FTP
FTP:

NTFS.
, , -
Windows Server 2003.
, .
IIS -
.

IIS
IIS ,
IIS. IIS
IIS. , -
IIS -
.
IIS
. XML-, -
. IIS -
(
IIS). -
, . -
. -
.


. -
IIS, , -
Properties Enable Direct Metabase Edit
( ).

392
III

Windows Server 2003


IIS. IIS,
Windows Server 2003.
IIS,
.
1. IIS, Start All ProgramsAdministrative
ToolsInternet Information Services (IIS) (
Internet (IIS)).
2. Web-.
3. Action () All TasksBackup/Restore Configura-
tion ( /).
4. Configuration Backup/Restore ( /
) IIS
. ,
Create Backup ( ).
5. , -
, . 11.19.

. 11.19. -
IIS
6. OK, Close ().
:
%SystemRoot%\System32\Inetsrv\MetaBack
, IIS
.

IIS
IIS , -
IIS. IIS, -
.
.
.
Internet IIS 6
393
11

IIS W3C Extended Log File Format (


W3C), Microsoft IIS Log File Format ( Microsoft IIS)
NCSA Common Log File Format ( NCSA)
Http.sys. ,
.
, ODBC, .


IIS,
, Properties Enable
Direct Metabase Edit ( ).


Internet Explorer

, Internet Explorer (IE) IIS.
, ,
. IE Windows Server 2003 ,
Microsoft .
IE Enhanced Security Configuration (
IE) Windows Server 2003.
, IE (. 11.20)
.

. 11.20. -
IE

394
III

IE Enhanced Security Configuration


IE. Internet , -
, intranet- -
. Web-, -
. ,
Web- (. . 11.20).
, .
, . 11.21, Add (-
). URL- -
. , , -
, -
IE.

. 11.21.

, -
. Microsoft IE
Enhanced Security Configuration, -
Web, Web- ,
. Web- IE, -
,
.

IIS 6
, , .
Microsoft . -
Web- Microsoft -
, .
Internet IIS 6
395
11


IIS 6.0.
IIS 6.
IIS 6.
.
,
.

.
-
.
IIS .
Web,
.
IIS 5
,
IIS IIS 6.
IIS 6
.
IIS : -
,
-
.
FTP FTP-.
Web- PDF-
(Adobe Acrobat) iFilter.
IIS NTFS -
-
.
, Web-
Windows Server 2003, -
.
-
.
Web- FTP-
( ),
, -
.
SSL .

396
III

IPSec L2TP FTP.



NTFS.
, , Windows
Server 2003.
IIS
.
.
IIS, -
.

IV

...
12.

13.

14. Windows
Server 2003
15.


399
12



12
...
Windows
Server 2003









400
IV

Windows
Server 2003
Microsoft (, , ) -
. ,
Windows NT Windows 2000,
( ),
Microsoft. -
, Windows Server 2003
, .

.
DNS, DHCP,
, ,
. ,
Windows Server 2003 -
.
Win-
dows Server 2003 .
-
(Software Update Services)
Windows. ,
, -
.

Trustworthy Computing
Microsoft

, , Trustworthy
Computing ( ). -
Microsoft.
Windows Server 2003 ,
-
. Microsoft
, Microsoft
, Windows Server 2003
, -
.

Common Language Runtime


Microsoft Common Lan-
guage Runtime ( ). -
, , -

401
12

. ,
, ,
. -
, Common
Language Runtime Windows Server 2003.

, .
, , -
,
. :
, -
.
Windows Server 2003
, Kerberos,
NTFS , -
. -
-
. Windows Server 2003 -

.


, , , -
.
, Web- ,
. , -, -
,
.
, -
.
,
-
. ,
, .


,
.
.
-
.

402
IV

- -
.
-
.


, -
.
, ,

. ,
.
1. Start () All ProgramsAdministrative ToolsLocal
Security Policy (
).
2. Security Settings \ Local Policies \ User Rights
Assignment ( \ \
).
3. Allow Log On Locally (
).
4. , ,
. 12.1. ( , Web-
Web- -
IUSR_SERVERNAME.) .

. 12.1.

403
12


1 Local Security Policy Domain Se-
curity Policy ( ),
Windows Server 2003.


(Group Policy),
(OU), , -
. -
21.

Run As

-

.
,
.

Run As ( ) Windows Server 2003. ,
, IT-,
User (). -
, -
Run As, -
, Run As.
, , , -
-
.
, -
Run As Computer Management MMC.
1. ( ) Start All ProgramsAdministrative
ToolsComputer Management ( -
).
2. Computer Management (-
) Run
As ( ).
3. Run As, . 12.2, ,
, OK.


Run As . ,
, :
runas /user:DOMAINNAME\administrator cmd

404
IV

Run As -
, -
. ,
Active Directory Users and Computers
MMC , .
1. Start All ProgramsAdministrative Tools (
).
2. Computer Management
( ) Properties.
3. Advanced ().
4. Run with Different Credentials ( -
), . 12.3, OK,
.

. 12.3. -
. 12.2. Run As


, -
.
.

-
-
- (smartcard), -
Windows Server 2003. -
.
PIN-.
PIN-, -
.
, -
.
-, . PIN-

405
12

.
, -
.
, , ,
.



,
.
, -
, . -
. ,

802.11b.
WEP, , , -
.
-
.
. ,
802.1x, -
. Microsoft ,
Windows Server 2003 .
,
802.1x, , -
VPN .
WEP,
, .


-
, Internet. Internet -
. -
, Internet Security and Acceleration (ISA)
2000/2004 Microsoft, , , -
- (DMZ). -
, Windows Server 2003 Internet
.


ISA Server 2000 Windows Server 2003 ,
. Windows Server
2003 ( )
ISA Service Pack 1. , ISA Server 2004, -
Windows Server 2003.

406
IV


Windows Server Windows NT 4.0 Windows 2000

. , Win-
dows Server 2003 . -
Internet (Internet
Information Service IIS), .
, Windows Server 2003 , -
,
, Configure Your Server Wizard ( -
). ,
.


-
.
DHCP DNS .
,
.
, -
, ,
.
, -
.



, ,

(Configure Your Server CYS) -
Windows Server 2003. -
Windows 2000, CYS . -
DNS-, , CYS -
DNS,
.
,
. CYS ,
. -
WINS, -
.
.

407
12

1. CYS, Start All ProgramsAdministrative


ToolsConfigure Your Server Wizard (
).
2. Next
.
3. WINS, . 12.4,
Next.

. 12.4.
4. Summary () Next.
- Windows Server 2003. -
.
5. Success ( ) Finish.
6. 15,
. Next.



Windows Server 2003 ,

. (security template)
, -
. ,

408
IV

Kerberos
( ) . . 12.5 -
Windows Server 2003
securedc.inf.

. 12.5.
OU, -
(Group Policy Object GPO).
,
, . -
, , , -
- -
. -
.


, -
, . -
, Windows Server 2003, ,
, -
. -
, , -
. Windows Server 2003 -
Services () MMC. Services,
Start All ProgramsAdministrative ToolsServices ( -
).
. 12.6, Services MMC -
,

409
12

.
Services ,
, . -
,
,
-
.

. 12.6. Services MMC


, -
. -
GPO Active Directory.


Windows Server 2003 , -
. , Windows Server 2003,
Microsoft, Everyone ( -
) NTFS.
,
.
, -
,
.

410
IV

NTFS
Windows Server 2003
NT (NT File sys-
tem NTFS). , NTFS,
, (Access Control Entry ACE),
, . -
NTFS , -
.
NTFS,
-
NTFS. NTFS
Windows Server 2003 . :
1. , -
, Sharing
and Security ( ).
2. Security ().
3. Advanced ().
4. Allow Inheritable Permissions from the Parent to Propagate (-
).
5.
Remove ().
6. Advanced Add () -
/ ,
.
7. Replace Permission Entries on All Child Objects (
), . 12.7,
OK.

. 12.7. NTFS

411
12

8.
Yes ().
9. OK, .


NTFS
Windows
. (share) -
\\sfofs01\marketing,
.
FAT, HPFS FAT32 -
, .
- ,
NTFS.
, -
.


Windows Server 2003 -

NTFS.
NTFS
.



, . NTFS -
,
. ,
, , -
, - .


, Windows
Server 2003 . -
-
.


Windows Server 2003.
1. ,
, Properties.
2. Security.
3. Advanced.
4. Audit ().

412
IV

5. Allow Inheritable Auditing Entries from the Parent to Propagate


( ) -
Apply ().
6. Add () ,
. -
, Everyone ( ).
7. Auditing Entry ( ) , -
. -
, , . 12.8.

. 12.8.
8. , OK.
9. Replace Auditing Entries on All Child Objects ( -
) OK.


-
, , ,
, . -
( )
, .



Windows Server 2003
(Encrypting File System EFS) ,

413
12

. EFS
, ,
, .
Windows 2000 EFS, EFS
Windows XP, Windows.
EFS ,
, , . Windows
Server 2003
EFS. EFS -
, Windows Server 2003.


, -
. , Windows Server 2003
Windows -
.
-

.


, .
-
. , ,
, .
-
. -
, -
.

.
, -
.


, ,
, . -
,
.
, ,
, -
. , -
.

414
IV



-
, , -
.
,
, . -
,
.
, -
, -
. ,
.
, , -
, . -
, -
, .
.



Windows -
-
. , IIS
Code Red Nimbda. -
Web- , .
, ,
, -
, . -
, -
(Software
Update Services SUS).

SUS: Windows Update


-
, Microsoft Web- Windows Update
( Windows), , -
. Web- Windows
Update ,
, .
,
.

415
12

Windows Update ,

.
.


(Automatic Updates Client)
-

Internet . (drizzling), -
(Background Intel-
ligent Transfer Service BITS) , -
.
, -
.
-
Windows 2000 Service Pack 3 Windows XP Service Pack 1,
.



Web- Windows Update
.
, Internet
, -
. - -
Windows Update.
(Software Update Services SUS).
SUS Microsoft , , -
, Windows Update.
SUS Windows Server 2003 ( Windows 2000) -
Internet (IIS).
SUS intranet-.
SUS ,
, -
(Systems Management Server SMS). ,
-
. , -
SMS, SMS 2.0 Value Pack, -
, SUS.
SUS Service Pack 1
. -
, Service Pack 1 SUS:

416
IV

. SUS
. Service
Pack 1
Microsoft.
-
. SUS , -
.
. SUS
.
ADM- . wuau.adm,
Microsoft, -
.


SUS
SUS ,
Windows Server 2003,
Internet (IIS). , -
SUS:
x86- 700 ;
512 ;
6 .
, SUS
,
SUS.



IIS (
IIS 11), SUS -
. SUS Web- Microsoft:
http://www.microsoft.com/sus
SUS -
.
1. SUS Setup -
.
2. Next.
3. , -
. Next.
4. Typical ().

417
12

5. URL- ,
SUS. SUS,
, . 12.9. Install
().
6. URL- Web-
. Finish.

. 12.9. URL-
SUS
Web-
(http:///SUSAdmin). -
SUS, -
. Web- -
. -
, . 12.10.

SUS
SUS
.
.
Set Options ( ) -
SUS.

-
-, SUS
-. -
, Do Not Use a Proxy Server (
-).

418
IV

. 12.10. SUS


, Automatically Detect Proxy Server Settings (
-). -
SUS -.

SUS
, . 12.11,
, .
( server2.companyabc.com)
, DNS, NetBIOS.


SUS
Windows Update Microsoft, SUS.
, , -
SUS .


,
, -
. .



. ,
SUS Microsoft

419
12

Windows Up-
date . -
, . 12.12,
Internet . Win-
dows Update -
SUS Internet- Windows Update.

. 12.11. SUS

. 12.12. SUS

420
IV

-
. , -
, ,
.

SUS
SUS, ,
, -
SUS. .
1. Web- SUS, Internet Explorer
SUS Web- http://localhost/SUSAdmin.
2. Synchronize Server ( )
.
3. , . 12.13, -
SUS -
. -
, . -
Synchronize Now ( ).
4. SUS -
,
SUS. Internet
.

. 12.13. SUS

421
12


SUS , -
. , ,
Internet,
.


SUS

. -
IIS, , -
.
, -
. -
.
1. Web- SUS, Internet Explorer
SUS Web- http://localhost/SUSAdmin.
2. Approve Updates ( ) .
3. , -
, . 12.14,
Approve ().
4. VBScript Yes ().

. 12.14.

422
IV

5.
, Accept ().
6. , , .
12.15, .

. 12.15.
-
, , .



Web- Windows Update.
, -
SUS .



,
Microsoft , -
.
Service Pack 3 Windows 2000 Service Pack 1 Windows XP.
SUS,
Web- Windows Update.
Active Directory
. Windows Server 2003 -
Windows (Windows
Update Group Policy), , :

423
12

1. Active Directory Users and Computers ( -


Active Directory), Start All ProgramsAdministrative
ToolsActive Directory Users and Computers ( -
Active Directory).
2. ,
,
Properties.
3. Group Policy ( ).
4. New () .
5. Edit (), -
(Group Policy Object Editor).
6. Computer
Configuration\Administrative Templates\Windows Components\Windows Update
( \ \ Win-
dows\ Windows), . 12.16.

. 12.16. -
Windows
7. Configure Automatic Updates (
).
8. -
.
2, 3 4 . -
, , 4.
9. , , -
.

424
IV

10. Next Setting


( ).
11. Web- SUS, Enabled (-
). ,
. 12.17. ( ) -
OK, .

. 12.17. -
SUS
12. (
).


, Active Directory ,
SUS .
, , SUS.

C
SUS
SUS . SUS
SUS,
. GPO -
, .
SUS -
. -
, SUS.

425
12


SUS
,
, SUS
.
:
.
, SUS, -
-
- .
-
,
.


-
, , .
, .

Windows Server 2003 -


Windows. -
, Trustworthy Computing,
-
. -
, Windows Server 2003
,
. , -
-
(Software Update Services) -
.


,
.
.
(Configure Your Server CYS)
.
Run As
( ), .
( ) , -
, -

426
IV

, , , -
, .
, -
. -
.
SUS
, .
, -
,
.


13
...

Windows Server 2003


Internet

IPSec
Windows Server 2003

428
IV



Windows Server 2003
,
. ,
, -
.
,
.
-
.
,
.
,
Windows Server 2003 -
.
, ,
Internet.

, . -

Windows Server 2003.
IPSec, PKI VPN. , -
Routing and Remote Access ( ) Internet
Authentication Server ( Internet).




, - -
. , -
- . -
,
.

. -
:
, -

. , ,
-
. Windows Server 2003 -

429
13

,
.



,
.
-
.
, , 128- -
, PIN-
. -

.
Windows Server 2003 -
,
. , Windows Server
2003, .


,
, ,
, .


(encryption) -
, ,
, .
, ,

Internet
. -
, -
.
.


, -
, (Virtual Private Network
VPN),
,
.
VPN
.

430
IV

VPN , ,
.
.
VPN.

VPN
VPN
VPN. - ,
.
VPN , -
. -
, VPN

Internet. VPN , -
Internet VPN -
VPN .
, -
, Windows Server 2003.


VPN . , -
VPN , ( , - Internet) -
. VPN
, .
, .


(tunneling protocol) , -
, VPN-
. , -
,
(Open System Interconnection OSI).
OSI , VPN
2 3. 2,
,
, 3 .
VPN 2
(Point-to-Point Tunneling Protocol PPTP) -
2 (Layer 2 Tunneling Protocol L2TP). -
Windows Server 2003.

PPTP L2TP
PPTP L2TP -
(Point-to-Point Protocol PPP)

431
13

VPN. VPN Windows Server 2003 -


L2TP, PPTP -
2 (Layer 2 Forwarding). L2TP
, IP, -
Internet.
L2TP , .
PPTP, L2TP -
, PPP: ,
(token card).
, , -
VPN.

L2TP/IPSec
Windows Server 2003 -
Internet (IP Security IPSec)
3, L2TP
L2TP/IPSec. IPSec L2TP
, . , -

, .
L2TP/IPSec
L2TP:
L2TP/IPSec , -
, -
, , -
L2TP.
L2TP/IPSec -
, .
L2TP,
,
L2TP, IPSec .
L2TP/IPSec

. -
.



Internet
, VPN, -
, -
. VPN
(Remote

432
IV

Authentication Dial-in User Service RADIUS), -


.
,
-
.
Windows Server 2003 VPN
Internet (Internet Authentication Service IAS),
Windows Server 2003 RADIUS-
Active Directory.
IAS Windows Server 2003,
.
1. Start () Control PanelAdd or Remove Programs
( ).
2. Add/Remove Windows Components ( -
Windows).
3. Networking Services ( ),
, Details ().
4. Internet Authentication Service (
Internet), . 13.1, OK.

. 13.1. IAS
5. Next ().
6. Finish ().
, -
, IAS Active Directory,
AD VPN
. :
1. Start All ProgramsAdministrative ToolsInternet Authen-
tication Service ( -
Internet).

433
13

2. Internet Authentication Service (Local)


( Internet ())
Register Server in Active Directory ( Active Directory).


Active Directory ,
. , -
.

3. IAS Active Directory,


. -
IAS Active Directory.

VPN

(Routing and Remote Access Server
RRAS), Windows Server 2003, -
VPN L2TP/IPSec PPTP. RRAS
VPN
IAS VPN.
RRAS Windows Server 2003 ,
(Network Load Balance NLB) -
. ,
Internet (Internet Connection Firewall ICF).
Windows Server 2003 RRAS
(Configure Your Server Wizard CYS),
:
1. , Start All
ProgramsAdministrative ToolsConfigure Your Server Wizard (
).
2. Next.
3. Preliminary Steps ( ) Next.
CYS .
4. Remote Access/VPN Server ( /VPN),
. 13.2, Next.
5. Summary () Next. -
RRAS Setup Wizard (-
RRAS).
6. RRAS Next.
7. , -
RRAS. VPN
VPN
(Network Address Translation NAT). , -

434
IV

VPN, . , ,
, . 13.3.
Remote Access ( ) -
Next.
8. VPN Next.


VPN , -
, -
.

. 13.2. RRAS

. 13.3. RRAS

435
13

9. Finish, -
RRAS.
10. , RRAS -
, . Yes
(), ,
Finish, CYS.
RRAS VPN,
.


(Public Key Infrastructure PKI) -
, . -
, -
, , -
. ,
,
, , -
, , . PKI
-
. , Windows Server 2003
PKI.
PKI , , -
-
.
PKI .



.
, -
(private key), -
, . -
, -
, .
(public key), , -
, .
, , -
. ,
. -
, . -
,
, .

436
IV

(certificate) , -
-
. VeriSign
Internet, , , , Microsoft -
Microsoft, -
.
, -
.
.
Web.
Internet (IPSec).
.
.
-
, -
, , -
, (Certificate Authority CA).

Windows Server 2003


Windows Server 2003 ,
(Certificate Services). -

. Windows Server 2003
-
. -
CA ,
.
Server 2003
:
. CA -
CA
CA. CA -
CA .
. CA -
CA ,
-
. CA -
CA .
. -
CA , -
. CA.

437
13

.
CA
CA, -
, CA.
Windows Server 2003 -
.
1. Start Control PanelAdd or Remove Programs.
2. Add/Remove Windows Components.
3. Certificate Services ( ).
4. (. 13.4) ,
. -
Yes ().

. 13.4. CA
5. Next.
6. , . 13.5,
CA. CA, ,
. Enterprise Root CA (
CA ) Next.

. 13.5. CA

438
IV

7. CA , CA
CompanyABC.
8. -
Next. .
9. -
. -
. Next.
CA.
10. IIS , . 13.6
, Web
, IIS. ,
Next.
11. Finish.

. 13.6. IIS -
CA

-

-
-. - -
.
. - -
, , CA. -
, -
.
PIN-,
. PIN-
.
- -
.
- , -
-. - -
, , . -
, PIN-.
-
, PKI.

439
13


,
, Windows Server 2003
NTFS -
. (Encrypting File System EFS) Win-
dows Server 2003 EFS Windows 2000,
.
, . -
, ,
,
. EFS
.

PKI Kerberos
Active Directory Windows Server 2003 -
PKI, (realm) Kerberos
Active Directory. PKI -

, Active Directory.

Internet
Internet (IP Security IPSec),
, -
, . IPSec 3
OSI , , -
.
IPSec
: -
Internet, -
.

IPSec
IPSec :
, , -
IPSec, -
.
,
.
IPSec.

(NIC) ,
- . , Windows Server
2003 IPSec, -

440
IV

PKI
Kerberos, Active Directory Windows Server 2003.

IPSec
IPSec Windows Server 2003 ,
-
:
. , IPSec-
, ,
3DES, -
.
. IPSec
ESP, , , -
IPSec, .
. IPSec -


.
. IPSec
Kerberos , IPSec
.
NAT Traversal. IPSec Windows Server 2003 -
IPSec -
(Network Address Translation NAT). -
.
2048- -. IPSec Win-
dows Server 2003
2048- , , ,
IPSec.

NAT Traversal IPSec


, IPSec Windows Server 2003
(Network Address Translation Traversal
NAT Traversal NAT-T). , NAT-T, -
, .
(Network Address Translation NAT) -
, Internet IP- .
IP- (10.x.x.x, 192.168.x.x ),
IP-
. IP-
IP-, -
IP-
.

441
13

NAT. -
, -
. RRAS
Windows Server 2003 NAT.
IPSec NAT , NAT
IPSec, -
.
IPSec,
Internet NAT.
IPSec Windows Server 2003 NAT Traversal
Internet, Microsoft Cisco
Systems. NAT-T ,
NAT, IPSec UDP
UDP. NAT UDP,
NAT.
NAT Traversal , IPSec-
IPSec
UDP. IPSec NAT Traversal
-
IPSec, .


NAT-T NAT
. NAT -
IPSec NAT-T. NAT-T, -
, ,
IPSec, NAT-T, NAT NAT.


IPSec
Windows Server 2003
IPSec Windows Server 2003, .
IPSec
Active Directory Windows Server 2003, IPSec -
Kerberos.
IPSec -
, -
.

IPSec Web- . Web-
SERVER7, CLIENT2.

442
IV

IPSec
IPSec, ,
, SERVER7
IPSec Security Monitor ( IPSec) MMC. -
, :
1. Start Run () Run (
) mmc. OK.
2. MMC File () Add/Remove
Snap-in (/ ).
3. Add ().
4. IP Security Monitor ( IP),
Add, Close ().
5. , . 13.7, -
IP Security Monitor MMC. OK.

. 13.7. IP Security
Monitor MMC

6. MMC Console Root \ IP Security Monitor \ SERVER7


( \ IP\SERVER7).
7. SERVER7 -
Properties ().
8. 45 5
, OK. IP Security Moni-
tor MMC IPSec.

443
13

IPSec
IPSec Windows Server 2003
. SERVER7
.
1. Start All ProgramsAdministrative ToolsLocal Security
Policy ( -
).
2. Security Settings\IP Security Policies on Local Computer (-
\ IP ).
3. Server (Re-
quest Security) ( ( )) Assign (-
).
IPSec
IPSec:
Server (Request Security) ( ( )). -
, , IP-
Sec. , -
IPSec. -
, ,
IPSec , .
,
IPSec. -
IPSec, ,
IPSec.
Client (Respond only) ( ( )). -

IPSec.
Secure Server (Require Security) ( ( -
)). . ,
IPSec.
, IPSec, -
,
IPSec.

IPSec
CLIENT2 IPSec,
. -
Windows XP, .
1. Start All ProgramsAdministrative ToolsLocal Security
Policy ( -
). Administrative Tools
().

444
IV

2. Security Settings \ IP Security Policies on Local Computer (-


\ IP ).
3. Client (Respond Only) (
( )) Assign (), . 13.8.

. 13.8. IPSec

IPSec

IPSec CLIENT2, SERVER7
IPSec.
, - -
, , Web- -
SERVER7.
IP (. 13.9), -
MMC SERVER7, , IPSec -
.
IP -
IPSec, IPSec SERVER7 -
.
Event ID 541,
IPSec, . 13.10.
IPSec -
, . -
IPSec -
IPSec .

445
13

. 13.9. IP

. 13.10. -
IPSec

-
, ,
.
, .

446
IV

Windows Server 2003 Win-


dows 2000 -
, VPN, IPSec PKI.

, -
.


-
.
, -
-
.
Windows Server 2003 VPN L2TP,
-
.
IPSec

Internet, .

Windows
Server 2003
14
...
.NET

.NET

.NET Passport

Web-
.NET

.NET Passport



448
IV

Web-,
.NET. .NET
, , -
-
.
.NET .NET (,
) , , -
, Web-, .NET Passport. -
(Single Sign-In SSI)
Web-, intra-
net- , Web- .
.NET -
. -
Web-. , Web-
.NET, -
, Web- -
, .
SSI .NET Passport
Web- . -
Microsoft .NET Passport for Kids ( .NET),
Web-
(Childrens Online Privacy Protection Act COPPA). -
COPPA Web-
, , , -
.


.NET
-
. .NET
, , , , :
.NET -
.
SSI
-
.
.NET -
, .
.NET -
.
.NET ,
, Active Directory Web-, Outlook
Web Access (OWA).
Windows Server 2003
449
14

, ,
(, PIN-
). -
PIN- ,
.NET Passport.


.NET
.NET Passport .NET,
Microsoft. ,
, ,
.
.NET , -
.
, .NET Passport,
Microsoft,
Internet. .NET, -
:
Web- .NET Passport Micro-
soft (http://www.passport.com).

(Privacy Policy) .NET Passport (http://www.passport.net/Consumer/PrivacyPolicy.asp)
(Statement of Policy) Microsoft (http://www.microsoft.com/
info.privacy.htm). .NET Passport for
Kids ( .NET), -
.NET
(.NET Passport Kids Privacy Statement) (http://www.passport.net/Consumer/
KidsPrivacyPolicy.asp?lc=1033).
.NET Passport , -
(Preproduction ID, PREP). ,
, -
.
Web- .NET Passport ( -
) -
. -
Microsoft.
.NET Passport,
.
(Site ID),
. .NET Passport
( ).
, ,
.

450
IV

!
, , .NET Passport Development Kit (SDK) -
2.1 Windows Server 2003
.NET Passport.
IIS 6.0,
5.0. .NET Passport
Windows Server 2003.

PREP ID
.NET
Passport , .
-
.NET. ,
.NET Passport ,
(Site ID).
Web-
.NET (.NET Services Manager) Microsoft (https:/www.netservicesmanager.com),
. 14.1.

. 14.1. Web- .NET


:
.NET Passport /.
.NET.
.
, .
.
Windows Server 2003
451
14


.NET Passport, .
1. Create and Manage an Application (
). .NET Passport,
,
.NET Passport. .NET
Passport ,
.NET Passport.
2. ,
Accept Terms ( ).
User Information ( ), -
. ,
.
3. Create and Manage an Application Create
Application ( ).
4. Create Preproduction Application ( )
Submit ().
5. Add Service ( )
() /. -
: .NET Passport ( .NET), Kids Passport with SSI (
) Microsoft Alerts ( Microsoft).
Next (), .
6. -
. Web- -
.NET. General
.NET Passport Information ( .NET Passport). , -
Web Site Title ( Web-), Domain Name
( ), Default Return URL (URL- ) Privacy
Policy Location ( )
. , Next,
.
7. .
. Next, -
, .NET Passport (,
), . 14.2, -
.
8. Web- .NET Passport SSI. -
Expire Cookie URL (URL- cookie-) -
. , cookie-,
.NET Passport.
9. Kids Passport, ,
, -
( ).

452
IV

10. Submit ().


.NET Passport .
( ), -
, .

. 14.2. .NET Passport



.NET
(Passport Manager Ad-
ministration), . 14.3.
(PREP ID).
.NET Passport
SDK,
, .NET.
Windows Server 2003 .
,
:
1. , Start () Run (),
Run ( ) MSPPCNFG.EXE.
2. Site ID ( ) -
.
3. : Return URL (URL- ), Cookie
Path ( cookie-) .
Windows Server 2003
453
14

. 14.3.
, -
, -
. (*.ppi), -
File () Save As ( ).



.NET Passport, -
.
.NET Passport.
, .
1. Web- .NET (.NET Services Manager)
Microsoft .NET Passport.
2. Applications () Manage
Applications ( ).
3. Next.
4. Download a Key ( )
Request Key ( ). Microsoft
, .
5. Create Your Security Key ( ), -
. 14.4, ,
, .
, .
Continue ().

454
IV

. 14.4.
6. , ,
Continue.
7. Security Key Sign-in ( ) -
Sign In (-
).
8. Download Key ( )
Web-, .
9. Download Key ( ).
Save ().
Key Download ( )
.
( ,
, Web- ):
1. Start All ProgramsAdministrative Tools (
) Services ().
IISAdmin. , IIS.
2. Start Run () ,
cmd.exe. ,
.
3. partner####_#.exe /addkey, #
.
4. partner####_#.exe /makecurrent /t 0.
5. IISAdmin , IIS
(, World Wide Web (World Wide Web Publishing)).
Windows Server 2003
455
14

.NET

.NET Passport -
.NET Services. -
.NET Passport .
, netservs@microsoft.com. -
.
,
.NET Passport,
Web- .NET Microsoft. ,
, -
/.
, .
1. Web- Microsoft .NET
.NET Passport.
2. Applications Manage Applications.
3. Next.
4. Submit Compliance ( ), -
.
5. Web- Go to
Manage Agreements ( ).
6. Microsoft
(Microsoft Services Agreement),
(Agreement Association). , -
Microsoft. -
-
(Agreement Association),
.


.NET Passport
.NET Passport -
, .
, .NET Passport for Kids ( .NET) .NET Passport
SSI, ,
Internet .
Web- ,
, ,
.NET . -
-
.

456
IV


-
.NET,
. , ,
.NET Passport -
.
.NET Passport.


.NET

,
.NET Passport. -
.NET, .


, , -
, -
.

.NET .
, -
.NET.


.NET Passport :
.NET Passport
(http://www.passport.com), . 14.5.
, -
.NET Passport Microsoft
( ).

MSN Hotmail (http://www.hotmail.com) MSN
Internet Access ISP, -
.NET Passport SSI.
.NET Passport (.NET
Passport Registration Wizard) Microsoft Windows XP.


.NET Passport -
.
@.com. , .
Windows Server 2003
457
14

. 14.5. .NET Passport


.NET :
. -
, :

/







Web-
.NET Web-
. Windows .NET
Windows Server 2003, -
, , -
. .NET Passport -
Web- .
.NET Passport Web-
.NET Passport Outlook Web Access

458
IV

(OWA). OWA Microsoft Exchange, -


HTTP, Web -
Outlook. OWA IIS, -
.NET
.NET Passport.

.NET

.NET Passport Windows Pocket PC


2002 Phone Edition ( ) ,
Microsoft Mobile Explorer (MME) HTML, i-mode,
(Wireless Access Protocol WAP) -
(Handheld Device Markup Language HDML). -

. :
.
SSI.
.NET Passport for Kids ( ).
.


-
. .NET Passport -
(Secure Socket Layer SSL),
Web- .
.

, , -
.
, PIN-, -
.
- .NET Passport,
, -
.NET Passport.
, . ,
, ,
.
.

.NET
.NET , -
.NET Passport.
Windows Server 2003
459
14

, -
.NET Passport.
.NET Passport PUID .NET Passport.
.NET Passport PUID -
cookie- .NET Passport:
Cookie- . PUID .
Cookie- . .NET Passport.
Cookie- . , -
.NET.
.NET,

.NET Passport, , -
Microsoft . , -
. -
.NET Passport, -
, Microsoft.
cookie- ,
URL- , . Inter-
net Explorer (IE) cookie- .NET Passport.
,
cookie- . -
(Passport Manager Administration)
cookie-,
.

Cookie- .NET Passport


, ,
.NET Passport cookie-
. cookie- -
.
, cookie- .NET Passport
, .NET Passport
.
.NET Passport , -
.NET Pass-
port cookie- .
cookie-
.

. ,
,
.

460
IV


,
.NET Passport .
SSL, .
.NET Passport SSL Windows Server 2003, -
SSL . SSL Windows Server
2003 , SSL.
SSL -
Web-. -
(Network Interface Card NIC), -
()
SSL. -
Web-.
SSL -
, Web-
. SSL
.

.NET Passport
.NET Passport , -
, . -
. -
, Microsoft

.
Microsoft , ,
.NET Passport:
.NET Passport Privacy Statement ( .NET
Passport). Microsoft -
Web- .NET Passport .NET
Passport Web-
http://www.passport.net/Consumer/PrivacyPolicy.asp
Microsoft Statement of Policy ( Microsoft).
Web- http://www.microsoft.com/info/privacy.htm.
Microsoft
, , , , -
.
.NET Passport Kids Privacy Statement (
.NET). ,
http://www.passport.net/Consumer/KidsPrivacyPolicy.asp?lc=1033, -
.NET Passport .NET Passport
for Kids ( .NET). -
.
Windows Server 2003
461
14

Microsoft .NET Passport


(Fair Information Practices FIP),
, -
(Online Privacy Alliance),
(U.S. Federal Trade Commission),
(European Union Directorate General) -
.
, , -
, , . , .NET Passport,
Microsoft
,
.


.NET Passport,
.NET Passport SSI.
.

.NET Passport for Kids


.NET Passport for Kids ( .NET)
.NET Passport SSI COPPA -
. -
, , ,
. 13
, Web-.
.NET Passport for Kids, -
, ,
.NET. . 14.1.

14.1. .NET Passport for Kids



Deny ()
. -
.
Limited , -
() , . -
.
Full () , -
, ,
( ).

462
IV

.NET Passport for Kids (


) ,
COPPA. , -
. , -
, -
.


.NET Passport . -
, Web- .NET
Passport, .

-
.
.NET Passport ,
. .NET Passport -
.NET .


.NET Passport,
netservs@microsoft.com Web- http://www.microsoft.com/licensing/.
.

, -
,
Microsoft .

.NET Passport , -
. .NET
Passport -
, Windows Server 2003 .NET
Passport -. .NET Passport
,
. -
Web- , ,
, , . .NET
-
-
.
Windows Server 2003
463
14


Windows Server 2003,

, .
.NET Passport
.
.NET Passport Web-, Outlook Web
Access (OWA).
, -
(, PIN- -
).
.NET Passport (.NET
Passport Privacy Policy),
http://www.passport.net/Consumer/PrivacyPolicy.asp
Microsoft (Microsoft Statement of Policy),
http://www.microsoft.com/info/privacy.htm.
.NET Passport for Kids ( -
.NET), -
.NET (.NET Passport
Kids Privacy Statement):
http://www.passport.net/Consumer/KidsPrivacyPolicy.asp?lc=1033
Windows Server 2003 -
, .NET Passport. -
Windows Server 2003.
-
.NET SSL.

15
...




466
IV

-
, -
. -
,
. ,
IT-,
,
.
-
.
. - , -
. -
, -
.
, -
. -
Windows Server 2003
. -
, Windows Server 2003.


, -
, -
, . ,
, , -
(Health Insurance
Portability and Accountability Act HIPAA) -
, -
-- (Gramm Leach Bliley Act GLBA).


HIPAA GLBA -
http://www.cms.hhs.gov/hipaa/ http://www.senate.gov/~banking/conf/.

, , -
.
.
, , -
.


, ,
, (, -
, ), -
, .

467
15

-
, :
.
.
.
Exchange Server.
: -,
-
, , -, .
.


, -
. -
, -
.
, -
. , ,
,
, ,
.



-
, .
, -
.



. ,

:
.
( ,
).
(, -
-
).

468
IV

-
, .
.

IT-
, IT- -
, . :
.
,
.
-
, -
.


, -
. ( , ), -
, (
-) -
( ) -
. , , , ,
.
.


-
. -
-
.

-
-
. -
, , -
, .


, -
, -
, (National Institute of
Standards and Technologies NIST) (National
Security Agency NSA).
, Web-
(http://www.nist.gov http://www.nsa.gov, ).

469
15


, ,
. , -
,

.
,
-
(Virtual Private Network VPN) (Terminal
Services), , -
. , -


(, VPN L2TP IPSec).
-
. -
.

- -
Internet. ,
.
. -
.
,
. , -
. , -
,
. ,
Internet.
, ,
.
, -
,
.
. , , -
NetBIOS , -
NetBIOS.
137, 138 139.


(Intrusion Detection Systems IDS)
-
. IDS -
.

470
IV

IDS
, . , -
IDS , -
IT-, ,
Internet. -
.



,
IP-.
,
. , -
2 1433 1 -
. -
IP- .




. , -
.
,
.
( -
, , ).

-
. . -
-
Windows Server 2003. (authentication) , -
.
, , . -
, -
.
Windows Server 2003 -
:
Kerberos.
.NET.
.
(Secure Socket Layer SSL).
HTTP.
S/MIME.

471
15

.
, Active Directory , ,
Kerberos.
, , :
, .
, SSL-, Web-
-
.
( -
),
.

, ,
, Windows Server 2003
. ,

Kerberos. , -
.
(authorization).
, ,
. -
(Access Control List ACL) .

NTFS (New Technology File System ). -

. -
(Encrypting File System EFS), -

.
NTFS,
.
Everyone ( ).
, .
, -
, .
, -
, ,
.
.


-
. -

472
IV

IIS, , NTFS
, . -
, , -
.
,
.
-

.
.
-
, ,
, .



,
. , -

.

:
Windows Server 2003.
,

.

.

.
,
.
(Group Policy Objects GPO)
, -
. , Run ()
.

Windows Server 2003 ( )
, .
, -
.

. -

473
15

, -
-
, .


-
, .

GPO. ,

, . -
, GPO , -
, , -
. GPO -
29.

. ,
, -
.
.
, .
-
.
, -
. .
-
. -
, . ,
, .
,
. ,
.



,
,
, -
. Windows Server 2003 -
.

474
IV


(Certificate Authority CA) -
(Public Key Infrastructure PKI). PKI -
, ,
. -
, ,
. ,
.

. -
, -
. , ,
, , -
.
Windows Server 2003
:
1. Start () Control Panel ( ).
Add or Remove Programs ( -
).
2. Add/Remove Windows Components ( -
Windows), Windows Compo-
nents Wizard ( Windows).
3. Certificate Service ( ).
Yes ().
Next ().
4. CA. :
Enterprise Root CA ( CA ).
Active Directory -
. -
.
Enterprise Subordinate CA ( CA ).
CA . -
Active Directory CA -
.
Standalone Root CA ( CA). -

. -
CA Active Directory.
Standalone Subordinate CA ( CA). -
CA
CA.
5. Use custom settings to generate the key pair and CA certificate
( -

475
15

CA) Next, -
(Cryptographic Service Provider CSP),
, . 15.1.

. 15.1.
6. CA .
CA ( ).
Next.
7. , .
Next.
8. CA Finish ().


Windows Server 2003 certutil.exe,
CA . Microsoft
, .
, ,
, -
,
. , ,
.


,
. -
. , -
,
.

476
IV

(Event Viewer)
Windows Server 2003 . ,
, ,
, , .

. , 128 ,
.


,
( ).

-
. , -

. -
.
.

C
Windows Server 2003 -
Microsoft (Microsoft Operation Manager MOM).
, ,

Windows Server 2003.

-
. -
, , , ,
. , LC4,
LOphtCrack, -
,
. -
-
.

Security Configuration and Analysis


Windows Server 2003 -
(Security Configuration and Analysis) -
. -
.
,
.

477
15

,
.


Security Configuration and Analysis
. , X -
.

Security Configuration and Analysis,


:
1. Start Run () MMC.
OK.
2. File Add/Remove Snap-In (/ ).
3. Add ()
Security Configuration and Analysis ( ).
Add Standalone Snap-In ( )
Add.
4. Microsoft, Close (),
OK.
5. Security Configuration and Analysis .
-

.
6. , -
Security Configuration and Analysis -
Open Database ( ).
7. , ,
.
8. , Open ().
9. Import Template ( )
Open.
setup security.inf.
10. Action () Analyze Computer Now ( -
).
11. Perform Analysis () ,
. OK.
12. Security Configuration and Analy-
sis -
, . 15.2. -
,
Action Configure Computer Now ( ), -
.

478
IV

. 15.2. -
Security Configuration and Analysis
Security Configuration and Analysis -
Windows Server 2003 .
. -
-
.


Microsoft
Microsoft (Microsoft Baseline Security
Analyzer MBSA) , -

Windows-. MBSA
Windows- Windows- ,
. ,
MBSA ,
Microsoft SQL Server Exchange, -
Windows,
, .
MBSA .
1. XML- MBSA.
,
.
2. ().

479
15

(Security Configuration Wizard SCW)


, Windows Server 2003 Service Pack 1,
.
, SCW , -
, . ,
, . -
, -
, .
SCW , -
:
. SCW .
. SCW -
.
. -
.
IIS. SCW IIS, Web Extensions
.
. ( , ,
, Web-, ), (
, ) -
-
. -
15.3 15.4. -
Exchange Server 2003, SQL Server
2000, ISA Server, SharePoint Portal Server 2003 Operations Manager (
).
IPSec. SCW IPSec.
. SCW -
LanMan, SMB,
NoLMHash LDAP
.

!
SCW .
, . -
.
.

480
IV

. 15.3.

. 15.4.
SCW -
, , -
. SCW
Microsoft ,
. , SCW ,
Security Configuration and Analysis,
, -
. , SCW -
, Group Policy
, . 15.5.

481
15

. 15.5. SCW


Windows
Windows (Rights Management Services RMS)
,
. -
:
.
, ,
,
.
, , -
.
RMS -
. , , -

,
. , RMS -
Web-. -
.
RMS -
Microsoft Office 2003, WRM , -
XrML (Extensible rights Markup Language
) . -
, RMS, , , -

482
IV

, .
,
. RMS -
.

Windows Server 2003


. -
, .
, , -
. -
-
.


-
, .
-
.
, -
, -
(Health Insurance Portability and Accountability Act HIPAA),
http://www.hipaa.org/.
-
-- (Gramm Leach Bliley Act GLBA)
http://www.senate.gov/~banking/conf/.
-
.
-
.
-
.
,
.

.
, -
.
, , NTFS.
Everyone ( ).

483
15

, -
.
,
, .
, -
,
.
.
Windows
Server 2003. ,

.
-
.

.
, , -
.
(GPO)
. , Run (-
) .
Windows Server 2003
( ) , -
.

.
, .
, -
. -
.
.
,
.
, -
.

.
-
Security Configuration and Analysis.

Windows
Server 2003
V

...
16. Windows NT4
Windows Server 2003
17. Windows 2000
Windows Server 2003
18.
Windows Server 2003
Windows NT4 Windows Server 2003
487
16

Windows
NT4 Windows
Server 2003 16
...
Windows
Server 2003
Windows NT4
Windows Server 2003


Windows NT4 Windows
Server 2003
Windows NT4

Active Directory Microsoft
Windows Server 2003
488
V

Windows Server 2003 -


Windows NT4 .
-
.
, , -

Active Directory , -
Windows NT4 Windows Server 2003.
, -
.

Windows
Server 2003
, -
Ac-
tive Directory. . , -
,
.
, , -
- .
(inplace).

Windows NT4 Windows Server 2003
Active Directory.
NT4 NT4 -
Windows Server 2003 Active Directory.
Windows
NT4 Active Directory.
.
, -
Windows NT4 Active Directory.
: -
Active Directory.
, .




. -
. -
.
Windows NT4 Windows Server 2003
489
16


, -
Windows NT4. -
-
Windows Server 2003 Active Directory
NT4 Windows Server 2003 Active Directory. -
, -
, -
.
: ,
Windows Server 2003, -
Active Directory Active Directory
Windows NT4 -
, . ,
-
. ,
-
, -
Windows, NT4. -
, ,
. -
Win-
dows NT4 Windows Server 2003 ,
.


Windows NT4 Windows 2003 -
NT4 . -
, -
, ,
( ) , ,
.

Windows
NT4 Windows Server 2003


Windows NT4. Windows NT4 -
Windows Server 2003 -
Active Directory Windows Server 2003 -
Windows NT4.
Active Directory (Active Directory Migration
Tool ADMT) Windows NT4
Active Directory Windows NT4 -
Active
Directory, . 16.1.
Windows Server 2003
490
V

companyabc.com

NTDOMAIN1

NTDOMAIN2

Active Directory

. 16.1. Windows Server 2003


Windows Server 2003 Active Directory
Windows NT4, -
.

, . ,
Windows NT4 , -
, Active Directory .
-
, -
Active Directory. -
Windows NT4 Windows
Server 2003, -
-
.

, ,
?
, -
Active Directory ( -
Windows NT4), ,
, . Active
Directory , -
, , , -
. -

, , -
, , -
.
Windows NT4 Windows Server 2003
491
16

-
.
FSMO.
,
. , -
, , ,
, .
-
. - , -
,
Windows NT4. -
, -
DNS- . , Windows
NT4 CompanyX, Active Directory Win-
dows 2003 , , companyabc.com.
CompanyX NetBIOS, Active Directory DNS-.
,
, , -
, .
-
, ,
.

Windows NT4
Active Directory
Windows Server
2003 Active Directory,
. -
, -
Windows NT4. -
NT.
.
Active Directory,

, .
, -
, .
,
. -
, -
-
Active Directory. -

Active Directory.
Windows Server 2003
492
V

Windows NT4
Windows Server 2003
Windows Server 2003 Active
Directory
Windows NT4.
, Active Directory Windows Server
2003
Windows NT4 Windows Server 2003 -
, -
. ,
Windows Server 2003 , -
Windows Server 2003 -
.
,
-
Windows Server 2003.

Windows Server 2003,


Windows
NT4 Windows Server 2003. -

(Compatibility Check) Microsoft, -
Windows Server 2003.


, -
Windows Server 2003, Web- Microsoft. -
http://www.microsoft.com/hcl.

-
Windows Server 2003. -
.
-
.
Windows Server 2003. -
, ,
Run () Windows. -
,
d:\i386\winnt32\checkupgradeonly, d: -
-.
Windows
Server 2003. Windows
Windows NT4 Windows Server 2003
493
16

Server 2003 Active Directory. -



.



-
-
Windows Server 2003. -
-
, ,
. -
-

Windows Server 2003.


Windows NT4 -
Windows NT4. -
, -
Windows Server 2003.
:
Windows NT 4.0 Service Pack 5 .
Windows NT 4.0 Terminal Server Edition Service Pack 5 .
Windows NT 4.0 Enterprise Edition Service Pack 5 .


Windows Server 2003, , -

Windows Server 2003. -

. -
-
:
x86. Windows Server 2003 -
Intel Pentium Celeron, AMD K6, Athlon Duron
133 . Microsoft
550 . Windows Server 2003 -
128 . -
. Microsoft
256 .
Itanium. -
733 , 1 .
Windows Server 2003
494
V

,
Windows NT4
, Windows NT4 -
, , ,

(Disk Manager) Windows NT4. -
Windows Server 2003
Windows NT4, Windows Server
2003 - . -
Windows NT4, -
, .


Windows NT4 , -
Windows Server 2003 Windows NT4.


,

.

,

-
, -
Windows NT4,
.

!
,
.
-
.

,
Windows NT4 Windows Server
2003 , -
(Primary Domain Controller PDC) Win-
dows NT4 .
, -
,
, . -
Windows NT4
(Backup Domain Controller BDC), ,
, .
Windows NT4 Windows Server 2003
495
16


Windows Server 2003

. Win-
dows NT4 Active Directory, Windows
Server 2003
.
: -
(Dynamic Host Configuration Pro-
tocol DHCP), Internet- Windows (Windows Internet Naming Service
WINS) (Domain Name System DNS).
- -
- -
, -
. Windows Server 2003 Active Directory
,
DNS DHCP.
,
.

SAM
NT 4.0
SAM (Security Account Manager
) Windows NT4 Windows Server
2003, :
1. Win-
dows NT4 Windows Server 2003 Active Directory, -
. SAM Windows
NT4 , .

.
2.
, .
Windows NT4
, .
Active Direc-
tory
Windows NT4 Windows Server 2003 Active Directory.
Windows NT4 -
SAM
Windows NT.
SAM -
(Server Manager) Windows NT.
Windows Server 2003
496
V


Windows
NT4 Windows Server 2003 Active Directory.
:
. -
Windows NT4 -
.
Windows NT -
, ,
Windows Server 2003 Active Directory.


, -
. SAM
,
Windows NT. -
SAM , -
SAM Windows NT4 .

. -

.
Windows NT4. , -
, , -
DCPROMO Windows Server 2003.
.
. -
,
. Win-
dows Server 2003 Active Directory DNS Microsoft.
TCP/IP TCP/IP- DNS-
, Active Directory.


Windows NT4
, .
1. - Windows Server 2003
. ,
Windows Server 2003 (Windows Server 2003 Setup
Wizard). , Windows
Server 2003 , Setup.exe -
Windows Server 2003.
Windows NT4 Windows Server 2003
497
16

2. Welcome to Windows Server 2003 Family ( -


Windows Server 2003) Install Windows Server 2003 (-
Windows Server 2003), -
Windows Server 2003 Active Directory.
Windows (Windows Setup Wizard), -
.
3. Welcome to Windows Setup ( -
Windows) . -
Upgrade (Recommended) ( ()).
Windows NT4
Windows Server 2003 Active Directory. Next ().
4. Microsoft,
Licensing Agreement ( ). -
.
I Accept This Agreement ( )
Next.
5. Windows Server 2003 ,
- Windows Server 2003. 25-
Next.
6. , -
Report System Compatibility ( ),
Details (). Next.
Windows Server 2003 ,
. -
. -
.

Active Directory
Windows Server 2003 -
Windows Server 2003,
Active Directory (Active Directory Installation Wizard),
. 16.2.
Active Directory :
1. Next.
Windows NT4
Active Directory.


NT4 -
Active Directory. -
, -
Active Directory.

2. Operating System Compatibility (-


). Next.
Windows Server 2003
498
V

. 16.2. Active Directory


3. Create New Domain ( )
, Next.
, Active Directory ,
. -
NT, ,
DNS Microsoft .
4. DNS-, Windows Server 2003 Active
Directory, Yes, I Will Configure the DNS Client (,
DNS).
5. DNS-, DNS-
Active Directory, No, Just Install and
Configure DNS on This Computer (,
DNS ). Next.
6. New Domain ( ) DNS- .
, 5 -
DNS- Active Directory. Next.
.
7. Active Directory Active Directory
Users and Computers ( Active Directory)
MMC .



Windows NT4 Windows 2000 Windows Server 2003.
, -
Windows NT4 Windows 2000. Windows Server
2003 Interim Forest ( Windows Server 2003) -
Windows NT4, -
Windows 2000 Domain ( Windows 2000)
Windows 2000 .
Windows NT4 Windows Server 2003
499
16

, Windows 2000 -
Windows Server 2003.
, :
8. Windows Server 2003 Next.
9. Database and Log Folders ( )
Active Directory .
Active
Directory , ,
, Next.
-
Active Directory.
10. SYSVOL,
, , Next. SYSVOL
. -
-
Active Directory.
11. Permissions ( ) Permissions Com-
patible Only with Windows 2000 or Windows Server 2003 Operating Systems (-
, Windows 2000
Windows Server 2003) Next. ,
Windows NT4.
Active Directory , -
Windows NT.
Windows Server 2003
.



, :
12. Directory Services Restore Mode ( -
), Directory Ser-
vices Restore Mode.
.
, Windows
Server 2003 Active Directory Di-
rectory Services Restore Mode.
Domain Administrator ( ) -
Enterprise Administrator ( ) Active Direc-
tory. , Next.
13. ,
, .
. - -
, Back
Windows Server 2003
500
V

(). , , ,
Next.

!
Next Active Directory Microsoft DNS,
.

Finish () , -
Windows Server 2003. -
, - .



. ,
, -
.
Active Directory Users and Computers MMC,
Windows Server 2003 Active
Directory.



-
Windows Server 2003 Active Directory
.


, -
, ,
.

-
Windows NT4 Active Directory -
.
, NT
Windows Server 2003 Active Directory
. Windows NT4.
, ,
.
,
.
,
, DHCP WINS. -
-
.
Windows NT4 Windows Server 2003
501
16



- Windows Server
2003 .
, Windows Server 2003.
, -
.
, Windows Server 2003 -
, Setup.exe - Windows Server 2003. -
.
1. Welcome to Windows Server 2003 Family ( -
Windows Server 2003) Install Windows Server 2003 (-
Windows Server 2003).
Windows (Windows Setup Wizard),
.
2. Welcome to Windows Setup ( -
Windows) .
Upgrade (Recommended) ( ()). -
Windows NT4 Windows
Server 2003. Next ().
3. Licensing Agreement ( ) -
Microsoft. -
. ,
I Accept This License Agreement ( -
), Next.
4. Windows Server 2003 25- -
. 25-
Next.
Windows
NT4 Windows Server 2003
. -
. -
.


Windows NT4
Windows Server 2003
Microsoft Active Directory -
Windows NT4 -
. Active Directory
, -
.
Windows Server 2003
502
V


Windows Server 2003,
Active Directory (Active Directory Installation Wizard).
, :
1. Next, Active
Directory.
2. Member Server ( ), -
. 16.3, Next. Active Di-
rectory Active
Directory.

. 16.3.
3. Network Connections ( ) Windows Server
2003 TCP/IP- DNS- Active Directory. -
DNS- Next. ,
-
DNS- . -
TCP/IP- DNS-
, Configure Domain Name Service Client (-
).
4. Network Credentials ( )
Domain Administrator ( )
.
5. Administrator Password ( )
Active Directory .
Next.
6. -
.
Finish, Active Directory
.
Windows NT4 Windows Server 2003
503
16

7. Active Directory ,

Active Directory.
Event Viewer ( )
,
. -
, ,
.


Windows NT4 Windows
Server 2003
-
, ,
Windows NT4 Active Directory.
Active Directory Windows
Server 2003 , Windows 2000,
, -
Windows NT4 Active Directory, -
Active Directory (Active Directory Migration Tool) -
Windows NT4 Active Directory.
Windows Server 2003 Windows
NT4 ,
, , -
.
Active Directory
NT4
Windows NT4 Active Directory. -
NT4 , -
, -
.


Windows Server 2003

Microsoft Active Directory. Windows Server
2003 Active Directory DCPROMO. -
Active Directory (Active Directory Installation Wizard), -
:
1. Start () Run (),
DCPROMO. Active Di-
rectory (Active Directory Installation Wizard), -
Windows Server 2003
504
V

Windows Server 2003. Operating


System Compatibility ( ) ,
, Next ().



Windows Server 2003 -
. Windows Server 2003
Active Directory, (Compatibility Check),
. , -
Windows NT4, Active Directory -
.

Active Directory -
Active Directory. -
-
.
2. Next, -
Active Directory.
, Domain Controller Type ( )
Domain Controller for a New Domain (
). Active Directory,
.
3. , Create New Domain (
) Domain in a New Forest ( )
Next.
4. Install and Configure DNS ( DNS) -
DNS Active Directory.
DNS -
DNS- . -
, No, Just Install and configure the DNS Server
on This Computer (, DNS-
).
Microsoft DNS, TCP/IP ,
DNS.
5. DNS- Active Directory.
DNS- Windows NT
.
Next.
6. NetBIOS, Next.
NetBIOS , Windows NT4
Active Directory.
.
7.
Active Directory.
Windows NT4 Windows Server 2003
505
16


Active Directory , -

.
Active Directory
, .
Active Directory Browse ().
Active
Directory , RAID- .

8. SYSVOL Browse -
, , Next.
SYSVOL Active Directory. -

NTFS-. SYSVOL
. Active Directory

Windows Server.
9.
Windows Server 2003, ,
Windows 2000 Windows Server 2003.
.
Active Directory -
Windows NT4. Permissions Com-
patible Only with Windows 2000 or Windows Server 2003 Operating Systems (-
, Windows 2000
Windows Server 2003) Next.
10. Directory Services Re-
store Mode ( ). Directory Ser-
vices Restore Mode
. -
, Windows Server 2003 Active
Directory Directory Services
Restore Mode. Domain Administrator
( ) - Enter-
prise Administrator ( ) Active Directory.
Directory Services Restore Password ( -
) Next.
11. Finish.
Active Directory.
, Restart Now (
). , , -
, -
, .
Windows Server 2003
506
V

Windows NT4 Active


Directory, -
,
.


Windows NT4
Windows Server 2003
NT4 Active Directory

Windows NT4. Windows NT4
(source domains), Active Directory Windows Server
2003 (target domains).
. -
Windows Server 2003 Administrator Tools (-
) Active Directory Domains and Trust Manager (-
Active Directory).
Action () Active Directory
Trust ().
Windows Server 2003 Active Directory -
(New Trust Wizard).
, , -
New Trust ( ). -
Next.
Trust Name ( )
Windows NT4, .
NetBIOS-, -
DNS- . Active Directory
Windows NT4. Next.


-
TCP/IP .
Internet- Windows (Windows Internet Naming Service
WINS) TCP/IP ,
WINS.
Active Directory Windows
NT4, Windows Server 2003 Native ().
-
, Active Directory.

. Direction of Trust
( ) Two-Way (-
), ,
. Next.
Windows NT4 Windows Server 2003
507
16

, -
Domain-wide Authentication ( ). -
Windows NT4
Active Directory. Windows Server 2003 -
NT4 .
Administrator ()
, Active Directory
. Next.
.
-
, . -
Windows NT4
Windows Server 2003 -
. Next.
.
Back, - ,
Next, -
, .
Next.
-
.
,
Windows NT4. ,
Windows NT4. Confirm Outgo-
ing Trust ( ) No, Do
Not Confirm The Outgoing Trust (, -
) Next.
Confirm Incoming Trust ( -
) No, Do Not Confirm The Incoming Trust (,
). Next,
. -
Finish, -
.
Windows
NT, . -
Windows NT,
(User Manager for Domains) Windows
NT4. Policies () Trust Relationships ( -
), Trust Relationships ( ) Windows NT4.
Trusted Domains ( ) Add (-
). ,
. ,
-
Domain Administrator ( ).
-
.
Windows Server 2003
508
V

Add
Trusting Domains ( ). , -
.
Windows NT4, -
Windows NT4 . Close
(), Trust Relationships ( ).

-
, . -
Administrator ()
-
. OK .


Windows Server 2003
Active Directory

Windows Server 2003 Active Directory
Windows NT4 -
Active Directory Windows Server 2003.
Windows Server 2003,
Active Directory, 5. ,
, -
Active Directory.
Active Directory Users and Computers ( Active Directory)
MMC .
Active
Directory -
Active Directory.
Active Directory -
Ac-
tive Directory (Active Directory Migration Tool), . 16.4.
,
Active Directory Microsoft.

Windows NT4 -
(Security Identi-
fier SID).

.
Windows NT4 Windows Server 2003
509
16


NTDOMAIN



Active Directory

NTDOMAIN

NTDOMAIN

. 16.4.
Windows Server 2003 Active Directory
SID,
. SID -
, -
(, ) Windows
NT4 , .
-
Active Directory Microsoft
SID . SID -
Windows NT4. -
Active Directory SID

.

Windows NT4
, , -
Windows NT4
Windows NT4. , -
. Windows NT4
Windows Server 2003 Active Directory
Windows NT4.
Active Directory.
Windows Server 2003
510
V

-

Active Directory.


,
, , -
.
Windows NT,
Windows NT.


Active Directory Windows NT4 Active Directory
, . 16.5.

. 16.5.
-
Windows NT4
Active Directory -
Windows NT4.


Windows NT4
Active Directory
-
Windows NT4 Active Directory. -
Active Directory

Active Directory.
Windows NT4 Windows Server 2003
511
16

, -
, Windows NT4,
Active Directory
Active Directory. , -
, .



Active Directory
-
Windows
NT4 Active Directory.
Active Directory -
Windows NT4.
, -
, Active Directory
Windows NT4. ,
-
. Win-
dows NT Active Directory
,
Active Directory Microsoft.


Active Directory Microsoft
Active Directory (Active Directory Migration Tool ADMT)
, Windows Server 2003. ADMT
Windows NT4 -
Windows Server 2003 Active Directory.
:

.
-
.
-
.

.
-
.
Windows Server 2003
512
V


.
-
.

.
Active Directory ADMT
Active Directory .
Active Directory ,
Active Directory.

Active Directory
Active Directory, ,
.
Windows NT4 Active Directory
.
Active Directory Administrator ( Active Directory)
Domain Administrators ( ) Windows NT4.
Administrator () Windows NT4
Local Administrators ( ) Windows Server 2003.
Active Directory - -
Windows Server 2003. Windows
I386 -. ADMIGRATION.MSI,
ADMT, Active Directory
(Active Directory Migration Tool Installation Wizard).
Next.
(End User License Agreement)
Next, ADMT.
, Next.
Finish, Active Directory.


ADMT , -
. ADMT -
.
ADMT README.DOC
ADMT.


Active Directory
Active Directory
Active Directory .
Windows NT4 Windows Server 2003
513
16

,
Windows NT Active Directory:
1. Active Directory, ADMT -
Active Directory. -
Start Administration ToolsActive Directory Migration Tool (-
Active Directory).
2. Action ADMT User Account Migration Wizard ( -
ADMT), Next.
Active Directory.


, -
.
Active Directory, .

3. ,
Migrate Now ( ) Next.
4. Domain Selection ( ) -
. ,
Next.


Native (),
. ,
.

5. Add (), -
, .
, Advanced () -
. OK,
Advanced Select Users ( -
) User Selection ( ).
Next.
6. Organizational Unit Selection ( )
OU, -
.
. -
Browse ().
OK, Browse the Container ( -
) Organizational Unit Selection. -
Next.
7. NT,
ADMT.
,
ADMT.
Windows Server 2003
514
V

8. .
(Target Ac-
count State):
Enable Target Account ( ). -
Active Directory
.
Disable Target Account ( ). -
, -
Active Directory.
Target Same As Source ( -
).
, .
Enable Source Account ( ). -
.
Disable Source Account ( ). -

Active Directory. -
( )
.
Days Until Server Accounts Expires (
( )). -
. -
-
.
9. Disable Source Account.
.
10. SID ,
Migrate Users SID to Target Domain ( SID -
). SID
.
ADMT , -
.
, -
,
.
SID -
. ,
.
11. -
, Yes ().
12. SID , -
NTDomain. ,
, Yes -
.
Windows NT4 Windows Server 2003
515
16

13. Yes, -
TcpipClientSupport.
14. Yes,
.
OK PDC Windows NT.
15. SID , -
Administrator
() .
, Windows NT.
, . 16.1,

.


, , -
ADMT. -
.

16.1.
ADMT
Translate Roaming Profiles , Win-
( - dows NT4 -
) .

-
.
Update User Rights -
( - , Active Directory
) ,
Update User Rights.
,
,
Windows NT4.
Migrate Associated User -
Groups ( . ADMT , -

) .
Update Previously Migrated
Objects .
( - , -
) . , , -
Migrate Associated User Groups. -
-
Active Directory
Select How All Migrated Accounts Should Be Named (
).
Windows Server 2003
516
V

. 16.1
ADMT
Do Not Rename Accounts Active Directory
( , ,
) . -
, -
.
,
. -
-
.
-
. Naming Conflicts ( -
) ADMT , -
-
,
.
Rename with Prefix -
(, .
) -
-
Active Directory.
Rename with Suffix -
(, . Rename with Prefix,
) , -
, -
.

16. , User Options ( -


), . Next.
17. Naming Conflicts ( ) ,
ADMT
-
.


-
Ignore Conflicting Accounts and Dont Migrate (
) -

.

-
. -
Active Directory, -
SID, .
Windows NT4 Windows Server 2003
517
16

, -
.
,
, , .
Replace Conflicting Accounts ( -
) Remove Existing Members of Groups Being
Replaced ( ). -
-
.
Prefix Suffix User Options,
Rename Conflicting Accounts ( -
) -
, . -
-
, .
, .
Next. -
, .
. Finish, .
Migration Progress ( ) -
.
View Log ( ). ,
Close (), -
.

NT4 Active Directory


Windows NT4
Windows Server 2003 Active Directory. ,
ADMT,
.
NT, -
.
, Test the Migration Setting and Mi-
grate Later ( )
Test or Make Changes ( ) -
(Group Migration Wizard).
, , Action
.
, -
.
1. Action (Group Ac-
count Migration Wizard), Windows NT4.
2. Next. Test or Make
Changes ( ) Migrate
Now Next.
Windows Server 2003
518
V

3. Domain Selection ( )
. Next.
4. Group Selection ( ) -
, . -
Add (), Check Name (
). OK, Group Selec-
tion, Next.
5. Organizational Unit Selection ( )
OU, . -
Active Directory
Browse ().
OK , Next.
6. Windows NT4 ,
.
Group Options ( ),
, , :
Update User Right ( ).
NT4 .
Copy Group Membership ( ).
, Windows Server 2003 -
. ADMT
Windows NT, -
. -
. Update
Previously Migrated Objects ( )
-
.
Fix Group Membership ( ).
,

, .
Migrate Group SID to Target Domain ( SID -
). -
, . SID -
-
.
Do Not Rename Accounts ( ).
ADNT , . -
,
Windows NT4.
.
Rename with Prefix ( ). -
.
Windows NT4 Windows Server 2003
519
16


.
Rename with Suffix ( ). -
-
. Rename with Prefix, -
, , -
.
7. . -
Next.
8. ADMT , -
.
9. Naming Conflicts ( ) -
, ADMT
. ,
:
Ignore Conflicting Accounts and Dont Migrate (
).
,
.
Replace Conflicting Accounts ( ).

,
.
Remove Existing User Rights ( ).
,
.
,
,
.
Remove Existing Members of Groups Being Replaced (
). ADMT

. ,
Replace Conflicting Accounts.
Move Replaced Accounts to Specified Target Organizational Unit (
-
). , -
.
Rename Conflicting Accounts by Adding the Following (
, ).
, -
,
. , -
Windows Server 2003
520
V

ADMT . -
Next.
10. ,
. ,
Finish. Migration Progress -
. View
Log ( ),
.
Close (),
.


Active Directory
Active Directory
Windows Server 2003, -
, .
(Computer Migration Wizard) -
.



ADMT .
, -
.

1. Active Directory, -
Action ADMT Computer Migration Wizard (
). -
(Computer Migration Wizard) Next.
2. Test or Make Changes ( )
Migrate Now () Next.
3. Domain Selection ( ) -
.
Next.
4. Computer Selection ( )
.
-
Add (). Next.
5. Organizational Unit Selection ( )
,
. Browse (),
Active Directory -
, .
Next.
Windows NT4 Windows Server 2003
521
16

6. Translate Objects ( ) -
, -
:
Files and Folders ( ).
Active Directory
. -
,
Windows NT, , Active
Directory .
Local Groups ( ). ADMT -
,
Active Directory .
Printers (). -
, Active Directory

Windows.
Registry (). Active Directory
.
Shares ( ). Active
Directory .
User Profiles ( ).
, .
User Rights ( ).
Active Directory.



. ,
.

7. User Profiles,
-
. Next.
8. Security Translation Options ( ) -
-
, :
Replace (). SID
.
,
.
Add (). SID -
ACL , -
Windows NT.
Windows Server 2003
522
V

Remove (). SID


ACL . -
Win-
dows NT4.
9. , Security
Translation, Next.
10. Computer Options ( ) -
, ,
.
Next.
11. Naming Conflicts ( ) ,
ADMT -
.
,
:
Ignore Conflicting Accounts and Dont Migrate (
).
-
, .
Replace Conflicting Accounts ( ).
-

, .
Remove Existing User Rights ( ).
,
, -
. ,
-
, , .
Remove Existing Members of Groups Being Replaced (
). ADMT

.
Move Replaced Accounts to Specified Target Organizational Unit (
-
).
, -
.
-
Rename with Prefix (-
, ) Rename with Suffix (, -
). , ADMT -
.
Windows NT4 Windows Server 2003
523
16

,
Task Description ( ). -
. Back,
. -
, Finish.


Active Directory
-
, Microsoft Exchange

(Service Account Migration Wizard) ADMT
Active Directory.
1. ADMT (Service
Account Migration Wizard), Action Service Account Migration
Wizard ( ).
2. , ,
, . Next.
3. Update Service Account Information (
)
. -
, Yes, Update the Information (,
). No, Use Previously Collected Information
(, ) . -

.
4. Service Account Selection ( )
,
. ,
, Add
(). OK.
5. Active Directory Migration Tool Monitor ( -
Active Directory).
ADMT .
6. Service Account Information ( )
, -
. -
Skip/Include (/).
Update CSM Now ( -
).
Next.
7.
. -
Windows Server 2003
524
V

,
. Finish, -
.
Active Directory Active Di-
rectory Windows NT4. -
,
.

Windows NT4 Windows Server 2003


. -
, , -
Microsoft .
, -
,
. ,
, , -
Windows NT4 ,
Active Directory. -
Windows NT4
Active Directory. ,
. -
. , -
, , .


Windows Server 2003, -

Windows NT4
Windows Server 2003.
-
Microsoft (Microsoft Compatibility Check Tool), -
- Windows Server 2003.
, , -
, -
,
, -
.
, -
.
Windows NT4 Windows
2003
Windows NT4 Windows Server 2003
525
16

, , , -
.
-
.
Windows
Server 2003 Active Directory Active Directory Users
and Computers.
,
,
,
.
Active Directory ,
-
.
Active
Directory , -
.
Active Directory
, RAID-
.
-
, -
Active Directory.
ADMT ,
.
,
.
-
, ,
Naming Conflicts ADMT.
, ,
Group Options.

Windows
2000 Windows
Server 2003 17
...
Windows Server 2003



Active Directory
Windows 2000
Active
Directory



Active
Directory 2.0
Windows 2000
Windows Server 2003
ADMT 2.0
Windows Server 2003
528
V

Windows Server 2003


Windows 2000 Windows Server 2003
,
. -
,
,
Windows NT 4.0.
- Windows Server 2003 -
,
. Active Directory, -
,
Active Directory Windows 2000.
, : , -
,
.
, -
Windows 2000 Windows Server 2003. -
, -
(Mixed-Mode Domain Redirect) -
Active Directory (Active Directory Migration Tool ADMT),
.


,
, ,
.
.


-
. .
, , -
Windows 2000, -
Windows Server 2003
. : -
, .
, -
. -
, ,
. ,
, , Windows
Windows Server 2003.
Windows 2000 Windows Server 2003
529
17


, -
, , . -
,
. -
.
:
. ,
. -
.
, -
, , -
.
. .
, ,
, -
.
. Windows Server 2003 Windows 2000,
Active Directory . -
: , -
Active Directory.
. -
,
. -
, Windows 2000
Windows Server 2003. Active Directory
(DC)
(OM).
Active Directory
. -
.
. () , -
,
. , Windows Server 2003
,
. -
, -
, .
. -

. ,
, . -
, -
.
Windows Server 2003
530
V

. , -
Windows Server 2003, -
,
(). , -
.
Windows
Server 2003 2.



Windows 2000 Windows Server 2003
, -
Windows 2000. -
, ,
Windows 2000. -

. -
, , .
-
. Windows 2000
, , , -
Windows 2000. , Windows 2000,

- , , , -
.
. -
, Windows Server 2003,
Windows 2000 Windows Server 2003. -
, , -
, , ,
.

:

, -
: ,
. , ,
Windows 2000 Windows Server 2003;
, , Windows 2000.
,
, Windows Server 2003.
Windows Server 2003
Windows 2000. -
Windows 2000 Windows Server 2003
531
17

-
, Windows 2000 Windows Server
2003 . -
, Windows Server 2003,
. Windows Server 2003 -
Windows 2000 , .


, Windows Server 2003 Windows 2000 -
,
. NT 4.0 , Windows,

.




Windows 2000 Windows Server 2003.
Windows Server 2003. Windows
2000 WINS, DNS DHCP,
WINS,
DNS DHCP. -
, -
, .
.
,
. -
, -
, -
. , -
, .


,
Windows Server 2003.
-
, Windows Server 2003.
Windows Server 2003
Web- (Hardware Com-
patibility List HCL) Microsoft,
http://www.microsoft.com/whdc/hcl.
Microsoft ,
Windows Server 2003, -
Windows Server 2003
532
V

, -
- ,
. Microsoft
Windows Server 2003 :
Intel Pentium III 550 .
256 .
1,5 .
, -
,
.


, -
(redundancy). , , -

.


, ,
.
, -
. , Win-
dows Server 2003, . -
, , Windows Server 2003,
. -
, , , -
Windows 2000, -
.
, -
. Windows 2000 Windows
Server 2003 Standard Server, Windows Server 2003 Enterprise Server.
Windows 2000 Advanced Server Win-
dows Server 2003 Enterprise Server. , , Windows 2000 Datacenter Server
Windows Server 2003 Datacenter Server.



, , . -
, -
. , -
,
. , -
- .
Windows 2000 Windows Server 2003
533
17



.
:
1. - Windows Server 2003 .
2. . ,
Start () Run ()
d:\Setup, d: -.
3. Install Windows Server 2003 (Enterprise Edition) (
Windows Server 2003 (Enterprise Edition)).
4. Upgrade (), -
. 17.1, Next ().

. 17.1. Win-
dows Server 2003
5. I Accept This Agree-
ment ( ) Next.
6. 25- . -
- Microsoft. -
Next.
7. Windows
Server 2003. -
. No, Skip This Step and Con-
tinue Installing Windows (,
Windows). Next.
8. . ,
Windows Server 2003. , ,
IIS, . 17.2. IIS -
, -
Windows Server 2003
534
V

.
Next.

. 17.2.
9. , ,
. -
Windows Server 2003.


Windows Server 2003 , -
IIS.
.

Active Directory
Windows 2000
Windows 2000
Active Directory. Active Directory -
Microsoft, -
. , , Windows Server
2003, Active Directory, -
.
Active Directory
.
, . -
, Active Directory
Windows Server 2003:
. Active Directory Windows Server 2003
NetBIOS- LDAP/DNS- Active
Windows 2000 Windows Server 2003
535
17

Directory. Active Direc-


tory, , -
Windows Server 2003.
. Windows
Server 2003 -
, Active Directory.
Windows 2000
,
. Windows Server 2003 -
.
. -
Active Directory -
, -
. -
. Windows Server 2003
-
,
.
(Inter-Site Topol-
ogy Generator ISTG). Windows Server 2003 ISTG -
. -
, ISTG -
, .
. Windows
2000 5000 5001 -
, -
. Windows Server 2003
.
(). ,
, (Time to
Live TTL) , ,
, . Windows Server
2003
.
Active Directory DNS .
Windows Server 2003 DNS -
AD- .
-
.


, Active Directory,
-
4, 5, 6 7.
Windows Server 2003
536
V


Active Directory, -
Windows Server
2003. , Active
Directory Windows Server 2003 ,
Windows Server 2003,
. , -
Windows 2000/Windows Server 2003.
Windows 2000 Service Pack 2 ,

.
, ,
. -
Windows Server 2003, -
Windows Server 2003.
-
. :
Windows Server 2003
- , .
.


. 17.3, , ,
, ( -
) . -
.


X
()
Win 2000


Win 2000
Win 2003

()


Win 2003

. 17.3.
Windows 2000 Windows Server 2003
537
17

Active Directory
adprep
Windows Server 2003 Active Directory Windows
2000
Active Directory . ,
Windows Server 2003,
. - Windows Server 2003
adprep, , -
. -
Windows Server 2003, -
adprep forestprep domainprep.
Active Directory Windows 2000 1006 (.
17.4). adprep forestprep -
, Windows Server 2003.

. 17.4. ADSI Edit -


forestprep
adprep - Windows Server 2003
, \i386. adprep
forestprep , (Opera-
tions Master OM) , .
1. Schema Master ( ) Start
Run, cmd <Enter>, -
.
2. - Windows Server 2003 .
3. D:\i386\adprep /forestprep, D: -
-, <Enter>.
Windows Server 2003
538
V

4. , Active Directory
Windows 2000 Service Pack 2 , C
<Enter>.
5. forestprep AD Windows 2000, .
17.5.
. .

. 17.5. adprep forestprep


. 17.6,
forestprep Active Directory 256 -
, 1262 . -
domainprep.

. 17.6. ADSI Edit


forestprep
Windows 2000 Windows Server 2003
539
17

adprep domainprep
. ,
(Operation Master OM). -
:
1. Operation Master ( ) -
. Start Run,
cmd <Enter>.
2. - Windows Server 2003 .
3. D:\i386\adprep/domainprep, D: -
-, <Enter>.
4. exit, .
forestprep domainprep Active Directory -
Windows Server
2003. 256 -
.
Windows Server 2003.


adprep - Windows
2000 , , Exchange 2000/2003. -
, .



Windows
Server 2003 . , , -
Windows Server 2003 -
. -
.
Windows Server 2003 -
, -
. - -
, -
Windows Server 2003.


Active Directory -
, , -
, -
. , -
Windows 2000,
DCPromo.
Windows Server 2003
540
V

Windows Server 2003 -


(Configure Your Server Wizard),
. ,
Active Directory Windows 2000.
1. , Start All
ProgramsAdministrative ToolsConfigure Your Server Wizard (
).
2. , . 17.7, Next.

. 17.7.
3. Next.
4. Domain Controller ( ) -
Next.
5. Summary ()
Next.
6. Active Directory (AD Installation Wizard)
Next.
7. Operating System Compatibility ( -
) Next, -
Microsoft, Windows 95.
8. Additional Domain Controller for an Existing Domain (-
)
Next.
9. Administrator () Active
Directory Next.
10. Active Directory
Next.
Windows 2000 Windows Server 2003
541
17

11. Active Directory (


, -
) Next.
12. SYSVOL Next.
13. (Directory Services
Restore Mode), ,
Next.
14. Next.
-
, . 17.8.

. 17.8. Active Directory


15. Finish ().
16. Restart Now ( ), -

Active Directory.


Active Directory , -
,
/
. ,
.
(Operation Master OM) -
(Flexible Single Master Operation FSMO). -
OM:
.
.
RID.
.
.
Windows Server 2003
542
V

, OM, Win-
dows Server 2003, , -
.
ntdsutil. OM Windows
Server 2003 ntdsutil, .
1. , Start Run, cmd
<Enter>.
2. ntdsutil <Enter>.
3. roles <Enter>.
4. connections <Enter>.
5. connect to server <_>, <_> -
Windows Server 2003, -
OM, <Enter>.
6. quit <Enter>.
7. transfer schema master, . 17.9,
<Enter>.

. 17.9. OM ntdsutil

8. OM Yes ().
9. transfer domain naming master <Enter>.
10. OM Yes.
11. transfer pdc <Enter>.
12. OM OK.
13. transfer rid master <Enter>.
14. OM OK.
15. transfer infrastructure master <Enter>.
16. OM OK.
17. exit, .
Windows 2000 Windows Server 2003
543
17


Windows 2000
Windows 2000
Windows Server 2003 OM ,
-
.
Windows 2000
dcpromo. -
, .


Windows 2000
Active Directory,
. - -
- .
Windows Server 2003
. Active Directory Sites and Services
( Active Directory) . -
ADSI
Edit. ADSI Edit -
.
1. ADSI Edit Support Tools ( ),
- Windows Server 2003, .
2. Configuration\CN=Configuration\CN=Sites\CN=<_>\
CN=Servers\CN=<_>, <_> <_>
.
3. CN=NTDS Settings
Delete (), . 17.10.
4. Yes.
5. ADSI Edit.
, NTDS Settings ( NTDS),
Active Directory Sites and Services.



Windows Server 2003
, . -
Windows Server 2003 Windows NT 4.0, Win-
dows 2000 Windows Server 2003, -
, -
Windows Server 2003.
Windows Server 2003
544
V

. 17.10.
Windows Server 2003 , -
Active Directory
:
Windows 2000. Win-
dows Server 2003 Active Directory Windows 2000,
, ,
Windows Server 2003 -
Windows NT Windows 2000. -
,
, ,
. , -
.
Windows 2000. Windows Server
2003 Active Directory Windows 2000, -
Windows 2000, Win-
dows 2000. Win-
dows 2000 Windows Server 2003.
. Windows Server 2003 -
Active Directory Windows Server 2003 , -
Windows NT 4.0.
, Windows Server 2003
. , -
NT 4.0 Active Directory Windows Server 2003,
Windows Server 2003 -
, Active Directory Windows 2000. -
NT
.
Windows 2000 Windows Server 2003
545
17

Windows Server 2003. -


, Active Directory
Windows Server 2003.
Windows Server
2003 ,
:
1. , Windows
Server 2003.
2. Administrative Tools () Active
Directory Domains and Trusts ( Active Direc-
tory) MMC.
3. Active Directory
Domains and Trusts Raise Domain Func-
tional Level ( ).
4. Select an Available Domain Functional Level (
) Windows Server 2003, -
Raise ().
5. OK, OK.
6. 15 .
7. , 3 -
Raise Forest Functional Level ( )
(. 17.11).


.
, , -
Windows 2000. Windows
Server 2003, - Ac-
tive Directory Windows 2000.

. 17.11.
Windows Server 2003
546
V

Active Di-
rectory Active
Directory, Windows Server 2003.
, , -
, -
.

AD- DNS

Active Directory Windows Server 2003 -
AD- DNS -
, Windows Server 2003 DNS.
.
1. DNS MMC, Start All Programs
Administrative ToolsDNS ( DNS).
2. DNS\<_>\Forward Lookup Zones (DNS\
<_>\ ).
3. , , -
Properties ().
4. Change () .
5. To All DNS
Servers in Active Directory Forest ( DNS- Active Directory)
To All DNS Servers in the Active Directory Domain ( DNS- -
Active Directory), . 17.12.
Finish.
6. AD- .

. 17.12. AD-
Windows 2000 Windows Server 2003
547
17


Active Directory


Active Directory, Windows 2000,

. -
, (Mixed-
Mode Domain Redirect).
, -
Active Directory,
.
, -
.





Active Directory
Windows 2000. ,
Windows 2000,
Active Directory (Active Directory Migration
Tool) 2.0 .
,
Windows 2000/XP/2003 Active Directory, -
.
, ,
, ,
NT Active Directory.
.
Windows NT 4.0 .
, -
, , ,
.



, ,
: Active Directory Windows NT 4.0,
Windows Server 2003
548
V

Active Directory ,
. 17.13.

companyxyz.com
companyabc.com

COMPANYXYZ
(
NetBIOS)

companyxyz.companyabc.com

. 17.13.
-
. , -
.
CompanyABC CompanyXYZ, -
Windows 2000 Com-
panyXYZ Windows Server 2003 CompanyABC. Com-
panyXYZ Windows 2000, ,

, -
.


Windows 2000

, . -
, -
.
-
Windows 2000 Active Directory. (Windows
2000 Advanced Server) dcpromo -
-
Windows 2000. ,
.
SFDCTEMP01 -
Windows 2000 Service Pack 3 Win-
dows 2000 companyxyz.com, ,
. 17.14. SFDC01,
SFDC02, LADC01 SDDC01.
.
Windows 2000 Windows Server 2003
549
17

companyxyz.com

SFDCTEMP01

SFDC01 SFDC02 LADC01 SDDC01

. 17.14.



OM -
.
ntdsutil. OM
.
OM
SFDC01 SFDCTEMP01, OM PDC, RID -
SFDC02 SFDCTEMP01.


Active Directory ,
dcpromo -
. , -
, -
.
. 17.15 , SFDC01, SFDC02, LADC01 SDDC01 -
,
SFDCTEMP01.

NT 4.0

NT. (BDC) NT. -
NT, -
. -
, :
netdom add SFDCTEMP02 /domain:companyxyz.com /DC
Windows Server 2003
550
V

companyxyz.com

SFDCTEMP01

SFDC01 SFDC02 LADC01 SDDC01

. 17.15.
,
Windows 2000, ,
BDC
. , -
Windows NT
4.0 BDC. -
Windows 2000, -
NT.

SFDCTEMP02 , -
SFDCTEMP01 -
netdom. -
SAM SFDCTEMP02.


Windows 2000 , -
Windows 2000.
, Active
Directory. -
- ,
, .
. 17.16, SFDCTEMP01 -
Active Directory companyxyz.com. NetBIOS COMPANYXYZ
SAM NT SFDCTEMP02.
Windows 2000 Windows Server 2003
551
17

companyxyz.com companyxyz

X
SFDCTEMP01 SFDCTEMP02

NetBIOS

. 17.16.


NT
BDC NT PDC, , ,
NT NetBIOS. -
Active Directory.
NT SFDCTEMP02
NT COMPANYXYZ, -
Windows Server 2003 companyabc.com.

NT
Windows Server 2003

PDC NT Active Directory Windows Server 2003.

Active Directory - .
-
SDFDCTEMP02 - Windows Server 2003 -
Windows Server 2003.
Active Directory Ac-
tive Directory. CompanyXYZ
companyabc.com, companyxyz.companyabc.com,
. 17.17.



-

.
DCPromo .
, .
, -
, DCPromo -
Windows Server 2003
552
V

. SFDC01, SFDC02, LADC01 SDDC01


, (.
. 17.17).

COMPANYXYZ

companyabc.com

DCPromo
SFDCTEMP02

NetBIOS

SFDCTEMP02
companyxyz.companyabc.com

. 17.17. CompanyXYZ CompanyABC



NT.
DCPromo, , .
-
.
SCDCTEMP02 CompanyXYZ DCPromo,
. -
,
Windows 2000 -
Active Directory Windows Server 2003.



Active Directory 2.0
Windows Server 2003 -
Active Directory (Active Directory Migration Tool ADMT) -
, - Windows Server
2003. ADMT 2.0 , -
, Active Directory NT -
. Win-
dows 2000 ADMT 2.0 -
Windows 2000 Windows Server 2003
553
17

Active Directory Windows Server 2003,


, .

ADMT 2.0
ADMT , -
. -
Exchange. , -
- .
ADMT :
ADMT. ADMT , -
. -
, , -
, .
. ADMT -
, -
. ,
.
SID . -
SID
,
. -
.
. -
ADMT 2.0 , -
.
. ,
, , -
.

Windows 2000
Windows Server 2003
ADMT 2.0
ADMT 2.0 , -
, . , -

.
, , -
ADMT: , -
, .
,
.
ADMT .
Windows Server 2003
554
V

ADMT
ADMT 2.0 .
, -
, -
. , -
-
.
, -
, -
, .
ntdsutil -
(Operations Manager OM),
, , -
ADMT.

ADMT 2.0
ADMT , -
. -
:
1. - Windows Server 2003 -
.
2. Start Run.
d:\i386\admt\admigration.msi
d: -,
<Enter>.
3. , . 17.18, Next.

. 17.18. ADMT
Windows 2000 Windows Server 2003
555
17

4. (End
User License Agreement EULA) Next.
5.
Next.
6. Next,
.
7. Finish, .


ADMT
,
ADMT .

, -
.
, ADMT -
.
, -
.




. ,
ADMT .




, ADMT ,
Builtin\Administrators (\) -
. ,
Administrators (-
) . -
, -
.

ADMT -
.
(Organizational Unit OU)
.
Windows Server 2003
556
V

OU, OU -
.


Windows, Windows Server
2003 Everyone
( ). . -
ADMT ,
.
. , .
1. , Start All Pro-
gramsAdministrative ToolsDomain Security Policy ( -
).
2. Security Settings \ Local Policies \ Security Options (
\ \ ).
3. Network Access: Let Everyone Permissions Apply to
Anonymous Users ( :
).
4. Define This Policy Setting ( -
) Enabled (), . 17.19.
OK.

. 17.19. -

5. Domain Controller Security Policy
( ).


128- -
, . -
SID .

, ADMT, :
Windows 2000 Windows Server 2003
557
17

1. , . ( -
, ).
2. ADMT, cd C:\program files\active directory
migration tool <Enter>, C:
.
3. admt key <__> a: <>,
<__> NetBIOS- , a:
, <> , . -
. 17.20. <Enter>.

. 17.20.
4.
.

DLL-

DLL -
. (Password Export
Server) . -
:
1.
.
2. - Windows Server 2003
, .
3. , Start Run
d:\i386\ADMT\Pwdmig\Pwdmig.exe, d: -
-.
4. Next.
5. , . ,
A: (. . 17.21). Next.
Windows Server 2003
558
V

. 17.21. DLL-
6. , ,
Next.
7. Next.
8. Finish.
9. , -
Yes. -
, .



,
.
-
. -
:
1. ,
Start Run Regedit.
2.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. AllowPasswordExport DWORD.
4. 0 1.
5. OK .
6. ,
.
ADMT ,
.
Windows 2000 Windows Server 2003
559
17


.
,
. -
, . -
ADMT 2.0 -
(Group Account Migration Wizard):
1. ADMT MMC, Start All Pro-
gramsAdministrative ToolsActive Directory Migration Tool (
Active Directory).
2. Active Directory Migration Tool -
Group Account Migration
Wizard ( ).
3. Next.
4. , . 17.22, -
. ,
, .
. Migrate Now (-
) Next.

. 17.22.

5. Next.
6. .
, Add () -
. ,
Next.
Windows Server 2003
560
V

7. Browse (),
OU, .
Next.
8. , -
. -
Help (). -
, . 17.23. Next.

. 17.23.
9. , -
, . 17.24. ,
SID. Yes.

. 17.24.
10. ,
. SID -
. ,
Yes.
11. SID
SOURCEDOMAIN$$$. , ,
, . 17.25.
Yes.
Windows 2000 Windows Server 2003
561
17

. 17.25.
12. TcpipClientSupport
. -
SID. Yes.
13.
.
, Yes.
14. , . 17.26,
-
. -
, OK.

. 17.26. -

15. -
. - ,
. ,
Next.
16.
.
Next.
17. .
, .
, . 17.27, -
.
XYZ-.
Next.
18. , -
- . ,
,
Active Directory Windows Server
2003. , Finish.
Windows Server 2003
562
V

. 17.27.
19. .
(Refresh rate), . 17.28,
. ,
View Log ( ). Close (-
), .

. 17.28.



. ADMT 1.0
, -
. ADMT 2.0 -
Windows 2000 Windows Server 2003
563
17

,
. -
.
1. ADMT MMC,
Start All ProgramsAdministrative Tools
Active Directory Migration Tool ( -
Active Directory).
2. Active Di-
rectory Migration Tool
User Account Migration
Wizard ( -
), . 17.29.
3. . 17.29. -
Next.

4.
. ,
. -
, Migrate Now,
Next.
5.
Next.
6. -
. Add -
, .
Next.
7. , . 17.30, -
.
Browse OU, Next.

. 17.30.
Windows Server 2003
564
V

8. ADMT 2.0
. Migrate Passwords ( ), -
, DLL-
(. DLL-
). Next.


, , -
,
,
. 914 -
.

9. , -
.
Help (). -
, . 17.31. Next.

. 17.31.

10. , , -
Domain Admin ( ). -
Next.
11. . ,
Help.
. 17.32.
Next.
12. . -
, .
, Next.
Windows 2000 Windows Server 2003
565
17

. 17.32.
-

13. . -
, . 17.33,
.
Next.

. 17.33. -

14. -
.
. Next.
15. Migration Progress ( ) -
-
. -
Windows Server 2003
566
V

, View Log ( ) -
. , -
, . 17.34.
Close ().

. 17.34.


, , -
. Active Directory,
, -
. ADMT -
-
, .
.
1. ADMT MMC, Start All Pro-
gramsAdministrative ToolsActive Directory Migration Tool (
Active Directory).
2. Active Directory Migration Tool -
Computer Migration Wizard
( ).
3. Next.
4. , -
.

.
, Migrate Now,
Next.
Windows 2000 Windows Server 2003
567
17

5.
Next.
6. , Add ()
, .
Next.
7. , -
, Next.
8. -
.
Help (). ,
. 17.35. Next.

. 17.35.
9. , , -
.
. Next.
10. , -
Add (). Next.
11. .
( ), .
, -
, . 17.36.
Next.
12. ,
.
Next.
13. . -

, . -
Next.
Windows Server 2003
568
V

. 17.36.
14. Completion () -
. , ,
Finish. , .
15. ,
View Log. Close.
16. . -
-
, -
. ,
. 17.37.
17. , Close.

. 17.37. -


Windows 2000 Windows Server 2003
569
17


, -
, .
, -
, . -
, ADMT 2.0:
(Security Translation Wizard).
(Reporting Wizard).
(Service Account Migration Wizard).
Exchange (Exchange Directory Migration Wizard).
(Retry Task Wizard).
(Trust Migration Wizard).
(Group Mapping and Merging Wizard).
ADMT 2.0 , -
.
, -
Active Directory.

Windows 2000
Windows Server 2003, -
, , Windows Server 2003.
Windows Server 2003 ,
Active Direc-
tory . ,
,
ADMT 2.0, Windows
Server 2003 .


,
IIS , .

, -
, -
.
, -
Windows Server 2003, -
(Hardware Compatibility List)
Microsoft.
Windows Server 2003
570
V


, ,
Windows 2000.
, , -
Windows Server 2003, ,
.
ADMT -
.


Windows Server 2003 18
...














Windows Server 2003
572
V

-
Windows Server 2003,
. -
, Windows Server.
,
, , -
,
. ,
.

.

, , -
, -
. -
, ,
,
. ,
Windows Server 2003 -
,
,
Windows NT4 Windows 2000 Windows Server 2003. ,
, ,
,
, -
.
-
, - -
.
Windows Server 2003, , , -
Windows NT4 Server Windows 2000 Server,
. II
Active Directory Windows Server 2003, -
Windows-, -
, ,
.



, ,
.
, -

.
Windows Server 2003
573
18


, .
,
, -
.

!
,
, ,
,
.
, -
.

, ,
,
, Windows Server 2003 - -
. Active Directory
Windows 2000,
, , -
, NT4 Server, Novell NetWare. -
Windows 2000 -
, Windows NT4,
-
, -
. -
, .

, -

( ),
.
-
, 2, -
, -
. , -
.
, , -
-
. , .
, -
, , -
,
.
Windows Server 2003
574
V

,
, Windows Server 2003 ,
, -
.
, Windows Server 2003 Web, Standard, Enter-
prise Datacenter. Stan-
dard,
Enterprise .
,
Windows Server.

, .


Windows Server 2003 Standard ,
Enterprise, .
Standard Enterprise -
. Windows
2003 Enterprise Edition , -
Enterprise Edition Standard Edition.
, Enterprise Edition, -
Standard, .

. -
:
, , -
. -
:
.
.
.
(Customer Relationship Manage-
ment CRM).
.
.
.
.
,
, . , -
, ,
, ,
Windows Server 2003
575
18

, . -

,
. , -
, -
, .
, -
. -
Outlook,
.
-
, .
Internet -
.

. 18.1.

18.1. ,


1 ( )
:




:
:
:

:
SAN


/

Internet? /
Windows Server 2003
576
V

,
. , -
, ,
, . -
,
.

, -
,
.

, .

Windows? -
. -
, -
.
, -
, , -
. -
, - -

.
,
.

,

X /.
, , , ,
, ,
. -
. -
. -
.



, .
, -
Windows 2003 . -
, -
.
Windows Server 2003
577
18

, Windows Server 2003


-
, ,
.
, ,
, -
, .
. -
,
.

. -
, , , -
, .
, ,
. -
, , -
, . -
Windows, -
.


-
$X.
, ,
. -
,
( Microsoft, )
.
, -
. ,
, - ,
.



/ .

( -
), -
100% .
-
, Windows Server 2003,
,
. .
Windows Server 2003
578
V



, -
.
,
,
. -
,
.


, , -
, , -

Windows Server 2003. -
, -
, -
. , ,
, .
, Windows
Server 2003 ,
, -

. -
-
, . -

.
-
,
;
.
-
, -
.
,
. ,
.


IT-
( ) .
IT-
, -
Windows Server 2003
579
18

, .
, ,
.

, -
, -
.


-
/ .
, .
, -
Windows .
,
.
, , -
,
, -
.


-
/ .

(Customer Relationship Management CRM), , -
-
, -
( , ).


-
, , /
.
,
,
. Windows Server 2003 -
Windows Server 2003, -
.

. ,
, .
Windows Server 2003
580
V

, , -
, -
. -
, ,
(, ), ,
. ,
.
,
, -
- . -
, , -

,
. ,
, -
.
-
. -
Windows Server 2003.


-
.
, -
, .



, Windows Server 2003. -
, , -
.


, Windows Server 2003, -
, ,
, , -
. , ,
Windows Server 2003. -
, , , ,
.
,
, .
Windows Server 2003
581
18

, , -
, . -
. 18.2.

18.2.


(/) (/)
A DC, DNS, DHCP Windows 2000 SP3
B Exchange Server Windows 2000 SP3
C Windows NT4
D Web- Windows 2000 SP3



, , -
, .
, , -
, -
.
, , , -
, -
. ,
. (Systems Manage-
ment Server SMS) -
, .


, ,
,
. -
, ,
, .
.


Windows
,
Windows Server 2003. , Win-
dows Server 2003, , -
, , -
, , SQL, Exchange, .
Windows Server 2003
582
V

, .NET Windows,
-
(), .
Microsoft -
. Microsoft, Windows
Server 2003, , Microsoft,
. -
Microsoft TechNet Web-
Microsoft. , ,
Microsoft,
Microsoft. -
, -
.
, , , -
, Windows Server 2003 , -
-
.




.
, , . -
, -
.

:
.
.
.
?
?
Windows Server 2003 (/)?
, .
(, , ,
, , -
).
, ,
, .
, , ,
,
, .
Windows Server 2003
583
18

Web- , -
, .
, , -
.


-
, -
.
,
, ,
.
-
, .
, -
.
( ) . , -
, .



, -
, -
Web- .
-
, -
. ,
. -
,
(, ), -
.

Windows Server 2003 (
100%); -
:
.
.
( ).
( ).
-
, ,
Windows, ,
Windows Server 2003
584
V

( , , ,
).

-
, , . -
:
.
.
.
: , , -
.
Windows Server 2003: // .

.
: , /,
, , , -
.
: Windows Server 2003, Windows
2000 Server, Windows NT Server, .
( , URL-,
, ).
,
Web- -
. , URL- , , -
, .
, , -
, .


,

.
-
:
1. Windows
Server 2003.
2. Windows
Server 2003 .
Windows Server 2003
585
18

3. Windows Server
2003 .
4. Windows Server
2003 , -
Windows Server ( )
Windows Server 2003.
5. Windows Server
2003 .
6. Windows Server
2003 , ,
, , Windows Server 2003,
.
.

,
Windows Server 2003
- , -
, Windows
Server 2003 URL- -
. -
, , -
Windows Server, .
,
. -
Windows 2003
,
, . -
(-
, )
-
, .
,
Windows Server 2003, , ,
Windows Server 2003
; ,
.


, , -
Windows ,

. -
-
Windows, , ,
. ,
, -
Windows Server 2003
586
V

, , -
, .
Windows Server 2003 ,
. , Win-
dows Server 2003 ,
Windows Server 2003.



Windows 2000 -

Windows Server 2003. Windows NT4 -
, Novell Netware Linux.
-
, Internet . -
readme, ,
-
Windows Server 2003.
,
.

, ;
,
, .

,

, Windows NT4 -
, , -
, -
. ; -
, Windows Server 2003,
.
, -
, , , , -
. , -
,
Windows
. IT-
- -
.
, -
, -
SAN.
Windows Server 2003
587
18

, , , -
, . -
30120 .

,

, Windows Server 2003
Windows,
Windows Server 2003 . ,
- Windows
2000, -
.
, -
Windows NT4 Windows 2000, , , -
.
,
,
Windows Server 2003, -
. -, -
, ,
.

,

, -
Windows Server 2003 ,
. Windows Server 2003 -
, ,
. ,

.
,
, -
. -
,
. , - -
, , , -
.

,
, ,
, -
.
Windows
Windows Server 2003
588
V

Server 2003. ,
.
, -
, -
. , ,
, , ,
.
,
Windows Windows Server 2003.
,
, -
.


-
, , -
.
. 18.3 .

18.3.

Windows 2003: :
1) ()
2) ()
3) ()
/ 4) ()
1 Veritas BackUp Exec v.x 2
2 Veritas Open File Agent v.x 3
3 TrendMicro InterScan v.x 3
4 Microsoft Exchange 2003 1

,
, , -
.
, , -
,
Windows Server 2003.
, .



, -
-
Windows Server 2003
589
18

, . , -
-
(, , , -
).
-
, .
-
, .
-
, -
.
,


.



-
.
,
, ,
.
, (-
) .
, -

; -
,
.
-
, . -
, -
, ,
.

-
(, -
, (), , -
), . ,
,
Windows Server 2003
590
V

, , , -
. -

.
,
,
, -
. -
, -
, , .
-
, , -
, , ,
.


Windows Server 2003
, ,
-
, . -
, , -
- . , -
, ,
,
, .

, .
, -
, , , -
.
, Windows Server 2003 -
, ,
,
, -
.
, Ghost,
, -
.


Windows Server 2003, -
, .
Windows
-
Windows Server 2003
591
18

. , -
, ,
.
,
, -
. -
, -
. -
, ,
, -
, .
,
. ,
,
.


, , -
, ,
, ,
, -
.
IT-, ,
.
, -
.

Microsoft , -
(Application Compatibility Toolkit ACT),
,
, Windows 2000 2003. -
, -
-
, ,
, . -
,
; Win-
dows, .
:
Microsoft, Windows .
(Application Compatibility Analyzer), -
. 18.1, , ,
, -
Microsoft .
Windows Server 2003
592
V

. 18.1. Microsoft
Windows (Windows Appli-
cations Verifier) , -
,
, -
Certified for Windows Server 2003 ( Windows Server
2003) .

http://www.microsoft.com/downloads (
application compatibility toolkit).



.
,
, ,
, -
. 16 17, Windows Server 2003 -
.




. , -
. , -
,
Windows Server 2003
593
18

. , -
, Windows Server 2003 -
,
.
,
-
, .
, -
, , -
-
. -
,
, .
, , , -
, -

: , , ,
, -
.
, -
,
Windows Server 2003 ,
.
,
-
,
, .

,
, -
. -
, -
, -
,

. ,
,
Windows Server 2003.
-
.
, .
, .
Windows Server 2003
594
V


, ?
-
?
, -
? -
?
Windows
,
Windows ?

?
( -
, -
)?
, , -
, .

Windows Server 2003


. -
( ) -
.
,
. -
, -
. Windows Server,
, ,
, , -
.
, , -
. -
, ,
. -
, , -
, -
. -
, .

,
.
, , ,
.
Windows Server 2003
595
18


( -
?), (
?).
, Windows Server 2003,
, , -
.
;
, .
, -
. , -
.

, -
, , -
.


Windows Server 2003
VI

...
19.
,
Windows Server
2003
20.
Windows Server 2003
21.
Windows Server 2003
22.
Windows
Server 2003
23.

Windows Server 2003
24.
Windows Server 2003
25.
Microsoft
Windows Server 2003
,
599
19

,
Windows
Server 2003
19
...



Active Directory

Active Directory
Windows Server 2003







Windows Server 2003
600
VI

Windows Server 2003


,
.
, : , -
. ,
-
, ,
-
.
, , ,

, .

Active Directory (AD) Windows Server 2003 Active
Directory .

, -
IT-
. -
.
IT- IT- -
,
.
, -
. ,
. , -
-
. ,
, -
, .

, ,
, . -
, IT- -
, , -

.


: IT--
, -
. Web- -
,
601
19

, . -
-
IT- . , -
Microsoft Exchange 2000, -
,
. -
,
Exchange Server
2003, , -
.



, IT- IT-, -
. -
/
. , -
DNS DHCP. -

.
Windows Server 2003 -
,
. , -
, .
, ,
, -
, .


-
, , -
. , -
-
,
, -
, . ,

.


Active Directory
- , . Active Directory

Windows Server 2003
602
VI

.
, - -
, .
Active Directory.
AD ,
.
-
. AD
, ,
,
. -
, ,
- , -
, . -
Active Directory
. AD ,
, -
, .


, , -
.
; ; ; -
, ; , , , , -
. , ,
.
(Distributed File Sys-
tem DFS) ,
.

-
, , -
.
, ; -
Active Directory.
Active Directory, -

, -
. -
.


Active Directory -
. -
,
603
19

, RPC, IP SMTP -
.

( )
Active Directory -
. Active Directory
Sites and Services ( Active Directory) Microsoft (Mi-
crosoft Management Console MMC)
. Windows-, NT4, Windows 2000
Windows 2003 -
. ,

.




/ . -
, -
. -

-
, -
.


,
-
.
, , , DNS-,
DHCP- , , WINS. -
-
, .
, -
.


,
Active Directory, -
, . ,
Active Directory ,
, -
. , Active Directory
, Active Directory
, ,
, , -
Windows Server 2003
604
VI

. -
, Ac-
tive Directory
.


Active Directory
AD . -

IP- , .
. -
IP-, -
, .
AD , ,
.
.
1. Windows XP -
(Administration Tools) Windows Server 2003. -
, ;
.
2. Start () All ProgramsAdministrative ToolsActive
Directory Sites and Services (
Active Directory). , -
, 7.
3. Start Run (). MMC.exe
.
4. File () Add/Remove Snap-in (/ -
).
5. Add/Remove Snap-in Add ().
6. Add Stand-alone Snap-in ( )
Active Directory Sites and Services ( Active Directory)
Add (). Add/Remove Snap-in
Close (), .
7. Active Directory Sites and
Services ( Active Directory).
8. Sites ()
New Site ( ).
9. ,
. 19.1. .
10. ,
.
, , , .
,
605
19

. 19.1.


. -
:
1. Subnets (-
) New Subnet ( ).
2. ,
,
. , , IP-
, .


,
, -
. -
, -
.
1. Windows XP -
(Administration Tools) Windows Server 2003. -
, ;
.
2. Start All ProgramsAdministrative ToolsActive Directory
Sites and Services (
Active Directory). ,
, 7.
3. Start Run. MMC.exe
.
4. File Add/Remove Snap-in.
5. Add/Remove Snap-in Add.
Windows Server 2003
606
VI

6. Add Stand-alone Snap-in Active Directory Sites


and Services Add. Add/Remove Snap-in
Close, .
7. Active Directory Sites and
Services.
8. , .
, Sites, -
Servers, . 19.2.

. 19.2.
9. , ,

Move ().
10. ,
.
11. ,
Servers .
,

(Inter-Site Topology Generator ISTG) 15 .
ISTG 7.


Active Directory -
. -
, -
. -
,
,
607
19

Licensing () .
.
:
1. Windows XP -
(Administration Tools) Windows Server 2003. -
, ;
.
2. Start All ProgramsAdministrative ToolsActive Directory
Sites and Services (
Active Directory). ,
, 7.
3. Start Run. MMC.exe
.
4. File Add/Remove Snap-in.
5. Add/Remove Snap-in Add.
6. Add Stand-alone Snap-in Active Directory Sites
and Services Add. Add/Remove Snap-in
Close, .
7. Active Directory Sites and
Services.
8. . -
Licensing Site Settings ( -
) Properties (), -
. 19.3.

. 19.3. -

Windows Server 2003
608
VI

9. Licensing Site Settings


, ,
Change () .
10. Select Computer ( )
.
11. Licensing Site Settings,
.


/


.
, -
Licensing (),
. 24 , -
.


Windows , ,
BackOffice, Exchange SMS -
, -
.
. -
, , -
, , -
.


-
Active Directory.
Active Directory, , Group Policies
SYSVOL -
, .
7.
IP .
1. Windows XP -
(Administration Tools) Windows Server 2003. -
, ;
.
2. Start All ProgramsAdministrative ToolsActive Directory
Sites and Services. , ,
7.
,
609
19

3. Start Run. MMC.exe


.
4. File Add/Remove Snap-in.
5. Add/Remove Snap-in Add.
6. Add Stand-alone Snap-in Active Directory Sites
and Services Add. Add/Remove Snap-in
Close, .
7. Active Directory Sites and
Services.
8. Sites Inter-Site Trans-
ports ( ).
9. IP
New Site Link ( ).
10. , , Active
Directory Add. ,
, . 19.4.

. 19.4.
11. .
12. Active Directory Sites and Services,
-
Properties.
13. . ,
A B. , .
14. .
, Active Directory -
.
Windows Server 2003
610
VI

15. Change Schedule ( ) -


, Active Directory ,
.
16.
.
Active Directory

.


, -
Active Directory,
Active Directory.
-
Active Directory .

(Delegate Control Wizard),
.
.
1. Windows XP -
(Administration Tools) Windows Server 2003. -
, ;
.
2. Start All ProgramsAdministrative ToolsActive Directory
Sites and Services. , ,
7.
3. Start Run. MMC.exe
.
4. File Add/Remove Snap-in.
5. Add/Remove Snap-in Add.
6. Add Stand-alone Snap-in Active Directory Sites
and Services Add. Add/Remove Snap-in
Close, .
7. Active Directory Sites and
Services.
8. Sites -
Delegate Control ( ).
9. (Delegate Control
Wizard) Next ().
10. Add () ,
, ,
Next. Active Directory, -
,
611
19

, Network Configura-
tion Operators ( ).
11. Active Directory Object Type ( Active Directory) -
This Folder, Existing Objects in This Folder and Creation of New Objects in
This Folder ( , , ,
),
, Next. -
Sites.
, 8
.
12. Permissions () ,
, , , .
13. Next, Finish () -
.

Active
Directory Windows Server 2003
Active Directory (, -
,
). -
, -
. , -
, , .


Active Directory Windows Server 2003 :
. -
,
.


,
.
.
(Discretionary Access Control List
DACL),
, (Access Con-
trol Entry ACE). -
DACL.
, -
, .
Windows Server 2003
612
VI


-
-
Active Directory. -
.
, ,
- ,
, .

. , 1
,
2
.
,

. -
, .

Active Directory
, -
. , , -
,
. -
, ,
.


-
, -
. ,
. -
, .


, .
, ,
-
,
.


, ,
.
, . -
, -
,
613
19

.
, , -
. -
.


,
Windows 2000 Native Window Server 2003.
, ,
, .


-
. -
, , .
: -
, -
, -
. , -
.



-
,
.
, -
, -
. -
, -
.

,
. , -
-
, .
,
.



IT- ,
Windows 2000 Mixed, Domain
Windows Server 2003
614
VI

Admins ( )
Administrators () . , Administrators
A Domain Admins A, B C.
, -
.
Windows 2000 Na-
tive Window Server 2003 Native Domain, -
Forest Admins ( ) Domain Admins -
. ,

. , -
, -
-
.


, -
. -

,
. .
.
Windows 2000 Mixed ().
Windows
2000, Windows NT 4.0 Active Directory. -
,
, .

Windows 2000 Native Windows Server
2003 Native.
Windows 2000 Native ().
Windows 2000 Windows Server 2003. -
, -
.
Windows Server 2003 Native.
.
Windows Server 2003 Native ().
Windows 2000 Windows Server 2003 -
Windows 2000 Native -
-
.
Windows Server 2003 Interim (). Windows Server 2003
Interim Active Directory Windows Server 2003 -
, Windows NT 4.0 -
,
615
19

Windows Server 2003.


, NT 4.0 Active Direc-
tory Windows Server 2003.
Windows Server 2003 Native. ,
NT 4.0 Win-
dows Server 2003.

AD
, , , -
, .
.
1.
. -
.
2. Start All ProgramsAdministrative ToolsActive Directory
Users and Computers.
3. , , Users
(). -
NewGroup ().
4. ,
. 19.5. ,
.

. 19.5.


.
, , .
Windows Server 2003
616
VI

:
1.
. -
.
2. Start All ProgramsAdministrative ToolsActive Directory
Users and Computers.
3. , .

Properties.
4. General () ,
Members ().
5. Add () .
6. Select Users, Contacts, Computers or Groups ( , -
, ) ,
, , -
. , Advanced
(), , -
.
7. Members ,
, .


; , -
, , . ,
Exchange 2000 Active Directory
.

Outlook.
Outlook, -
(Administration Pack)
Windows Server 2003.

.
1. .
2. Start All ProgramsAdministrative ToolsActive Directory
Users and Computers.
3. , . -
-
Properties.
4. Security (). , -
Active Directory Users and Computers MMC
View () Advanced Features ( -
,
617
19

). ,
Security.
5. Advanced ().
6. Advanced Security Settings ( -
) Permissions ().
7. Add (). Select User, Computer or Group
( , ) ,
, .
8. Permissions Entry for Group ( )
Properties ().
9. Apply Onto ( ) Group Objects (
).
10. Permissions () Allow ()
Read Members ( ) Write Members ( ),
. 19.6. .
11. , Advanced Security Settings.
12. , .
File ExitNo (to save console settings) ( ( -
)), Active Directory Users and Com-
puters .

. 19.6.

Windows Server 2003
618
VI

, -
. ,
, . -
, -
, -
,
-
. , .
, -

, -
,
.


, -
. ,
Internet Explorer, -
, , -
, ,
. -
-
.


,
.
, , -
,
.


-
. -
. -
, .
, , -
.
,
619
19


, , -
, .

. -
.
, , -
.

,
.
, . .
, 15
15 . ,
400 Internet-,
10 /c. -
, Internet Explorer Internet-
. -
.

.
, -
-
,
.


, , -
, ,
.
, -
, , Internet-.

. , , -
Ntuser.dat Ntuser.man.


Windows 2000 Windows XP,
, -
. ,

. -

.
Windows Server 2003
620
VI


,
. -
-
. , , ,
.
, , -
, -
, .
, , -
.

All Users
(All Users) , -
, . -
( ) -
. -
All Users
. .


, -
, , ,
, -
.
. -
-
.
, ,
, , .



:
, , , ,
Internet. -

, ,
, , -
,
.
:
1. -
, , -
,
621
19

.
TemplateUser1.
2. , . ,
Internet , .
3. . -
c:\Documents and Settings\TemplateUser1.



- ,
.
.
1. Administrator ().
2. Start Control Panel ( ).
3. System ().
4. Advanced () Set-
tings () User Profiles ( ).
5. , . 19.7,
Copy To ( ).
6. Copy To ( ) .
, Browse (). -
c:\Documents and Settings\Default User.
7. Permitted to Use ( ) ,
, .

. 19.7.
Windows Server 2003
622
VI




Windows Server 2003
. Active Direc-
tory -
,
.

. , -
,
. -
, , -
Windows XP. 15 -
,
, -
.



Active Directory
.
Group Policy Object Editor ( )
MMC ,
.
, .
1. Windows Server 2003 XP -
Administration Pack.
2. Start Run. MMC.exe
.
3. ,
Run ( ) runas /user:administrator
mmc.exe , MMC -
. Administra-
tor, -
.
4. , runas, -
. <Enter>.
5. MMC, File Add/Remove Snap-in.
6. Add/Remove Snap-in Add.
,
623
19

7. Add Stand-alone Snap-in Group Policy


Object Editor ( ),
Add.
8. (Select Group Policy Wizard), -
, .
, .
-
Browse ().
9. ,
. 19.8, .

. 19.8.
10. Finish , Close
Add Stand-alone Snap-in, Add/Remove
Snap-in .

, -
, , . , -
, ,
. -
SYSVOL -
, .


,
,
. -
,
-
. ,
Windows Server 2003
624
VI

,
.
, .
Active Directory Users and Computers Active Directory Site and Services -
MMC , -
, (Organizational Unit
OU). -
.
1. Windows Server 2003 XP -
Windows Server 2003 Administration Pack.
2. Start Run. MMC.exe
.
3. ,
Run runas /user:administrator mmc.exe -
, MMC -
. Administrator,
-
.
4. , runas, -
. <Enter>.
5. MMC, File Add/Remove Snap-in.
6. Add/Remove Snap-in Add.
7. Add Stand-alone Snap-in Active Directory Users
and Computers Add.
8. Close Add Stand-alone Snap-in,
Add/Remove Snap-in -
.
9. ,
.
Active Directory Users and Computers -
Connect to Domain ( ).
10.
. , Browse
.
11. .
Properties.
12. Group Policy ( ),
New (). .
13. <Enter> .
14. ,
Properties.
,
625
19

15. Security () Authenticated


Users ( ).
16. Permissions Apply Group Policy (
) Allow .
17. -
, -
.
18. Add .
, Advanced
(), Find Now ()
. , -
.
19. .
20. , -
Allow Apply Group Policy, . 19.9.
.
21. Apply ()
, General ().
22. General Computer or User Settings (-
)
. -
, , . -
, .

. 19.9.

Windows Server 2003
626
VI

23. ,
Edit (),
. -
Close.



.
. , -
, , -
. -
. , -
,
-
. , -
Properties. General () -

, .
, -
.
Resultant Set of Policies ( -
) MMC, Resultant Set of Policies
MMC. ,
X -
, X.
: , ,
, .
,
. -
,
, ,
OU Block Policy Inheritance ( -
).
, , No
Override ( ).


Block Policy Inheritance

, OU.
,
Active Directory .
.
,
627
19

1. AD Users and Computers


MMC OU, AD Sites and Services
MMC .
2. , , -
Properties.
3. Group Policy ( )
Block Policy Inheritance ( ),
. 19.10.
4. .

. 19.10. -
OU

No Override
No Override ( ) -
-
. ,
AD -
.
No Override -
:
1. AD Users and Computers MMC.
2. -
Properties.
3. Group Policy ( ),
Options ().
4. ,
.
Windows Server 2003
628
VI



,
, .
, -
. -
,
, , ,
. OU, -
OU, OU, , , OU, -
Active Directory ( ).
LSD-OU (local, site, domain, OU) , , , OU.
, ,
,
Windows Server 2003 Resultant Set of Policies (RSoP) -
MMC GPResult.exe,
RSoP.

Resultant Set of Policies MMC


RSoP (Resultant Set of Policies )
MMC
,
. , -
.
, ,
RSoP :
1. , .
2. Start Run. MMC.exe
.
3. File Add/Remove Snap-in.
4. Add/Remove Snap-in Add.
5. Add Stand-alone Snap-in Resultant Set of Policy
( ) Add.
Close, Add/Remove Snap-in.
6. Resultant Set of Poli-
cy Generate RSoP Data (
RSoP).
7. Next.
8. Mode Selection ( ) Logging Mode
( ) Next.
9. Computer Selection ( ) This
Computer ( ) Next.
,
629
19

10. Users Selection ( ) Display


Policy Settings For ( ), Select a
Specific User ( ), . 19.11.

. 19.11. , -

11. Summary of Selections ( )
Next .
12. , Finish
.
, ,
. , -
, -
Computer Configuration ( ), User Con-
figuration ( ) Proper-
ties , .

, Active Directory
,
.
, -
.
5 6 ( Active Directory), 21 29 (
) 23 (
).
Windows Server 2003
630
VI


,
, ,
.
(-
, ), , -
.
.


,
.
, , -
, , DNS-, DHCP-
, , , WINS.
.
, ,
.
, .

.
-
.

.
-
.
RSoP GPResult.exe -
.


Windows Server 2003
20
...
Windows Server 2003
Windows Server 2003



Windows Server 2003
632
VI


, ,
Windows 95.
(Registry), . -
, .ini .dat, -
Microsoft.
, ,
. , -
, , , -
.
, . ,
. - -
, ,
.
,
, -
. , , , ,

. ,
, ,
. -
,
(
).
Windows Server 2003
. Windows Server 2003
, -
. ,
. , -
,
Windows Server 2003:
.
-
.
.
.

Windows Server 2003


Windows Server 2003 -
, , , -
. -
. , , (-
), , , , ,
. (value entry) -
Windows Server 2003
633
20

, (value)
.

,
, -
(hive) . , -
. 20.1, ( Windows Server
2003). , ,
.

. 20.1.
. 20.1.

20.1.
()
HKEY_CURRENT_CONFIG .
HKEY_CLASSES_ROOT OLE.
HKEY_CURRENT_USER ,
, ,
.
HKEY_USERS .

.
HKEY_LOCAL_MACHINE :
,
.
Windows Server 2003
634
VI


.
. 20.2.

20.2.
( )
HKEY_CLASSES_ROOT HKEY_LOCAL_MACHINE\SOFTWARE\Classes
HKEY_CURRENT_CONFIG HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Hardware Profiles\Current
HKEY_CURRENT_USER HKEY_USERS ( )

(key). -

(subkey). .


Windows Server 2003 : .
, -
Windows Server 2003 .
, :
%SYSTEMROOT%\System32\Config
.sav .log. -
.

HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE ,
(, , , ) -
. . 20.2,
:
HARDWARE
SAM
SECURITY
SOFTWARE
SYSTEM
.

HARDWARE
(HARDWARE ), -
HARDWARE .
, -
. HARDWARE .
Windows Server 2003
635
20

. 20.2. HKEY_LOCAL_MACHINE
NTDETECT.COM. -
HARDWARE. -
, :
.
.
.
.
.
.
.
HARDWARE , -
, NTDETECT.COM:
HARDWARE\ACPI ACPI
, Plug and Play, -
(Advanced Power Management APM).
HARDWARE\DESCRIPTION .
HARDWARE\DEVICEMAP
.
HARDWARE\RESOURCEMAP , -
(, ).


-
Plug and Play API- Plug and Play.
Windows Server 2003
636
VI

SAM
SAM, 20.3,
HKEY_LOCAL_MACHINE\SECURITY , .
, -
. , -
.

. 20.3. HKEY_LOCAL_MACHINE\SAM

SECURITY
SECURITY ,
.
.
, , ,
. -
,
Mixed Windows NT 4 .

SOFTWARE
SOFTWARE ,
, , . -
HKEY_LOCAL_MACHINE,
( ).
, -
HKEY_CURRENT_USER\Software.
, -
, . , HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\ ,
Microsoft.
Windows Server 2003
637
20

SYSTEM
, Windows Server 2003,
SYSTEM. :
.
, -
. -
. ,
: ,
Windows Server 2003 .
Windows Server 2003. -
Windows Server 2003, OSLoaderPath
SystemPartition.
.
, , RAID-
. Disk Management ( ) -
.

HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT ,
HKEY_LOCAL_MACHINE\SOFTWARE\Classes.
, , OLE -
. , ,
. , -
. , , -
Windows .doc Microsoft Word. -
Microsoft Word, -
. . 20.4.
HKEY_CURRENT_USER\Software\Classes -
Windows 2000 , .
(per-user
class registration). , -
-
.
.

HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG ,
.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current. -
, ,
,
, .
Windows Server 2003
638
VI

. 20.4. ,
HKEY_CLASSES_ROOT
, , ,
. Windows Server 2003 -
, -
.
.

HKEY_CURRENT_USER
HKEY_CURRENT_USER .
, , , -
, HKEY_USERS\<SID>, SID (Security ID -
) . ,
.

, .
( , , -
,
). -
.
HKEY_CURRENT_USER , -
:
AppEvents ( ).
Console ().
Control Panel ( ).
Environment ().
Windows Server 2003
639
20

Identities ( ).
Keyboard Layout ( ).
Printers ().
Session Information ( ).
Software ( ).
Unicode Program Groups ( Unicode).
Volatile Environment ( ).

HKEY_USERS
HKEY_USERS -
. ,
: , ,
. :
.DEFAULT. , -
.
, .
<>. SID (Security ID
); , -
.
<_Classes>. -
, .
,
. :
%SystemDrive%\Documents and Settings\<_>
%SystemDrive%\Documents and Settings\Default User\

Windows Server 2003


Windows Server 2003 :
REGEDIT.EXE REGEDIT32.EXE.
, ,
. , Microsoft
, -
. (REGEDIT.EXE REGEDIT32.EXE) -
, ,
. 20.5. Windows Server 2003 -
, -
.
Windows Server 2003
640
VI

. 20.5. HKEY_USERS


( ) -
. , , -
. , -
.
, , . -
,
.


.
:
.
(HKEY_LOCAL_MACHINE HKEY_USERS).
HKEY_LOCAL_MACHINE\SECURITY ( ).
, .
1. , Run ( ) -
regedit regedit32.
2. , ().
3.
NewKey ().
4. . Default ( -
).
Windows Server 2003
641
20


- ,
( ) , . 20.3.
.

20.3.

String () , -
.
Binary ( ) , -
(hex) .
.
DWORD ( ) 32- , -
, .
Multi-string ,
( ) . ,
.
Expandable string -
( , -
) . -
, .


-
, ..
:
1. , , -
.
2. .
3. .
4. .


, , ,
. <Delete>,
Delete () Edit ().


regedit,
. ,
.
Windows Server 2003
642
VI

1. My Computer ( ).
2. Edit Find ().
3. Find () ,
, .
4. , (, ) -
.
5. Find Next ( ), .

Favorites
Favorites () Internet Explorer, Favorites
()
. Favorites,
.


:
1. , regedit regedit32.
2. File Connect Network Registry ( -
).
3. Select Computer (: ),
. 20.6, .
4. Check Names ( ) -
.
5. .

HKEY_LOCAL_MACHINE HKEY_USERS, , -
.

. 20.6.
Windows Server 2003
643
20


, , -
, . -
.
Microsoft
, .
. -
. , HKEY_LOCAL_MACHINE\SAM
HKEY_LOCAL_MACHINE\SECURITY -
DAC.
, -
, . -
,
.
NTFS.
.
1. ,
, Permis-
sions ().
2. Per-
missions for <> ( <>). Allow (-
) Deny () Full Control ( ),
Read () Special permissions ( ).
3. , Advanced (-
) Advanced Security Settings for <> (-
<>). ,
.

:
Full Control .
Query value .
Set Value .
Create Subkey .
Enumerate Subkey .
Notify .
Create Link .
Delete .
Write DAC .
Write Owner .
Read Control .
Windows Server 2003
644
VI


-
. ,
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg.
-
, LOCAL
SERVICE.
,
. -
Administrators ()
Backup Operators ( ) -
.


,
. -
, Windows Server 2003
.
, .
-,
(Group Policy Object GPO), -
( ). GPO
21.
, .
GPO .
1. Active Directory Users and Computers ( -
Active Directory) MMC, Start () All
ProgramsAdministrative ToolsActive Directory Sites and Services ( -
Active Directory).
2. -
Properties ().
3. Group Policy ( ).
4. Default Domain Policy ( )
GPO, .
5. Edit () Computer Configura-
tionWindows SettingsSecurity SettingsLocal PoliciesAudit Policy (-
Windows -
).
6. Audit object access ( ).
7. Define These Policy Settings (
), Success (),
Failure ().
Windows Server 2003
645
20

8. Apply (), ,
GPO.
:
1. Local Security Policy ( ) (
Default Domain Controllers Security Setting ( -
)), Start All ProgramsAdminist-
rative Tools ( ).
2. Local Policies ( ) Audit
Policy ( ).
3. .
4. Define These Policy Settings , ,
Success, Failure.
5. Apply, ,
GPO.
, -
. .
1. ,
, Permis-
sions.
2. Advanced, Advanced Security Settings
for <>. , .
3. Auditing () Add ().
4. Select User or Group ( ) -
, . -
, auth, Check Names (-
) Authenticate Users (-
).
5. . Auditing Entry for <>
( <>).
6. Successful () / Failed () -
. ,
Successful Failed Full Control
.
7. Apply These Auditing Entries to Objects and/or Containers
Within This Container ( / -
), -
.
8. , .
9. .
Windows Server 2003
646
VI



(Event Viewer),
. 20.7. , , -
.


Windows Server 2003 131 072
(128 ). .
.

. 20.7.


Windows Server 2003
. , -
.


Windows -
. -
. Windows XP, .
, -
. Windows Server 2003 , , -
.
.
Windows Server 2003
647
20

Windows Server 2003 -


, . -,
, -
. 25% .
.
.



. , , -
. , , ,
( ) -
.
, , ,
, .
.
- -
, - Windows Server 2003.
Windows .NET -
, -
, -
. , ,
, -
.
, , -
. Windows Server 2003
, ,
.


, -
, . -
. -
. ,
.
Microsoft -
RegClean.
( ). -
Windows 2000 Windows Server 2003, -
. -
, ,
.
Windows Server 2003, -

.
Windows Server 2003
648
VI


Windows Server 2003 -
Add/Remove Programs ( ),
. 20.8 .
.
,
.

. 20.8. Add/Remove Programs

(MSICUU.EXE) Windows
(Installer Cleanup Utility) Windows -
, , -
Windows Installer.
, . -
Windows Server 2003. -
deploy.cab, Administrative Tools ( -
) .
MSICUU, . 20.9,
,
Windows.
MSICUU, -
- Windows Server 2003 :
1. MSICUU <Enter>.
2. MSICUU
, .
-
.
Windows Server 2003
649
20

. 20.9. -
Windows

Windows Installer Zapper (MSIZAP.EXE)


Windows Installer Zapper ( ), -
MSIZAP, MSICUU.
, MSICUU ,
, .
(Access Control List ACL) -
, .
MSIZAP :
MSIZAP [*] [A] [P] [T { }] [!]
:
* , -
DLL- Windows Installer.
T .
P In-Progress ( ).
S .
A ACL Admin Full Control.
! Yes .


MSIZAP .



.
, -
.
Windows Server 2003
650
VI


. , , -
. -
-
.

Windows Server 2003


Backup Utility (NTBACKUP.EXE), . 20.10.
Start All ProgramsAccessoriesSystem Tools ( -
). Backup Utility , -
Windows 2000, :
(Emergency Repair Disk ERD) -
(Automated System Recovery ASR). -
, , -
.

. System State Data ( -
). AD, SYSVOL,
, ,
COM+ .

%SYSTEMROOT%\Repair\Regback.

. 20.10. Windows Server 2003


Windows Server 2003
651
20



Windows Server 2003 ERD -
(Automated System Recovery ASR). -
( ERD),
. ASR, -
ASR, .
20.11. Microsoft ASR -
. Last
Known Good ( ) Safe Mode Boot ( -
).

. 20.11. ASR
ASR ASR,
, .
ASR -
, -
. , ;
, -
.
ASR , -
. ,
. ASR
- Windows Server 2003
<F2> . ,
, ASR . -
, .
Windows Server 2003
652
VI


Windows Server 2003 , -
(.reg).
.


.
.

-
, ,
Export (). -
( .reg). , , Save (-
), .




. regedit
regedit /e <c:\__.reg>,
.


:
.
; .reg ,
.

:
1. , Run
regedit.
2. File Import ().
3.
Open ().

, -
, Windows Server 2003. -
.
. -
, -
.
Windows Server 2003
653
20


,
-
. , ,
.
Favorites
.
, -
:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
.
Windows Install Cleanup
.
-
.


Windows Server 2003
21
...












GPMC
Resultant Set of Policies
Windows

Group Policy









Group Policy
Windows Server 2003
656
VI

, ,
Windows. Win-
dows Server 2000, Windows Server 2003, -
. (Group Policy GP)
,
, . ,
Active Desktop
.


Win-
dows 2000 Professional, Windows XP, Windows 2000 Server Windows Server 2003.
, Windows, Unix
, Windows Server
2003. , , -
. :
.


,
-
.
. , -
:
.
.
,
.
, MSI,
, -
. .



. -
, , , -
.
, -
.
.
.
.
Windows Server 2003
657
21



-
. -
90 , -
(- 30 ), 5 .
Group Policy, -
:

Computer ConfigurationAdministrative Templates
SystemGroup Policy ( -
).

User ConfigurationAdministrative TemplatesSystemGroup Policy (-

).
,
(Group Policy Object GPO) GPO, -
. -
, GPO:
, .
, .
, .


16 , -
.




. -
, , .
,
. -
,
.
Windows Server 2003
658
VI

, :

,
. ,

,
. , -

. , GPO
SYSVOL ,
, .


(RSoP)
(Group Policy Management
Console GPMC)
. -
, -
-
. -
GPMC
.



.
, -
. ,
-
. , -
GP
.


, -
,
. -
, , -
, .
, -
.
Windows Server 2003
659
21

GP
-
. , -
, -

AD.
:
GPO.
WMI.
WMI.
GPO.
, GPO -
(scope of management SOM).
-
, , -
Windows Server 2003 .


. -
, , -
-
. .



.
-
, .


(
OU -
), .
, OU , -
.
. -
New Group Policy ( -
). ,
.
.
.
Windows Server 2003
660
VI


, -
( ) Windows 2003.
, , -
, . -
, -
(. ).
-
, -
, .

!
, OU,
SAM, Active Directory.
Active Directory -
.

, -
, .



-
, . -
, -
, Microsoft .




:
OU. OU -
OU , ,
OU OU . -
-
, OU , -
, OU -
. -
, , OU.
-
, -
.
Windows Server 2003
661
21



, -
. ,
Active Directory, , -
Active Directory. AD -
:
.
.
.
.
.
GPO OU OU, -
.
-
Not Configured ( ), . -
-
, . ,
GPO GPO OU GPO OU.
AD OU GPO,
, , . GPO
, , , -
GPO . , OU -
(Contacts) ,
( . 21.1), -
:
.
.
.
, -
, . -
, -
,
.



, . GPO
(Enforcement).
-
OU. , -
, GPO.
Windows Server 2003
662
VI

. 21.1.
GPO (Block Poli-
cy Inheritance). AD, GPO,
GPO ,
( GPO -
).
, , , -
, (Link Enabled) GPO.

Link Enabled, -
. . 21.2
Contacts Temporary Policy.


(loopback) -
, -
AD. ,
, , , -
. , -
. -
, ,
, -
, GPO . -
, GPO, ,
GPO , -
GPO .
Windows Server 2003
663
21

. 21.2.



,
. , ,
Microsoft -
, .


Microsoft Windows Server 2003 , -
; -
,
. ,
. , -
, , -
, GP . -
,
.

, , -
.
Windows Server 2003
664
VI



ping 32 2048- , 500 K/.
K/ (Kbps) Microsoft -
:
16000 / = Kbps
, 32 -
:
16000 / 32 = 500 Kbps
, , -
DC,
. 2048- ,
:
ping l 2,048
.
, , ,
500 K/ , , -
.



Microsoft,
-
, Group Policy:
Computer ConfigurationAdministrative TemplatesSystemGroup PolicyGroup
Policy Slow Link Detection Properties ( -

). ( 0, -
,
.)
User ConfigurationAdministrative TemplatesSystemGroup PolicyGroup Poli-
cy Slow Link Detection Properties ( -
-
). ( 0, -
,
.)
-
, , , ,
Group Policy. ,
Computer ConfigurationAdministrative TemplatesSystemGroup Policy (-
-
) (Policy Processing).
Windows Server 2003
665
21


, -
,
.


- -
, , ,
, .
.
SYSVOL .
.
GPO. GPO -
, .
. -
GPO, -
, GPO.

Group Policy
ADUC GPMC -
, ,
, , -
FMSO PDC. -
, -
,
PDC- DC.
GPMC Group Policy
, : User ConfigurationAdministrative
TemplatesSystemGroup PolicyGroup Policy Domain Controller Selection (-

).
Use Any Available Domain Controller ( -
) Inherit From Active Directory Snap-ins (
Active Directory), DC,
. , PDC Use the Primary
Domain Controller ( ). . 21.3
Inherit From Active Directory Snap-ins.


, GPO
User Configuration ( )
Computer Configuration ( ), GPO
Windows Server 2003
666
VI

. -
,
.

. 21.3.
Active Directory Users
and Computers .
1. .
2. Properties ().
3. General ().
4. , , Disable
Computer Configuration Settings ( -
), Disable User Configuration Settings (
).
GPMC
.
1. GPMC .
2. Details ().
3. Details.
4. , ,
Computer Configuration Settings Disabled (
), User Configuration Settings Disabled
( ).
Windows Server 2003
667
21



-
. ADUC GPMC
, -
. , -
, , -
. . 21.4 -
GPO Show Configured Policies Only
( ).

. 21.4.
,
ADUC GPMC.
1. ADUC GPMC.
2. .
3. Computer Configuration/Administrative Template (-
/ ) User Configuration/Administ-
rative Template ( / ).
4. Administrative Templates (-
) ViewFiltering
().
5. Only Show Configured Policy Settings (
), . 21.5.
Windows Server 2003
668
VI

. 21.5. -
GPMC


GPO : .
.

, , -
.
. GPO
, . SYSVOL
Active Directory.
, , -
SYSVOL -
. ,
, -
, .
Group Policy ADUC,
: Remove the Link From the List ( -
) Remove the Link and Delete the Group Policy Object Permanently (-
).
GPMC ,
Group Policy Object , .
Do you want to delete this link? This will not delete the GPO itself (
? GPO ),
GPO .
.
Windows Server 2003
669
21

GPO GPMC Group Policy Objects


( ). GPO
Delete (). Do
you want to delete this GPO and all links to it in the domain? This will not delete links in
other domains ( GPO ?
). .


GPO, ,
- . GPMC ADUC.


Group Policy
-
. (, SMS)
(,
),
Group Policy. ,
Windows Server 2003.

, -
. -
. -
, -
:
MSI -
.


Installing Managed Software ( ).
.
Add/Remove Programs (-
) , -
.
Windows Server 2003
670
VI




(Group Policy Management Console
GPMC) ,
Group Policy Windows 2003.
Group Policy AD Users and Computers.


ADUC Group Policy, You
have installed the Group Policy Snap-in so this tab is no longer used (
Group Policy, ) Open () -
GPMC.

GPMC Windows Server 2003 Windows XP.


GPMC.msi :
http://www.microsoft.com/windowsserver2003/downloads/featurepacks/default.mspx
GPMC All ProgramsAdministrative
ToolsGroup Policy Management (
) Start ().

C
GPMC Windows 2000,
Windows XP.

GPMC ;
.

GPO: ,
,
Group Policy -
( ) . Group Policy -
. , -
, .
Active Directory, GPO WMI
( WMI ) IP-
. ,
GUID GPO. -
GPO, GPO.
GPO -
, , ,
, . -
, .
Windows Server 2003
671
21

GPO , -
, , -
GPO.
GPO.
OU , -
() GPO OU, GPO, -
GPO. GPO -
. GPO . -
, .
, , -
GPO.
, -
Stored User Names and Passwords (
). , GPO -
GPO, GPO.



-
, GPO.
.
, , -
. -
.


GPO -

.



GPMC
. -
, , -
GPMC. GPO
- .
.

. -
, -
, ViewOptions (
), General () Enable Trust Delega-
tion ( ).
Windows Server 2003
672
VI

Group Policy , ,
Stored User Names and Passwords (-
). , Start
Control PanelUser AccountsAdvancedManage Passwords (
) Windows
XP Start Control PanelStored User Names & Passwords (-
) Windows Server 2003.
Stored User Names and Passwords ,
. 21.6.

. 21.6. -

HTML-
Settings
Settings ()
GPMC. GPO HTML.
HTML- ,
GPO. , ( -
) ,
Show All ( ). ,
.

WMI
WMI -
. -
, WMI WMI -
true/false (/), -
Windows Server 2003
673
21

. false ,
GPO , true GPO.
WMI GPO, -
GPO GPO Scope (
GPO). GPO WMI. ,
WMI Windows XP
, Windows 2000 Microsoft.

GPMC
GPMC -
GPO. GPMC
, , GPO, WMI, -
( ), -
GUID GPO.

GPMC
Resultant Set of Policies
Resultant Set of Policies (RSoP )
GPMC, , -
,
, .


Resultant Set of Policies
RSoP -
, , ,
. , -
. -
GPO
.
RSoP -
Group Policy Modeling ( ) -
Group Policy Modeling Wizard ( -
). , -
, WMI .
Group Policy Modeling.


RSoP
RSoP , -
.
,
Windows Server 2003
674
VI

. -
, .
RSoP GPMC -
Group Policy Results ( ), -
Group Policy Modeling Wizard (
) .


Windows
Windows (Windows Management Instrumentation WMI)
Microsoft (Web-based Enter-
prise Management WBEM) Web, -
Windows.
Microsoft , WMI
: WMI, -
WMI.

WMI
Group Policy
Windows, - . -

WMI-. .
.
.
.

.
,
Visual Basic .
, WMI- ,
, , .
Microsoft , -
. -
Windows (Windows Script Development Center)
http://msdn.microsoft.com/library/default.asp?url=/nhp/Default.asp?contentid=28001169
, , , -
.
, .
fabrikam cn ( ) ou
( ) OU , -
,
. ,
Windows Server 2003
675
21

, ,
.
Const ADS_PROPERTY_APPEND = 3
Set objGroup = GetObject _
("LDAP://cn=Sea-Users,cn=Users,dc=NA,dc=fabrikam,dc=com")
objGroup.PutEx ADS_PROPERTY_APPEND, "member", _
Array("cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com", _
"cn=Executives,ou=Management,dc=NA,dc=fabrikam,dc=com", _
"cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo
-
. ,
,
, , OU
, OU -
.

WMI
WMI
WMI.
, WMI

.


WMI
WMI,
:
1. Active Directory Users and Computers.
2. OU, -
.
3. Properties
Group Policy ( ).
4. -
, Properties.
5. WMI Filter ( WMI).
6. This Filter ( ),
Browse/Manage (/).
7. Advanced ().
8. New (), -
, Delete (), .
.
Windows Server 2003
676
VI



,
.
1. Active Directory Users and Computers.
2. OU, -
.
3. Properties
Group Policy ( ).
4. -
, Properties.
5. WMI Filter.
6. This Filter, Browse/Manage.
7. Advanced. Import ()
, -
, Export ().
.
MOF-,
WMI, .


Group Policy
Group Policy
.
,
(, , ),
-
.
,
. -
, ,
, , -
, .
, -
.
, -
OU . , -
-
, ,
,
, .
Windows Server 2003
677
21


Microsoft Group Policy -
, (
). -
,
. -
.
, , -
, , ,
.
, , -
.
. : ,
.
Securews.inf, Securedc.inf.
. (Hisecws.inf
Hisecdc.inf)
-
. ,
.
. (Rootsec.inf)
-
C. ,
. -
, ,
; -
.
. (Compatws.inf) -
. -
, , -
Microsoft ,
. Power Users.



, ,
OU, SAM, Active Di-
rectory. Active Directory
(Account Policy) (De-
fault Domain Policy). ,

AD, Group Policy:
Windows Server 2003
678
VI

Password Policy ( ).
Account Lockout Policy ( ).
Kerberos Policy ( Kerberos).

:


, Administrators Power Users, .
, . -
, -
-
. -

, Group Policy.
, OU,
.
,
, OU. -
,
. .
.
1. Group Policy.
2. Computer ConfigurationWindows SettingsSecurity Settings
Restricted Groups ( Windows-
).
3. Restricted Groups
Add Group ( ).
4. Browse ().
5. .
6. Add Group.
7. Members Of This Group ( )
Add ().
8. Browse.
9. ,
. -
.
21.7.
10. , .
Windows Server 2003
679
21

. 21.7.



(Group Policy Object Editor) -
Folder Redirection ( )
. ,
, Documents and
Settings. User Configuration (-
) .

. .
,
.



UNC (Universal Naming Convention
) \\server\share\%username%\MyDocuments -
, , \\server\share,
Folder Redirection
. Folder Redirection
.
, -
:
Windows Server 2003
680
VI

1. , , -
, ,
.
2. Folder Redirection (-
), , -
.
3. (,
Desktop My Documents) Properties.
4. Target () Settings ()
Basic Redirect Everyones Folder to the Same Location (
).
5. Target Folder Location ( )
Create a Folder for Each User Under the Root Path ( -
).
6. Root Path ( ) UNC- ( \\servername\sharename),
.
7. Properties .


(My Documents)
Windows Server 2003 My
Documents .
, -
.
, .
My Documents -
.
1. , , -
, ,
.
2. Folder Redirection, -
My Documents.
3. My Documents -
Properties.
4. Target Settings Basic
Redirect Everyones Folder to the Same Location.
5. Target Folder Location Redirect to the Users Home
Directory ( ),
.
Windows Server 2003
681
21


Active Directory
. -
Active Directory .
, ,
; .


-
, -
, -
. , -
Windows 2000.
- , -
.
1. , , -
, ,
.
2. Folder Redirection -
, .
3. (, Desk-
top My Documents) Properties.
4. Target Settings Basic
Redirect Everyones Folder to the Same Location.
5. Target Folder Location Redirect to the Following
Location ( ).
6. Root Path ( ) UNC (, \\sever\share).
(, C:\somefolder).
.



, %userprofile%\< >.
-
:
1. , , -
, ,
.
Windows Server 2003
682
VI

2. Folder Redirection -
, .
3. (, Desk-
top My Documents) Properties.
4. Target Settings Basic
Redirect Everyones Folder to the Same Location (. 21.8).

. 21.8.
5. Target Folder Location Redirect to the Local
User Profile Location (
), .


Properties () Not Config-
ured ( ) -
. Not Configured , .


,
, , -
. , , ,
, , -
. (
), , -
, , .
, -
, , .
Windows Server 2003
683
21

, , -
, , .

!
, ,
ASL,
. , -
, .



ADUC GPMC, Microsoft -
.
Windows Server 2003,
Web- Microsoft Windows 2003 Resource Kit.

gpupdate.exe
gpupdate.exe Windows 2003
secedit/refreshpolicy Windows 2000 Server.
,
AD . -
.
:
Gpupdate [/target:{computer | user}] [/force] [/wait:] [/logoff] [/boot]
-
:
Gpupdate /?

gpresult.exe
gpresult.exe Microsoft Win-
dows 2003 Resource Kit. , ,
. gpresult.exe
, -
, . , -
gpresult.exe,
, .


gpmonitor.exe .
-
. ,
Windows Server 2003
684
VI

. gpmonitor.exe
(Deployment Kit) Windows Server 2003.

GPOTool.exe
GPOTool.exe Group Policy
.
,
, SYSVOL
, , .
,
GPO. GPOTool.exe Windows
2003 Resource Kit Microsoft Windows 2000, Web-
Microsoft.

FRSDiag.exe
(File Replication Service FRS) , -
.
, -
, .
Microsoft
FRSDiag , -
RFS. -
, ,
NTFRSUTL , REPADMIN /showreps REPADMIN /showconn
FRS. -
. -
, DC , -
, , .
cab-. FRSDiag.exe -
:
http://www.microsoft.com/windowsserver2003/downloads/featurepacks/default.mspx
FRSDiag , Canary File Tracer (-
). ,
SYSVOL\_\policies ( ,
Share Root) .
,
, SYSVOL\_\policies
,
-
. -
,
, . -
.
Windows Server 2003
685
21

1. Target Server ( ) -
.
2. File Output ( ) None ().
3. Tools () Canary File Tracer ( -
).
4. : _\policies\*.*.
5. Expected Number of Hits ( )
(, 135).
6. Go ().
-
. , -
, . -
.
. 21.9
.


Windows 2000, -
.NET Framework v. 1.1.

. 21.9. -

Sonar.exe
Sonar.exe :
http://www.microsoft.com/windowsserver2003/downloads/featurepacks/default.mspx
,
FRS ,
Windows Server 2003
686
VI

Group Policy. Sonar


,
: ,
, FRS
. Sonar
DFS, FRS.

Group Policy.
Windows 2000 XP.