Windows 2000 Security: Little Black Bk. Book

	Introduction	xxiii
Chapter 1	Windows 2000 Security Features	1
	In Brief
	Windows 2000 Active Directory	2
	Distributed Security And Security Protocols	3
	Deploying Smart Cards	4
	Encryption	5
	IP Security	6
	Virtual Private Networks	6
	Security Configuration And Analysis Tools	7
	Immediate Solutions
	Understanding The Active Directory Structure	8
	Integrating Security Account Management	9
	Using Transitive Two-Way Trusts	10
	Delegating Administration	12
	Using The Access Control List To Implement Fine-Grain Access Rights	13
	Using Security Protocols	14
	Using The Security Support Provider Interface	16
	Using The Kerberos 5 Authentication Protocol	18
	Using Public Key Certificates For Internet Security	23
	Implementing Interbusiness Access	29
	Providing An Enterprise Solution	30
	Using NTLM Credentials	31
	Using Kerberos Credentials	31
	Using Private/Public Key Pairs And Certificates	32
	Using Internet Protocol Security	33
	Using Virtual Private Networks	34
	Using The Security Configuration Tools	36
	Migrating From NT 4 To Windows 2000	38
Chapter 2	Active Directory And The Access Control List	41
	In Brief
	Windows 2000 Active Directory	42
	Immediate Solutions
	Supporting Open Standards	46
	Supporting Standard Name Formats	47
	Using Application Programming Interfaces	48
	Using The Windows Scripting Host	51
	Enabling Scalability	54
	Using Distributed Security	60
	Using The Security Settings Extension Of The Group Policy Editor	61
	Analyzing Default Access Control Settings	64
	Analyzing Default Group Membership	67
	Switching Between User Contexts	69
	Synchronizing Upgraded Machines With The Default Security Settings	70
	Using The Security Templates Snap-in	70
	Using The Access Control List Editor	74
Chapter 3	Group Policy	77
	In Brief
	Group Policy Capabilities And Benefits	78
	Group Policy And Active Directory	79
	Immediate Solutions
	Linking Group Policy With The Active Directory Structure	83
	Configuring A Group Policy Management Snap-in	84
	Accessing Group Policy For A Domain Or OU	85
	Creating A Group Policy Object	86
	Editing A Group Policy Object	88
	Giving A User The Log-on Locally Right On A Domain Controller	89
	Managing Group Policy	91
	Adding Or Browsing A Group Policy Object	92
	Setting Inheritance And Override	93
	Disabling Portions Of A GPO	97
	Linking A Single GPO To Multiple Sites, Domains, And OUs	98
	Administering Registry-Based Policies	100
	Setting Up Scripts	104
	Using Security Group Filtering	106
	Using Loopback Processing To Make Policies Computer-Specific	109
	Setting Up An Audit Policy	113
Chapter 4	Security Protocols	115
	In Brief
	Protocols	116
	Immediate Solutions
	Setting Up A Shared Secrets Protocol	119
	Using A Key Distribution Center	122
	Understanding Kerberos Subprotocols	126
	Authenticating Logons	130
	Analyzing Kerberos Tickets	137
	Delegating Authentication	140
	Configuring Kerberos Domain Policy	141
	Using The Security Support Provider Interface	143
Chapter 5	The Encrypting File System	149
	In Brief
	Why Data Encryption Is Necessary	150
	The Encrypting File System	151
	Immediate Solutions
	Using The Cipher Command-Line Utility	157
	Encrypting A Folder Or File	158
	Decrypting A Folder Or File	160
	Copying, Moving, And Renaming An Encrypted Folder Or File	161
	Backing Up An Encrypted Folder Or File	162
	Restoring An Encrypted Folder Or File	164
	Restoring Files To A Different Computer	166
	Securing The Default Recovery Key On A Standalone Computer	170
	Securing The Default Recovery Key For The Domain	172
	Adding Recovery Agents	172
	Setting A Recovery Policy For A Specific OU	175
	Recovering A File Or Folder	176
	Disabling EFS For A Specific Set Of Computers	176
Chapter 6	Public Keys	179
	In Brief
	Public Key Cryptography	180
	Protecting And Trusting Cryptographic Keys	182
	The Windows 2000 PKI Components	184
	Immediate Solutions
	Enabling Domain Clients	189
	Applying Windows 2000 Public Key Security	194
	Setting World Wide Web Security	196
	Using PK-Based Authentication In Internet Explorer	198
	Setting Up Microsoft Outlook To Use The Secure Sockets Layer	200
	Setting Up PK-Based Secure Email	202
	Configuring Outlook Express To Use PK Security	203
	Configuring Outlook To Use PK Security	208
	Achieving Interoperability	211
Chapter 7	Certificate Services	215
	In Brief
	Certificates	216
	Deploying An Enterprise CA	219
	Trust In Multiple CA Hierarchies	220
	Immediate Solutions
	Setting Up A Certification Authority	222
	Using The Certificate Service Web Pages	225
	Installing CA Certificates	227
	Requesting An Advanced Certificate	231
	Enrolling Using A PKCS #10 Request File	234
	Configuring A Domain To Trust An External CA	235
	Setting Up An Automatic Certificate Request For Computers	237
	Starting And Stopping Certificate Services	238
	Backing Up And Restoring The Certificate Services Service	239
	Displaying The Certificate Services Log And Database	241
	Revoking Issued Certificates And Publishing A CRL	243
	Configuring The Policy And Exit Modules For Certificate Services	245
Chapter 8	Mapping Certificates To User Accounts	249
	In Brief
	Why Certificate Mapping Is Needed	250
	Types Of Mapping	251
	Where Mapping Occurs	252
	Immediate Solutions
	Installing A User Certificate	253
	Exporting A Certificate	256
	Installing A CA Certificate	257
	Configuring Active Directory For UPN Mapping	259
	Configuring Active Directory For One-To-One Mapping	264
	Configuring IIS For One-To-One Mapping	265
	Configuring Active Directory For Many-To-One Mapping	267
	Configuring IIS For Many-To-One Mapping	268
	Testing The Mapping	269
Chapter 9	Smart Cards	273
	In Brief
	What Is A Smart Card?	274
	Smart Card Interoperability	275
	Supported Smart Cards	279
	Supported Smart Card Readers	279
	Immediate Solutions
	Installing A Smart Card Reader	281
	Setting Up A Smart Card Enrollment Station	283
	Issuing Smart Cards	286
	Logging On Using A Smart Card	289
	Deploying Smart Cards	295
	Resolving Smart Card-Related Issues	297
	Securing The Smart Card Enrollment Station	299
	Putting Applications On Smart Cards	300
	Using The Smart Card Software Development Kit	301
	Using The Microsoft APIs	307
	Using The Java Card API 2.1	309
	Using The OpenCard Framework	311
Chapter 10	IP Security	313
	In Brief
	IP Security Protection	314
	IPSec Features	314
	Security Associations	317
	Immediate Solutions
	Analyzing IPSec Operations	320
	Specifying IPSec Settings	321
	Configuring IPSec On Individual Computers	325
	Configuring IPSec For A Domain	329
	Changing The Security Method	331
	Configuring IPSec For An OU	332
Chapter 11	Virtual Private Networks	335
	In Brief
	Using Virtual Private Networks	336
	Tunneling	337
	Authentication	339
	Comparing PPTP And L2TP	341
	The Remote Authentication Dial-in User Service	341
	Immediate Solutions
	Specifying A VPN Strategy	343
	Setting Up A VPN Server	349
	Configuring A VPN Server	351
	Configuring A VPN Client	353
	Organizing Remote Access User Accounts	355
	Creating A Remote Access Policy For Router-To-Router VPN Connections	356
	Enabling Mutual Authentication	357
	Obtaining A Computer Certificate Automatically	358
	Adding L2TP And PPTP Ports	359
	Setting Up A RADIUS Server	360
Chapter 12	Security Configuration And Analysis Tools	363
	In Brief
	The Configuration Tools	364
	Security Template Settings	365
	Predefined Security Templates	367
	Immediate Solutions
	Creating And Analyzing A Security Configuration	370
	Editing A Security Configuration	371
	Exporting A Security Configuration	373
	Editing Security Templates	374
	Using The Secedit Command	376
	Glossary	383
	Index	399