- MCSE in a Nutshell: The Windows 2000 Exams
- Preface
- 1. About the MCSE Exams
- I. Windows 2000 Professional
- 2. Exam Overview
- 3. Study Guide
- Windows 2000 Basics
- Installing Windows 2000 Professional
- Configuring Windows 2000 Professional
- Managing Disk Storage
- Managing Network Components
- Administration and Security
- Optimization and Troubleshooting
- 4. Suggested Exercises
- 5. Practice Tests
- 6. Highlighter’s Index
- II. Windows 2000 Server
- 7. Exam Overview
- 8. Study Guide
- Windows 2000 Server Basics
- Installing Windows 2000 Server
- Managing Disk Storage
- Windows 2000 Active Directory
- Managing Network Components
- Administration and Security
- Optimization and Troubleshooting
- 9. Suggested Exercises
- 10. Practice Tests
- 11. Highlighter’s Index
- III. Active Directory
- 12. Exam Overview
- 13. Study Guide
- Introduction to Active Directory
- Installing Active Directory
- Configuring Active Directory
- DNS for Active Directory
- Directory Maintenance and Replication
- Remote Installation Service (RIS)
- Active Directory Security
- Active Directory Maintenance
- Troubleshooting Active Directory
- 14. Suggested Exercises
- 15. Practice Tests
- 16. Highlighter’s Index
- IV. Network Infrastructure
- 17. Exam Overview
- 18. Study Guide
- Network Protocols
- Managing TCP/IP
- IP Routing
- IP Security (IPSec)
- Hostname Resolution
- NetBIOS Name Resolution
- NetWare Connectivity
- DHCP (Dynamic Host Configuration Protocol)
- Remote Access Server (RAS)
- NAT (Network Address Translation)
- Certificate Services
- Monitoring Network Performance
- 19. Suggested Exercises
- 20. Practice Tests
- 21. Highlighter’s Index
- V. Designing Active Directory
- 22. Exam Overview
- 23. Study Guide
- 24. Suggested Exercises
- 25. Practice Tests
- 26. Highlighter’s Index
- VI. Designing Network Infrastructure
- 27. Exam Overview
- 28. Study Guide
- Designing a Network Infrastructure
- Designing TCP/IP Networks
- Designing DHCP Services
- Designing Name Resolution Services
- Designing Internet Connectivity
- Designing Routing and Remote Access
- 29. Suggested Exercises
- 30. Practice Tests
- 31. Highlighter’s Index
- VII. Designing Security
- 32. Exam Overview
- 33. Study Guide
- Planning Network Security
- Designing Basic Security
- Encrypted Filesystem (EFS)
- Designing Auditing
- Securing Network Services
- Designing Secure Connectivity
- Planning IP Security
- 34. Suggested Exercises
- 35. Practice Tests
- 36. Highlighter’s Index
- Index
- Colophon
Windows 2000’s Public Key Infrastructure (PKI) manages public-key encryption. This type of encryption uses two keys: a public key and a private key. Messages encrypted with the private key can be decrypted with the public key, and vice versa.
Windows 2000 Certificate Services manages the issuing of certificates. These are documents that verify identity and can include a public/private key pair. Certificates are issued by a certificate authority (CA). There are several types of CA:
- Standalone root CA
Standalone CAs are used when the organization will be issuing certificates to third parties. The root CA is the most trusted CA and can authorize subordinate CAs. Standalone CAs do not require Active Directory.
- Standalone subordinate CA
Standalone subordinate CAs are authorized by and subordinate to the root CA.
- Enterprise root CA
Enterprise CAs are used when the organization will be issuing certificates internally, i.e., to employees or students. The enterprise root CA is the highest authority and can authorize subordinate CAs. Windows 2000 allows one enterprise root CA per certificate hierarchy and any number of root CAs per network. Enterprise CAs require Active Directory.
- Enterprise subordinate CA
Enterprise subordinate CAs are authorized by and subordinate to the root CA.
You can configure a certificate authority on any Windows 2000 Server computer. Follow these steps to install a CA:
In the Control Panel, select Add/Remove Programs, then select Add/Remove Windows Components.
Check the Certificate Services option.
You are warned that the computer cannot be renamed or removed from the domain; click OK.
Select the CA type from the four types listed in the previous section.
Enter the name, organization, city, and other details for the CA and click Next.
Specify a directory for the CA database. The default is C:WINNTSystem32CertLog. Click Next.
The CA is now installed; this may take several minutes, and the Windows 2000 CD-ROM may be required.
The Windows 2000 Certificate Authority can be managed using the Certificate Authority Manager MMC snap-in, available from the Administrative Tools menu after installation. There is also a web-based interface for enrolling certificates. Various certificate management tasks are described in the following sections.
The process of requesting and being granted a certificate is called enrollment. Follow these steps to request and grant a certificate:
With a web browser, connect to http://servername/certsrv/default.asp.
Select the Request a Certificate option and click Next.
In the Certificate Authority Manager, select Pending Requests in the left pane.
Right-click the pending request and select Issue.
In the browser, access the same URL. Select the Check on a pending certificate option and click Next.
You can now view and use the certificate.
-
No Comment