EXERCISE 1.01G ENERATING A G ROUP P OLICY M ODELING R EPORTIN THIS EXE...

255_ - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 1 PPTX
MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 1 PPTX

255_70_293_ch01.qxd 9/10/03 1:42 PM Page 31

Using Windows Server 2003 Planning Tools and Documentation • Chapter 1

31

Network services Install the same services on a test server that will be used inthe actual deployment.This can include Domain Name System (DNS), DynamicHost Configuration Protocol (DHCP),Windows Internet Name Service (WINS),or any other Windows service.

User accounts Create a domain controller in your test environment to effec-tively simulate any upgrade procedures.

T

EST

D

AY

T

IPYou can use the Clone Principal tool (Clonepr.dll) utility, included in the WindowsServer 2003 Resource Kit, to copy production users into a test domain.

Domain structure Simulate the domain hierarchy of your proposed environ-ment, including forests, trees, parent and child domains, and all necessary trustrelationships. Configure sites as necessary to simulate any WAN testing considera-tions.

Network protocols and topology Re-create the network technologies thatwill be used in your production environment as completely as possible. Forexample, if your production environment will be using 100MB cabling, usingGigabit Ethernet when doing performance testing will provide erroneous results.You should also include routers to test for performance latency as well as replica-tion across WAN links.

Domain authentication Use the appropriate authentication to mimic thedesired production environment, including mixed mode versus native mode, andNTLM versus Kerberos client authentication. Selecting the appropriate authenti-cation model will allow you to compare apples to apples during testing and avoidany unexpected behavior later.

E

XAM

W

ARNINGRemember that Windows NT 4.0 workstations or servers cannot use Kerberosauthentication. You will need to rely on either NTLM authentication or its strongersuccessor, NTLM version 2.

Group Policy Object (GPO) settings Create GPOs with the settings that youwish to deploy in your production environment.You can use the GPMC (dis-cussed earlier) to test the potential behavior of any policy objects on user andgroup objects.https://traloihay.net