Microsoft KB Archive/291987

= MCSE Training Kit Designing Windows 2000 Network Security Comments And Corrections =

Article ID: 291987

Article Last Modified on 3/1/2007

-

APPLIES TO


 * MSPRESS MCSE Training Kit, Designing Microsoft Windows 2000 Network Security ISBN 0-7356-1134-3

-



This article was previously published under Q291987



SUMMARY
This article contains comments, corrections, and information about known errors relating to the Microsoft Press book MCSE Training Kit Designing Microsoft Windows 2000 Network Security, ISBN 0-7356-1134-3.

The following topics are covered:


 * CD-ROM: Evaluation CD May Not Be Bootable
 * Page 72: Incorrect URL In Note
 * Page 131: Inaccurate Statement About Remote Administration Mode
 * Page 132: Inaccurate Statement About Remote Administration Mode
 * Page 180: Graphics Users Permissions Should Be &quot;Change&quot;
 * Page 183: Missing Checkmark In Table 6.1
 * Page 233: Correction To Question 1
 * Page 252: Ocfiles.inf Should Be Ocfiless.inf
 * Page 310: Incorrect Description For None and Notify Rights
 * Page 440: &quot;Original&quot; Should Be &quot;New&quot; In Figure 12.10
 * Page 449: Corrections For Entries In Table 12.6
 * Page 452: 3DES Should Be DES In Figure 12.9
 * Page 489: Incorrect URL In Note
 * Page 492: Incorrect URL In Note
 * Page 534: Invalid Question
 * Page 572: Table 14.15 Change Internal To External
 * Pages 575 - 577 And 618: &quot;Passive&quot; Should Be &quot;Active&quot;
 * Page 604: Private Should Be Public
 * Page 642: Table 15-18 Correction For &quot;Log Date&quot; Entry
 * Page 714: Incorrect URL
 * Page 720: Incorrect OU
 * Page 727: Mixed Mode Should Be Native Mode
 * Page 736: Incomplete Answer To Question 4



CD-ROM: Evaluation CD May Not Be Bootable
Some of the Windows 2000 Server Evaluation Edition CDs included with this book may not be bootable. In order to install Windows 2000 Server using the non-bootable Evaluation CD, you must create Windows 2000 Server Setup Boot Disks.

For instructions on how to create the Windows 2000 Server Setup Boot Disks, please refer to the ADVSRV3.TXTfile located on the Evaluation CD:

&quot;To start Setup for a new installation by starting the computer from floppy disks

1. Locate both the Windows 2000 Setup floppy disks and the Windows 2000 CD-ROM.

2. With your computer turned off, insert the first Setup disk into drive A of your computer.

3. Turn on your computer.

4. Follow the Setup instructions.

You can create a set of floppy disks by using the Makeboot utility in the Bootdisk folder of the Windows 2000 Setup CD-ROM. You can create the Setup disks from a computer running any version of Windows or MS-DOS.

You will need four blank, formatted, 3.5-inch, 1.44-MB floppy disks. Label them Setup Disk One, Setup Disk Two, Setup Disk Three, and Setup Disk Four. To create Setup disks

1. Insert a blank, formatted, 3.5-inch, 1.44-MB disk into the floppy disk drive.

2. Insert the Windows 2000 CD-ROM into the CD-ROM drive.

3. Click Start, and then click Run.

4. In the Open box, type d:\bootdisk\makeboot a: (where d: is the drive letter assigned to your CD-ROM drive), and then click OK.

5. Follow the screen prompts.&quot;

Page 72: Incorrect URL In Note
On page 72, in the Note near the middle of the page, the URL www.ieft.org/rfc is referenced. It should be &quot;ietf&quot; rather than &quot;ieft&quot;.

Change:

www.ieft.org/rfc

To:

www.ietf.org/rfc

Page 131: Inaccurate Statement About Remote Administration Mode
On page 131, in the second paragraph from the bottom, change:

&quot;Second, only members of the Administrators group are allowed to connect to the terminal server.&quot;

To:

&quot;Second, by default, only members of the Administrators group are allowed to connect to the terminal server.&quot;

Page 132: Inaccurate Statement About Remote Administration Mode
On page 132, in the second paragraph from the bottom, change:

&quot;This restricts Terminal Services to only members of the Administrators domain local group.&quot;

To:

&quot;This, by default, restricts Terminal Services to only members of the Administrators domain local group.&quot;

Page 180: Graphics Users Permissions Should Be &quot;Change&quot;
On page 180, in the third bulleted item, the Graphics Users permissions should be &quot;Change&quot; instead of &quot;Read&quot;.

Change:

&quot;Graphics Users: Read&quot;

To:

&quot;Graphics Users: Change&quot;

Page 183: Missing Checkmark In Table 6.1
On page 183, in Table 6.1, under the &quot;Write&quot; column, there should be a checkmark for the &quot;Create Files/Write Data&quot; special permission.

Page 233: Correction To Question 1
On page 233, in question 1,

Change:

&quot;...meet the requirements to hide the Control Panel for all network user.&quot;

To:

&quot;...meet the requirements to hide the Entire Network icon.&quot;

Page 252: Ocfiles.inf Should Be Ocfiless.inf
On page 252, in the second bulleted item from the bottom,

Change:

&quot;...Ocfiles.inf&quot;

To:

&quot;...Ocfiless.inf&quot;

Page 310: Incorrect Description For None and Notify Rights
On page 310, in the first bulleted item under &quot;Restricting Management to Specific SNMP Communities&quot;, the explanation for None or Notify is incorrect.

Change:

&quot;None or Notify. The SNMP agent won't discard any requests from management stations in the community where the right is assigned.&quot;

To:

&quot;None or Notify. The SNMP agent does not process the request. When the agent receives an SNMP message from a management system in this community, it discards the request and generates an authentication trap.&quot;

Page 440: &quot;Original&quot; Should Be &quot;New&quot; In Figure 12.10
On page 440, in Figure 12.10, in the first box of &quot;Signed portion of the packet&quot;,

Change:

&quot;Original IP Header&quot;

To:

&quot;New IP Header&quot;

Page 449: Corrections For Entries In Table 12.6
On page 449, in Table 12.6, the third entry in the left column should be &quot;Negotiate Security&quot; instead of &quot;Negotiate&quot;. The fourth entry in the left column should be &quot;Allow Unsecured Communication With Non-IPSec-Aware Computer&quot;, instead of &quot;Enable Fallback To No Security&quot;.

Change the third and fourth entry in the left column from:

Negotiate

Enable Fallback To No Security

To:

Negotiate Security

Allow Unsecured Communication With Non-IPSec-Aware Computer

Page 452: 3DES Should Be DES In Figure 12.9
On page 452, in Table 12.9, in the last row,

Change:

&quot;3DES&quot;

To:

&quot;DES&quot;

Page 489: Incorrect URL In Note
On page 489, in the Note near the middle of the page, the URL www.ieft.org/rfc is referenced. It should be &quot;ietf&quot; rather than &quot;ieft&quot;.

Change:

www.ieft.org/rfc

To:

www.ietf.org/rfc

Page 492: Incorrect URL In Note
On page 492, in the Note near the top of the page, the URL www.ieft.org/rfc is referenced. It should be &quot;ietf&quot; rather than &quot;ieft&quot;.

Change:

www.ieft.org/rfc

To:

www.ietf.org/rfc

Page 534: Invalid Question
On page 534, under &quot;Designing Remote Access for Laptops Running Windows NT 4.0 Workstation&quot;, question 2 is invalid. Please ignore question 2.

Page 572: Table 14.15 Change Internal To External
On page 572, the title for Table 14.15 should say External instead of Internal.

Change:

&quot;Internal Firewall Rules to Restrict DNS Usage&quot;

To:

&quot;External Firewall Rules to Restrict DNS Usage&quot;

Pages 575 - 577 And 618: &quot;Passive&quot; Should Be &quot;Active&quot;
On pages 575, 576, 577, and 618, multiple references to &quot;passive FTP clients&quot; should be changed to &quot;active FTP clients&quot;.

On page 575, in the third paragraph under &quot;Securing FTP Traffic&quot;,

Change:

&quot;Some FTP clients, known as passive FTP clients, require...&quot;

To:

&quot;Some FTP clients, known as active FTP clients, require...&quot;

On page 576, in the paragraph under Table 14.19,

Change:

&quot;The last two packet filters enable the FTP server to establish connections to passive FTP clients.&quot;

To:

&quot;The last two packet filters enable the FTP server to establish connections to active FTP clients.&quot;

On page 576, in the Note paragraph,

Change:

&quot;The packet filters listed in Table 14.19 assume that passive FTP clients...&quot;

To:

&quot;The packet filters listed in Table 14.19 assume that active FTP clients...&quot;

On page 577, in the first bulleted item,

Change:

&quot;If passive FTP clients exist&quot;

To:

&quot;If active FTP clients exist&quot;

On page 577, in the paragraph under Table 14.20,

Change:

&quot;The last two packet filters allow the MFFTP server to initiate data transfers with passive FTP clients.&quot;

To:

&quot;The last two packet filters allow the MFFTP server to initiate data transfers with active FTP clients.&quot;

On page 618, in the last bulleted item,

Change:

&quot;Passive FTP clients require data transfers from...&quot;

To:

&quot;Active FTP clients require data transfers from...&quot;

Page 604: Private Should Be Public
On page 604, in question 4,

Change:

&quot;If private network users were allowed to...&quot;

To:

&quot;If public network users were allowed to...&quot;

Page 642: Table 15-18 Correction For &quot;Log Date&quot; Entry
On page 642, in Table 15.8, the eleventh entry down is &quot;Log Date.&quot; Change the parenthetical information immediately following it from &quot;LogTime&quot; to &quot;LogDate.&quot;

Page 714: Incorrect URL
The second bullet on page 714 references an incorrect URL. The URL should begin with &quot;news&quot; rather than &quot;nntp&quot; and there should be no &quot;/&quot; at the end of the path.

Change:

nntp://msnews.microsoft.com/microsoft.public.win2000.security/

To:

news://msnews.microsoft.com/microsoft.public.win2000.security

Page 720: Incorrect OU
On page 720, in question 2 under &quot;Designing an OU Structure for Group Policy Deployment&quot;, change:

&quot;London Computers&quot;

To:

&quot;London Computers\Desktops&quot;

Page 727: Mixed Mode Should Be Native Mode
On page 727, under &quot;Chapter 5&quot;, in question 4,

Change:

&quot;Domain local groups are shared among domain controllers only when in mixed mode&quot;

To:

&quot;Domain local groups are shared among domain controllers only when in native mode&quot;

Page 736: Incomplete Answer To Question 4
On page 736, at the top of the page, the answer to question 4 from page 237 does not list the local computer as a point of Group Policy implementation. Add the following additional bulleted item to the end of the list:


 * The computer's local GPO

Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections.

Additional query words: TKBOOK WIN2000 0-7356-1134-3 KOMAR

Keywords: kbdocerr kbdocfix kbinfo KB291987

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.