MCSA/MCSE Training Kit (Exam 70-299): Implementing And Administering Security In A Microsoft Windows Server 2003 Network comments and corrections

This article contains comments, corrections, and information about known errors relating to the Microsoft Press book MCSA/MCSE Training Kit (Exam 70-299): Implementing And Administering Security In A Microsoft Windows Server 2003 Network, 0-7356-2061-x.

The following topics are covered:

• Page 1-8: The word "changed" is used in place of the word "hinged"
• Page 1-29: Incorrect description of Exercise 2
• Page 2-5: Managers Group Should Be Accounting Group
• Page 2-14: Group assignment missing from practice
• Page 2-22: Correction To Table 2.1
• Page 3-5: The word "Setup" missing from Security.inf
• Pages 6-42 and 6-47: Incorrect information regarding Automatic Update client configuration
• Page 7-9: Correction To CA
• Page 7-14: Enterprise Root CA Should Be Enterprise Subordinate CA
• Page 8-32: Ipsec dynamic referenced in place of Ipsec static
• Page 8-47: Correction To Question 2
• Page 9-26: Chapter 3 Should Be Chapter 2
• Page 10-19: Figure 10.2 contains incorrect label for top level icon
• Page 11-21: Reference to figure 11.8 should be disregarded
• Page 12-9: Correction To Table 12.1
• Page 15-28: GPO three should be GPO four and vice versa
• Pages 15-47 and 15-53: Incorrect figures used

Page 1-8: The word "changed" is used in place of the word "hinged"

On page 1-8, the first sentence of the "Real World" box reads:

"Since the beginning of computer systems, some of the most widely used security attacks have changed upon the attacker gaining access to the operating system’s password file."

It should read:

"Since the beginning of computer systems, some of the most widely used security attacks have hinged upon the attacker gaining access to the operating system’s password file."

Page 1-29: Incorrect description of Exercise 2

On page 1-29, the description of Exercise 2 reads:

"In this exercise, you will configure the domain controllers to accept only NTLM and refuse LM default domain controller security policy."

This sentence is incorrect and should be disregarded.

Page 2-5: Managers Group Should Be Accounting Group

On page 2-5, in the last sentence of the first paragraph,

Change:
"... the Deny ACE means that all memebers of the Managers group will be denied access to the file."

To:
"... the Deny ACE means that all memebers of the Accounting group will be denied access to the file."

Page 2-14: Group assignment missing from practice

On page 2-14, the last sentence of step 3 reads:

"Assign the user account a complex password, and make Mary a member of the Administrators group."

It should read:

"Assign the user account a complex password, and make Mary a member of the Accounting and Administrators groups."

Page 2-22: Correction To Table 2.1

On page 2-22, in Table 2.1, the features listed for "Windows Server 2003 interim" are the same as that of "Windows Server 2003". This is incorrect. The features listed for "Windows Server 2003 interim" should be the same as that of "Windows 2000 mixed" in the table.

Page 3-5: The word "Setup" missing from Security.inf

On page 3-5, the third sentence in the first bullet item reads:

"For the domain controller setup, Security.inf is used with the DC Security.inf template."

It should read:

"For the domain controller setup, Setup Security.inf is used with the DC Security.inf template."

Pages 6-42 and 6-47: Incorrect information regarding Automatic Update client configuration

On page 42, the second bullet point reads:

"The Automatic Updates client can be configured by using GPOs linked to Active Directory, to the local GPO, or to the registry."

It should read:

"The Automatic Updates client can be configured by using GPOs linked to Active Directory, the local GPO, or the registry."

On page 47, the fifth bullet point reads:

"The Automatic Updates client can be configured by using GPOs linked to Active Directory, to the local GPO, or to the registry."

It should read:

"The Automatic Updates client can be configured by using GPOs linked to Active Directory, the local GPO, or the registry."

Page 7-9: Correction To CA

On page 7-9, under Root CAs,

Change:
"Because enterprise CAs rely on Active Directory to store and replicate data, all enterprise CAs must also be domain controlers."

To:
"Because enterprise CAs rely on Active Directory to store and replicate data."

Page 7-14: Enterprise Root CA Should Be Enterprise Subordinate CA

On page 7-14, in step 6,

Change:

"6. In the CA Type dialog box, click Enterprise Root CA, and then click Next."

To:

"6. In the CA Type dialog box, click Enterprise subordinate CA, and then click Next."

Page 8-32: Ipsec dynamic referenced in place of Ipsec static

On page 8-32, the last sentence before the command sample reads:

"For example, the following commands launch Netsh and set the context to Ipsec dynamic:"

It should read:

"For example, the following commands launch Netsh and set the context to Ipsec static:"

Page 8-47: Correction To Question 2

On page 8-47, in the first paragraph,

Change:

"c, e, and f"

To:

"c, d, and f"

Page 9-26: Chapter 3 Should Be Chapter 2

On page 9-26, in the first line, change:

"See Also For information on how to enable auditing, refer to Chapter 3"

To:
"See Also For information on how to enable auditing, refer to Chapter 2"

Page 10-19: Figure 10.2 contains incorrect label for top level icon

On page 10-19, Figure 10.2 has an incorrect label for the top level icon only. The remaining icon labels in the hierarchy are correct.

Change:
"Wireless LAN users
(Domain Global Group)"

To:
"Universal Group
(access granted with remote access policy in IAS)"

Page 11-21: Reference to figure 11.8 should be disregarded

On page 11-21, the second to the last sentence in step 11 reads:

"Figure 11.8 shows this dialog box completed."

Figure 11.8 does not display a completed dialog box and should be disregarded.

Page 12-9: Correction To Table 12.1

On page 12-9, in Table 12.1, "Supported by Windows Server 2003, Windows XP, and Windows 2000 clients" should have a check under EAP.

Page 15-28: GPO three should be GPO four and vice versa

On page 15-28, the descriptions of GPO three and GPO four in question 4 should be switched.

Change:
"GPO three: Server (Request Security) IPSec policy set GPO four: Secure Server (Require Security) IPSec policy set"

To:
"GPO three: Secure Server (Require Security) IPSec policy set GPO four: Server (Request Security) IPSec policy set"

Pages 15-47 and 15-53: Incorrect figures used

On page 15-47, the image is incorrect and should be replaced with the image on page 15-53.

On page 15-53, the image is incorrect and should be replaced with the image on page 15-47.

Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections.