• Configure security for servers that are assigned specific roles.
• Plan a secure baseline installation.
  • Plan a strategy to enforce system default security settings on new systems.
  • Identify client operating system default security settings.
  • Identify all server operating system default security settings.
• Plan security for servers that are assigned specific roles. Roles might include domain controllers, Web servers, database servers, and mail servers.
  • Deploy the security configuration for servers that are assigned specific roles.
  • Create custom security templates based on server roles.
• Evaluate and select the operating system to install on computers in an enterprise.
  • Identify the minimum configuration to satisfy security requirements.

• Plan a TCP/IP network infrastructure strategy.
  • Analyze IP addressing requirements.
  • Plan an IP routing solution.
  • Create an IP subnet scheme.
• Plan and modify a network topology.
  • Plan the physical placement of network resources.
  • Identify network protocols to be used.
• Plan an Internet connectivity strategy.
• Plan network traffic monitoring. Tools might include Network Monitor and System Monitor.
• Troubleshoot connectivity to the Internet.
  • Diagnose and resolve issues related to client configuration.
  • Diagnose and resolve issues related to Network Address Translation (NAT).
  • Diagnose and resolve issues related to name resolution cache information.
• Troubleshoot TCP/IP addressing.
  • Diagnose and resolve issues related to client computer configuration.
  • Diagnose and resolve issues related to DHCP server address assignment.
• Plan a host name resolution strategy.
  • Plan a DNS namespace design.
  • Plan zone replication requirements.
  • Plan a forwarding configuration.
  • Plan for DNS security.
  • Examine the interoperability of DNS with third-party DNS solutions.
• Plan a NetBIOS name resolution strategy.
  • Plan a WINS replication strategy.
  • Plan NetBIOS name resolution by using the Lmhosts file.
• Troubleshoot host name resolution.
  • Diagnose and resolve issues related to DNS services.
  • Diagnose and resolve issues related to client computer configuration.

• Plan a routing strategy.
  • Identify routing protocols to use in a specified environment.
  • Plan routing for IP multicast traffic.
• Plan security for remote access users.
  • Plan remote access policies.
  • Analyze protocol security requirements.
  • Plan authentication methods for remote access clients.
• Implement secure access between private networks.
  • Create and implement an IPSec policy.
• Troubleshoot TCP/IP routing. Tools might include the route, tracert, ping, pathping, and netsh commands and Network Monitor.

• Plan services for high availability.
  • Plan a high-availability solution that uses clustering services.
  • Plan a high-availability solution that uses Network Load Balancing.
• Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks.
  • Identify system bottlenecks by using System Monitor.
• Implement a cluster server.
  • Recover from cluster node failure.
• Manage Network Load Balancing. Tools might include the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility.
• Plan a backup and recovery strategy.
  • Plan system recovery that uses Automated System Recovery (ASR).
  • Identify appropriate backup types. Methods include full, incremental, and differential.
  • Plan a backup strategy that uses volume shadow copy.

• Configure network protocol security.
  • Configure protocol security in a heterogeneous client computer environment.
  • Configure protocol security by using IPSec policies.
• Configure security for data transmission.
  • Configure IPSec policy settings.
• Plan for network protocol security.
  • Specify the required ports and protocols for specified services.
  • Plan an IPSec policy for secure network communications.
• Plan secure network administration methods.
  • Create a plan to offer Remote Assistance to client computers.
  • Plan for remote administration by using Terminal Services.
• Plan security for wireless networks.
• Plan security for data transmission.
  • Secure data transmission between client computers to meet security requirements.
  • Secure data transmission by using IPSec.
• Troubleshoot security for data transmission. Tools might include the IP Security Monitor MMC snap-in and the Resultant Set of Policy (RSoP) MMC snap-in.

• Configure Active Directory directory service for certificate publication.
• Plan a public key infrastructure (PKI) that uses Certificate Services.
  • Identify the appropriate type of certificate authority to support certificate issuance requirements.
  • Plan the enrollment and distribution of certificates.
  • Plan for the use of smart cards for authentication.
• Plan a framework for planning and implementing security.
  • Plan for security monitoring.
  • Plan a change and configuration management framework for security.
• Plan a security update infrastructure. Tools might include Microsoft Baseline Security Analyzer and Microsoft Software Update Services.

MS 2278 - Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure