Errata

Ipsec dynamic referenced in place of Ipsec static
On page 8-32, the last sentence before the command sample reads:



"For example, the following commands launch Netsh and set the context to Ipsec dynamic:"



It should read:



"For example, the following commands launch Netsh and set the context to Ipsec static:"

The word "Setup" missing from Security.inf
On page 3-5, the third sentence in the first bullet item reads:



"For the domain controller setup, Security.inf is used with the DC Security.inf template."



It should read:



"For the domain controller setup, Setup Security.inf is used with the DC Security.inf template."

Correction To CA
On page 7-9, under Root CAs,Change:"Because enterprise CAs rely on Active Directory to store and replicate data, all enterprise CAs must also be domain controlers."To:"Because enterprise CAs rely on Active Directory to store and replicate data."

Group assignment missing from practice
On page 2-14, the last sentence of step 3 reads:



"Assign the user account a complex password, and make Mary a member of the Administrators group."



It should read:



"Assign the user account a complex password, and make Mary a member of the Accounting and Administrators groups."

GPO three should be GPO four and vice versa
On page 15-28, the descriptions of GPO three and GPO four in question 4 should be switched.



Change:

"GPO three: Server (Request Security) IPSec policy set

GPO four: Secure Server (Require Security) IPSec policy set"



To:

"GPO three: Secure Server (Require Security) IPSec policy set

GPO four: Server (Request Security) IPSec policy set"

Reference to figure 11.8 should be disregarded
On page 11-21, the second to the last sentence in step 11 reads:



"Figure 11.8 shows this dialog box completed."



Figure 11.8 does not display a completed dialog box and should be disregarded.

Chapter 3 Should Be Chapter 2
On page 9-26, in the first line,



change:"See Also For information on how to enable auditing, refer to Chapter 3"To:"See Also For information on how to enable auditing, refer to Chapter 2"

Incorrect description of Exercise 2
On page 1-29, the description of Exercise 2 reads:



"In this exercise, you will configure the domain controllers to accept only NTLM and refuse LM default domain controller security policy."



This sentence is incorrect and should be disregarded.

Correction To Question 2 On page 8-47, in the first paragraph, Change: "c, e, and f" To: "c, d, and f"

Managers Group Should Be Accounting Group On page 2-5, in the last sentence of the first paragraph, Change: "... the Deny ACE means that all memebers of the Managers group will be denied access to the file." To: "... the Deny ACE means that all memebers of the Accounting group will be denied access to the file."

Incorrect information regarding Automatic Update client configuration On page 42, the second bullet point reads: "The Automatic Updates client can be configured by using GPOs linked to Active Directory, to the local GPO, or to the registry." It should read: "The Automatic Updates client can be configured by using GPOs linked to Active Directory, the local GPO, or the registry." On page 47, the fifth bullet point reads: "The Automatic Updates client can be configured by using GPOs linked to Active Directory, to the local GPO, or to the registry." It should read: "The Automatic Updates client can be configured by using GPOs linked to Active Directory, the local GPO, or the registry."

The word "changed" is used in place of the word "hinged" On page 1-8, the first sentence of the "Real World" box reads: "Since the beginning of computer systems, some of the most widely used security attacks have changed upon the attacker gaining access to the operating system’s password file." It should read: "Since the beginning of computer systems, some of the most widely used security attacks have hinged upon the attacker gaining access to the operating system’s password file."

Correction To Table 12.1 On page 12-9, in Table 12.1, "Supported by Windows Server 2003, Windows XP, and Windows 2000 clients" should have a check under EAP.

Enterprise Root CA Should Be Enterprise Subordinate CA On page 7-14, in step 6, Change: "6. In the CA Type dialog box, click Enterprise Root CA, and then click Next." To: "6. In the CA Type dialog box, click Enterprise subordinate CA, and then click Next."

Incorrect figures used On page 15-47, the image is incorrect and should be replaced with the image on page 15-53. On page 15-53, the image is incorrect and should be replaced with the image on page 15-47. Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections.

Figure 10.2 contains incorrect label for top level icon On page 10-19, Figure 10.2 has an incorrect label for the top level icon only. The remaining icon labels in the hierarchy are correct. Change: "Wireless LAN users (Domain Global Group)" To: "Universal Group (access granted with remote access policy in IAS)"

Correction To Table 2.1 On page 2-22, in Table 2.1, the features listed for "Windows Server 2003 interim" are the same as that of "Windows Server 2003". This is incorrect. The features listed for "Windows Server 2003 interim" should be the same as that of "Windows 2000 mixed" in the table.