The Microsoft Certified Systems Administrator (MCSA) on
Windows Server™ 2003 credential is intended for IT professionals
who work in the typically complex computing environment of
medium to large companies. An MCSA candidate should have 6 to 12
months of experience administering client and network operating
systems in environments that have the following characteristics:
- 250 to 5,000 or more users
- Three or more physical locations
- Three or more domain controllers
- Network services and resources such as messaging,
database, file and print, proxy server, firewall, public key
infrastructure (PKI), Internet, intranet, remote access, and
client computer management
- Connectivity requirements such as connecting branch
offices and individual users in remote locations to the
corporate network and connecting corporate networks to the
Credit Toward Certification
When you pass the Implementing and Administering Security in
a Microsoft Windows Server 2003 Network exam, you achieve
Certified Professional (MCP) status. You also earn credit
toward the following certifications:
Preparation Tools and Resources
We make a wealth of preparation tools and resources available
to you, including courses, books, practice tests, and Microsoft
Web sites. When you are ready to prepare for this exam, here's
where you should start.
Instructor-led Courses for This Exam
- Course 2823: Implementing and Administering Security in a
Microsoft Windows Server 2003 Network
Skills Being Measured
This certification exam measures your ability to implement,
manage, maintain, and troubleshoot security in a Windows Server
2003 network infrastructure and also plan and configure a
Windows Server 2003 PKI. Before taking the exam, you should be
proficient in the job skills listed in the following matrix. The
matrix shows which Official Microsoft Learning Products may help
you reach competency in the skills being tested in the exam.
||The course includes material
to prepare you for this task.
||The course includes some material to
prepare you for this task. You will need to supplement the
course with additional work.
||The course provides a general introductory
overview of this task. You will need to supplement the
course with additional work.
Managing, and Troubleshooting Security Policies
|Plan security templates
based on computer role. Computer roles include SQL Server
computer, Microsoft Exchange Server computer, domain
controller, Internet Authentication Service (IAS) server,
and Internet Information Services (IIS) server.
- Configure registry and file system permissions.
- Configure account policies.
- Configure .pol files.
- Configure audit policies.
- Configure user rights assignment.
- Configure security options.
- Configure system services.
- Configure restricted groups.
- Configure event logs.
|Deploy security templates.
- Plan the deployment of security templates.
- Deploy security templates by using Active
Directory-based Group Policy objects (GPOs).
- Deploy security templates by using command-line tools
- Troubleshoot security templates in a mixed operating
- Troubleshoot security policy inheritance.
- Troubleshoot removal of security template settings.
security based on computer roles. Server computer roles
include SQL Server computer, Exchange Server computer,
domain controller, Internet Authentication Service (IAS)
server, and Internet Information Services (IIS) server.
Client computer roles include desktop, portable, and kiosk.
- Plan and configure security settings.
- Plan network zones for computer roles.
- Plan and configure software restriction policies.
- Plan security for infrastructure services. Services
include DHCP and DNS.
- Plan and configure auditing and logging for a computer
role. Considerations include Windows Events, Internet
Information Services (IIS), firewall log files, Netlog,
and RAS log files.
- Analyze security configuration. Tools include
Microsoft Baseline Security Analyzer (MBSA), the MBSA
command-line tool, and Security Configuration and
Managing, and Troubleshooting Patch Management
|Plan the deployment of
service packs and hotfixes.
- Evaluate the applicability of service packs and
- Test the compatibility of service packs and hotfixes
for existing applications.
- Plan patch deployment environments for both the pilot
and production phases.
- Plan the batch deployment of multiple hotfixes.
- Plan rollback strategy.
|Assess the current status
of service packs and hotfixes. Tools include MBSA and the
MBSA command-line tool.
- Assess current patch levels by using the MBSA GUI
- Assess current patch levels by using the MBSA
command-line tool with scripted solutions.
|Deploy service packs and
- Deploy service packs and hotfixes on new servers and
client computers. Considerations include slipstreaming,
custom scripts, and isolated installation or test
- Deploy service packs and hotfixes on existing servers
and client computers.
Managing, and Troubleshooting Security for Network
|Plan IPSec deployment.
- Decide which IPSec mode to use.
- Plan authentication methods for IPSec.
- Test the functionality of existing applications and
|Configure IPSec policies to
secure communication between networks and hosts. Hosts
include domain controllers, Internet Web servers, databases,
e-mail servers, and client computers.
- Configure IPSec authentication.
- Configure appropriate encryption levels.
Considerations include the selection of perfect forward
secrecy (PFS) and key lifetimes.
- Configure the appropriate IPSec protocol. Protocols
include Authentication Header (AH) and Encapsulating
Security Payload (ESP).
- Configure IPSec inbound and outbound filters and
|Deploy and manage IPSec
- Deploy IPSec policies by using Local policy objects or
Group Policy objects (GPOs).
- Deploy IPSec policies by using commands and scripts.
Tools include IPSecPol and NetSh.
- Deploy IPSec certificates. Considerations include
deployment of certificates and renewing certificates on
managed and unmanaged client computers.
- Monitor IPSec policies by using IP Security Monitor.
- Configure IPSec logging. Considerations include Oakley
logs and IPSec driver logging.
- Troubleshoot IPSec across networks. Considerations
include network address translation, port filters,
protocol filters, firewalls, and routers.
- Troubleshoot IPSec certificates. Considerations
include enterprise trust policies and certificate
revocation list (CRL) checking.
|Plan and implement security
for wireless networks.
- Plan the authentication methods for a wireless
- Plan the encryption methods for a wireless network.
- Plan wireless access policies.
- Configure wireless encryption.
- Install and configure wireless support for client
|Deploy, manage, and
configure SSL certificates, including uses for HTTPS, LDAPS,
and wireless networks. Considerations include renewing
certificates and obtaining self-issued certificates instead
of publicly issued certificates.
- Obtain self-issued certificates and publicly issued
- Install certificates for SSL.
- Renew certificates.
- Configure SSL to secure communication channels.
Communication channels include client computer to Web
server, Web server to SQL Server computer, client
computer to Active Directory domain controller, and
e-mail server to client computer.
|Configure security for
remote access users.
- Configure authentication for secure remote access.
Authentication types include PAP, CHAP, MS-CHAP, MS-CHAP
v2, EAP-MD5, EAP-TLS, and multifactor authentication
that combines smart cards and EAP.
- Configure and troubleshoot virtual private network
(VPN) protocols. Considerations include Internet service
provider (ISP), client operating system, network address
translation devices, Routing and Remote Access servers,
and firewall servers.
- Manage client configuration for remote access
security. Tools include remote access policy and the
Connection Manager Administration Kit.
Configuring, and Troubleshooting Authentication,
Authorization, and PKI
|Plan and configure
- Plan, configure, and troubleshoot trust relationships.
- Plan and configure authentication protocols.
- Plan and configure multifactor authentication.
- Plan and configure authentication for Web users.
- Plan and configure delegated authentication.
|Plan group structure.
- Decide which types of groups to use.
- Plan security group scope.
- Plan nested group structure.
|Plan and configure
- Configure access control lists (ACLs).
- Plan and troubleshoot the assignment of user rights.
- Plan requirements for digital signatures.
|Install, manage, and
configure Certificate Services.
- Install and configure root, intermediate, and issuing
certification authorities (CAs). Considerations include
renewals and hierarchy.
- Configure certificate templates.
- Configure, manage, and troubleshoot the publication of
certificate revocation lists (CRLs).
- Configure archival and recovery of keys.
- Deploy and revoke certificates to users, computers,
- Backup and restore the CA.