Course: MS2823 Implementing and Administering Security in a Microsoft Windows Server 2003 Network

This five-day, instructor-led course provides students with the knowledge and skills to design, deploy, and manage a public key infrastructure (PKI) to support applications that require distributed security. Students get hands-on experience implementing solutions to secure PKI-enabled applications and services.

This course is intended for IT systems engineers who are responsible for designing and implementing security solutions. Individuals should have knowledge and experience to install and configure the Active Directory directory service and security mechanisms for computers running Microsoft Windows 2000 Server or Windows Server 2003 family.

Objectives

Describe PKI and the major components of a PKI & design a certification authority (CA) hierarchy to meet business requirements.
Install Certificate Services to create a CA hierarchy.
Perform certificate management tasks, CA management tasks, and plan for disaster recovery of Certificate Services.
Create and publish a certificate template, and replace an existing certificate template.
Enroll a certificate manually, autoenroll a certificate, and enroll a smart card certificate.
Implement manual and automatic key archival and recovery in a Windows Server 2003 PKI.
Configure trust between organizations by configuring and implementing qualified subordination.
Deploy smart cards in a Windows environment.
Secure a Web environment by implementing SSL security and certificate-based authentication for Web applications.
Implement secure e-mail messages by using Microsoft Exchange Server in a Windows 2000 or Windows 2003 environment.

Delegates should meet the prerequisites below:

Knowledge of Windows 2000/Windows Server 2003 core technologies, as covered in the following courses:

M2274: Managing a Microsoft Windows Server 2003 Environment
M2275: Maintaining a Microsoft Windows Server 2003 Environment
M2152: Implementing Microsoft Windows 2000 Professional and Server
Knowledge of Windows 2000/Windows 2003 networking technologies, as covered in the following courses

M2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services
M2153: Implementing a Microsoft Windows 2000 Network Infrastructure
Knowledge of Windows 2000/Windows 2003 directory services technologies, as covered in the following courses:

M2279: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
M2154: Implementing and Administering Microsoft Windows 2000 Directory Services

Recommended as preparation for exam(s):

70-214: Implementing & Managing Security in a Windows 2000 Network Infrastructure
70-220: Designing Security for a Microsoft Windows 2000 Network
70-298: Designing Security for a Microsoft Windows Server 2003 Network
70-299, Implementing & Administering Security in a Microsoft Windows Server 2003 Network

Overview of Public Key Infrastructure

Introduction to Cryptography
Certificates and Certification Authorities

Designing a Certification Authority Hierarchy

Identifying CA Hierarchy Design Requirements
Common CA Hierarchy Designs
Documenting Legal Requirements
Analyzing Design Requirements
Designing a CA Hierarchy Structure

Creating a Certification Authority Hierarchy

Creating an Offline CA
Validating Certificates
Planning CRL Publication
Installing a Subordinate CA

Managing a Public Key Infrastructure

Managing Certificates
Managing Certification Authorities
Planning for Disaster Recovery

Configuring Certificate Templates

Introduction to Certificate Templates
Designing and Creating a Certificate Template
Publishing a Certificate Template
Managing Changes in a Certificate Template

Configuring Key Archival and Recovery

Implementing Manual Key Archival and Recovery
Implementing Automatic Key Archival and Recovery

Configuring Trust Between Organizations

Introduction to Advanced PKI Hierarchies
Qualified Subordination Concepts
Configuring Constraints in a Policy.inf File
Implementing Qualified Subordination

Deploying Smart Cards

Enrolling Smart Card Certificates
Deploying Smart Cards

Securing Web Traffic by Using SSL

Enabling SSL on a Web Server
Implementing Certificate-based Authentication

Configuring E-mail Security

Introduction to E-mail Security
Configuring Secure E-mail Messages
Recovering E-mail Private Keys
Migrating a KMS Database to a CA Running Windows Server 2003