BKWNTDMA.RVW 990411 "Windows NT Domain Architecture", Gregg Branham, 1999, 1-57870-112-0, U$39.95/C$57.95 %A Gregg Branham www.altusnet.com info@altusnet.com %C 201 W. 103rd Street, Indianapolis, IN 46290 %D 1999 %G 1-57870-112-0 %I Macmillan Computer Publishing (MCP) %O U$39.95/C$57.95 800-858-7674 http://www.mcp.com info@mcp.com %P 298 p. %T "Windows NT Domain Architecture" Most NT books will show you the dialogue boxes that are used to set up domains. Some may even tell you, in simplistic terms, what a domain is, and these generally also mention trust relationships. A domain architecture, however, is a complicated beast, and worthy of substantially more discussion. Which Branham intends to provide. Chapter one outlines the workgroup and domain models for Microsoft networking, with particular emphasis on the security complications of workgroups. Domain controllers and some of the mechanisms for authentication are reviewed in chapter two. The SAM (Security Accounts Manager) is covered in chapter three, in some detail. Chapter four describes basic trust relationships, but could benefit from some discussion of more complicated examples. Various domain models are presented in chapter five, but, again, the deliberation could be extended, particularly where more complex security relations are involved. Good, solid information about domain structures and realities helps with domain planning in chapter six. Domain reconfiguration, in chapter seven, points out some of the possible traps to avoid. Chapter eight not only provides reliable information about domain security, but also takes care to expose some of the more prevalent security myths surrounding NT. User and groups relations with domains and trust relationships is dealt with quite thoroughly in chapter nine. Scripts, policies, and profiles are handled well enough in chapter ten that NT administrators might find it worth investing in the book even without needing to design domains. Chapter eleven's coverage of resource permissions is good, but perhaps should concentrate more on the effect of trust relationships in the complex mix of permissions and rights. The function and operation of the NETBIOS server resource browser is discussed in chapter twelve. DHCP (Dynamic Host Configuration Protocol), WINS (Windows Internet Naming Service), and DNS (Domain Name Service) operation is covered well in chapter thirteen, but usage and setup could stand some additional material. Appendices cover issues that can have an impact on domain design, such as performance of individual machines for load balancing to eliminate bottlenecks. The material is very well supported with frequent citation to the relevant Microsoft Knowledge Base articles. In addition, while Branham does not go to great pains to point out design problems with NT, he does not gloss over them, either. There are numerous points raised about the differences between NT and the coming 2000 version. In large measure, Branham succeeds in presenting information that is covered poorly, if at all, in most NT texts. There is a great deal of technical detail that will be useful both in tuning a network and in diagnosing trouble. Some work should still be enhanced in the realm between the broad concepts and the internals level specifics. copyright Robert M. Slade, 1999 BKWNTDMA.RVW 990411