Using Ipsec

When you use IPSec for secure replication, all of the replication traffic between the domain controllers is encapsulated in encrypted IPSec packets. Both domain controllers must be configured with the correct IPSec policies. Domain controllers c use a Group Policy object (GPO) that uses Kerberos for IPSec encryption, but any stand-alone server that is being promote needs to use certificates because it will not be a member of the domain and cannot use Kerberos. Using IPSec is the most secure way...

Implementing a Restricted Access Forest

Arestricted-access forest completely separates service administrators from one another. Although you can build trust relationships to allow users to access the resources within the remote forest, the service administrators from the two forests are not allowed to administer the other forest's services. If the organization has any need for isolation of services, this is the type of forest structure that you need to build. Figure 3.8 shows an example of a restricted-access forest. Notice that no...

Design Scenario Determining WINS Replication Paths

Acme Creations has four offices within its organization the corporate office in New York, and three regional offices located in Hawaii, Taiwan, and Japan. Each of the WAN links has approximately 1Mps available, but due to additional anticipated client traffic, Acme wants to reduce the total query traffic across the WAN links. The regional offices in Japan and Taiwan are connected to the Hawaii office through dedicated WAN links that have traditionally held an 88-percent uptime. The corporate...

Current Directory Service

Depending on the directory service that is in place, you will have to document certain information. Active Directory has the potential to hold detailed information about the resources within the network environment, whereas NT 4 does not have that ability from the native utilities. Make sure you are as detailed as possible when gathering and documenting the following information. The Windows NT 4 directory service was very limited in the amount of information it provided. However, if Exchange...

The Basics of Organizational Units

Active Directory introduced one of the most useful objects into the Windows realm the organizational unit (OU). This versatile tool allows administrators not only to organize resources within the Active Directory structure, but to delegate administrative control to users who are not members of any administrative group. When OUs are used within a domain, users can be granted control to resources that they need to manage and at the same time, gain autonomy over those resources. Users who do not...

Understanding OU Design Criteria

Back in Chapter 1 'Analyzing the Administrative Structure, we discussed the interviews that should take place and the information you should collect about who is responsible for controlling resources. This is where that information will start coming in very handy. As a matter of fact, OUs are built based on three criteria Efficient Group Policy application Note Designing the OU structure to take advantage of efficient Group Policy application will be discussed in Chapter 6.

Identifying the Outsourced Administration Model

In many companies, outsourcing the administrative staff is not an option. These companies want to have complete control over their administrative staff. They do not want to entrust their systems to employees from an outside organization, even though the outside organization may have employees who have up-to-date skill sets. For some companies, the security risks are not worth the trade-off. For other companies, the ability to bring in employees who have a skill set that they need becomes a...

Account Discretionary Access Control List ADACL

Using the account discretionary access control list (A DACL) strategy, user accounts are added directly to the DACL of the resource. Because groups are not used, the administrator will have to add the user's account to the DACL of every resource that the user needs to work with. In large organizations with several resources, the administrator may mistakenly omit an account from a resource's DACL, thus keeping the user from working effectively. This will also generate one of those nasty phone...

RAS Server Placement

Clients who connect to a RAS server in order to obtain access to their resources need to be assured that they have access the same data as if they were working from the internal network. At the same time, you need to make sure that the clients, both internal and external, do not over consume the network when they are accessing their data. Try to place the RAS serv as close to the resources as possible. When the client is accessing the network from a remote location, the traffic that it is...

Using APIPA

The automatic private IP address (APIPA) range of 169.254.0.0 16 is a range of addresses that has been identified by the Internet Assigned Numbers Authority (IANA) that is not allowed to pass across routers on the Internet. This range is used for local access within a subnet only. In a Microsoft network where client operating systems support APIPA, which includes Windows 98 and newer operating systems, if a client is configured to automatically obtain an IP address and a DHCP server is not...

Backto Back Firewalls

When you use the back-to-back firewalls option, sometimes referred to as a demilitarized zone (DMZ), two firewalls are employed to increase the level of security to the internal network. The first firewall allows users from the Internet to access resources within the perimeter network. This front-end firewall has far fewer restrictions than the back-end firewall, whose j< is to block all traffic except the required traffic from the perimeter network. Figure 9.7 is an example of the...

MCSE Exam Requirements

Candidates for MCSE certification on Windows Server 2003 must pass seven exams, including one client operating system exam, four networking operating system exams, one design exam, and an elective. You must take one of the following client operating system exams Installing, Configuring, and Administering Microsoft Windows 2000 Professional (70-210) Installing, Configuring, and Administering Microsoft Windows XP Professional (70-270) plus the following networking operating system exams Managing...

Identifying User Restrictions

User restrictions limit what actions a user can perform on their workstation or control the applications that are allowed to run. For some companies, not many settings are required. The users have control over their workstations and the administrators may only control the account policies that are put into effect with the Default Domain Policy , which is where the password requirements, account lockout settings, and Kerberos policy settings are configured. Other companies take full advantage of...

Mean Time Between Failures MTBF

Most devices are rated with a mean time between failures (MTBF) rating. This rating indicates how long, usually in hours, a device will run before you should expect it to fail. Of course this does not guarantee that the device will run for that many hours, but neither does it mean that the device will fail whenever it hits that time frame. Manufacturers run tests on systems and determine how long a device is likely to remain available. Usually, the higher the quality of the parts that makes up...

Mean Time To Recovery MTTR

The mean time to recovery (MTTR), or sometimes referred to as Mean Time To Repair, states how long you should expect an outage to continue when a device or system fails. The MTTR is harder to quantify than the MTBF. Depending upon several factors such as whether you have staff qualified to repair the device, or how long it takes to restart a system that was powered down you need to determine how long it will take to return to normal operations. If you are working with outside vendors, make sure...

Identifying IP Addressing Options

The first thing you should attempt to do when you design your IP addressing for your organization is decide which type of addressing you will use. Originally, IP addresses were grouped according to classes Class A, Class B, Class C, Class D, and Class E. Although this worked out to be a somewhat efficient means of allocating IP addresses, as the Internet started to expand and more and more organizations needed to have addresses in order to communicate, the addresses started to become in short...

Real World Scenario Controlling Group Policy Application

Karlee Hospital is in the design phase of their Windows 2003 Active Directory upgrade. The forest and domain designs have already been decided upon an empty root forest will be created to host the forest administrators only. Each of the entities that make up the organization has a subdomain structure based on the business units. The forest root domain uses the domain name karlee.local. The insurance division has a domain called insurance.karlee.local and the clinic has clinic.karlee.local as...

Design the Active Directory infrastructure to meet business and technical requirements

O Design the envisioned administration model. Configuring network protocols, building servers, and troubleshooting issues that keep the network from working as planned are all part of the daily routine. Most of us are comfortable working in that environment. But when it comes to working out issues pertaining to the administrative structure of our companies, the techno-geek in most of us is not as comfortable. Whereas the TCP IP map can be held in our craniums for instant access, the...

Case Study Questions

During the initial rollout of Active Directory, while Windows NT 4 backup domain controllers exist, which of the group nesting options will be available for use (Choose all that apply.) 2. Which of the following group name structures would work best according to the information you have gathered A. Atl-DL-SalesPrinter-Print, Atl-G-Sales B. DL-Atl-SalesPrinter-Print, G-Atl-Sales C. DL-SalesPrinter-Print-Atl, G-Sales-Atl D. SalesPrinter-Print-DL-Atl, Sales-G-Atl 3. Bill is trying to determine the...

Designing the DNS Infrastructure

After you have determined how you are going to name your domains and your clients within each domain, you will need to design the physical server structure to support the name resolution methods you will be employing. DNS servers will need to be deployed in a manner that will enable your users to have efficient name resolution, while at the same time, not cause adverse issues within the network infrastructure. Determining the Number of DNS Servers As with most servers, allocating the fastest...

Account Group Discretionary Access Control List AGDACL

The account group discretionary access control list (A G DA CL) strategy allows groups to be created that will be used to organize user accounts that have the same resource access requirements. These account groups are then assigned permissions that let them access the resources by adding the group account to the DACL of the resource and then setting the appropriate permissions. In some cases, this strategy may work very well. If a user account needs to have access to a resource, the account...

Operations Masters in a Single Domain Forest

Within a single domain forest, the infrastructure master does not play a very important role. As a matter of fact, its services are not used at all. Because you will not have any remote domains for the infrastructure master to compare domain information to, it will not matter if the domain controller is a Global Catalog server or not. In fact, in a single domain environment, all domain controllers could be enabled as Global Catalog servers because there will not be any additional replication...

Choosing Domain Controller Placement

Choosing where domain controllers will be placed can be difficult. You should take several things into consideration before deciding to place a domain controller at a location. Security, replication traffic, and user authentication should all be taken into account. When determining the placement at the design phase, some questions will help you determine which site the domain controller should be placed in Will the domain controller by physically secure at the location If the domain controller...

Organizing OUs

Use the OU structure that is based on the administrative requirements as much as possible. Only create additional OUs if it makes the application of Group Policy easier to maintain and troubleshoot. For instance, if you look at Figure 6.5 , an OU structure has been created that allows the Engineering department administration to be broken out into two departments Graphic Design and Model Shop. Each of the departments has a different internal administrative staff responsible for maintaining the...

Understanding Account and Resource OUs

In some Windows NT 4 directory service structures, the user accounts and resources are divided up into their own domains, based on the administrative needs of the domain owners. Because the domain is the administrative boundary within NT 4, the user account administrators have control over the account domain. Resource administrators have domains that are made up of the resources they are responsible for maintaining, usually systems that provided database, email, file, and print services, to...

Identifying Trust Relationship Considerations

Trust relationships are used when connecting forests, domains, and remote UNIX Kerberos realms. Once trust relationships are created between structures, the accounts within those structures can be granted access to resources. You need to take some considerations into account when you are determining whether or not a trust should be put into place. The primary question is Do users need to access resources within the domain forest from the remote domain forest If the answer to this question is...

Integrating Name Resolution Services

DNS, WINS, and DHCP are all important services within an network. Each of them provides functionality that makes networks more efficient and easier to administer. When using them, you should take advantage of their interoperability. DHCP provides functionality that makes using WINS in your network easier, and DNS and WINS work together to create a solid name resolution topology. Through the following sections we are going to discuss how each of the services interact with one another. DHCP is...

Real World Scenario Choosing How to Build a Domain Controller

Becca is the manager of the information technology division of an art supply retailer. The company has their headquarters in St. Louis, MO, and has five regional distribution centers. Each of the distribution centers services anywhere from 20 to 45 retail outlets. Each of the regional distribution centers hosts an Exchange Server 2003 server and an SQL 2000 Server database server. Some of the larger retail outlets, those with more than 200 employees, also host their own Exchange and SQL...

T

See total cost of ownership (TCO) task-based delegation, 168 TCP IP (Transmission Control Protocol Internet Protocol), 55-56.See also IP addressing temporary employees, user accounts for, 232 current hardware load, 57 hardware for domain controller, 278 thin client, outsourcing, real world scenario, 16. time synchronization, by PDC emulator, 284 total cost of ownership (TCO), 48 reduction, 136 about passwords, 194 on GOP changes, 208 OU owners about delegation, 167 transaction logs, drive...

Review Questions

Those users who are responsible for planning, implementing, maintaining, and controlling the Active Directory forest are identified as which of the following 2. Those users who are responsible for maintaining objects in Active Directory are identified as which of the following 3. When creating the forest design, which of the following is the least expensive to administer B. Single forest multiple domain C. Two forests single domain each D. Two forests multiple domains each 4. In a single forest...

Documenting Your Findings

The data that you gather needs to be documented so that you can read through it and disseminate the valid information. These documents can take on many styles depending on the company that is performing the initial investigation of the network. Some companies simply jot the information that they find onto a piece of paper and then review the notes later when they are compiling the data. Other companies take a methodical approach and have forms for every part of the investigative process. One...

Answers

Service administrators are responsible for the Active Directory and making sure that it is available and configured correctly so that users can gain access to the services it provides. 2. A. Data administrators are responsible for the administration of the objects within their partition of Active Directory. They could have control over all objects within a domain, or they could be granted control at the OU level. 3. A. The single forest single domain structure is the least costly to...

Group Policy Overview

Group Policy has proven to be one of the most widely used Active Directory technologies, and at the same time, one of the most misunderstood and misused. Many administrators have taken advantage of GPOs in order to control the security of systems and to distribute software to users and computers but do not fully understand the options that are available when using GPOs. Understanding the settings that can control security, restrict user sessions and desktops, deploy software, and configure the...

Design Scenario Identifying Trust Relationships

Trish is responsible for maintaining two forests. Users in both forests need to access resources in each forest. Currently no trust relationships exist between the forests. Trish is reviewing the configuration of the forests and domains so that she can decide on a trust type. She wants to use the easiest method to create the trusts. Within each forest, one domain is in the Windows 2000 Native Mode. The rest of the domains are at the Windows Server 2003 level. Users from all domains need to...

Determining the Site Topology

Active Directory employs a multimaster replication technology that allows nearly every aspect of the directory service to be modified from any of the domain controllers within a domain. Changes that are made to one domain controller within the domain are replicated to all of the other domain controllers within the domain. This replication allows all the domain controllers to act as peers and provide the same functionality. However, this same replication can cause issues when you are trying to...

Chapter Analyzing Name Resolution

Figure 10.1 Using the same domain name internally and externally Figure 10.2 Using a separate domain name internally than is used externally Figure 10.3 DNS server placement to support username resolution queries Figure 10.4 WINS hub-and-spoke-replication-topology Figure 10.5 WINS linear replication topology Figure 10.6 Multi-level WINS hub-and-spoke topology Figure 10.7 DNS servers in perimeter network

Chapter Designing Organizational Units for Group Policy

Figure 6.1 The Group Policy tab after the Group Policy Management Console is added. Figure 6.2 Group Policy Objects within the GPMC Figure 6.4 WMI filter for detecting adequate drive space Figure 6.5 OU structure enhanced for Group Policy application Figure 6.6 Corporate Standards GPO enforced at the domain level Figure 6.7 Corporate Standards affecting the Accounting OU Figure 6.8 Priorities for GPOs attached to the Accounting OU Figure 6.9 Processing order for GPOs at the Accounting OU Figure...

Minimizing Group Policy Objects

If you use as few GPOs as possible, you will be able to troubleshoot problems that arise much more easily than if several GPOs could affect users and computers. Policy settings that are related, such as software restrictions that affect a large group of users, should be added to the same GPO. By adding settings to a single GPO instead of using multiple GPOs to enforce the settings, you will reduce the GPO processing time. SLAs are starting to become more widespread. As systems become more and...

Real World Scenario Separating Namespaces

Andrew was designing the DNS zones for his organization. He had decided upon using a completely separate namespace internally than was used externally. To compound problems, he had two companies within his organization and he needed to be able to resolve both domain names from all clients. The first company, Robotic Concepts, had an Internet presence that was seen by external clients as robocon.com. The second company was a consulting company, Robotic Specialists, whose Internet presence was...

Account Group Resource Group AGRG

Global Local Groups

Using the Account group Resource group (AG RG) strategy allows the administrative staff the most flexibility, but it is also the most time consuming, and sometimes the most confusing of the strategies. Plus, this strategy employs the most groups and may become unwieldy when you try to identify the proper groups to which you need to grant permission or add user accounts. When you are using this strategy, the Resource group is added to the ACL and the proper level of permissions is applied. A...

Existing Environment

Over the past few months, Insane Systems has been developing plans to expand their company. They have identified San Jose, California, Atlanta, Georgia, and New York City as the locations with their highest customer base. The current Chicago location will remain the corporate headquarters, but they are opening branches in New York City and San Jose. They are also in the process of acquiring a competitor's business in Atlanta. These locations will provide retail outlets as well as support....

Examining the Current Name Resolution Infrastructure

Every network needs to have some method of resolving computer names to network addresses. Two name resolution methods exist within a Windows Server 2003 network infrastructure the Domain Name System DNS and Windows Internet Name Service WINS . We will look at each of these in the following sections. The Domain Name System DNS is a name resolution method that is used extensively within Windows 2000 Server and Windows Server 2003 networks as well as the Internet and other network operating...

Designing the DNS Namespace

The DNS namespace that you choose for your organization will be used for more than identifying computers on your network. Internet users accessing web resources will identify you with your external domain name. Active Directory will be based on the name that you decide to use internally. The choices you make at the design level stage will impact the rest of the name infrastructure. InChapter 2 'Determining Business and Technical Requirements, and Chapter 3 'Designing the Active Directory Forest...

Identifying the Centralized Administration Model

Centralized Administrative Model

The centralized administration model is the administrative model that most companies strive to achieve. With the centralized administration model, a core administrative group controls all of the IT assets at one central location. Although this is the model that many companies wish they could implement, many find that they cannot for several reasons. Whether it is due to business, legal, or cultural reasons, some companies have found that this model will not fit within their organization. For...

Migrating from Windows NT

Windows NT 4's directory service was not very efficient. The model used did not scale well for large environments, and as such, multiple domains were usually created to organize resources. Master User Domains MUDs were created to host the user accounts for the domain. MUDs were created in a Windows NT 4 environment so that the user accounts for the organization could be organized neatly. Administrators responsible for account control were made administrators of these domains so that they could...

Identifying the Decentralized Administration Model

Whereas the centralized model uses a core administrative group that resides in one location, the decentralized administration model spreads the administrators out around the organization to take advantage of controlling the resources at their source. An example of the decentralized model is seen in Figure 1.6. Instead of having to rely extensively on remote control or automation software, the administrators have local access to the systems they administer. Although this allows a company to have...

Securing DNS Servers

Once you have chosen the policy level that you want to use for you DNS infrastructure, your need to determine how you will design the security for both internal and external DNS servers. Because the external DNS servers are exposed to the Internet, you will want to pay special attention to them, especially because you will want to secure them as much as possible. But to allow them to perform the functions that they are intended to perform, they will need to have lighter security settings in...

Total Cost of Ownership

Total cost of ownership TCO is a marketing point that Microsoft likes to push, and rightfully so. TCO is based upon not only the tangible costs associated with purchasing the hardware and software, but also the intangible costs of supporting the hardware and software, such as the portion of the administrator's salary that is associated with controlling, troubleshooting, and supporting a system. If designed correctly, and administered efficiently, Active Directory can save a company's budget...

Identifying the Cost Center Model

The cost center model can be used with any of the aforementioned business models, but instead of the divisions working together, they charge each of the divisions for their services. You will usually find this in a company that uses the product service-based model, because the hybrid nature of the business allows for more than one division to use the services of other divisions. This model appears to take on the same design as the departmental model if you look at the organization chart, they...

Determining Internal and External Namespace Requirements

Intenal Namespace

You essentially have two options when you are creating a DNS namespace for your internal infrastructure and your Internet presence you can use the same namespace internally as you do externally, or you can create a different namespace for each. Either way, you will need to support two DNS server infrastructures. If your internal and external namespaces are the same, you will have more administrative overhead as you synchronize data so that internal users are able to access your company's...

Multiple Forest One Way Trust Design

The multiple forest, one-way trust design has most of the security benefits of the multiple forest, no trust design, while it alleviates some of the administrative concerns. Although not as easy to design as the single forest design, the multiple fore one-way design allows administrators to create a one-way trust relationship between the forests so that accounts within the internal network can be added to groups within the perimeter network. Once added to the groups, administrative personnel...

Radius Server Placement

Due to the fact that the RADIUS server needs to contact a domain controller in order to authenticate the remote users, it should be placed close to the domain controllers where the users' account information resides. If you place the RADIUS se within the local network, you can configure firewall rules that allow RADIUS clients to pass their information to the RADIUS servers. In this manner, you protect the account information within the internal network by using firewalls, and all of the...

Multiple Forest Two Way Trust Design

The multiple forest, two-way trust design allows trusts to be created between the internal and perimeter forests so that eac forest trusts the other. This design allows for nearly the same level of interoperability between the resources of the two fore as the single forest design allows. Accounts from each forest can be added to groups within the other forest to facilitate efficient access to resources. This design allows extranet access to internal resources, but it also opens up security...

Assessment Test

When a group of admins has control over resources that are all located at one location, what type of administrative model is this 2. What type of administrative model is in place when the administrators are located close to the resources for which they are responsible, and those resources are spread out at each of the company's locations 3. Terry is developing an Active Directory design and is in the process of interviewing some of the upper-level management from the company. The manager of...

Identifying the Product ServiceBased Model

The product service-based model is basically a hybrid of the project-based and departmental models. It is prevalent in large corporations that have multiple products or services that they are bringing to market, or companies that have merged and are now supporting several products, each as its own business unit. The resources within this model do not morph as quickly as in the project-based model, but you will find that they have redundancy within the vertical lines of business as seen in...

Three Homed Firewall

The three-homed firewall is a firewall that is connected to three networks and controls which traffic is allowed to pass to ea of them. With this firewall type, one network connection is made to the Internet. The second network, sometimes known as perimeter network, connection is made to a network that contains resources that can be accessed by users on the Internet You will usually find web servers on this network. The third network connection is to the internal network. The firewall shoul not...

Understanding Delegation Methods

Object-based delegation grants a user control over an entire object type. Objects within Active Directory include users, groups, computers, OUs, printers, and shared folders. If a user needs to have control over computer accounts, you can use the Delegation of Control Wizard to allow Full Control permission only over computer objects within the OU. You may have another user who administers the User and Group objects within the OU. This level of control can be delegated as well. Take, for...

Creating a Simple Design

The underlying design goal, aside from supporting the organization's objectives, should be to create a Group Policy design that is as simple as possible. A simple design will allow for more efficient troubleshooting and processing of Group Policy settings. The fewer Group Policy settings that need to be applied to a computer or user, the faster the computer will start up, the quicker the users will be able to log on to their systems and, since a small GPO can be 1.5 MB in size, network traffic...

Background

Insane Systems builds custom computers for their customers. They specialize in building cases that are unique and support the latest in hardware technology. They started off as a small company that provided this service to gamers who would take their cases to LAN parties to show off. Because their systems were considered some of the most stable gaming platforms and they provided an impressive design that gamers could show off, they started to become popular. Insane Systems started mass...

Designing Remote Site Connectivity

For years, companies used WAN technologies to connect remote sites. These WAN connections were typically based on dedicated broadband connections. The drawback to these connections was their cost. As companies have tried to reduce costs, they have increasingly considered using the Internet to interconnect their remote locations. Of course the Internet h never been considered a secure method of communication. Virtual Private Technologies have matured over the past few ye to where they are...

Design an OU structure

O Design an OU structure for the purpose of delegating authority. So far we have looked at the options available for creating forests and domains. Chapter 4 introduced the domain creation options. Several options are available when deciding on how to create the domain structure, foremost is the administrative needs of the organization. Once the domain structure has been developed, the objects that represent the resources within the domain can be organized. This organization of objects can be...

Guideline for Server Placement

Determining where you are going to place your VPN and RAS servers takes a little planning. First you need to determine where your corporate policies allow you to place your server. Some companies do not allow a server to be placed outside c the perimeter network where it is exposed to the Internet. If this is the case, then you need to determine how you will implement firewall rules to protect the servers that do reside within the perimeter network and, at the same time, still allow efficient...

Understanding the OU Design Options

The OU design should be predicated on the administrative structure of the organization, not the departmental organization as seen on the company's organization chart. Most companies do not base the administration of resources on the organization chart. Usually, the IT department is responsible for objects within the company no matter which department is using the resource. Although this centralized approach is the most basic method of controlling the objects within Active Directory, some...

Design a strategy for Group Policy implementation

O Design the administration of Group Policy objects GPOs . o Design the deployment strategy of GPOs. o Create a strategy for configuring the user environment with Group Policy. o Create a strategy for configuring the computer environment with Group Policy. Organizational unit OU design should always start with the administrative requirements for the organization. In Chapter 5,Designing an Organizational Unit Structure for Administrative Purposes, we discussed how to designate who will have...

Identifying the Hybrid Administration Model

Active Directory Hybrid Model

As most large companies have found, neither of the previous administrative models fits within their organization. The centralized model is far too restrictive, and response time for problems may take too long. The decentralized model allows too many administrators to have too much control across the board. The hybrid model alleviates some of these issues. Two different methods may be employed to take advantage of the hybrid model. The first, seen in Figure 1.7, keeps most of the administrative...

Current Infrastructure

Sql Server And Win Server Setup

After investigating the current infrastructure, you have determined that the following servers are in place Home Office Primary Domain Controller PDC Backup Domain Controller BDC DHCP DNS WINS server Exchange 5.5 Server SQL Server 7 Systems Management Server 2 File server Print Antivirus server Research and Development File server The following shows the graphical representation of the Home Office's layout

Planned Obsolescence

Many companies are faced with the inevitable loss of support for the legacy operating systems. As these older operating systems, such as NT 4, reach the end of their lifecycle, companies have to spend more money to keep support contracts on them. Microsoft does not release very many hotfixes or service packs for these older operating systems, which makes them subject to attacks that newer operating systems are protected from. As companies start to fear that they will no longer have support for...