Windows Server® 2008 How-Toptgmedia.pearsoncmg.com/images/9780672330759/samplepages/...Now let’s...
Transcript of Windows Server® 2008 How-Toptgmedia.pearsoncmg.com/images/9780672330759/samplepages/...Now let’s...
Windows Server® 2008 How-ToCopyright © 2010 by Pearson Education, Inc.
All rights reserved. No part of this book shall be reproduced, stored in aretrieval system, or transmitted by any means, electronic, mechanical,photocopying, recording, or otherwise, without written permission from thepublisher. No patent liability is assumed with respect to the use of theinformation contained herein. Although every precaution has been taken inthe preparation of this book, the publisher and author assume noresponsibility for errors or omissions. Nor is any liability assumed fordamages resulting from the use of the information contained herein.
ISBN-13: 978-0-672-33075-9ISBN-10: 0-672-33075-X
Library of Congress Cataloging-in-Publication Data
Bruzzese, J. Peter.
Windows server 2008 how-to / J. Peter Bruzzese, Ronald Barrett, WayneDipchan.
p. cm.
ISBN 978-0-672-33075-9
1. Microsoft Windows server. 2. Operating systems (Computers) I.Barrett, Ronald. II. Dipchan, Wayne. III. Title.
QA76.76.O63B786 2009
005.4’476—dc22
2009018967
Printed in the United States of America
First Printing July 2009
TrademarksAll terms mentioned in this book that are known to be trademarks orservice marks have been appropriately capitalized. Sams Publishing cannotattest to the accuracy of this information. Use of a term in this book shouldnot be regarded as affecting the validity of any trademark or service mark.
Warning and DisclaimerEvery effort has been made to make this book as complete and as accurateas possible, but no warranty or fitness is implied. The information providedis on an “as is” basis. The author and the publisher shall have neitherliability nor responsibility to any person or entity with respect to any loss ordamages arising from the information contained in this book.
Bulk SalesSams Publishing offers excellent discounts on this book when ordered inquantity for bulk purchases or special sales. For more information, pleasecontact
U.S. Corporate and Government Sales
1-800-382-3419
For sales outside of the U.S., please contact
International Sales
Editor-in-ChiefKaren Gettman
Executive EditorNeil Rowe
Development EditorMark Renfrow
Managing EditorKristy Hart
Project EditorBetsy Harris
Copy EditorKitty Wilson
IndexerLisa Stumpf
ProofreaderKathy Ruiz
Technical EditorDiane McSorley
PublishingCoordinatorCindy Teeters
Book DesignerGary Adair
CompositorNonie Ratcliff
Introduction: UsingWindows Server 2008How-To
IN THIS INTRODUCTION
. How to Educate Yourself About Windows Server 2008
. How to Benefit from This Book
. How to Continue Expanding Your Knowledge
2 Introduction: Using Windows Server 2008 How-To
How to Educate Yourself About WindowsServer 2008
Whenever you pick up a book that catches your eye, flip to an article that draws yourinterest, or research and locate a site or blog that strikes you, you are attempting toeducate yourself in some way. Perhaps it is a subject you already know and, due toyour preexisting knowledge, maybe you can extract the information you need muchfaster and easier than could a novice.
The motivation behind education varies from person to person. Some simply love tolearn, to enhance their own knowledge of a subject even if they never intend to employthat knowledge in the working world. Some, on the other hand, are required to learn inorder to perform their job. For example, a messaging engineer, much like a physician,must keep up with the latest practices and techniques in order to stay on top of his orher profession.
You might note that many books on the subject of Windows Server 2008 range up to800, 900, or even 1,500 pages! And for some, that is just the kind of book needed toaccomplish their messaging goals. However, this how-to book is designed to give anadministrator what is needed to understand the concepts involved in managing an envi-ronment utilizing Windows Server 2008 and perform the tasks needed.
There are many ways to educate yourself about Windows Server 2008—throughbooks, articles, websites, and so on—but for on-the-job, in-the-trenches, step-by-stepinformation, look no further!
How to Benefit from This Book
We’ve designed this book to be easy to read from cover to cover, in case your goal isto gain a full understanding of Windows Server 2008, while breaking down the subjectmatter into 12 easy-to-use chapters:
. Chapter 1, “Perform the Installation”
. Chapter 2, “Configure and Manage Server Core”
. Chapter 3, “Work with Server Manager”
. Chapter 4, “Manage Windows Server 2008”
. Chapter 5, “Install and Configure Specific Server Roles”
. Chapter 6, “Work with IIS 7.0”
. Chapter 7, “Implement and Utilize Hyper-V”
. Chapter 8, “Install and Configure Terminal Services”
. Chapter 9, “Understand and Manage Active Directory”
3How to Benefit from This Book
. Chapter 10, “Utilize Group Policy”
. Chapter 11, “Configure Security”
. Chapter 12, “Monitor Performance and Troubleshoot”
Within each of these chapters are sections that focus on the primary elements requiredto deploy Windows Server 2008 in a number of different scenarios. Perhaps youneed a Server Core system that reduces attack surface or can be used for a Hyper-Vsolution. Maybe you want to work with Terminal Services to allow multiple clientsaccess to an easy-to-manage location. Maybe you need a web server for your companyor an entire Active Directory domain to handle logins and permissions combined withGroup Policy. Whatever your needs, we will walk you through it.
Beneath each major heading in a chapter is a “Scenario/Problem” introduction. Eachone serves as a starting point to consider. At times, the information provided helps youdeal with a specific problem that you may be facing. However, typically a scenario isdescribed that allows you to determine whether this is the direction needed for yourparticular situation or organization.
The “Solution” portion that follows “Scenario/Problem” may include additional infor-mation regarding a particular technology or design elements to consider. The text thenprovides more information, such as step-by-step instructions, so that you have morethan just commands: You have the underlying reasons for the instructions given.
When additional information is needed regarding a subject and it doesn’t fit neatlywithin the subject matter itself, or when it is essential that the message stand out a bitto catch your notice, we use a note.
This is an example of a note.NOTE
When lines of code are too long for the printed page, a code-continuation arrow (➥)has been used to indicate a manual break. For example:
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;
➥WAS-ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI
Perhaps the most important aspect of this book is that it provides step-by-step instruc-tions that walk you through each and every step of the wizards and dialog boxesprovided by Windows Server 2008. Along with clear instructions on managing andconfiguring your Windows Server 2008 environment, we provide clear figures andscreenshots of only the most important elements you face visually while working withyour servers.
4 Introduction: Using Windows Server 2008 How-To
How to Continue Expanding Your Knowledge
Certainly there are more books, articles, and sites you can and should consider inexpanding your knowledge of Windows Server 2008, especially as the software will nodoubt continue to evolve and change as Microsoft adds more and more features, fixes,and enhancements. How do you stay on top of the flood of information regarding asubject as big as Windows Server 2008?
Several sites are invaluable and should be added to your Favorites at work. Theyinclude the following:
. Microsoft TechNet, the Windows Server 2008 TechCenter: http://technet.microsoft.com/en-us/windowsserver/2008/default.aspx. This continuouslyupdated site is the official location of all things Windows Server 2008.
In addition, you might want to monitor the following blogs written by the Microsoftfolks:
. Windows Server Team: http://blogs.technet.com/WindowsServer/
. Terminal Services Team: http://blogs.msdn.com/rds/
. Windows Virtualization Team: http://blogs.technet.com/virtualization/default.aspx
. System Center Team: http://blogs.technet.com/systemcenter/
. IIS Team: www.iis.net
In addition to these Microsoft blogs, there are a couple other sites that we enjoy:
. Greg Shields’s coverage of the Microsoft Server world: www.realtime-windowsserver.com
. J. Peter Bruzzese’s InfoWorld column: http://www.infoworld.com/blogs/j-peter-bruzzese
. Ron Barrett’s column for Network World: www.networkworld.com/community/barrett
These are just a handful of the sites we personally enjoy, and you will easily find manymore. Choose the ones you feel are most helpful to you.
CHAPTER 1
Perform the Installation
IN THIS CHAPTER
. Determine Your Hardware Requirements for WindowsServer 2008
. Perform Other Pre-Installation Tasks
. Decide What Edition of Windows Server 2008 to Install
. Install Windows Server 2008
6 CHAPTER 1 Perform the Installation
Determine Your Hardware Requirements forWindows Server 2008
Scenario/Problem: For any operating system (OS), hardware must meetminimum requirements in order to run the OS, and in a production environment,your hardware needs to meet at least the optimal requirements. You need toassess whether the hardware your organization owns will meet or—better yet—exceed the minimum requirements for the Windows Server 2008 OS.
Solution: Determine what the minimum, recommended, and optimal requirementsare for Windows Server 2008 and compare your findings with your hardware.
When determining whether you have the hardware requirements needed to install andrun an OS, you need to focus on three hardware resources:
. Memory:
Minimum: 512MB
Recommended: 1GB
Optimal: 2GB
. Processor:
Minimum: 1Ghz
Recommended: 2Ghz
Optimal: 3Ghz
. Disk space needed for system partition:
Minimum: 10GB
Recommended: 40GB
Optimal: 80GB
The recommendations take into consideration only what is needed to run theOS. You need to also determine whether any applications are going to run on theserver and include any resources requirements for those applications.
NOTE
Keep in mind that if you increase your memory above 16GB, you will need toincrease your disk space requirements to accommodate for the pagefile (if kept on asystem partition), hibernation, and the dump file.
NOTE
7Perform Other Pre-Installation Tasks
Perform Other Pre-Installation Tasks
You can use a tool called the Microsoft Assessment and Planning Toolkit(MAP) to inventory your servers and generate a report to help determine which serverswill work for your Windows Server 2008 installations. At the time of this writing, thetool is located at http://technet.microsoft.com/en-us/library/bb977556.aspx.
NOTE
Scenario/Problem: When you know that your server memory, processor, anddisk space meet the requirements for Windows Server 2008, you need toperform some other recommended tasks before you actually install the WindowsServer 2008 OS. What are these other tasks?
Solution: The following is a list of the tasks that should be performed before theactual installation.
. Check application compatibility
. Disconnect the uninterruptible power supply (UPS)
. Run the Windows Memory Diagnostic tool
. Identify mass storage device drivers
. Back up servers
. Disable virus protection software
. Prepare Active Directory
Some or all of these tasks are recommended, depending on the path of installation andwhether this is a new installation or an upgrade from an existing OS; in addition, youneed to perform the Active Directory prep only if you are going to promote yourWindows Server 2008 machine to a domain controller and add it to an existingWindows 2000/2003 domain.
Now let’s take a closer look at each of these tasks.
Check Application CompatibilityBefore you install Windows Server 2008, you must be sure that any third-party appli-cations you plan to run on the server will be supported. One way you can do this is tocontact the application vendor and get documentation on whether the application willrun on Windows Server 2008. In a real-world environment, the documentation is veryimportant because if things do not work as expected, you may be able to save your jobby providing the documentation. (Obviously, you would have tested the application ona development server first.)
8 CHAPTER 1 Perform the Installation
Another tool that you can use is the Microsoft Application Compatibility Toolkit 5.0(ACT 5.0). This tool can be used to collect compatibility data about your environmentinto a centralized data store. Having this information can be essential when evaluatingthe risk involved with an OS upgrade.
ACT 5.0 can also be used for lower-impact changes to your platform, such asa browser upgrade or a Windows Update release. Check the following site for moredetails: http://technet.microsoft.com/en-us/library/cc507852.aspx.
NOTE
Disconnect the UPSDuring the installation process, Windows Server 2008 attempts to detect devicesattached to serial ports. If you have a UPS connected to a serial port, you may run intoissues with the installation, so be sure to disconnect it until the installation is complete.
Run the Windows Memory Diagnostic ToolYou can use the Windows Memory Diagnostic tool to test the random access memory(RAM) on your server. At the time of this writing, you can download this tool and aguide from http://oca.microsoft.com/en/windiag.asp. After you download the tool, youcan perform the following steps:
1. Run the downloaded file mtinst.exe to start the setup for the WindowsMemory Diagnostic tool.
2. Choose Create Startup Disk to install Windows Memory Diagnostic onto afloppy disk or choose Save CD Image to Disk to use a CD-ROM to which youcan boot the server.
3. Reboot the server to the disk you just created.
4. The server will boot to the Windows Memory Diagnostic tool interface andautomatically start the first test. It will continue to run tests with the samesettings until you exit or pause.
To run a more thorough test on the memory, you can choose to run theextended test suite by pressing T while the Windows Memory Diagnostic tool isrunning. If you do this, it would be best to leave the tool to run overnight.
NOTE
Identify Mass Storage Device DriversIf a vendor has supplied a driver file for your storage device, now would be a goodtime to have that file stored on a floppy, a CD, a DVD, or a flash drive. You shouldstore files either in the root directory or in a folder named according to the processorarchitecture. During the installation, you will have the opportunity to load this driver.
9Perform Other Pre-Installation Tasks
Back Up ServersBacking up servers is standard procedure when making any platform changes. Makesure you have a good backup of any critical data. When performing an OS upgrade, itis a good idea to make sure you have a backup of the boot and system partitions aswell as the system state data. An alternative way to back up this configuration data isto create a backup set for Automated System Recovery (ASR).
You should consider this recommendation if you are planning to upgrade anexisting OS.NOTE
Disable Virus Protection SoftwareVirus protection software can affect the speed of your upgrade. Every file that iscopied to your server will need to be scanned.
You should consider this recommendation if you are planning to upgrade anexisting OS.NOTE
Prepare Active DirectoryThere are two steps in preparing the Active Directory service for a new WindowsServer 2008 domain controller:
. Prepare the forest.
. Prepare the domain.
You need to prepare Active Directory only if you are going to build a WindowsServer 2008 domain controller that will be joined to an existing Windows 2000/2003domain.
NOTE
Let’s first go through the steps to prepare the forest:
1. Log on to the Schema Master of your existing domain with an account that is amember of either the Enterprise Administrators, Schema Administrators, orDomain Administrators group.
2. Copy the adprep directory from the sources\adprep on the Windows Server2008 installation CD to the schema master.
3. From a command prompt, navigate to the adprep folder you just copied. Thenrun adprep/forestprep.
4. For a read-only domain controller (RODC), run adprep/rodcprep.
10 CHAPTER 1 Perform the Installation
5. Wait for the task to complete and replicate prior to running the second portion ofthe ADS preparation.
When you have waited for the changes to replicate, you can follow these steps toprepare the domain:
1. Log on to the infrastructure master of your existing domain with an account thatis a member of the Domain Administrators group.
2. Copy the adprep directory from sources\adprep on the Windows Server 2008installation CD to the infrastructure master.
3. From a command prompt, navigate to the adprep folder you just copied andthen run adprep\domainprep\gpprep.
4. Wait for the task to complete and replicate.
Now that you have completed some or all of the pre-installation tasks, you can startwith the installation of Windows Server 2008. But first you must decide which editionof Windows Server 2008 you need for your environment.
Decide What Edition of Windows Server 2008to Install
Scenario/Problem: Many different editions of Windows Server 2008 are avail-able. The various editions allow support on x86, x64, and Itanium processorsand also allow for native high availability, load balancing, and virtualization. Youneed to review all the various editions and decide which one best fits your orga-nization’s needs.
Solution: You need to take a close look at each of the available editions ofWindows Server 2008 and evaluate them in terms of your organization’s infrastruc-ture goals.
The available editions are as follows:
. Windows Web Server 2008
. Windows Server 2008 Standard
. Windows Server 2008 Standard without Hyper-V
. Windows Server 2008 Enterprise
. Windows Server 2008 Enterprise without Hyper-V
. Windows Server 2008 Datacenter
. Windows Server 2008 Datacenter without Hyper-V
. Windows HPC Server 2008
. Windows Server 2008 for Itanium-Based Systems
11Decide What Edition of Windows Server 2008 to Install
Windows Web Server 2008The title really speaks for itself: This edition is built for a single purpose, as a webserver. Windows Web Server 2008 comes with architectural enhancements includedwithin IIS 7.0, ASP.NET, and Microsoft .NET Framework. This edition is used todeploy web pages, web sites, web applications, and web services.
Windows Web Server 2008 supports the following:
. 32GB RAM on 64-bit (4GB on 32-bit)
. Four multicore processors
Windows Server 2008 StandardWindows Server 2008 Standard is a robust server OS that includes the followingfeatures to improve functionality, security, management, and reduce infrastructurecosts:
. Web services
. Hyper-V (hypervisor-based virtualization)
. Terminal Services
. Presentation virtualization
. Application virtualization
. Network Access Protection (NAP)
. BitLocker
. RODCs
. Windows Service Hardening
. Bidirectional Windows Firewall
. Next-generation cryptography support
. Server Manager
. Windows Deployment Services
. Windows PowerShell
. Next-generation TCP/IP
. Server Core
This chapter does not include descriptions of Windows Server 2008Standard, Enterprise, and Datacenter without Hyper-V as these are identical to theircorresponding counterparts with Hyper-V. However, editions without the Hyper-V roleare available.
NOTE
12 CHAPTER 1 Perform the Installation
Windows Server 2008 Standard supports the following:
. 32GB RAM on 64-bit (4GB on 32-bit)
. Four multicore processors
. 250 network access service connections (RRAS)
. 50 network policy server connections
. 250 terminal server connections
. Hyper-V virtualization with one free instance
Windows Server 2008 EnterpriseWindows Server 2008 Enterprise adds high availability, the latest in security, and scal-ability to the Standard edition. The following are some of its features:
. Failover clustering (up to 16 nodes)
. Fault-tolerant memory synchronization
. Cross-file replication
. Licensing for up to four additional virtual server instances
. Active Directory Federation Services (ADFS)
. Advanced certificate services
. Active Directory Domain Services (ADDS)
Windows Server 2008 Enterprise supports the following:
. Eight processors
. 2TB RAM on 64-bit (64GB RAM on 32-bit)
. Unlimited number of virtual private network (VPN) connections
. Unlimited Network Access Service connections
. Unlimited Network Policy Server connections
Windows Server 2008 DatacenterThis edition can be used for large-scale virtualization needs and added scalability formission-critical applications in a large IT infrastructure. The following are some of thefeatures of this edition:
. Large-scale virtualization (Licensing allows you to add an unlimited number ofvirtual instances.)
. Failover clustering
. Dynamic hardware partitioning
. Windows Server High Availability Program
13Decide What Edition of Windows Server 2008 to Install
Windows Server 2008 Datacenter supports the following:
. 2TB RAM on 64-bit(64GB on 32-bit)
. 64 x64 64-bit processors and 32 x86 32-bit processors
. Unlimited virtual image use rights
. Hyper-V based unlimited virtualization use
. 16-node failover clustering
. Hot add/replace memory and processors on supported hardware
. Fault-tolerant memory synchronization
. Cross-file replication (DFS-R)
. Unlimited Network Access Services connections (RRAS)
. Unlimited Network Policy Server connections
. 65,535 terminal server connections
. Advanced identity management
Windows HPC Server 2008Used specifically for high-performance computing (HPC), this edition enables you toscale to thousands of processing cores. This is advantageous when you’re load balanc-ing heavy workloads across multiple processors and need to manage and monitor yourHPC environment for stability and health.
Windows Server 2008 for Itanium-Based SystemsWindows Server 2008 for Itanium-Based Systems allows you to run Windows Server2008 on Itanium-based systems. Itanium-based processors have the ability to handleintensive computing needs of business-critical applications in an enterprise-level envi-ronment. An Itanium processor uses a whole new architecture, not just extending the32-bit architecture to 64-bit, and it can thus be called a native 64-bit processor.Another feature of this processor is the Intel Explicitly Parallel Instruction Computing(EPIC) architecture, which improves performance of the processor through instruction-level parallelism, maximizing opportunities to execute instructions in parallel. Up tosix instructions can be processed in parallel.
Windows Server 2008 for Itanium-Based Systems supports the following:
. Dynamic hardware partitioning
. Use of Itanium RAS (Reliability, Availability, and Scalability)
. 2TB RAM
. 64 Itanium processors or 64 cores
. Hot add/replace of memory and processors
14 CHAPTER 1 Perform the Installation
. Eight-node failover clustering
. Fault-tolerant memory synchronization
. Licensing for unlimited virtual instances with a third-party virtualization product
Now you know what each edition of Windows Server 2008 has to offer. Say that youdecide that you need to install the Standard edition. Let’s get started with the installa-tion and see what your options are.
Install Windows Server 2008
Scenario/Problem: You have decided to install Windows Server 2008 Standardedition. You need to decide whether you are going to perform a manual installa-tion or an unattended installation. There may be some servers that will need tobe upgraded also.
Solution: The following sections look at the procedures for doing both a manualinstallation and an unattended installation. We will also consider what is involved inupgrading to Windows Server 2008 from an existing operating system.
Manual InstallationThe Windows Server 2008 installation procedure has been streamlined. If you arefamiliar with the Windows 2003 Server installation, you may remember that during theinstallation, you were prompted to answer configuration questions. With WindowsServer 2008, these prompts have been moved to the Initial Configuration Task Wizard,which appears when the installation is complete. The following is the only informationyou need to provide during the actual installation:
. Language, currency, and keyboard layout information
. A valid product key
. Installation location
. Which version of the operating system you are going to install (if no productkey is entered)
. Whether you are performing an upgrade or fresh installation
The complete setup for Windows Server 2008 requires only three stages:
. Operating system setup, including key validation
. Initial configuration tasks
. Server Manager setup
15Install Windows Server 2008
Operating System SetupFollow these steps to set up the OS:
1. Insert the installation CD and boot the server to the CD.
2. When you are prompted for language, time and currency, and keyboard formatinformation, as shown in Figure 1.1, make the appropriate selections andclick Next.
FIGURE 1.1Configuring language, timeand currency, and keyboardinformation.
3. The Install Now option appears. If you are unsure of what hardware require-ments are needed, you can click the link What to Know Before InstallingWindows. You can also click the link to perform and repair the OS rather thanperform a full installation.
4. Input your product key and check the box Automatically Activate WindowsWhen I’m Online (see Figure 1.2). Click Next.
FIGURE 1.2Providing a valid productkey.
16 CHAPTER 1 Perform the Installation
5. If you did not enter a product key in the previous window, you now have tochoose which edition of Windows Server 2008 you will install and check thebox I Have Selected an Edition of Windows That I Purchased (see Figure 1.3).If you did enter a product key, the installation program will be able to identifywhich edition of Windows Server 2008 you are going to install. Then clickNext.
FIGURE 1.3Selecting the edition of Windows Server 2008 to install.
Chapter 2, “Configure and Manage Server Core,” discusses in detail theinstallation of Windows Server 2008 Server Core.NOTE
6. Read the license terms and accept them by checking the box. Then click Next.
7. In the screen that now appears, you decide whether to perform and upgrade or acustom (advanced) installation of Windows. Because you booted from the instal-lation CD, the Upgrade option is disabled (see Figure 1.4). Click Custom(Advanced).
If you wanted to perform an upgrade, you would need to execute the installa-tion procedure from within the original Windows OS.NOTE
8. On the next screen, decide where you want to install Windows and, if you haveany third-party storage drivers, load them by clicking the Load Driver link (seeFigure 1.5).
17Install Windows Server 2008
FIGURE 1.4The Upgrade option is disabled when you boot from the installation CD.
FIGURE 1.5Loading third-party storage drivers and choosing where to install them.
Now the actual Windows installation takes place. You will see the progress ofeach step as it completes, by percentage. During the installation, the server willreboot multiple times. The installation will complete the following tasks:
. Copying files
. Expanding files
. Installing features
18 CHAPTER 1 Perform the Installation
. Installing updates
. Completing installation
9. When the installation is complete, change the administrator’s password beforethe first logon. When the password had been changed you are logged in to theOS. You have completed phase 1 of the installation.
Initial Configuration TasksNow that the OS install is complete and you have logged in to the Windows ServerOS, the Initial Configuration Tasks Wizard appears (see Figure 1.6). There are threesections in this wizard:
. Provide computer information
. Update this server
. Customize this server
FIGURE 1.6The Initial Configuration Tasks Wizard.
So what configuration changes can you make in these different sections?
In the Provide Computer Information section, you can do the following:
. Change the time zone.
. Configure the network settings on your network interface card (NIC) interfaces.You can also assign static IP addresses, subnet masks, default gateways, andDNS/WINS server. In many environments, you will probably be teaming two
19Install Windows Server 2008
NICs for a production data LAN (using third-party software) and have a separateNIC dedicated for backup data connected to a backup LAN. Alternatively, youcan leave the setting to be automatically assigned by a DHCP server, assumingthat you have a DHCP server configured.
In a real-world environment, you will usually assign static IP addresses toinfrastructure servers. If this is the case, you will need to have gathered this informa-tion along with valid IP addresses for the default gateway and for DNS and WINSservers prior to the installation, along with the new server name if you are held to astrict naming convention in your organization.
NOTE
. Supply a computer name for the server, along with domain or workgroup infor-mation.
You need to reboot the server for these changes to take effect.
In the Update This Server section, you can do the following:
. Enable automatic updates and feedback.
. Configure the download and installation of OS updates.
In the Customize This Server section, you can do the following:
. Add the server role or multiple roles. When you select a role, a wizard takesyou through the complete installation of that role. You can choose from thefollowing roles:
. Active Directory Certificate Services
. Active Directory Domain Services
. Active Directory Federation Services
. Active Directory Lightweight Directory Services
. Active Directory Rights Management Services
. Application Server
. DHCP Server
. DNS Server
. Fax Server
. File Services
. Network Policy and Access Services
. Print Services
. Terminal Services
. UDDI Services
20 CHAPTER 1 Perform the Installation
. Web Server (IIS)
. Windows Deployment Services
. Add features. As with roles, when you select a feature, a wizard takes youthrough the installation of that feature. There are many features to choose from,as shown in Figure 1.7.
FIGURE 1.7Selecting features you would like to install.
With both the roles and features lists, if you highlight a role or feature, yousee a description of each role or feature on the right side of the list. When you areselecting roles and features, keep in mind that you should install as few as possibleor only items you are currently planning to use. If you install unnecessary rolesand/or features, you will also install services and possibly open up ports that will notbe used in production but will render the server less secure. Chapter 5, “Install andConfigure Specific Server Roles,” provides a more detailed discussion of installingand configuring roles and features.
NOTE
. Enable Remote Desktop connections to the server.
. Configure the OS firewall settings. By default, the firewall is enabled.
Now let’s move on to phase 3 of the installation.
21Install Windows Server 2008
Server Manager SetupServer Manager (shown in Figure 1.8) gives you a complete overview of your server.When looking at the default details pane, you can see computer information, securityinformation, and a summary of the roles and features installed. And at the bottom ofthe page, you see a resources and support section. On the left side of the window aremany tools to help you add/remove and configure roles and features. You can also seeoptions for diagnostics, configurations, and disk management. When you havecompleted your changes in Server Manager, your manual installation is complete.
FIGURE 1.8Server Manager.
We will take a closer look at Server Manager in Chapter 3, “Work with ServerManager.”NOTE
Unattended InstallationNow that you have completed the manual installation, let’s take a look at how youwould go about performing an unattended installation. With Windows Server2008, you use a unattend.xml file rather than an unattend.txt file; in fact, theunnattend.xml file also replaces the Sysprep.inf, Winbom.ini, and Cmdlines.txtfiles. The XML format has been adopted because it makes it easier to describe nestedvalues, add new elements, and validate the answer file. You can open theunattend.xml file in Internet Explorer 5.5 and later to parse the .xml file and see if itis well formed. If the file is not formed correctly, Internet Explorer shows you wherethe errors are.
22 CHAPTER 1 Perform the Installation
To run an unattended installation, you execute the setup.exe file with the unattendswitch:
C:>setup.exe /unattend:<path>\unattend.xml
The unattend.xml file contains the responses needed while running the setup.exefile. This file contains such information as computer name, acceptance of the End UserLicense Agreement (EULA), installation disk information, and so on. You can alsoshow or hide the user interface (UI) for each value that is set by using ShowUI flag =Yes/No. Let’s take a look at how the installation reacts when you use the ShowUI flag:
. ShowUI flag = Yes and setting is specified in the unattend.xml file: Setupuses the setting specified in the unattend.xml file and shows the UI with thissetting.
. ShowUI flag = No and setting is specified in the unattend.xml file: Setupuses the setting specified in the unattend.xml file and does not show the UI.
. ShowUI flag = Yes and the setting is not specified in the unattend.xmlfile: Setup shows the UI, with the default value, and the user can change thissetting, if needed.
. ShowUI flag = No and the setting is not specified in the unattend.xml file:Setup uses the default value and does not show the UI.
While performing an unattended installation over a network, the system installer musthave access to the unattend.xml file. When the setup is started from removablemedia (CD or DVD), the setup program looks for the unattend.xml file in the follow-ing locations:
. The current working directory
. The root of the removable media where setup.exe was initiated
. Other removable media, such as floppy disks, USB devices, or another CDor DVD
The syntax for the unattend.xml file is broken up into elements, and each elementneeds to be opened and then closed in the proper order (when nested). When this isachieved, it is a well-formed .xml file. There is only one root element, <unattend>.Figure 1.9 shows a portion of an unattend.xml file, with some syntax explanation, sothat you can get the feel for the syntax.
The running of the unattend.xml file stops with an error message if any of thefollowing is true:
. The EULA has not been accepted
. The product key is invalid
. The install disk cannot be written to
23Install Windows Server 2008
FIGURE 1.9An unattend.xml file with some syntax information.
Creating an unattend.xml file can be tricky, but when you have this file created, itcan make your job much easier. There are some tools available on the web that canhelp you create these files. You can also get very creative by adding some scripting toyour installations to automatically generate computer names that adhere to yournaming convention as well as many other configuration options.
Symbols/?, 125
Aaccessing Group Policy settings,
211-212
ACT (Application Compatibility Toolkit)5.0, 8
Active Directory, 180-182
domain controllers, 182-183
forests, 181
improving with Windows Server 2008R2, 205-206
Knowledge Consistency Checker(KCC), 201
objects, 192
computer objects, creating,193-194
OUs, 192-193
user objects, creating, 195-197
physical perspective, 180-182
preparing for installing WindowsServer 2008, 9-10
promoting servers as domaincontrollers, 184
RODCs (read-only domaincontrollers), 183-184
Sites and Services tool, 198
Default-First-Site-Name, 198
enabling GC, 198-199
moving DCs to new sites, 201
new sites, creating, 200
new subnets, creating, 200
replication, 202
replication topology,checking, 201
site links and replication, 201
Active Directory Certificate Services (AD CS), 45, 204-205
Active Directory Domain Services (AD DS), 45
Active Directory Domain ServicesInstallation Wizard, 185
Active Directory Domains and Trusts, 202
Domain Naming Master role,changing, 203
external trusts, creating, 203
raising domain and forest functionallevels, 202-203
Active Directory Federation Services (AD FS), 45, 204
Active Directory Lightweight DirectoryServices (AD LDS), 46, 204
Active Directory Rights ManagementServices (AD RMS), 45, 205
active tasks, 68
AD CS (Active Directory CertificateServices), 45, 204-205
AD DS (Active Directory DomainServices), 45
AD FS (Active Directory FederationServices), 45, 204
AD LDS (Active Directory LightweightDirectory Services), 46, 204
AD RMS (Active Directory RightsManagement Services), 46, 205
Add Features Wizard, installingBitLocker, 234
Add Roles Wizard, 47, 92
adding
data collector sets, 258-259
Notepad to block list, 267
websites with appcmd.exe, 126
administering roles through ServerManager, 55
administration, Server Core, 40
adprep command, 191
AFSDB (Andrew File System Database), 89
Allow Client System to be Remediatedbox, 245
Allow Read, 223
Andrew File System Database (AFSDB), 89
Anonymous authentication, 119
APP, 124
AppCmd, 124
Appcmd.exe utility, 124-127
application pools, IIS 7.0, 117
Application Server, server roles, 46
application settings (Group Policy),configuring, 218
Block Inheritance, 221
link order, 219-220
links, deleting, 221
policies
deleting, 221
disabling, 220
disabling half of a, 220
enforcing, 221-222
security filters, 222-223
Apply Group Policy, 223
applying GPOs while creating GPOs, 218
APPPOOL, 125
ASR (Automated System Recovery), 77
assigning delegate rights, 121-124
ATM Address (ATMA), 89
attack surface areas, 26
auditing events, TS Gateway Manager, 164
Auditpol, 266
authentication
Network Level Authentication, 74
restrictive, 119
security, Windows Server 2008 R2, 250
272 Active Directory Certificate Services (AD CS)
Authentication Exemption, connectionsecurity rules, 239
Authorization and Access Control,security (Windows Server 2008 R2), 249
Authorization Manager, 230
Automated System Recovery (ASR), 77
Bbacking up
configurations, 127
servers, pre-installation tasks, 9
BACKUP, 125
backup domain controllers (BDCs), 183
Backup Schedule Wizard, 79
backups, 77-78
recovering files, 80
scheduling, 78-79
SLAs, 78
BDCs (backup domain controllers), 183
Best Practices Analyzer tool, 58
BitLocker (BitLocker Drive Encryption), 234
installing, 234
Server Core, 35
server features, 49
BITS Server Extensions, server features, 49
Block Inheritance, 221
Block Inheritance attribute, 210
Ccentral store (Group Policy), 208-209
changing
Default Domain Policy, 216
Domain Naming Master role, ActiveDirectory Domains and Trust, 203
existing GPOs, 216
Check Replication Topology, 201
child domains, 181
chkdsk, 266
Client Side Extension (CSE), 213
COM+ partitions, 197
command line, IIS 7.0, 124-126
appcmd.exe, 126-127
backing up configurations, 127
restoring configuration backups, 127
viewing configuration backups, 127
command prompts, installing WebServer roles as, 113
command-line Server Manager, 56-58
command-line tools,troubleshooting, 266
commands
adprep, 191
configuration commands, ServerCore, 31-33
Net User, 31
Netdom, 31
netsh, 31-32
netsh advfirewall, 33
ocsetup.exe, 34
Pnputil, 31
SCRegEdit.wsf, 31
ServerManagerCmd, 57
Shutdown, 31
Slmgr, 31
/commit, 126
compatibility, checking applicationcompatibility (pre-installationtasks), 7-8
compression, IIS 7.0, 129-130
Computer Manage, MMCs, 65
routing and remote access, 65
Shared Folders snap-in, 66
computer objects, creating, 193-194
/config, 125
273/config
configuration backups, 127
configuration commands, Server Core,31-33
configurations, backing up, 127
configuring
data collector sets, 259-260
DHCP, 93
DHCP Server roles
IPv4 and IPv6, 93-94
scope options, 94-96
DNS lookup zones, 83-85
Group Policy application settings, 218
Block Inheritance, 221
deleting links, 221
deleting policies, 221
disabling half of a policy, 220
disabling policies, 220
enforcing policies, 221-222
link order, raising or lowering,219-220
security filters, 222-223
IPv6 (in Windows Server 2008),96-98
NAP, 242
health policies, 243-245
installing NPS, 242-243
policy properties, 247-248
Remediation Server Groups,245-247
SHV (System Health Validator),245-247
Server Core, 30
configuration commands, 31-33
Terminal Services, 160, 167-169
Gateway Manager, 163-166
load-balanced farms with TSSession Broker, 166
RemoteApp Manager, 161-163
websites with appcmd.exe, 127
connecting to remote servers with MMC,63-64
Connection Manager Administration Kit,server features, 49
connection requests policies properties, 247
connection security rules, creating forWindows Firewall with AdvancedSecurity, 239-241
Cryptographic Signature (SIG), 89
CSE (Client Side Extension), 213
Custom, connection security rules, 239
Ddata collector sets
adding, 258-259
configuring, 259-260
creating, 257-258
Data Manager, 259
DC (domain controllers), Active Directory,182-183
dcdiag, 266
dcpromo, 187
/debug, 126
Default Domain Policy, modifying, 216
Default-First-Site-Name, changingnames, 198
delegate rights, 121-124
Delegation of RODC Installation andAdministration page, 190
deleting
links, 221
policies, 221
websites with appcmd.exe, 127
Desktop Experience, server features, 49
Device Manager, 66-67
Device Specific Module (DSM), 50
Devices and Resources, TS RemoteAppManager, 162
274 configuration backups
DFS Management role, 103
namespaces, 103-104
replication, 104-105
DHCP, configuring, 93
DHCP Server, server roles, 46
DHCP Server roles
configuring IPv4 and IPv6 settings,93-94
installing, 90-92
scope options, configuring, 94-96
differencing disks, 139
directory browsing, restricting, 120
disabling
policies, half of a policy, 220
virus protection software,pre-installation tasks, 9
disconnecting UPS, pre-installationtasks, 8
Distributed File System Replication,Server Core, 35
Distributed File System service, ServerCore, 35
distributing RemoteApp programs, 162
DNS look up zones, configuring, 83-85
DNS record types, 89-90
DNS Server role, 46
installing, 82
DNS Server Wizard, 83
DNS servers
managing, 86-87
properties of, 86-87
replication scopes, 84
DNS zones, managing, 87-88, 90
DNSSEC (Domain Name System SecurityExtensions), 249
domain controllers (DC)
Active Directory, 182-183
installing in forests, 184-187
media, installing, 190
moving to new sites, 201
promoting servers as, 184
RODCs (read-only domaincontrollers), 183-184
installing, 189-190
setting up, 187-188
Domain Name System SecurityExtensions (DNSSEC), 249
Domain Naming Master, 183
Domain Naming Master role, ActiveDirectory Domains and Trust, 203
domain restrictions, secure websites, 119
domain schemas, preparing existing, 191
/domainprep, 191
domains, 181
raising functional levels, ActiveDirectory Domains and Trust,202-203
DSM (Device Specific Module), 50
dynamic compression, 129
Dynamic Content Compression, 130
dynamically expanding disks, 139
EEFS (Encrypting File System), 233
Encrypting File System Wizard, 233
Enforced, 221
enforcing policies, 221-222
Enterprise Server Core, 28
evaluating Windows Server 2008, 30
Event Viewer
managing, 263-265
troubleshooting, 262-263
Exchange 2007, Service Pack 1, 184
extending evaluation time, 30
external trusts, creating with ActiveDirectory Domains and Trust, 203
275external trusts, creating with Active Directory Domains and Trust
Ffailover clustering
Server Core, 35
server features, 49
FailoverCluster-Core, 35
Fax Server, server roles, 46
features
installing, 55
in Server Core, 34-35
server features, 49-52
File Replication Service (FRS), 208
Service Core, 35
File Screen Management, 102
File Server Resource Manager (FSRM), 39
File Services role, 102-103
File Services, server roles, 46
File Server Resource Manager,102-103
Share and Storage Management,101-102
File Services role, installing, 98-101
files, recovering backed up files, 80
filters, Group Policy application settings,222-223
fixed-size disks, 139
Flexible Single Master Operation (FSMO), 183
/forestPrep, 191
forests
Active Directory, 181
installing domain controllers,184-187
raising functional levels, ActiveDirectory Domains and Trust,202-203
forever incremental technology, 78
FRS (File Replication Service), 208
FSMO (Flexible Single Master Operation), 183
FSRM (File Server ResourceManager), 39
GGC (global catalog), 182
enabling, 198-199
global catalog (GC), 182
enabling, 198-199
globally unique identifiers (GUIDs), 183
GPOs (Group Policy objects), 208
applying, 218
changing existing GPOs, 216
creating and applying at the sametime, 218
creating new, 216-217
Starter GPOs, 210
GPP (Group Policy Preferences), 212
/gpprep, 191
gpresult, 266
gpupdate, 214
Group Policy, 208
application order, 209
application settings, configuring, 218
Block Inheritance, 221
deleting links, 221
deleting policies, 221
disabling half of a policy, 220
disabling policies, 220
enforcing policies, 221-222
link order, 219-220
security filters, 222-223
central store, 208-209
Windows Server 2008 R2, 226-227
Group Policy Management, serverfeatures, 49
276 failover clustering
Group Policy Management console, 211
changing existing GPOs, 216
Group Policy Management Editor, 212
policies versus preferences,212-213
policy settings, 214
Group Policy Modeling, 224
Group Policy Modeling Wizard, 224-225
Group Policy objects (GPOs), 208
applying, 218
changing existing GPOs, 216
creating and applying at the sametime, 218
creating new, 216-217
Starter GPOs, 210
Group Policy Preferences (GPP), 212
Group Policy Results Wizard, 225-226
Group Policy settings, accessing,211-212
GUIDs (globally unique identifiers), 183
Hhardware requirements
for Server Core, 27
for Windows Server 2008, 6
HCAP (Host Credential AuthorizationProtocol), 46, 159, 243
health policies (NAP), configuring,243-245
health policies properties, 248
Health Registration Authority (HRA), 46,159, 242
HINFO (Host Information), 89
Host Credential Authorization Protocol(HCAP), 46, 159, 243
Host Information (HINFO), 89
HRA (Health Registration Authority), 46,159, 242
HTTP request filtering, 119
Hyper-V
installing
on a full installation of WindowsServer 2008, 135-136
on Server Core, 137
Integration Services, installing,145-146
managing remotely, 137-138
new features in Windows Server2008 R2, 149-150
performance, monitoring, 146-147
roles, installing, 134-135
server roles, 46
virtual hard drives, 138-141
Virtual Machine Connection tool,143-145
virtual machines, 141-142
hypervisors, 134
Iidentity, security (Windows Server
2008 R2), 250
IE ESC (Internet Explorer EnhancedSecurity Configuration), 233
IIS (Internet Information Services) 7.0
application pools, 117
command line, 124-126
appcmd.exe, 126-127
backing up configurations, 127
restoring configuration backups, 127
viewing configuration backups, 127
delegate rights assignments,121-124
performance, 128
compression, 129-130
logging frequency, 130
277IIS (Internet Information Services) 7.0
output caching, 128
WSRM (Windows Server ResourceManager), 130
Server Core, 27
Web Server role, 108
installing, 108-114
websites, 114-118
security, 118-120
IIS (Internet Information Services) 7.5, 131
IIS (Internet Information Services)Manager
Management Service pane, 122
websites, 114-118
improving Active Directory with WindowsServer 2008 R2, 205-206
/in or-, 125
inbound rules, creating for WindowsFirewall with Advanced Security,237-238
Infrastructure Master, 183
initial configuration tasks, manualinstallation, 18-20
Initial Configuration Tasks Wizard,18, 42
installing
BitLocker, 234
DHCP Server roles, 90-92
DNS Server role, 82
domain controllers in the forest,184-187
features, 55
File Services role, 98-101
Hyper-V
on a full installation of WindowsServer 2008, 135-136
on Server Core, 137
Hyper-V roles, 134-135
Integration Services, 145-146
media, for domain controllers (DCs), 190
NPS, 242-243
RODC (read-only domain controller),189-190
roles, 52-54
Server Core, 27-28
options for, 28-29
roles and features, installing,34-35
Terminal Services, 154
Terminal Server role services,154-156
TS Gateway role services,157-160
TS Licensing role services,156-157
TS Session Broker role services, 157
TS Web Access role services, 160
Web Server role, 108-114
Windows Server 2008, 14
manual installation, 14-16, 18-21
unattended installation, 21-23
pre-installation tasks, 7-9
Integration Services, installing, 145-146
Internet Explorer Enhanced SecurityConfiguration (IE ESC), 233
Internet Printing Client, server features, 49
Internet Printing Protocol (IPP), 49
Internet Storage Name Server (iSNS),server features, 49
IP restrictions, secure websites, 119
IPP (Internet Printing Protocol), 49
IPv4, configuring for DHCP Server roles,93-94
IPv6, configuring
for DHCP Server roles, 93-94
in Windows Server 2008, 96-98
278 IIS (Internet Information Services) 7.0
ISDN, DNS record types, 89
iSNS (Internet Storage Name Server), 49
Isolation, connection security rules, 239
KKCC (Knowledge Consistency
Checker), 201
KEY (Public Key), 89
LLDASP (Light DAP), 182
Line Printer Daemon (LPD), 50
link order, raising or lowering (GroupPolicy application settings), 219-220
links, deleting, 221
load-balanced farms, configuring with TSSession Broker, 166
logging frequency, IIS 7.0, 130
logical unit numbers (LUNs), 51
logman, 266
LPD (Line Printer Daemon), 50
LPR Port Monitor, server features, 50
LUNs (logical unit numbers), 51
Mmail group (MG), 89
Mailbox (MB), 89
Mailbox List Information (MINFO), 89
Management Service pane, IIS Manager, 122
managing
DNS servers, 86-87
DNS zones, 87-88, 90
Event Viewer, 263-265
Hyper-V, remotely, 137-138
replication, 202
Server Core, 36
with MMC snap-ins, 37-39
with Terminal Services, 36
with TS RemoteApp, 36-37
with Windows Remote Shell, 37
Terminal Services, 169-170
RemoteApp programs, adding,170-173
MAP (Microsoft Assessment andPlanning Toolkit), 28
mass storage device drivers, identifyingfor pre-installation tasks, 8
MB (Mailbox), DNS record types, 89
media, installing for domain controllers(DCs), 190
Message Queuing, server features, 50
/metadata, 125
MG (mail group), DNS record types, 89
Microsoft Application CompatibilityToolkit 5.0, 8
Microsoft Assessment and PlanningToolkit (MAP), 28
Microsoft Management Console (MMC), 60
connecting to remote servers, 63-64
preconfigured MMCs, 64
Computer Manager, 65-66
Server Manager, 64-65
Microsoft-Windows-RemovableStorageManagementCore,35
MINFO (Mailbox List Information), 89
MLGPOs (Multiple Local Group PolicyObjects), 209
MMC (Microsoft Management Console),60-63
connecting to remote servers, 63-64
preconfigured MMCs, 64
Computer Manager, 65-66
Server Manager, 64-65
279MMC (Microsoft Management Console)
MMC (Microsoft Management Console)snap-ins, managing (Server Core),37-39
MODULE, 125
monitoring
performance
Hyper-V, 146-147
Reliability and Performance tool, 252-253
Windows Server 2008 R2,269-270
Terminal Services, 173, 175
Windows Firewall with AdvancedSecurity, 241
Moskowitz, Jeremy, 227
moving domain controllers (DCs) to newsites, 201
MR (Renamed Mailbox), 89
Multiplath I/O, server features, 50
Multiple Local Group Policy Objects(MLGPOs), 209
Nnamespaces, DFS Management,
103-104
NAP, configuring, 242
health policies, 243-245
installing NPS, 242-243
policy properties, 247-248
Remediation Server Groups,245-247
SHV (System Health Validator),245-247
navigating with Server Manager, 43-44
.NET Framework 3.0, server features, 49
Net User command, 31
Netdom command, 31
netsh advfirewall command, 33
netsh command, 31-32
Network Level Authentication, 74
Network Load Balancing (NLB)
Server Core, 35
server features, 50
network policies properties, 248
Network Policy and Access Services, 242
Network Policy Server (NPS), 158, 242
server roles, 46
New Connection Security Rule Wizard, 240
New Namespace Wizard, 103
New Virtual Machine Wizard, 141
Next (NXT), 89
NLB (Network Load Balancing)
Server Core, 35
server features, 50
nltest, 266
No Override, 222
Notepad, adding to block list, 267
NPS (Network Policy Server), 158, 242
installing, 242-243
server roles, 46
nslookup, 266
NXT (Next), 89
Oobjects
Active Directory, 192
computer objects, creating, 193-194
OUs, 192-193
user objects, creating, 195-197
ocsetup.exe command, 34
operating system setup, manual installation, 15-16, 18
280 MMC (Microsoft Management Console) snap-ins, managing (Server Core)
OUs (organizational units), 232
creating in Active Directory, 192
designing and creating OU structure,192-193
outbound rules, creating for WindowsFirewall with Advanced Security,237-238
output caching, IIS 7.0, 128
Ppartitions, COM+, 197
pass-through disks, 139
PDC (primary domain controller), 183
PDC Emulator, 183
Peer Name Resolution Protocol (PNRP),server features, 50
performance
Hyper-V, 146-147
IIS 7.0, 128
compression, 129-130
logging frequency, 130
output caching, 128
WSRM (Windows Server ResourceManager), 130
monitoring with Reliability andPerformance tool, 252-253
Problem Reports and Solutions,266-268
Performance Monitor, 253-255
Pnputil command, 31
PNRP (Peer Name Resolution Protocol),server features, 50
Pointer (PTR), 89
policies
creating, 213
deleting, 221
disabling, half of a policy, 220
enforcing, 221
versus preferences, 212-213
settings, 214
viewing existing policies, 212
policy properties, configuring, 247-248
PolicyPak tools, 227
PowerShell, 124
Server Core, 26
pre-installation tasks, 7
backup servers, 9
checking application compatibility,7-8
disabling virus protection software, 9
disconnecting UPS, 8
identifying mass storage devicedrivers, 8
preparing Active Directory, 9-10
running Windows Memory Diagnostictool, 8
preconfigued MMCs, 64
Computer Manager, 65
routing and remote access, 65
Shared Folders snap-in, 66
Server Manager, 64-65
preferences versus policies, 212-213
preparing existing domain schemas, 191
prestaging, 194
primary domain controller (PDC), 183
Print Services, server roles, 46
Problem Reports and Solutions,266-268
promoting servers as domaincontrollers, 184
properties
connection request policies, 247
of DNS servers, 86-87
health policies, 248
network policies, 248
PTR (Pointer), 89
Public Key (KEY), 89
281Public Key (KEY)
QQuery User, Remote Desktop, 76
Quota Management, 102
qWave (Quality Windows Audio VideoExperience), server features, 50
RRDC (Remote Desktop Connection), 155
RDP-Tcp connections, Terminal Services(configuring), 167
read-only domain controllers (RODCs),183-184
recover, 266
recovering backed up files, 80
Recovery Wizard, 80
Reliability and Performance tool,252-253
data collector sets
adding new, 258-259
configuring, 259-260
creating, 257-258
Performance Monitor, 253-255
Reliability Monitor, 255-257
reliability reports, 260-261
Reliability Monitor, 255-257
reliability reports, 260-261
Remediation Server Groups, configuring,245-247
remote access, Computer Manager, 65
Remote App programs, adding inTerminal Services, 170, 172-173
Remote Assistance, server features, 50
Remote Desktop, 72-77
Query User, 76
Terminal Services Manager, 75
Remote Desktop Connection (RDC), 155
Remote Desktop Gateway, 176
Remote Desktop Licensing, 176
Remote Desktop Server, 176
Remote Desktop Services Provider forWindows PowerShell, 176
Remote Differential Compression, serverfeatures, 50
Remote Server Administration tool,server features, 50
remote servers, connecting to withMMC, 63-64
RemoteApp Manager (TerminalServices), configuring, 161-163
RemoteApp programs
distributing, 162
TS Web Access, 171
RemoteApp Wizard, 172
Removable Storage Manager (RSM),server features, 50
removing roles, 54-55
Renamed Mailbox (MR), 89
repadmin, 266
Repadmin.exe, 202
replication, 201
DFS Management, 104-105
managing, 202
replication scopes, DNS servers, 84
replication topology, checking, 201
REQUEST, 125
Responsible Person (RP), 89
restoring configuration backups, 127
RID Master, 183
/rodcPrep, 191
RODCs (read-only domain controllers),183-184
installing, 189-190
roles
administering through ServerManager, 55
DFS Management role, 103
namespaces, 103-104
replication, 104-105
282 Query User, Remote Desktop
DHCP Server roles, 90
configuring IPv4 and IPv6settings, 93-94
installing, 90-92
scope options, configuring, 94-96
DNS Server role, 46, 82
installing, 82
File Services role, 46, 98
File Server Resource Manager,102-103
Share and Storage Management,101-102
Hyper-V, installing, 134-135
installing, 52-54
in Server Core, 34-35
removing, 54-55
server roles, 45-48
Web Server role, 47
installing, 108-114
Windows Server Virtualization role, 137
Route Through (RT), 89
routers, Computer Manager, 65
Routing and Remote Access Services(RRAS), 46, 159, 242
Routing and Remote Access snap-in,65-66
RP (Responsible Person), 89
RPC over HTTP Proxy, server features, 50
RRAS (Routing and Remote AccessServices), 46, 159
RSM (Removable Storage Manager),server features, 50
RT (Route Through), 89
SSA (Security Associations), 241
sandboxing, 117
sc, 266
scheduling backups, 78-79
Schema Master, 183
scope options, configuring DHCP Serverroles, 94-96
SCRegEdit.wsf, 31
security, 230
authentication, restrictiveauthentication, 119
Authorization Manager, 230
BitLocker drive encryption, 234
built-in security features, 230-233
directory browsing, 120
EFS (Encrypting File System), 233
HTTP request filtering, 119
IE ESC (Internet Explorer EnhancedSecurity Configuration), 233
Security Auditing, 230
Security Configuration and Analysis, 232
smart cards, 234
TPM (Trusted Platform Module), 234
UAC (User Account Control), 233
websites, 118-119
authentication, restrictive, 119
directory browsing, 120
HTTP request filtering, 119
IP and domain restrictions, 119
Windows Firewall with AdvancedSecurity, 235-237
connection security rules,creating, 239-241
inbound and outbound rules,creating, 237-238
monitoring, 241
Windows Server 2008 R2, 248
Authorization and Access Control, 249
identity and authentication, 250
security policies, 250
server roles, 249
283security
Security Associations (SA), 241
Security Auditing, 230
Security Configuration and Analysis, 232
Security Configuration Wizard, 230
security filters, Group Policy applicationsettings, 222-223
security policies, security (WindowsServer 2008 R2), 250
Server Core, 26-27
administration, 40
configuring, 30
configuration commands, 31-33
Enterprise Server Core, 28
Hyper-V, installing, 137
IIS (Internet Information Services), 27
incorporating changes in WindowsServer 2008 R2, 39
installing, 27-28
features, 34-35
options for, 28-29
roles, 34-35
managing, 36
with MMC snap-ins, 37-39
with Terminal Services, 36
with TS RemoteApp, 36-37
with Windows Remote Shell, 37
PowerShell, 26
server features, 45, 49-52
installing, 55
Server Manager
administering roles, 55
manual installation, 21
MMCs, 64-65
navigating settings with, 43-44
Server Summary, 44
Windows Server 2008 R2, 58
server roles, 45-48. See also roles
installing, 52-54
removing, 54-55
security, Windows Server2008 R2, 249
Windows Server 2008 R2, 105-106
Server Summary, 44
Server-to-Server rules, connectionsecurity rules, 239
ServerManagerCmd.exe, 56-58
servers, promoting as domaincontrollers, 184
Service (SRV), 89
Service Pack 1 (Exchange 2007), 184
Services for Network File System, ServerCore, 35
Share and Storage Management, FileServices role, 101-102
Shared Configuration tool, 124
Shared Folders snap-in, 66
Shutdown command, 31
SHV (System Health Validator), 245
configuring, 245-247
SIG (Cryptographic Signature), 89
Simple Network Management Protocol(SNMP), Server Core, 35
Simple TCP/IP Services, server features, 51
SITE, 124
site links, 201
sites
creating new, 200
moving DCs to new sites, 201
Sites and Services tool (ActiveDirectory), 198
Default-First-Site-Name, 198
enabling GC, 198-199
moving DCs to new sites, 201
new sites, creating, 200
284 Security Associations (SA)
new subnets, creating, 200
replication, 202
replication topology, checking, 201
site links and replication, 201
SLAs, backups, 78
Slmgr command, 31
smart cards, 234
SMTP Server, server features, 51
SNMP (Simple Network ManagementProtocol), Server Core, 35
SNMP Services, server features, 51
SNMP-SC (Simple Network ManagementProtocol-Server Core), 35
SOA (Start of Authority), 83, 88
Software License Management tool, 31
Software Restriction Policies, 232
SRV (Service), 89
SSL Bridging, 165
Start of Authority (SOA), 83, 88
Starter GPOs, 210
static compression, 129
storage devices, identifying (pre-installation tasks), 8
Storage Manager for SANs, serverfeatures, 51
Storage Reports Management, 103
subdomains, 181
subnets, creating new, 200
subscriptions, creating new, 265
subsystem for UNIX-based applications
server features, 51
Server Core, 35
System Center, 148
System Center VMM, 147-149
System Clock Changes, 256
System Health Validator (SHV), 245
configuring, 245-247
SYSVOL, 208
TTask Scheduler, 67-72
task status, 68
Telnet Client
Server Core, 35
server features, 51
Telnet Server, server features, 51
Terminal Server, 152
Terminal Server role service, installing,154-156
Terminal Services, 152-153
configuring, 160, 167-169
load-balanced farms with TSSession Broker, 166
TS Gateway Manager, 163-166
TS RemoteApp Manager, 161-163
installing, 154
Terminal Server role service,154-156
TS Gateway role service, 157-160
TS Licensing role service,156-157
TS Session Broker role service, 157
TS Web Access role service, 160
managing, 169-170
RemoteApp programs, adding,170-173
Server Core, 36
monitoring, 173-175
server roles, 46
Terminal Server, 152
TS Gateway, 153
TS Licensing, 152
TS Session Broker, 153
TS Web Access, 153
in Windows Server 2008 R2,175-177
285Terminal Services
Terminal Services connectionauthorization policies (TS CAPs), 158
Terminal Services Manager, 173
Remote Desktop, 75
Terminal Services Remote application, 138
/text, 125
Text (TXT), 89
TFTP Client, server features, 51
tools
Best Practices Analyzer tool, 58
Problem Reports and Solutions,266-268
Reliability and Performance tool,252-253
data collector sets, 257-260
Performance Monitor, 253-255
Reliability Monitor, 255-257
reliability reports, 260-261
Shared Configuration tool, 124
Sites and Services tool (ActiveDirectory), 198
Default-First-Site-Name, 198
enabling GC, 198-199
moving DCs to new sites, 201
new sites, creating, 200
new subnets, creating, 200
replication, 202
replication topology,checking, 201
site links and replication, 201
Software License Management tool, 31
Virtual Machine Connection tool,143-145
Windows 2008 Server CoreConfigurator, 33
Windows Memory Diagnostic tool, 8
TPM (trusted platform module), 49, 234
TRACE, 125
transitive two-way trust, 181
troubleshooting, 262
with command-line tools, 266
Event User, managing, 263-265
Event Viewer, 262-263
subscriptions, creating, 265
in Windows Server 2008 R2,269-270
trusted platform module (TPM), 49, 234
trusts
external trusts, creating with ActiveDirectory Domains and Trust, 203
transitive two-way trusts, 181
TS CAPs (Terminal Services connectionauthorization policies), 158, 166
TS Gateway, 153
TS Gateway Manager
configuring, 163-166
monitoring services, 173
TS Gateway role service, installing,157-160
TS Licensing, 152
TS Licensing role service, installing,156-157
TS RemoteApp, managing (Server Core),36-37
TS Session Broker, 153
load-balanced farms,configuring, 166
TS Session Broker role service,installing, 157
TS Web Access, 153
RemoteApp programs, 171
TS Web Access role service,installing, 160
Tunnel, connection security rules, 239
two-way trusts, 181
TXT (Text), 89
286 Terminal Services connection authorization policies
UUAC (User Account Control), 233
UDDI (Universal Description, Discovery,and Integration), server roles, 47
unattend.xml file, 22-23
UPS, disconnecting prior to installingWindows Server 2008, 8
User Account Control (UAC), 233
user objects, creating, 195-197
utilities, Appcmd.exe, 124
VVDIR, 124
VDS (Virtual Disk Services), serverfeatures, 51
versions of Windows Server 2008, 10
Windows HPC Server 2008, 13
Windows Server 2008 Datacenter,12-13
Windows Server 2008 Enterprise, 12
Windows Server 2008 for Itanium-Based Systems, 13-14
Windows Server 2008 Standard,11-12
Windows Web Server 2008, 11
viewing
configuration backups, 127
existing policies, 212
reliability reports, 260
Virtual Disk Services (VDS), 51
Virtual Hard Disk Wizard, 139
virtual hard drives, creating, 138-141
Virtual Machine Connection tool,143-145
Virtual Machine Manager (VMM),134-135, 138
virtual machines, creating, 141-142
virus protection software, disabling, 9
VMM (Virtual Machine Manager), 138
VSS Copy backup, 79
VSS Full backup, 79
WWCF (Windows Communication
Foundation), 51
Web Server roles, 47
installing, 108-111, 113-114
websites
adding with appcmd.exe, 126
configuring with appcmd.exe, 127
deleting with appcmd.exe, 127
managing, 114-118
security, 118-119
authentication, restrictive, 119
directory browsing, 120
HTTP request filtering, 119
IP and domain restrictions, 119
Wecsvc (Windows Event Collector), 265
Well Known Service (WKS), 90
wevtutil, 266
Windows 2008 R2, monitoringperformance, 269-270
Windows 2008 Server Core Configurator, 33
Windows Communication Foundation(WCF), 51
Windows Deployment Services, serverroles, 47
Windows Event Collector (Wecsvc), 265
Windows Firewall, 235
Windows Firewall with AdvancedSecurity, 235-237
connection security rules, creating,239-241
inbound and outbound rules,creating, 237-238
monitoring, 241
287Windows Firewall with Advanced Security
Windows HPC Server 2008, 13
Windows Internal Database, serverfeatures, 51
Windows Internet Name Services(WINS), Server Core, 35
Windows Memory Diagnostic tool, pre-installation tasks, 8
Windows PowerShell
Remote Desktop Services Provider, 176
server features, 51
Windows Process Activation Service,server features, 51
Windows Remote Management(WinRM), 265
Windows Remote Shell, managing(Server Core), 37
Windows Security Health Validator(WSHV), 245
Windows Server 2008
choosing version, 10
Windows HPC Server 2008, 13
Windows Server 2008 Datacenter,12-13
Windows Server 2008 Enterprise, 12
Windows Server 2008 for Itanium-Based Systems, 13-14
Windows Server 2008 Standard,11-12
Windows Web Server 2008, 11
hardware requirements, 6
installing, 14
manual installation, 14-16, 18-21
unattended installation, 21-23
Windows Server 2008 Datacenter, 12-13
Windows Server 2008 Enterprise, 12
Windows Server 2008 for Itanium-BasedSystems, 13-14
Windows Server 2008 R2
Group Policy, 226-227
Hyper-V, 149-150
improving Active Directory, 205-206
incorporating Server Core changes, 39
new features, 131
security, 248
Authorization and Access Control, 249
identity and authentication, 250
security policies, 250
server roles, 249
Server Manager, 58
server roles, 105-106
Terminal Services, 175-177
Windows Server 2008 Server Core,26-27
administration, 40
configuring, 30
configuration commands, 31-33
Enterprise Server Core, 28
Hyper-V, installing, 137
IIS, 27
incorporating changes in WindowsServer 2008 R2, 39
installing, 27-28
features, 34-35
options for, 28-29
roles, 34-35
managing, 36
with MMC snap-ins, 37-39
with Terminal Services, 36
with TS RemoteApp, 36-37
with Windows Remote Shell, 37
PowerShell, 26
Windows Server 2008 Standard, 11-12
Windows Server Backup Features, 51
288 Windows HPC Server 2008
Windows Server Resource Manager(WSRM), IIS 7.0, 130
Windows Server Virtualization role, 137
Windows System Resource Manager, 52
Windows Vista, managing Hyper-Vremotely, 138
Windows Web Server 2008, 11
WinRM (Windows RemoteManagement), 265
WINS, 88
WINS Server, server features, 52
Wireless LAN Service, server features, 52
wizards
Active Directory Domain ServicesInstallation Wizard, 185
Add Features Wizard, 234
Add Roles Wizard, 47, 92
Backup Schedule Wizard, 79
DNS Server Wizard, 83
Encrypting File System Wizard, 233
Group Policy Modeling Wizard,224-225
Group Policy Results Wizard, 226
Initial Configuration Tasks Wizard,18, 42
New Connection Security RuleWizard, 240
New Namespace Wizard, 103
New Virtual Machine Wizard, 141
Recovery Wizard, 80
RemoteApp Wizard, 172
Security Configuration Wizard, 230
Virtual Hard Disk Wizard, 139
WKS (Well Known Service), 90
WP, 125
WSHV (Windows Security HealthValidator), 245
WSRM (Windows Server ResourceManager), 130
XX.25 (X25), 90
/xml, 125
Zzones, DNS zones (managing), 87-90
289zones, DNS zones (managing)