Windows Server® 2008 How-Toptgmedia.pearsoncmg.com/images/9780672330759/samplepages/...Now let’s...

Windows Server® 2008 How-ToCopyright © 2010 by Pearson Education, Inc.

All rights reserved. No part of this book shall be reproduced, stored in aretrieval system, or transmitted by any means, electronic, mechanical,photocopying, recording, or otherwise, without written permission from thepublisher. No patent liability is assumed with respect to the use of theinformation contained herein. Although every precaution has been taken inthe preparation of this book, the publisher and author assume noresponsibility for errors or omissions. Nor is any liability assumed fordamages resulting from the use of the information contained herein.

ISBN-13: 978-0-672-33075-9ISBN-10: 0-672-33075-X

Library of Congress Cataloging-in-Publication Data

Bruzzese, J. Peter.

Windows server 2008 how-to / J. Peter Bruzzese, Ronald Barrett, WayneDipchan.

p. cm.

ISBN 978-0-672-33075-9

1. Microsoft Windows server. 2. Operating systems (Computers) I.Barrett, Ronald. II. Dipchan, Wayne. III. Title.

QA76.76.O63B786 2009

005.4’476—dc22

2009018967

Printed in the United States of America

First Printing July 2009

TrademarksAll terms mentioned in this book that are known to be trademarks orservice marks have been appropriately capitalized. Sams Publishing cannotattest to the accuracy of this information. Use of a term in this book shouldnot be regarded as affecting the validity of any trademark or service mark.

Warning and DisclaimerEvery effort has been made to make this book as complete and as accurateas possible, but no warranty or fitness is implied. The information providedis on an “as is” basis. The author and the publisher shall have neitherliability nor responsibility to any person or entity with respect to any loss ordamages arising from the information contained in this book.

Bulk SalesSams Publishing offers excellent discounts on this book when ordered inquantity for bulk purchases or special sales. For more information, pleasecontact

U.S. Corporate and Government Sales

1-800-382-3419

[email protected]

For sales outside of the U.S., please contact

International Sales

[email protected]

Editor-in-ChiefKaren Gettman

Executive EditorNeil Rowe

Development EditorMark Renfrow

Managing EditorKristy Hart

Project EditorBetsy Harris

Copy EditorKitty Wilson

IndexerLisa Stumpf

ProofreaderKathy Ruiz

Technical EditorDiane McSorley

PublishingCoordinatorCindy Teeters

Book DesignerGary Adair

CompositorNonie Ratcliff

Introduction: UsingWindows Server 2008How-To

IN THIS INTRODUCTION

. How to Educate Yourself About Windows Server 2008

. How to Benefit from This Book

. How to Continue Expanding Your Knowledge

2 Introduction: Using Windows Server 2008 How-To

How to Educate Yourself About WindowsServer 2008

Whenever you pick up a book that catches your eye, flip to an article that draws yourinterest, or research and locate a site or blog that strikes you, you are attempting toeducate yourself in some way. Perhaps it is a subject you already know and, due toyour preexisting knowledge, maybe you can extract the information you need muchfaster and easier than could a novice.

The motivation behind education varies from person to person. Some simply love tolearn, to enhance their own knowledge of a subject even if they never intend to employthat knowledge in the working world. Some, on the other hand, are required to learn inorder to perform their job. For example, a messaging engineer, much like a physician,must keep up with the latest practices and techniques in order to stay on top of his orher profession.

You might note that many books on the subject of Windows Server 2008 range up to800, 900, or even 1,500 pages! And for some, that is just the kind of book needed toaccomplish their messaging goals. However, this how-to book is designed to give anadministrator what is needed to understand the concepts involved in managing an envi-ronment utilizing Windows Server 2008 and perform the tasks needed.

There are many ways to educate yourself about Windows Server 2008—throughbooks, articles, websites, and so on—but for on-the-job, in-the-trenches, step-by-stepinformation, look no further!

How to Benefit from This Book

We’ve designed this book to be easy to read from cover to cover, in case your goal isto gain a full understanding of Windows Server 2008, while breaking down the subjectmatter into 12 easy-to-use chapters:

. Chapter 1, “Perform the Installation”

. Chapter 2, “Configure and Manage Server Core”

. Chapter 3, “Work with Server Manager”

. Chapter 4, “Manage Windows Server 2008”

. Chapter 5, “Install and Configure Specific Server Roles”

. Chapter 6, “Work with IIS 7.0”

. Chapter 7, “Implement and Utilize Hyper-V”

. Chapter 8, “Install and Configure Terminal Services”

. Chapter 9, “Understand and Manage Active Directory”

3How to Benefit from This Book

. Chapter 10, “Utilize Group Policy”

. Chapter 11, “Configure Security”

. Chapter 12, “Monitor Performance and Troubleshoot”

Within each of these chapters are sections that focus on the primary elements requiredto deploy Windows Server 2008 in a number of different scenarios. Perhaps youneed a Server Core system that reduces attack surface or can be used for a Hyper-Vsolution. Maybe you want to work with Terminal Services to allow multiple clientsaccess to an easy-to-manage location. Maybe you need a web server for your companyor an entire Active Directory domain to handle logins and permissions combined withGroup Policy. Whatever your needs, we will walk you through it.

Beneath each major heading in a chapter is a “Scenario/Problem” introduction. Eachone serves as a starting point to consider. At times, the information provided helps youdeal with a specific problem that you may be facing. However, typically a scenario isdescribed that allows you to determine whether this is the direction needed for yourparticular situation or organization.

The “Solution” portion that follows “Scenario/Problem” may include additional infor-mation regarding a particular technology or design elements to consider. The text thenprovides more information, such as step-by-step instructions, so that you have morethan just commands: You have the underlying reasons for the instructions given.

When additional information is needed regarding a subject and it doesn’t fit neatlywithin the subject matter itself, or when it is essential that the message stand out a bitto catch your notice, we use a note.

This is an example of a note.NOTE

When lines of code are too long for the printed page, a code-continuation arrow (➥)has been used to indicate a manual break. For example:

start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;

➥WAS-ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI

Perhaps the most important aspect of this book is that it provides step-by-step instruc-tions that walk you through each and every step of the wizards and dialog boxesprovided by Windows Server 2008. Along with clear instructions on managing andconfiguring your Windows Server 2008 environment, we provide clear figures andscreenshots of only the most important elements you face visually while working withyour servers.

4 Introduction: Using Windows Server 2008 How-To

How to Continue Expanding Your Knowledge

Certainly there are more books, articles, and sites you can and should consider inexpanding your knowledge of Windows Server 2008, especially as the software will nodoubt continue to evolve and change as Microsoft adds more and more features, fixes,and enhancements. How do you stay on top of the flood of information regarding asubject as big as Windows Server 2008?

Several sites are invaluable and should be added to your Favorites at work. Theyinclude the following:

. Microsoft TechNet, the Windows Server 2008 TechCenter: http://technet.microsoft.com/en-us/windowsserver/2008/default.aspx. This continuouslyupdated site is the official location of all things Windows Server 2008.

In addition, you might want to monitor the following blogs written by the Microsoftfolks:

. Windows Server Team: http://blogs.technet.com/WindowsServer/

. Terminal Services Team: http://blogs.msdn.com/rds/

. Windows Virtualization Team: http://blogs.technet.com/virtualization/default.aspx

. System Center Team: http://blogs.technet.com/systemcenter/

. IIS Team: www.iis.net

In addition to these Microsoft blogs, there are a couple other sites that we enjoy:

. Greg Shields’s coverage of the Microsoft Server world: www.realtime-windowsserver.com

. J. Peter Bruzzese’s InfoWorld column: http://www.infoworld.com/blogs/j-peter-bruzzese

. Ron Barrett’s column for Network World: www.networkworld.com/community/barrett

These are just a handful of the sites we personally enjoy, and you will easily find manymore. Choose the ones you feel are most helpful to you.

http://technet.microsoft.com/en-us/windowsserver/2008/default.aspx

http://technet.microsoft.com/en-us/windowsserver/2008/default.aspx

http://blogs.technet.com/WindowsServer/

http://blogs.msdn.com/rds/

http://blogs.technet.com/virtualization/default.aspx

http://blogs.technet.com/virtualization/default.aspx

http://blogs.technet.com/systemcenter/

www.iis.net

www.realtimewindowsserver.com

www.realtimewindowsserver.com

http://www.infoworld.com/blogs/j-peter-bruzzese

http://www.infoworld.com/blogs/j-peter-bruzzese

www.networkworld.com/community/barrett

www.networkworld.com/community/barrett

CHAPTER 1

Perform the Installation

IN THIS CHAPTER

. Determine Your Hardware Requirements for WindowsServer 2008

. Perform Other Pre-Installation Tasks

. Decide What Edition of Windows Server 2008 to Install

. Install Windows Server 2008

6 CHAPTER 1 Perform the Installation

Determine Your Hardware Requirements forWindows Server 2008

Scenario/Problem: For any operating system (OS), hardware must meetminimum requirements in order to run the OS, and in a production environment,your hardware needs to meet at least the optimal requirements. You need toassess whether the hardware your organization owns will meet or—better yet—exceed the minimum requirements for the Windows Server 2008 OS.

Solution: Determine what the minimum, recommended, and optimal requirementsare for Windows Server 2008 and compare your findings with your hardware.

When determining whether you have the hardware requirements needed to install andrun an OS, you need to focus on three hardware resources:

. Memory:

Minimum: 512MB

Recommended: 1GB

Optimal: 2GB

. Processor:

Minimum: 1Ghz

Recommended: 2Ghz

Optimal: 3Ghz

. Disk space needed for system partition:

Minimum: 10GB

Recommended: 40GB

Optimal: 80GB

The recommendations take into consideration only what is needed to run theOS. You need to also determine whether any applications are going to run on theserver and include any resources requirements for those applications.

NOTE

Keep in mind that if you increase your memory above 16GB, you will need toincrease your disk space requirements to accommodate for the pagefile (if kept on asystem partition), hibernation, and the dump file.

NOTE

7Perform Other Pre-Installation Tasks

Perform Other Pre-Installation Tasks

You can use a tool called the Microsoft Assessment and Planning Toolkit(MAP) to inventory your servers and generate a report to help determine which serverswill work for your Windows Server 2008 installations. At the time of this writing, thetool is located at http://technet.microsoft.com/en-us/library/bb977556.aspx.

NOTE

Scenario/Problem: When you know that your server memory, processor, anddisk space meet the requirements for Windows Server 2008, you need toperform some other recommended tasks before you actually install the WindowsServer 2008 OS. What are these other tasks?

Solution: The following is a list of the tasks that should be performed before theactual installation.

. Check application compatibility

. Disconnect the uninterruptible power supply (UPS)

. Run the Windows Memory Diagnostic tool

. Identify mass storage device drivers

. Back up servers

. Disable virus protection software

. Prepare Active Directory

Some or all of these tasks are recommended, depending on the path of installation andwhether this is a new installation or an upgrade from an existing OS; in addition, youneed to perform the Active Directory prep only if you are going to promote yourWindows Server 2008 machine to a domain controller and add it to an existingWindows 2000/2003 domain.

Now let’s take a closer look at each of these tasks.

Check Application CompatibilityBefore you install Windows Server 2008, you must be sure that any third-party appli-cations you plan to run on the server will be supported. One way you can do this is tocontact the application vendor and get documentation on whether the application willrun on Windows Server 2008. In a real-world environment, the documentation is veryimportant because if things do not work as expected, you may be able to save your jobby providing the documentation. (Obviously, you would have tested the application ona development server first.)

http://technet.microsoft.com/en-us/library/bb977556.aspx


Another tool that you can use is the Microsoft Application Compatibility Toolkit 5.0(ACT 5.0). This tool can be used to collect compatibility data about your environmentinto a centralized data store. Having this information can be essential when evaluatingthe risk involved with an OS upgrade.

ACT 5.0 can also be used for lower-impact changes to your platform, such asa browser upgrade or a Windows Update release. Check the following site for moredetails: http://technet.microsoft.com/en-us/library/cc507852.aspx.

NOTE

Disconnect the UPSDuring the installation process, Windows Server 2008 attempts to detect devicesattached to serial ports. If you have a UPS connected to a serial port, you may run intoissues with the installation, so be sure to disconnect it until the installation is complete.

Run the Windows Memory Diagnostic ToolYou can use the Windows Memory Diagnostic tool to test the random access memory(RAM) on your server. At the time of this writing, you can download this tool and aguide from http://oca.microsoft.com/en/windiag.asp. After you download the tool, youcan perform the following steps:

1. Run the downloaded file mtinst.exe to start the setup for the WindowsMemory Diagnostic tool.

2. Choose Create Startup Disk to install Windows Memory Diagnostic onto afloppy disk or choose Save CD Image to Disk to use a CD-ROM to which youcan boot the server.

3. Reboot the server to the disk you just created.

4. The server will boot to the Windows Memory Diagnostic tool interface andautomatically start the first test. It will continue to run tests with the samesettings until you exit or pause.

To run a more thorough test on the memory, you can choose to run theextended test suite by pressing T while the Windows Memory Diagnostic tool isrunning. If you do this, it would be best to leave the tool to run overnight.

NOTE

Identify Mass Storage Device DriversIf a vendor has supplied a driver file for your storage device, now would be a goodtime to have that file stored on a floppy, a CD, a DVD, or a flash drive. You shouldstore files either in the root directory or in a folder named according to the processorarchitecture. During the installation, you will have the opportunity to load this driver.

http://technet.microsoft.com/en-us/library/cc507852.aspx

http://oca.microsoft.com/en/windiag.asp

9Perform Other Pre-Installation Tasks

Back Up ServersBacking up servers is standard procedure when making any platform changes. Makesure you have a good backup of any critical data. When performing an OS upgrade, itis a good idea to make sure you have a backup of the boot and system partitions aswell as the system state data. An alternative way to back up this configuration data isto create a backup set for Automated System Recovery (ASR).

You should consider this recommendation if you are planning to upgrade anexisting OS.NOTE

Disable Virus Protection SoftwareVirus protection software can affect the speed of your upgrade. Every file that iscopied to your server will need to be scanned.

You should consider this recommendation if you are planning to upgrade anexisting OS.NOTE

Prepare Active DirectoryThere are two steps in preparing the Active Directory service for a new WindowsServer 2008 domain controller:

. Prepare the forest.

. Prepare the domain.

You need to prepare Active Directory only if you are going to build a WindowsServer 2008 domain controller that will be joined to an existing Windows 2000/2003domain.

NOTE

Let’s first go through the steps to prepare the forest:

1. Log on to the Schema Master of your existing domain with an account that is amember of either the Enterprise Administrators, Schema Administrators, orDomain Administrators group.

2. Copy the adprep directory from the sources\adprep on the Windows Server2008 installation CD to the schema master.

3. From a command prompt, navigate to the adprep folder you just copied. Thenrun adprep/forestprep.

4. For a read-only domain controller (RODC), run adprep/rodcprep.


5. Wait for the task to complete and replicate prior to running the second portion ofthe ADS preparation.

When you have waited for the changes to replicate, you can follow these steps toprepare the domain:

1. Log on to the infrastructure master of your existing domain with an account thatis a member of the Domain Administrators group.

2. Copy the adprep directory from sources\adprep on the Windows Server 2008installation CD to the infrastructure master.

3. From a command prompt, navigate to the adprep folder you just copied andthen run adprep\domainprep\gpprep.

4. Wait for the task to complete and replicate.

Now that you have completed some or all of the pre-installation tasks, you can startwith the installation of Windows Server 2008. But first you must decide which editionof Windows Server 2008 you need for your environment.

Decide What Edition of Windows Server 2008to Install

Scenario/Problem: Many different editions of Windows Server 2008 are avail-able. The various editions allow support on x86, x64, and Itanium processorsand also allow for native high availability, load balancing, and virtualization. Youneed to review all the various editions and decide which one best fits your orga-nization’s needs.

Solution: You need to take a close look at each of the available editions ofWindows Server 2008 and evaluate them in terms of your organization’s infrastruc-ture goals.

The available editions are as follows:

. Windows Web Server 2008

. Windows Server 2008 Standard

. Windows Server 2008 Standard without Hyper-V

. Windows Server 2008 Enterprise

. Windows Server 2008 Enterprise without Hyper-V

. Windows Server 2008 Datacenter

. Windows Server 2008 Datacenter without Hyper-V

. Windows HPC Server 2008

. Windows Server 2008 for Itanium-Based Systems

11Decide What Edition of Windows Server 2008 to Install

Windows Web Server 2008The title really speaks for itself: This edition is built for a single purpose, as a webserver. Windows Web Server 2008 comes with architectural enhancements includedwithin IIS 7.0, ASP.NET, and Microsoft .NET Framework. This edition is used todeploy web pages, web sites, web applications, and web services.

Windows Web Server 2008 supports the following:

. 32GB RAM on 64-bit (4GB on 32-bit)

. Four multicore processors

Windows Server 2008 StandardWindows Server 2008 Standard is a robust server OS that includes the followingfeatures to improve functionality, security, management, and reduce infrastructurecosts:

. Web services

. Hyper-V (hypervisor-based virtualization)

. Terminal Services

. Presentation virtualization

. Application virtualization

. Network Access Protection (NAP)

. BitLocker

. RODCs

. Windows Service Hardening

. Bidirectional Windows Firewall

. Next-generation cryptography support

. Server Manager

. Windows Deployment Services

. Windows PowerShell

. Next-generation TCP/IP

. Server Core

This chapter does not include descriptions of Windows Server 2008Standard, Enterprise, and Datacenter without Hyper-V as these are identical to theircorresponding counterparts with Hyper-V. However, editions without the Hyper-V roleare available.

NOTE


Windows Server 2008 Standard supports the following:

. 32GB RAM on 64-bit (4GB on 32-bit)

. Four multicore processors

. 250 network access service connections (RRAS)

. 50 network policy server connections

. 250 terminal server connections

. Hyper-V virtualization with one free instance

Windows Server 2008 EnterpriseWindows Server 2008 Enterprise adds high availability, the latest in security, and scal-ability to the Standard edition. The following are some of its features:

. Failover clustering (up to 16 nodes)

. Fault-tolerant memory synchronization

. Cross-file replication

. Licensing for up to four additional virtual server instances

. Active Directory Federation Services (ADFS)

. Advanced certificate services

. Active Directory Domain Services (ADDS)

Windows Server 2008 Enterprise supports the following:

. Eight processors

. 2TB RAM on 64-bit (64GB RAM on 32-bit)

. Unlimited number of virtual private network (VPN) connections

. Unlimited Network Access Service connections

. Unlimited Network Policy Server connections

Windows Server 2008 DatacenterThis edition can be used for large-scale virtualization needs and added scalability formission-critical applications in a large IT infrastructure. The following are some of thefeatures of this edition:

. Large-scale virtualization (Licensing allows you to add an unlimited number ofvirtual instances.)

. Failover clustering

. Dynamic hardware partitioning

. Windows Server High Availability Program

13Decide What Edition of Windows Server 2008 to Install

Windows Server 2008 Datacenter supports the following:

. 2TB RAM on 64-bit(64GB on 32-bit)

. 64 x64 64-bit processors and 32 x86 32-bit processors

. Unlimited virtual image use rights

. Hyper-V based unlimited virtualization use

. 16-node failover clustering

. Hot add/replace memory and processors on supported hardware


. Cross-file replication (DFS-R)

. Unlimited Network Access Services connections (RRAS)

. Unlimited Network Policy Server connections

. 65,535 terminal server connections

. Advanced identity management

Windows HPC Server 2008Used specifically for high-performance computing (HPC), this edition enables you toscale to thousands of processing cores. This is advantageous when you’re load balanc-ing heavy workloads across multiple processors and need to manage and monitor yourHPC environment for stability and health.

Windows Server 2008 for Itanium-Based SystemsWindows Server 2008 for Itanium-Based Systems allows you to run Windows Server2008 on Itanium-based systems. Itanium-based processors have the ability to handleintensive computing needs of business-critical applications in an enterprise-level envi-ronment. An Itanium processor uses a whole new architecture, not just extending the32-bit architecture to 64-bit, and it can thus be called a native 64-bit processor.Another feature of this processor is the Intel Explicitly Parallel Instruction Computing(EPIC) architecture, which improves performance of the processor through instruction-level parallelism, maximizing opportunities to execute instructions in parallel. Up tosix instructions can be processed in parallel.

Windows Server 2008 for Itanium-Based Systems supports the following:

. Dynamic hardware partitioning

. Use of Itanium RAS (Reliability, Availability, and Scalability)

. 2TB RAM

. 64 Itanium processors or 64 cores

. Hot add/replace of memory and processors


. Eight-node failover clustering


. Licensing for unlimited virtual instances with a third-party virtualization product

Now you know what each edition of Windows Server 2008 has to offer. Say that youdecide that you need to install the Standard edition. Let’s get started with the installa-tion and see what your options are.

Install Windows Server 2008

Scenario/Problem: You have decided to install Windows Server 2008 Standardedition. You need to decide whether you are going to perform a manual installa-tion or an unattended installation. There may be some servers that will need tobe upgraded also.

Solution: The following sections look at the procedures for doing both a manualinstallation and an unattended installation. We will also consider what is involved inupgrading to Windows Server 2008 from an existing operating system.

Manual InstallationThe Windows Server 2008 installation procedure has been streamlined. If you arefamiliar with the Windows 2003 Server installation, you may remember that during theinstallation, you were prompted to answer configuration questions. With WindowsServer 2008, these prompts have been moved to the Initial Configuration Task Wizard,which appears when the installation is complete. The following is the only informationyou need to provide during the actual installation:

. Language, currency, and keyboard layout information

. A valid product key

. Installation location

. Which version of the operating system you are going to install (if no productkey is entered)

. Whether you are performing an upgrade or fresh installation

The complete setup for Windows Server 2008 requires only three stages:

. Operating system setup, including key validation

. Initial configuration tasks

. Server Manager setup

15Install Windows Server 2008

Operating System SetupFollow these steps to set up the OS:

1. Insert the installation CD and boot the server to the CD.

2. When you are prompted for language, time and currency, and keyboard formatinformation, as shown in Figure 1.1, make the appropriate selections andclick Next.

FIGURE 1.1Configuring language, timeand currency, and keyboardinformation.

3. The Install Now option appears. If you are unsure of what hardware require-ments are needed, you can click the link What to Know Before InstallingWindows. You can also click the link to perform and repair the OS rather thanperform a full installation.

4. Input your product key and check the box Automatically Activate WindowsWhen I’m Online (see Figure 1.2). Click Next.

FIGURE 1.2Providing a valid productkey.


5. If you did not enter a product key in the previous window, you now have tochoose which edition of Windows Server 2008 you will install and check thebox I Have Selected an Edition of Windows That I Purchased (see Figure 1.3).If you did enter a product key, the installation program will be able to identifywhich edition of Windows Server 2008 you are going to install. Then clickNext.

FIGURE 1.3Selecting the edition of Windows Server 2008 to install.

Chapter 2, “Configure and Manage Server Core,” discusses in detail theinstallation of Windows Server 2008 Server Core.NOTE

6. Read the license terms and accept them by checking the box. Then click Next.

7. In the screen that now appears, you decide whether to perform and upgrade or acustom (advanced) installation of Windows. Because you booted from the instal-lation CD, the Upgrade option is disabled (see Figure 1.4). Click Custom(Advanced).

If you wanted to perform an upgrade, you would need to execute the installa-tion procedure from within the original Windows OS.NOTE

8. On the next screen, decide where you want to install Windows and, if you haveany third-party storage drivers, load them by clicking the Load Driver link (seeFigure 1.5).


FIGURE 1.4The Upgrade option is disabled when you boot from the installation CD.

FIGURE 1.5Loading third-party storage drivers and choosing where to install them.

Now the actual Windows installation takes place. You will see the progress ofeach step as it completes, by percentage. During the installation, the server willreboot multiple times. The installation will complete the following tasks:

. Copying files

. Expanding files

. Installing features


. Installing updates

. Completing installation

9. When the installation is complete, change the administrator’s password beforethe first logon. When the password had been changed you are logged in to theOS. You have completed phase 1 of the installation.

Initial Configuration TasksNow that the OS install is complete and you have logged in to the Windows ServerOS, the Initial Configuration Tasks Wizard appears (see Figure 1.6). There are threesections in this wizard:

. Provide computer information

. Update this server

. Customize this server

FIGURE 1.6The Initial Configuration Tasks Wizard.

So what configuration changes can you make in these different sections?

In the Provide Computer Information section, you can do the following:

. Change the time zone.

. Configure the network settings on your network interface card (NIC) interfaces.You can also assign static IP addresses, subnet masks, default gateways, andDNS/WINS server. In many environments, you will probably be teaming two


NICs for a production data LAN (using third-party software) and have a separateNIC dedicated for backup data connected to a backup LAN. Alternatively, youcan leave the setting to be automatically assigned by a DHCP server, assumingthat you have a DHCP server configured.

In a real-world environment, you will usually assign static IP addresses toinfrastructure servers. If this is the case, you will need to have gathered this informa-tion along with valid IP addresses for the default gateway and for DNS and WINSservers prior to the installation, along with the new server name if you are held to astrict naming convention in your organization.

NOTE

. Supply a computer name for the server, along with domain or workgroup infor-mation.

You need to reboot the server for these changes to take effect.

In the Update This Server section, you can do the following:

. Enable automatic updates and feedback.

. Configure the download and installation of OS updates.

In the Customize This Server section, you can do the following:

. Add the server role or multiple roles. When you select a role, a wizard takesyou through the complete installation of that role. You can choose from thefollowing roles:

. Active Directory Certificate Services

. Active Directory Domain Services

. Active Directory Federation Services

. Active Directory Lightweight Directory Services

. Active Directory Rights Management Services

. Application Server

. DHCP Server

. DNS Server

. Fax Server

. File Services

. Network Policy and Access Services

. Print Services

. Terminal Services

. UDDI Services


. Web Server (IIS)

. Windows Deployment Services

. Add features. As with roles, when you select a feature, a wizard takes youthrough the installation of that feature. There are many features to choose from,as shown in Figure 1.7.

FIGURE 1.7Selecting features you would like to install.

With both the roles and features lists, if you highlight a role or feature, yousee a description of each role or feature on the right side of the list. When you areselecting roles and features, keep in mind that you should install as few as possibleor only items you are currently planning to use. If you install unnecessary rolesand/or features, you will also install services and possibly open up ports that will notbe used in production but will render the server less secure. Chapter 5, “Install andConfigure Specific Server Roles,” provides a more detailed discussion of installingand configuring roles and features.

NOTE

. Enable Remote Desktop connections to the server.

. Configure the OS firewall settings. By default, the firewall is enabled.

Now let’s move on to phase 3 of the installation.


Server Manager SetupServer Manager (shown in Figure 1.8) gives you a complete overview of your server.When looking at the default details pane, you can see computer information, securityinformation, and a summary of the roles and features installed. And at the bottom ofthe page, you see a resources and support section. On the left side of the window aremany tools to help you add/remove and configure roles and features. You can also seeoptions for diagnostics, configurations, and disk management. When you havecompleted your changes in Server Manager, your manual installation is complete.

FIGURE 1.8Server Manager.

We will take a closer look at Server Manager in Chapter 3, “Work with ServerManager.”NOTE

Unattended InstallationNow that you have completed the manual installation, let’s take a look at how youwould go about performing an unattended installation. With Windows Server2008, you use a unattend.xml file rather than an unattend.txt file; in fact, theunnattend.xml file also replaces the Sysprep.inf, Winbom.ini, and Cmdlines.txtfiles. The XML format has been adopted because it makes it easier to describe nestedvalues, add new elements, and validate the answer file. You can open theunattend.xml file in Internet Explorer 5.5 and later to parse the .xml file and see if itis well formed. If the file is not formed correctly, Internet Explorer shows you wherethe errors are.


To run an unattended installation, you execute the setup.exe file with the unattendswitch:

C:>setup.exe /unattend:<path>\unattend.xml

The unattend.xml file contains the responses needed while running the setup.exefile. This file contains such information as computer name, acceptance of the End UserLicense Agreement (EULA), installation disk information, and so on. You can alsoshow or hide the user interface (UI) for each value that is set by using ShowUI flag =Yes/No. Let’s take a look at how the installation reacts when you use the ShowUI flag:

. ShowUI flag = Yes and setting is specified in the unattend.xml file: Setupuses the setting specified in the unattend.xml file and shows the UI with thissetting.

. ShowUI flag = No and setting is specified in the unattend.xml file: Setupuses the setting specified in the unattend.xml file and does not show the UI.

. ShowUI flag = Yes and the setting is not specified in the unattend.xmlfile: Setup shows the UI, with the default value, and the user can change thissetting, if needed.

. ShowUI flag = No and the setting is not specified in the unattend.xml file:Setup uses the default value and does not show the UI.

While performing an unattended installation over a network, the system installer musthave access to the unattend.xml file. When the setup is started from removablemedia (CD or DVD), the setup program looks for the unattend.xml file in the follow-ing locations:

. The current working directory

. The root of the removable media where setup.exe was initiated

. Other removable media, such as floppy disks, USB devices, or another CDor DVD

The syntax for the unattend.xml file is broken up into elements, and each elementneeds to be opened and then closed in the proper order (when nested). When this isachieved, it is a well-formed .xml file. There is only one root element, <unattend>.Figure 1.9 shows a portion of an unattend.xml file, with some syntax explanation, sothat you can get the feel for the syntax.

The running of the unattend.xml file stops with an error message if any of thefollowing is true:

. The EULA has not been accepted

. The product key is invalid

. The install disk cannot be written to


FIGURE 1.9An unattend.xml file with some syntax information.

Creating an unattend.xml file can be tricky, but when you have this file created, itcan make your job much easier. There are some tools available on the web that canhelp you create these files. You can also get very creative by adding some scripting toyour installations to automatically generate computer names that adhere to yournaming convention as well as many other configuration options.

Symbols/?, 125

Aaccessing Group Policy settings,

211-212

ACT (Application Compatibility Toolkit)5.0, 8

Active Directory, 180-182

domain controllers, 182-183

forests, 181

improving with Windows Server 2008R2, 205-206

Knowledge Consistency Checker(KCC), 201

objects, 192

computer objects, creating,193-194

OUs, 192-193

user objects, creating, 195-197

physical perspective, 180-182

preparing for installing WindowsServer 2008, 9-10

promoting servers as domaincontrollers, 184

RODCs (read-only domaincontrollers), 183-184

Sites and Services tool, 198

Default-First-Site-Name, 198

enabling GC, 198-199

moving DCs to new sites, 201

new sites, creating, 200

new subnets, creating, 200

replication, 202

replication topology,checking, 201

site links and replication, 201

Active Directory Certificate Services (AD CS), 45, 204-205

Active Directory Domain Services (AD DS), 45

Active Directory Domain ServicesInstallation Wizard, 185

Active Directory Domains and Trusts, 202

Domain Naming Master role,changing, 203

external trusts, creating, 203

raising domain and forest functionallevels, 202-203

Active Directory Federation Services (AD FS), 45, 204

Active Directory Lightweight DirectoryServices (AD LDS), 46, 204

Active Directory Rights ManagementServices (AD RMS), 45, 205

active tasks, 68

AD CS (Active Directory CertificateServices), 45, 204-205

AD DS (Active Directory DomainServices), 45

AD FS (Active Directory FederationServices), 45, 204

AD LDS (Active Directory LightweightDirectory Services), 46, 204

AD RMS (Active Directory RightsManagement Services), 46, 205

Add Features Wizard, installingBitLocker, 234

Add Roles Wizard, 47, 92

adding

data collector sets, 258-259

Notepad to block list, 267

websites with appcmd.exe, 126

administering roles through ServerManager, 55

administration, Server Core, 40

adprep command, 191

AFSDB (Andrew File System Database), 89

Allow Client System to be Remediatedbox, 245

Allow Read, 223

Andrew File System Database (AFSDB), 89

Anonymous authentication, 119

APP, 124

AppCmd, 124

Appcmd.exe utility, 124-127

application pools, IIS 7.0, 117

Application Server, server roles, 46

application settings (Group Policy),configuring, 218

Block Inheritance, 221

link order, 219-220

links, deleting, 221

policies

deleting, 221

disabling, 220

disabling half of a, 220

enforcing, 221-222

security filters, 222-223

Apply Group Policy, 223

applying GPOs while creating GPOs, 218

APPPOOL, 125

ASR (Automated System Recovery), 77

assigning delegate rights, 121-124

ATM Address (ATMA), 89

attack surface areas, 26

auditing events, TS Gateway Manager, 164

Auditpol, 266

authentication

Network Level Authentication, 74

restrictive, 119

security, Windows Server 2008 R2, 250

272 Active Directory Certificate Services (AD CS)

Authentication Exemption, connectionsecurity rules, 239

Authorization and Access Control,security (Windows Server 2008 R2), 249

Authorization Manager, 230

Automated System Recovery (ASR), 77

Bbacking up

configurations, 127

servers, pre-installation tasks, 9

BACKUP, 125

backup domain controllers (BDCs), 183

Backup Schedule Wizard, 79

backups, 77-78

recovering files, 80

scheduling, 78-79

SLAs, 78

BDCs (backup domain controllers), 183

Best Practices Analyzer tool, 58

BitLocker (BitLocker Drive Encryption), 234

installing, 234

Server Core, 35

server features, 49

BITS Server Extensions, server features, 49


Block Inheritance attribute, 210

Ccentral store (Group Policy), 208-209

changing

Default Domain Policy, 216

Domain Naming Master role, ActiveDirectory Domains and Trust, 203

existing GPOs, 216

Check Replication Topology, 201

child domains, 181

chkdsk, 266

Client Side Extension (CSE), 213

COM+ partitions, 197

command line, IIS 7.0, 124-126

appcmd.exe, 126-127

backing up configurations, 127

restoring configuration backups, 127

viewing configuration backups, 127

command prompts, installing WebServer roles as, 113

command-line Server Manager, 56-58

command-line tools,troubleshooting, 266

commands

adprep, 191

configuration commands, ServerCore, 31-33

Net User, 31

Netdom, 31

netsh, 31-32

netsh advfirewall, 33

ocsetup.exe, 34

Pnputil, 31

SCRegEdit.wsf, 31

ServerManagerCmd, 57

Shutdown, 31

Slmgr, 31

/commit, 126

compatibility, checking applicationcompatibility (pre-installationtasks), 7-8

compression, IIS 7.0, 129-130

Computer Manage, MMCs, 65

routing and remote access, 65

Shared Folders snap-in, 66

computer objects, creating, 193-194

/config, 125

273/config

configuration backups, 127

configuration commands, Server Core,31-33

configurations, backing up, 127

configuring


DHCP, 93

DHCP Server roles

IPv4 and IPv6, 93-94

scope options, 94-96

DNS lookup zones, 83-85

Group Policy application settings, 218


deleting links, 221

deleting policies, 221

disabling half of a policy, 220

disabling policies, 220

enforcing policies, 221-222

link order, raising or lowering,219-220


IPv6 (in Windows Server 2008),96-98

NAP, 242

health policies, 243-245

installing NPS, 242-243

policy properties, 247-248

Remediation Server Groups,245-247

SHV (System Health Validator),245-247

Server Core, 30

configuration commands, 31-33

Terminal Services, 160, 167-169

Gateway Manager, 163-166

load-balanced farms with TSSession Broker, 166

RemoteApp Manager, 161-163


connecting to remote servers with MMC,63-64

Connection Manager Administration Kit,server features, 49

connection requests policies properties, 247

connection security rules, creating forWindows Firewall with AdvancedSecurity, 239-241

Cryptographic Signature (SIG), 89

CSE (Client Side Extension), 213

Custom, connection security rules, 239

Ddata collector sets

adding, 258-259

configuring, 259-260

creating, 257-258

Data Manager, 259

DC (domain controllers), Active Directory,182-183

dcdiag, 266

dcpromo, 187

/debug, 126

Default Domain Policy, modifying, 216

Default-First-Site-Name, changingnames, 198

delegate rights, 121-124

Delegation of RODC Installation andAdministration page, 190

deleting

links, 221

policies, 221


Desktop Experience, server features, 49

Device Manager, 66-67

Device Specific Module (DSM), 50

Devices and Resources, TS RemoteAppManager, 162

274 configuration backups

DFS Management role, 103

namespaces, 103-104

replication, 104-105

DHCP, configuring, 93

DHCP Server, server roles, 46

DHCP Server roles

configuring IPv4 and IPv6 settings,93-94

installing, 90-92

scope options, configuring, 94-96

differencing disks, 139

directory browsing, restricting, 120

disabling

policies, half of a policy, 220

virus protection software,pre-installation tasks, 9

disconnecting UPS, pre-installationtasks, 8

Distributed File System Replication,Server Core, 35

Distributed File System service, ServerCore, 35

distributing RemoteApp programs, 162

DNS look up zones, configuring, 83-85

DNS record types, 89-90

DNS Server role, 46

installing, 82

DNS Server Wizard, 83

DNS servers

managing, 86-87

properties of, 86-87

replication scopes, 84

DNS zones, managing, 87-88, 90

DNSSEC (Domain Name System SecurityExtensions), 249

domain controllers (DC)

Active Directory, 182-183

installing in forests, 184-187

media, installing, 190

moving to new sites, 201

promoting servers as, 184

RODCs (read-only domaincontrollers), 183-184

installing, 189-190

setting up, 187-188

Domain Name System SecurityExtensions (DNSSEC), 249

Domain Naming Master, 183

Domain Naming Master role, ActiveDirectory Domains and Trust, 203

domain restrictions, secure websites, 119

domain schemas, preparing existing, 191

/domainprep, 191

domains, 181

raising functional levels, ActiveDirectory Domains and Trust,202-203

DSM (Device Specific Module), 50

dynamic compression, 129

Dynamic Content Compression, 130

dynamically expanding disks, 139

EEFS (Encrypting File System), 233

Encrypting File System Wizard, 233

Enforced, 221


Enterprise Server Core, 28

evaluating Windows Server 2008, 30

Event Viewer

managing, 263-265

troubleshooting, 262-263

Exchange 2007, Service Pack 1, 184

extending evaluation time, 30

external trusts, creating with ActiveDirectory Domains and Trust, 203

275external trusts, creating with Active Directory Domains and Trust

Ffailover clustering

Server Core, 35

server features, 49

FailoverCluster-Core, 35

Fax Server, server roles, 46

features

installing, 55

in Server Core, 34-35

server features, 49-52

File Replication Service (FRS), 208

Service Core, 35

File Screen Management, 102

File Server Resource Manager (FSRM), 39

File Services role, 102-103

File Services, server roles, 46

File Server Resource Manager,102-103

Share and Storage Management,101-102

File Services role, installing, 98-101

files, recovering backed up files, 80

filters, Group Policy application settings,222-223

fixed-size disks, 139

Flexible Single Master Operation (FSMO), 183

/forestPrep, 191

forests

Active Directory, 181

installing domain controllers,184-187

raising functional levels, ActiveDirectory Domains and Trust,202-203

forever incremental technology, 78

FRS (File Replication Service), 208

FSMO (Flexible Single Master Operation), 183

FSRM (File Server ResourceManager), 39

GGC (global catalog), 182

enabling, 198-199

global catalog (GC), 182

enabling, 198-199

globally unique identifiers (GUIDs), 183

GPOs (Group Policy objects), 208

applying, 218

changing existing GPOs, 216

creating and applying at the sametime, 218

creating new, 216-217

Starter GPOs, 210

GPP (Group Policy Preferences), 212

/gpprep, 191

gpresult, 266

gpupdate, 214

Group Policy, 208

application order, 209

application settings, configuring, 218


deleting links, 221

deleting policies, 221

disabling half of a policy, 220

disabling policies, 220


link order, 219-220


central store, 208-209

Windows Server 2008 R2, 226-227

Group Policy Management, serverfeatures, 49

276 failover clustering

Group Policy Management console, 211


Group Policy Management Editor, 212

policies versus preferences,212-213

policy settings, 214

Group Policy Modeling, 224

Group Policy Modeling Wizard, 224-225

Group Policy objects (GPOs), 208

applying, 218


creating and applying at the sametime, 218

creating new, 216-217

Starter GPOs, 210

Group Policy Preferences (GPP), 212

Group Policy Results Wizard, 225-226

Group Policy settings, accessing,211-212

GUIDs (globally unique identifiers), 183

Hhardware requirements

for Server Core, 27

for Windows Server 2008, 6

HCAP (Host Credential AuthorizationProtocol), 46, 159, 243

health policies (NAP), configuring,243-245

health policies properties, 248

Health Registration Authority (HRA), 46,159, 242

HINFO (Host Information), 89

Host Credential Authorization Protocol(HCAP), 46, 159, 243

Host Information (HINFO), 89

HRA (Health Registration Authority), 46,159, 242

HTTP request filtering, 119

Hyper-V

installing

on a full installation of WindowsServer 2008, 135-136

on Server Core, 137

Integration Services, installing,145-146

managing remotely, 137-138

new features in Windows Server2008 R2, 149-150

performance, monitoring, 146-147

roles, installing, 134-135

server roles, 46

virtual hard drives, 138-141

Virtual Machine Connection tool,143-145

virtual machines, 141-142

hypervisors, 134

Iidentity, security (Windows Server

2008 R2), 250

IE ESC (Internet Explorer EnhancedSecurity Configuration), 233

IIS (Internet Information Services) 7.0

application pools, 117

command line, 124-126

appcmd.exe, 126-127

backing up configurations, 127


viewing configuration backups, 127

delegate rights assignments,121-124

performance, 128

compression, 129-130

logging frequency, 130

277IIS (Internet Information Services) 7.0

output caching, 128

WSRM (Windows Server ResourceManager), 130

Server Core, 27

Web Server role, 108

installing, 108-114

websites, 114-118

security, 118-120

IIS (Internet Information Services) 7.5, 131

IIS (Internet Information Services)Manager

Management Service pane, 122

websites, 114-118

improving Active Directory with WindowsServer 2008 R2, 205-206

/in or-, 125

inbound rules, creating for WindowsFirewall with Advanced Security,237-238

Infrastructure Master, 183

initial configuration tasks, manualinstallation, 18-20

Initial Configuration Tasks Wizard,18, 42

installing

BitLocker, 234

DHCP Server roles, 90-92

DNS Server role, 82

domain controllers in the forest,184-187

features, 55

File Services role, 98-101

Hyper-V

on a full installation of WindowsServer 2008, 135-136

on Server Core, 137

Hyper-V roles, 134-135

Integration Services, 145-146

media, for domain controllers (DCs), 190

NPS, 242-243

RODC (read-only domain controller),189-190

roles, 52-54

Server Core, 27-28

options for, 28-29

roles and features, installing,34-35

Terminal Services, 154

Terminal Server role services,154-156

TS Gateway role services,157-160

TS Licensing role services,156-157

TS Session Broker role services, 157

TS Web Access role services, 160

Web Server role, 108-114

Windows Server 2008, 14

manual installation, 14-16, 18-21

unattended installation, 21-23

pre-installation tasks, 7-9

Integration Services, installing, 145-146

Internet Explorer Enhanced SecurityConfiguration (IE ESC), 233

Internet Printing Client, server features, 49

Internet Printing Protocol (IPP), 49

Internet Storage Name Server (iSNS),server features, 49

IP restrictions, secure websites, 119

IPP (Internet Printing Protocol), 49

IPv4, configuring for DHCP Server roles,93-94

IPv6, configuring

for DHCP Server roles, 93-94

in Windows Server 2008, 96-98

278 IIS (Internet Information Services) 7.0

ISDN, DNS record types, 89

iSNS (Internet Storage Name Server), 49

Isolation, connection security rules, 239

KKCC (Knowledge Consistency

Checker), 201

KEY (Public Key), 89

LLDASP (Light DAP), 182

Line Printer Daemon (LPD), 50

link order, raising or lowering (GroupPolicy application settings), 219-220

links, deleting, 221

load-balanced farms, configuring with TSSession Broker, 166

logging frequency, IIS 7.0, 130

logical unit numbers (LUNs), 51

logman, 266

LPD (Line Printer Daemon), 50

LPR Port Monitor, server features, 50

LUNs (logical unit numbers), 51

Mmail group (MG), 89

Mailbox (MB), 89

Mailbox List Information (MINFO), 89

Management Service pane, IIS Manager, 122

managing

DNS servers, 86-87

DNS zones, 87-88, 90

Event Viewer, 263-265

Hyper-V, remotely, 137-138

replication, 202

Server Core, 36

with MMC snap-ins, 37-39

with Terminal Services, 36

with TS RemoteApp, 36-37

with Windows Remote Shell, 37

Terminal Services, 169-170

RemoteApp programs, adding,170-173

MAP (Microsoft Assessment andPlanning Toolkit), 28

mass storage device drivers, identifyingfor pre-installation tasks, 8

MB (Mailbox), DNS record types, 89

media, installing for domain controllers(DCs), 190

Message Queuing, server features, 50

/metadata, 125

MG (mail group), DNS record types, 89

Microsoft Application CompatibilityToolkit 5.0, 8

Microsoft Assessment and PlanningToolkit (MAP), 28

Microsoft Management Console (MMC), 60

connecting to remote servers, 63-64

preconfigured MMCs, 64

Computer Manager, 65-66

Server Manager, 64-65

Microsoft-Windows-RemovableStorageManagementCore,35

MINFO (Mailbox List Information), 89

MLGPOs (Multiple Local Group PolicyObjects), 209

MMC (Microsoft Management Console),60-63

connecting to remote servers, 63-64

preconfigured MMCs, 64

Computer Manager, 65-66


279MMC (Microsoft Management Console)

MMC (Microsoft Management Console)snap-ins, managing (Server Core),37-39

MODULE, 125

monitoring

performance

Hyper-V, 146-147

Reliability and Performance tool, 252-253

Windows Server 2008 R2,269-270

Terminal Services, 173, 175

Windows Firewall with AdvancedSecurity, 241

Moskowitz, Jeremy, 227

moving domain controllers (DCs) to newsites, 201

MR (Renamed Mailbox), 89

Multiplath I/O, server features, 50

Multiple Local Group Policy Objects(MLGPOs), 209

Nnamespaces, DFS Management,

103-104

NAP, configuring, 242

health policies, 243-245

installing NPS, 242-243

policy properties, 247-248

Remediation Server Groups,245-247

SHV (System Health Validator),245-247

navigating with Server Manager, 43-44

.NET Framework 3.0, server features, 49

Net User command, 31

Netdom command, 31

netsh advfirewall command, 33

netsh command, 31-32

Network Level Authentication, 74

Network Load Balancing (NLB)

Server Core, 35

server features, 50

network policies properties, 248

Network Policy and Access Services, 242

Network Policy Server (NPS), 158, 242

server roles, 46

New Connection Security Rule Wizard, 240

New Namespace Wizard, 103

New Virtual Machine Wizard, 141

Next (NXT), 89

NLB (Network Load Balancing)

Server Core, 35

server features, 50

nltest, 266

No Override, 222

Notepad, adding to block list, 267

NPS (Network Policy Server), 158, 242

installing, 242-243

server roles, 46

nslookup, 266

NXT (Next), 89

Oobjects

Active Directory, 192

computer objects, creating, 193-194

OUs, 192-193


ocsetup.exe command, 34

operating system setup, manual installation, 15-16, 18

280 MMC (Microsoft Management Console) snap-ins, managing (Server Core)

OUs (organizational units), 232

creating in Active Directory, 192

designing and creating OU structure,192-193

outbound rules, creating for WindowsFirewall with Advanced Security,237-238

output caching, IIS 7.0, 128

Ppartitions, COM+, 197

pass-through disks, 139

PDC (primary domain controller), 183

PDC Emulator, 183

Peer Name Resolution Protocol (PNRP),server features, 50

performance

Hyper-V, 146-147

IIS 7.0, 128

compression, 129-130

logging frequency, 130

output caching, 128


monitoring with Reliability andPerformance tool, 252-253

Problem Reports and Solutions,266-268

Performance Monitor, 253-255

Pnputil command, 31

PNRP (Peer Name Resolution Protocol),server features, 50

Pointer (PTR), 89

policies

creating, 213

deleting, 221

disabling, half of a policy, 220

enforcing, 221

versus preferences, 212-213

settings, 214

viewing existing policies, 212

policy properties, configuring, 247-248

PolicyPak tools, 227

PowerShell, 124

Server Core, 26

pre-installation tasks, 7

backup servers, 9

checking application compatibility,7-8

disabling virus protection software, 9

disconnecting UPS, 8

identifying mass storage devicedrivers, 8

preparing Active Directory, 9-10

running Windows Memory Diagnostictool, 8

preconfigued MMCs, 64

Computer Manager, 65

routing and remote access, 65



preferences versus policies, 212-213

preparing existing domain schemas, 191

prestaging, 194

primary domain controller (PDC), 183

Print Services, server roles, 46


promoting servers as domaincontrollers, 184

properties

connection request policies, 247

of DNS servers, 86-87

health policies, 248

network policies, 248

PTR (Pointer), 89

Public Key (KEY), 89

281Public Key (KEY)

QQuery User, Remote Desktop, 76

Quota Management, 102

qWave (Quality Windows Audio VideoExperience), server features, 50

RRDC (Remote Desktop Connection), 155

RDP-Tcp connections, Terminal Services(configuring), 167

read-only domain controllers (RODCs),183-184

recover, 266

recovering backed up files, 80

Recovery Wizard, 80

Reliability and Performance tool,252-253

data collector sets

adding new, 258-259


creating, 257-258


Reliability Monitor, 255-257

reliability reports, 260-261



Remediation Server Groups, configuring,245-247

remote access, Computer Manager, 65

Remote App programs, adding inTerminal Services, 170, 172-173

Remote Assistance, server features, 50

Remote Desktop, 72-77

Query User, 76

Terminal Services Manager, 75

Remote Desktop Connection (RDC), 155

Remote Desktop Gateway, 176

Remote Desktop Licensing, 176

Remote Desktop Server, 176

Remote Desktop Services Provider forWindows PowerShell, 176

Remote Differential Compression, serverfeatures, 50

Remote Server Administration tool,server features, 50

remote servers, connecting to withMMC, 63-64

RemoteApp Manager (TerminalServices), configuring, 161-163

RemoteApp programs

distributing, 162

TS Web Access, 171

RemoteApp Wizard, 172

Removable Storage Manager (RSM),server features, 50

removing roles, 54-55

Renamed Mailbox (MR), 89

repadmin, 266

Repadmin.exe, 202

replication, 201

DFS Management, 104-105

managing, 202

replication scopes, DNS servers, 84

replication topology, checking, 201

REQUEST, 125

Responsible Person (RP), 89


RID Master, 183

/rodcPrep, 191

RODCs (read-only domain controllers),183-184

installing, 189-190

roles

administering through ServerManager, 55

DFS Management role, 103

namespaces, 103-104

replication, 104-105

282 Query User, Remote Desktop

DHCP Server roles, 90

configuring IPv4 and IPv6settings, 93-94

installing, 90-92

scope options, configuring, 94-96

DNS Server role, 46, 82

installing, 82

File Services role, 46, 98

File Server Resource Manager,102-103

Share and Storage Management,101-102

Hyper-V, installing, 134-135

installing, 52-54

in Server Core, 34-35

removing, 54-55

server roles, 45-48

Web Server role, 47

installing, 108-114

Windows Server Virtualization role, 137

Route Through (RT), 89

routers, Computer Manager, 65

Routing and Remote Access Services(RRAS), 46, 159, 242

Routing and Remote Access snap-in,65-66

RP (Responsible Person), 89

RPC over HTTP Proxy, server features, 50

RRAS (Routing and Remote AccessServices), 46, 159

RSM (Removable Storage Manager),server features, 50

RT (Route Through), 89

SSA (Security Associations), 241

sandboxing, 117

sc, 266

scheduling backups, 78-79

Schema Master, 183

scope options, configuring DHCP Serverroles, 94-96

SCRegEdit.wsf, 31

security, 230

authentication, restrictiveauthentication, 119

Authorization Manager, 230

BitLocker drive encryption, 234

built-in security features, 230-233

directory browsing, 120

EFS (Encrypting File System), 233


IE ESC (Internet Explorer EnhancedSecurity Configuration), 233

Security Auditing, 230

Security Configuration and Analysis, 232

smart cards, 234

TPM (Trusted Platform Module), 234

UAC (User Account Control), 233

websites, 118-119

authentication, restrictive, 119



IP and domain restrictions, 119

Windows Firewall with AdvancedSecurity, 235-237

connection security rules,creating, 239-241

inbound and outbound rules,creating, 237-238

monitoring, 241

Windows Server 2008 R2, 248

Authorization and Access Control, 249

identity and authentication, 250

security policies, 250

server roles, 249

283security

Security Associations (SA), 241

Security Auditing, 230

Security Configuration and Analysis, 232

Security Configuration Wizard, 230

security filters, Group Policy applicationsettings, 222-223

security policies, security (WindowsServer 2008 R2), 250

Server Core, 26-27

administration, 40

configuring, 30



Hyper-V, installing, 137

IIS (Internet Information Services), 27

incorporating changes in WindowsServer 2008 R2, 39

installing, 27-28

features, 34-35

options for, 28-29

roles, 34-35

managing, 36





PowerShell, 26

server features, 45, 49-52

installing, 55

Server Manager

administering roles, 55

manual installation, 21

MMCs, 64-65

navigating settings with, 43-44

Server Summary, 44

Windows Server 2008 R2, 58

server roles, 45-48. See also roles

installing, 52-54

removing, 54-55

security, Windows Server2008 R2, 249

Windows Server 2008 R2, 105-106

Server Summary, 44

Server-to-Server rules, connectionsecurity rules, 239

ServerManagerCmd.exe, 56-58

servers, promoting as domaincontrollers, 184

Service (SRV), 89

Service Pack 1 (Exchange 2007), 184

Services for Network File System, ServerCore, 35

Share and Storage Management, FileServices role, 101-102

Shared Configuration tool, 124


Shutdown command, 31

SHV (System Health Validator), 245


SIG (Cryptographic Signature), 89

Simple Network Management Protocol(SNMP), Server Core, 35

Simple TCP/IP Services, server features, 51

SITE, 124

site links, 201

sites

creating new, 200


Sites and Services tool (ActiveDirectory), 198





284 Security Associations (SA)


replication, 202

replication topology, checking, 201


SLAs, backups, 78

Slmgr command, 31

smart cards, 234

SMTP Server, server features, 51

SNMP (Simple Network ManagementProtocol), Server Core, 35

SNMP Services, server features, 51

SNMP-SC (Simple Network ManagementProtocol-Server Core), 35

SOA (Start of Authority), 83, 88

Software License Management tool, 31

Software Restriction Policies, 232

SRV (Service), 89

SSL Bridging, 165

Start of Authority (SOA), 83, 88

Starter GPOs, 210

static compression, 129

storage devices, identifying (pre-installation tasks), 8

Storage Manager for SANs, serverfeatures, 51

Storage Reports Management, 103

subdomains, 181

subnets, creating new, 200

subscriptions, creating new, 265

subsystem for UNIX-based applications

server features, 51

Server Core, 35

System Center, 148

System Center VMM, 147-149

System Clock Changes, 256

System Health Validator (SHV), 245


SYSVOL, 208

TTask Scheduler, 67-72

task status, 68

Telnet Client

Server Core, 35

server features, 51

Telnet Server, server features, 51

Terminal Server, 152

Terminal Server role service, installing,154-156


configuring, 160, 167-169

load-balanced farms with TSSession Broker, 166

TS Gateway Manager, 163-166

TS RemoteApp Manager, 161-163

installing, 154

Terminal Server role service,154-156

TS Gateway role service, 157-160

TS Licensing role service,156-157

TS Session Broker role service, 157

TS Web Access role service, 160

managing, 169-170

RemoteApp programs, adding,170-173

Server Core, 36

monitoring, 173-175

server roles, 46

Terminal Server, 152

TS Gateway, 153

TS Licensing, 152

TS Session Broker, 153

TS Web Access, 153

in Windows Server 2008 R2,175-177

285Terminal Services

Terminal Services connectionauthorization policies (TS CAPs), 158

Terminal Services Manager, 173

Remote Desktop, 75

Terminal Services Remote application, 138

/text, 125

Text (TXT), 89

TFTP Client, server features, 51

tools

Best Practices Analyzer tool, 58


Reliability and Performance tool,252-253





Shared Configuration tool, 124

Sites and Services tool (ActiveDirectory), 198






replication, 202

replication topology,checking, 201


Software License Management tool, 31


Windows 2008 Server CoreConfigurator, 33

Windows Memory Diagnostic tool, 8

TPM (trusted platform module), 49, 234

TRACE, 125

transitive two-way trust, 181

troubleshooting, 262

with command-line tools, 266

Event User, managing, 263-265

Event Viewer, 262-263

subscriptions, creating, 265

in Windows Server 2008 R2,269-270

trusted platform module (TPM), 49, 234

trusts

external trusts, creating with ActiveDirectory Domains and Trust, 203

transitive two-way trusts, 181

TS CAPs (Terminal Services connectionauthorization policies), 158, 166

TS Gateway, 153

TS Gateway Manager


monitoring services, 173

TS Gateway role service, installing,157-160

TS Licensing, 152

TS Licensing role service, installing,156-157

TS RemoteApp, managing (Server Core),36-37

TS Session Broker, 153

load-balanced farms,configuring, 166

TS Session Broker role service,installing, 157

TS Web Access, 153

RemoteApp programs, 171

TS Web Access role service,installing, 160

Tunnel, connection security rules, 239

two-way trusts, 181

TXT (Text), 89

286 Terminal Services connection authorization policies

UUAC (User Account Control), 233

UDDI (Universal Description, Discovery,and Integration), server roles, 47

unattend.xml file, 22-23

UPS, disconnecting prior to installingWindows Server 2008, 8

User Account Control (UAC), 233


utilities, Appcmd.exe, 124

VVDIR, 124

VDS (Virtual Disk Services), serverfeatures, 51

versions of Windows Server 2008, 10

Windows HPC Server 2008, 13

Windows Server 2008 Datacenter,12-13

Windows Server 2008 Enterprise, 12

Windows Server 2008 for Itanium-Based Systems, 13-14

Windows Server 2008 Standard,11-12

Windows Web Server 2008, 11

viewing

configuration backups, 127

existing policies, 212

reliability reports, 260

Virtual Disk Services (VDS), 51

Virtual Hard Disk Wizard, 139

virtual hard drives, creating, 138-141


Virtual Machine Manager (VMM),134-135, 138

virtual machines, creating, 141-142

virus protection software, disabling, 9

VMM (Virtual Machine Manager), 138

VSS Copy backup, 79

VSS Full backup, 79

WWCF (Windows Communication

Foundation), 51

Web Server roles, 47

installing, 108-111, 113-114

websites

adding with appcmd.exe, 126

configuring with appcmd.exe, 127

deleting with appcmd.exe, 127

managing, 114-118

security, 118-119

authentication, restrictive, 119



IP and domain restrictions, 119

Wecsvc (Windows Event Collector), 265

Well Known Service (WKS), 90

wevtutil, 266

Windows 2008 R2, monitoringperformance, 269-270

Windows 2008 Server Core Configurator, 33

Windows Communication Foundation(WCF), 51

Windows Deployment Services, serverroles, 47

Windows Event Collector (Wecsvc), 265

Windows Firewall, 235

Windows Firewall with AdvancedSecurity, 235-237

connection security rules, creating,239-241

inbound and outbound rules,creating, 237-238

monitoring, 241

287Windows Firewall with Advanced Security


Windows Internal Database, serverfeatures, 51

Windows Internet Name Services(WINS), Server Core, 35

Windows Memory Diagnostic tool, pre-installation tasks, 8

Windows PowerShell

Remote Desktop Services Provider, 176

server features, 51

Windows Process Activation Service,server features, 51

Windows Remote Management(WinRM), 265

Windows Remote Shell, managing(Server Core), 37

Windows Security Health Validator(WSHV), 245

Windows Server 2008

choosing version, 10


Windows Server 2008 Datacenter,12-13


Windows Server 2008 for Itanium-Based Systems, 13-14

Windows Server 2008 Standard,11-12


hardware requirements, 6

installing, 14

manual installation, 14-16, 18-21

unattended installation, 21-23

Windows Server 2008 Datacenter, 12-13


Windows Server 2008 for Itanium-BasedSystems, 13-14

Windows Server 2008 R2

Group Policy, 226-227

Hyper-V, 149-150

improving Active Directory, 205-206

incorporating Server Core changes, 39

new features, 131

security, 248

Authorization and Access Control, 249

identity and authentication, 250

security policies, 250

server roles, 249

Server Manager, 58

server roles, 105-106


Windows Server 2008 Server Core,26-27

administration, 40

configuring, 30



Hyper-V, installing, 137

IIS, 27

incorporating changes in WindowsServer 2008 R2, 39

installing, 27-28

features, 34-35

options for, 28-29

roles, 34-35

managing, 36





PowerShell, 26

Windows Server 2008 Standard, 11-12

Windows Server Backup Features, 51

288 Windows HPC Server 2008

Windows Server Resource Manager(WSRM), IIS 7.0, 130

Windows Server Virtualization role, 137

Windows System Resource Manager, 52

Windows Vista, managing Hyper-Vremotely, 138


WinRM (Windows RemoteManagement), 265

WINS, 88

WINS Server, server features, 52

Wireless LAN Service, server features, 52

wizards

Active Directory Domain ServicesInstallation Wizard, 185

Add Features Wizard, 234

Add Roles Wizard, 47, 92

Backup Schedule Wizard, 79

DNS Server Wizard, 83

Encrypting File System Wizard, 233

Group Policy Modeling Wizard,224-225

Group Policy Results Wizard, 226

Initial Configuration Tasks Wizard,18, 42

New Connection Security RuleWizard, 240

New Namespace Wizard, 103

New Virtual Machine Wizard, 141

Recovery Wizard, 80

RemoteApp Wizard, 172

Security Configuration Wizard, 230

Virtual Hard Disk Wizard, 139

WKS (Well Known Service), 90

WP, 125

WSHV (Windows Security HealthValidator), 245


XX.25 (X25), 90

/xml, 125

Zzones, DNS zones (managing), 87-90

289zones, DNS zones (managing)

Windows Server® 2008 How-Toptgmedia.pearsoncmg.com/images/9780672330759/samplepages/...Now let’s...

Documents

Transcript of Windows Server® 2008 How-Toptgmedia.pearsoncmg.com/images/9780672330759/samplepages/...Now let’s...