Read an Excerpt
Everyone knows the saying, “Be careful what you wish for.” It had long been my goal to write a complete guide to Windows Server, but I never felt I had sufficient time to do justice to the subject. In the middle of 2006, I convinced myself that I could organize my time to allow the undertaking of writing a book on the largest Microsoft server release ever—from scratch. I started writing the book a few months later and finished the final copy editing in June 2008, basically two years from start to finish. Fortunately, Microsoft delayed the release of Windows Server 2008 enough that this book will hit bookshelves while Windows Server 2008 is still new to the market.
With this book, I tried to create a resource that explains the major features of Windows Server 2008, when to use them, how to design the best implementation, and how to manage the deployed environment.
Windows Server 2008 has so many features that I had to leave some out. Those features not discussed are ones I felt would not be interesting to most readers; however, I point out what is not covered and suggest some resources. Windows 2008 is trying to put books out of business; however, although the online help is great, it is task focused. Therefore, I encourage you to follow the online help tool. I concentrate on items that require more design, decision, or are just “cool.”
Windows Server 2008 is very customer focused and focuses on a key number of areas such as virtualization, the Web, and security. Usability is also a major area for Windows 2008. A customer does not point to a server and say "that's my windows server," a customer says "that’s my domaincontroller” or “that’s my file server." Windows Server 2008 is designed around how the server is used. Only the basic functions are installed; additional components are installed as roles and features are added to the server and their management tools accessed through a single server manager interface.
Design of Microsoft-based systems will change in the future. I predict that the process we perform today to design the best practice implementation for our environment will be automated entirely within ten years—and I’ll need a new day job. Think of the process today: We look at the environment and how to use it, and then create a design following experience and best practices. We have a number of tools today to help with this: Best Practice Analyzers that check that an installation follows guidelines; System Center Capacity Planner that allows a designer to input information about locations, users, servers and bandwidth and then creates a server design that services needs; and Microsoft Solution Accelerators that help create solutions with Microsoft technologies. The next step is bringing these together. System Center Configuration Manager and System Center Operations Manager can ascertain the information needed about an environment. This information can then be automatically fed into Capacity Planner-type solutions to produce a best practice design and periodically verify that the design still meets requirements. With the move to virtualization, the design tools will partner with deployment technologies to automatically build new virtual machines for services, as needed, without administrator intervention. Microsoft already has a direction to this type of environment with the Dynamic Systems Initiative. Our involvement will likely be telling these tools about new initiatives and services needed to know what infrastructure to put in place. New versions of software such as Exchange can be downloaded and applied automatically, assuming organizations still have local servers and software. It’s entirely possible everything will be a service offered by a “cloud” on the Internet which companies subscribe to.
So with all of that, why is there snow on the cover? Snow makes anything look calm and beautiful. I hope the cover is calming. If ever you start panicking about content in this book, just stop and look at the cover. Like they said in the book, The Hitchhiker’s Guide to the Galaxy, "Don't panic." Audience for This Book
I’ve written this book with the IT administrator and architect in mind. Although a background from Windows and networking in general is advantageous, I introduce the basics of each subject, explain how the technologies work, and then build on that transferred understanding until we get to advanced concepts and best practices.
This is not a Microsoft Certified IT Professional study guide, although I did take the exams for both the MS ITP Server Administrator and Enterprise Administrator without studying. I used what I knew from writing this book and easily passed all the exams with high marks. So if you understand and can apply the information in this book, I would expect you to do well on the Microsoft exams. This Book’s Organization
It would be great if you could sit and read this book from start to finish. Although you may not be able to learn all the features, you may remember items that are possible in day-to-day work, and then reread details of specific features. In the same manner that a chef expects you to eat all courses of a meal instead of picking at each one, I expect this book to be “digested” more like a buffet. You might want to consume the parts relevant to you. I urge you, however, to read a chapter at a time, and not just part of a chapter because each one builds on a subject. In addition, I typically start each chapter with details in order for you to thoroughly understand the concepts so that we can cover other concepts more quickly.
I want to teach you to drive, not to understand the internal parts of the engine. I’m not big on giving detail on components that don’t do you any good from a design or management perspective, but I do give internal details when it aids in learning a technology. Structure of This Book
This book is made up of 24 chapters:
- Chapter 1, “Windows 101: Its Origins, Present, and the Services It Provides,” introduces the major new features of Windows Server 2008. It highlights the key differentiators between the editions of Windows Server 2008 from Web edition through Datacenter.
Chapter 2, “Windows Server 2008 Fundamentals: Navigating and Getting Started,” walks you through the key interface and management components of Windows Vista and Windows Server 2008. The log-on experience for Windows in both workgroup and domain environments is detailed along with the changes to how the built-in Administrator account is handled in Vista and 2008. The chapter discusses User Access Control and how it impacts how to use Windows. Also, key Windows elements, including the Start menu, task bar, and the system tray, are examined along with the available customizations.
Most of your time with Windows Server 2008 is spent in Task Manager, Explorer, and the Microsoft Management Console, so Chapter 2 looks at the major elements of these powerful tools and finishes off with a quick look at the Control Panel.
Chapter 3, “Installing and Upgrading Windows Server 2008,” walks you through the basic system requirements of Windows Server 2008 in terms of memory, processor, and disk space. Windows Server 2008 has a number of activation options, and this chapter looks at both Multiple Activation Keys and Key Management Service.
The next section walks through performing an upgrade from Windows Server 2003 SP1 to Windows Server 2008, and the various options and limitations associated with an in-place upgrade. The chapter ends with automating local installations using
Chapter 4, “Securing Your Windows Server 2008 Deployment,” discusses security. It looks at authentication and authorization methods, along with the importance of the physical environment which houses your servers. It also discusses BitLocker and how to use it most efficiently.
This chapter also looks at the built-in certification service in Windows Server 2008, Active Directory Certificate Services (ADCS), and how it is used in (and out) of an organization.
Finally, Chapter 4 discusses the Security Configuration Wizard and the Security Configuration and Analysis tool which can increase the security of an environment. Increasing network security is handled via the Windows Firewall and IPSec, which this chapter details, along with more information on the User Access Control.
Chapter 5, “File System and Print Management Features,” looks at the facilities that the Windows Server 2008 platform provides for the critical storing of an organization’s data. After discussing the new capabilities of NTFS, this chapter looks at creating and managing volumes for data storage.
The file permission and ownership capabilities are explained and the concept of shares are introduced and walked through. Then, more advanced subjects are covered, including using quotas to control how much data users can store, file screening technologies to control how the storage is used, and reporting capabilities.
The second section of Chapter 5 deals with print management, which has taken some big steps in Windows Server 2008. For the deployment of printers to users, Group Policy can now be used to assign printers to users based on their physical location so that as a user moves, he can be assigned printers that are physically close to him. The chapter closes with a detailed look at printer configuration options.
Chapter 6, “Networking Services,” starts from the ground up with IP. Network Address Translation (NAT) is explored as a means for sharing public IP addresses between multiple computers on a private network. Then, this chapter looks at Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) as methods to provide levels of reliability and extra service to IP communication.
Chapter 6 rounds off with a look at troubleshooting IP communication through various utilities. It also looks at tracing network traffic, which is invaluable for resolving issues and understanding more complex protocols.
- Chapter 7, “Advanced Networking Services,” looks at two main capabilities that make the Internet Protocol more usable and manageable in an environment: Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). The chapter ends with a brief look at WINS and how its capabilities are hopefully no longer required.
Chapter 8, “Remote Access and Securing and Optimizing the Network,” looks at extending the visibility of our enterprises resources to external users in a controlled manner via a Virtual Private Network. It also looks at the different types of VPN that are available and the pros and cons of each. Network Address Translocation (NAT) is explained and its impact on VPNs explored.
Finally, Chapter 8 looks at one of the major features in Windows Server 2008: Network Access Protection (NAP). It walks through the various types of NAP available, how to use NAP, and how best to configure it. It looks at implementation options for NAP to ensure the most secure environment while minimizing potential impact to the organizations users, thus, avoiding business impact.
Chapter 9, “Terminal Services,” kicks off with an overview of terminal services before walking through the basic steps to enable Remote Desktop and then use Remote Desktop. New security features related to Remote Desktop are examined.
Licensing is key with Terminal Services and licensing options are documented and advice given on which of the licensing modes work in different types of organizations.
The next section looks at installing the full Terminal Services role in Windows Server 2008 and its role services, which include TS Gateway for access over SSL and Remote Applications to enable seamless application execution on a terminal server without having a full desktop on the remote server visible. Tied in with Remote Applications, the chapter looks at TS Web which gives a Web-based portal to launch remote applications.
As Terminal Services become more important in an organization, it will be necessary to ensure that users can get sessions and good responses, so that multiple terminal servers are pooled together into a farm. Chapter 9 looks at the technologies to facilitate terminal server farms.
Chapter 10, “Active Directory Domain Services Introduction,” looks at the history of domains in Windows and the basic building blocks of ADDS. It looks at trust relationships and how they are a core part of Active Directory hierarchical structure. The chapter then expands on the structure of ADDS by looking at features such as Organization Units, Global Catalog servers, and the special Flexible Single Master of Operations (FSMO) roles.
Replication is key to ADDS, and this chapter looks at the site components that are used to document to ADDS the physical structure of the environment, the subnets for each location, and the links between each location. Chapter 10 ends with a look at the various domain and forest modes which enable additional features.
More advanced Active Directory concepts are explored in Chapter 11, “Designing and Installing Active Directory.” This chapter begins by adding a replica domain controller to an existing domain to give the domain high availability and support for more users and distributed environments.
For Windows Server Core installations and automated Active Directory deployments, an unattended approach is required. The unattended answer format is explored along with an easy way to create the answer file that is new in Windows Server 2008.
Management functions related to the FSMO domain controllers are explored, including normal movement of FSMO actions and exception FMO movement options. The last setting the chapter looks at is Global Catalog creation.
The next section deals with creating a new domain, but more importantly, the reasons of when and why a new domain is created. Steps related to verifying a new domain controller are described. The chapter then looks at demoting a domain controller to a normal member server.
One of the major new features in Windows Server 2008 is the Read-Only Domain Controller (RODC); the chapter looks in detail at the capabilities of RODC, its usage considerations, and the restrictions.
Chapter 11 closes with a detailed look at the various types of trust relationships and how to create them.
Chapter 12, “Managing Active Directory and Advanced Concepts,” looks at managing Active Directory (AD), backing up and restoring the AD, and other more advanced features. It looks at AD management tools, both graphical and command line based.
This chapter also looks at how backing up the AD has changed in Windows Server 2008, using new Active Directory snapshots, and restoring deleted objects.
Chapter 12 closes with a look at changing the replication technology from FRS to DFS-R once you are running a pure Windows Server 2008 domain controller environment.
- Chapter 13, “Active Directory Federated Services, Lightweight Directory Services, and Rights Management,” deals with the other role services that complement Active Directory Domain Services, namely Active Directory Lightweight Directory Services (AD LDS), Active Directory Rights Management Services (AD RMS), and Active Directory Federated Services (AD FS).
Chapter 14, “Server Core,” starts with an overview of server core followed by how to perform a Windows Server 2008 installation for a server core instance. Once the installation is complete, the hard part is configuring and managing because you don’t have the same local graphic tools available that are normally present in a full Windows Server 2008 instance.
The various command line utilities are explored to perform configuration in addition to walking through configurations that can be done with limited graphical tools such as the registry editor. Along with this configuration the chapter explores how to keep a server core patched and what applications can be installed on a server core installation.
Finally this chapter looks at managing a server core installation.
Chapter 15, “Distributed File System,” discusses one of the greatest challenges in a distributed environment: managing data and making the data available to all users in a timely fashion. The Distributed File System consists of two components: Distributed File System Namespace (DFSN) and Distributed File System Replication (DFSR).
Chapter 15 closes with a look at best practices to design a DFSR topology and how to troubleshoot and monitor the overall health of replication.
Chapter 16, “Deploying Windows,” starts with a brief history of deployment and then introduces the technologies required to deploy modern operating systems.
Installing and configuring WDS is covered, along with the considerations of running WDS and DHCP together and separately. After WDS installation is explained, the process of importing images is introduced and the process discussed.
Automated installations are key in large environments, and the process of creating an unattended answer file using the Windows System Image Builder is explained.
Chapter 16 also looks at creating custom images from reference installations and then maintaining the images by installing fixes, additional drivers, and even language packs. Finally, multicast deployments are explored.
Chapter 17, “Managing and Maintaining Windows Server 2008,” looks at the major tasks and utilities that relate to managing and maintaining Windows Server 2008. The majority of the chapter is spent exploring Server Manager: how to manage the roles and features of Windows Server 2008 using Server Manager and, more than just management actions, how Server Manager gives consolidated insight into each role and is a go-to point to troubleshoot.
Chapter 17 then looks at Windows Server Backup, the major changes in Windows Server 2008, and details on the Volume Shadow Copy Service (VSS).
Patch Updates are critical to keeping your environment healthy and secure. The chapter looks at the options for patching systems, their advantages and disadvantages, and finally, the registry.
Chapter 18, “Highly Available Windows Server 2008,” looks at the two high availability features of Windows Server 2008: Network Load Balancing (NLB) and Failover Cluster.
Validating hardware for Windows Server 2008 clustering is shown as well as the process to actually create and manage a Failover Cluster. Chapter 18 finishes with the migration options from a Windows 2003 based failover cluster.
Chapter 19, “Virtualization and Resource Management,” focuses on two main virtualization technologies: machine virtualization and the new hypervisor-based virtualization solution in Windows 2008, Hyper-V, including how to install Hyper-V, and best practices of configuring and managing. We then complete the section with a look at high availability solutions for Hyper-V through failover-clustering.
Chapter 10 closes with Windows Server Resource Management. It is not a virtualization technology but allows multiple applications/services to be run on a single operating system instance while allocating specific amount of memory and processor to processor. This allocation of resources allows performance guarantees to be made when consolidating multiple operating systems running an application, down to a single OS instance running multiple applications.
Chapter 20, “Troubleshooting Windows Server 2008 and Vista Environments,” starts with the basic building blocks of the operating system in terms of processes, threads, jobs, and handles—these are key items that are manipulated when troubleshooting. The chapter looks at the boot options for Windows and then delves into the Windows Recovery Environment (RE) that fixes problem systems from outside of Windows.
The Reliability and Performance Monitoring interface gives access to performance attributes of an operating system instance in addition to a historical view of issues on the system for a general “health” view.
The Event Viewer is covered extensively because it is the main portal to see what is going on in the Windows installation. When there are problems, an event log is typically written to see the system events, pertinent event logs, and how to receive specific event logs from other systems in our environment.
Chapter 20 is closes with a look at System Center which has solutions that help monitor an environment and preemptively troubleshoot and resolve issues before users are impacted. It’s better to fix something before it’s a problem.
Chapter 21, “Group Policy,” starts with an overview of Group Policy, its architecture and basic usage, before going into detail about the Group Policy Management Console, the tool of choice for group policy management. Using the GPMC, advanced concepts are covered, such as using no override, block inheritance, and filtering capabilities. Resultant Set of Policy features are explored which help ascertain how policy is applied for a user/computer and how policy is applied in different circumstances, for example, if the user was moved to another Organizational Unit.
Chapter 21 then looks at features that are new to Windows Server 2008, including the new Starter GPO functionality and Group Policy Preferences capability to set initial configurations for a computer that the user can override.
Chapter 22, “PowerShell and the Command Prompt,” kicks off with a look at the old style command prompt (cmd.exe) environment with information on customization and how to access and set environment variables, before moving onto more advanced concepts such as chaining commands and redirecting output.
The Windows Scripting Host is explored as a way to create more complicated sequences of logic with some VBScript examples.
PowerShell is explored with focus on its structure and capabilities for forming complex action sequences. PowerShell can interact with the environment including system processes, the registry, and file systems.
Scripting with PowerShell is explored and some scripts are showcased to further explain capabilities and error handling features.
- Chapter 23, “Connecting Windows Server 2008 to Other Environments,” discusses integration with Unix and NetWare, an important capability in mixed environments. Windows Server has capabilities to integrate and migrate with both Unix and NetWare environments
Chapter 24, “Internet Information Services,” looks at the Internet Information Services role in Windows Server 2008. The chapter starts with the new architecture that is a radical change from in previous versions, giving administrators and developers greater power to customize IIS processing.
The configuration of IIS is explained, as well as the various levels of configuration made possible by the new configuration architecture of IIS 7.
The process of IIS role service installation is shown along with the steps required to create and access new Web sites.
The chapter looks at new capabilities in IIS 7 including URL authorization which allows specific users to access a site and new management delegation capabilities. IIS is one of the roles supported by Windows Server Core, and the restrictions associated with this IIS support are communicated. Chapter 24 concludes with the Windows Web Server 2008 SKU.
A code continuation character is used for lines of code that don’t fit on one line.
Scripts can be found at http://www.savilltech.com/completeguidetowindows2008.
© Copyright Pearson Education. All rights reserved.