173 Windows Server 2008 Reviewers Guide  Accessing a remote file using SMB Service and Web-Based Distributed Authoring and Versioning (WebDAV) is supported transparently. The transaction context is carried to the remote node by the system automatically. The transaction itself gets distributed and coordinated for commit or abort. This should allow applications to be distributed across the multiple nodes with a great degree of flexibility. This is powerful because it transacts network file transfers, which emulates a form of transacted messaging.  Each volume contains its own log. The common log format is used for providing recovery and aborts. The common log format also builds a common Windows transaction-logging facility for use by other stores. 174 Windows Server 2008 Reviewers Guide Section 7: Server Management Section 7: Server Management 174 7.01 Server Management Introduction 176 Scenario Value Proposition 176 Special Hardware Requirements 176 7.02 Initial Configuration Tasks 177 Default Settings in Initial Configuration Tasks 178 7.03 Server Manager 179 Roles 180 Server Roles in Server Manager 180 Features 183 Features in Server Manager 183 Server Manager Console 186 Server Manager Wizards 188 Add Roles Wizard 188 Add Role Services Wizard 189 Add Features Wizard 189 Remove Roles Wizard 190 Remove Role Services Wizard 190 Remove Features Wizard 190 Server Manager Command Line 190 Registry Settings 191 Registry Settings 191 How Do I Open Server Manager? 191 Additional Resources 192 7.04 Windows PowerShell 193 Windows PowerShell Features 194 Windows PowerShell Cmdlets 194 A New Scripting Language 195 Windows Commands and Utilities 195 Additional Information 195 7.05 Server Core 196 7.06 Windows Server Backup 200 7.07 Windows Reliability and Performance Monitor 203 Data Collector Sets 203 Wizards and Templates for Creating Logs 204 Resource View 204 Reliability Monitor 204 Unified Property Configuration for All Data Collection, Including Scheduling 205 User-Friendly Diagnosis Reports 205 7.08 Windows Deployment Services 206 Create and add Boot Images 208 Create a Capture Image 208 Create a Discover Image 208 Create an Install Image 209 Associate an Unattend File with an Image 209 Enable multicast transmission of an image 210 Use Transport Server to enable multicast download of data 210 Deployment 210 Additional Resources 210 7.09 Group Policy 212 175 Windows Server 2008 Reviewers Guide New Categories of Policy Management 213 New Format and Functionality of Administrative Template Files (ADMX) 216 Starter Group Policy Objects 217 Comments for GPOs and Policy Settings 217 Network Location Awareness 217 Group Policy Service 219 Events and Logging 219 Multiple Local Group Policy Objects 220 Finding Specific Administrative Template Policy Settings 220 181 Windows Server 2008 Reviewers Guide Active Directory Domain Services Active Directory Domain Services stores information about users, computers and other devices on the network. Active Directory Domain Services helps administrators more securely manage this information and facilitates resource sharing and collaboration between users. Active Directory Domain Services is also required to be installed on the network to install directory-enabled applications such as Microsoft Exchange Server and for applying other Windows Server technologies such as Group Policy. Active Directory Federation Services Active Directory Federation Services provides Web single-sign-on technologies to authenticate a user to multiple Web applications using a single user account. Active Directory Federation Services accomplishes this by securely federating, or sharing, user identities and access rights, in the form of digital claims, between partner organizations Active Directory Lightweight Directory Services Organizations that have applications which require a directory for storing application data can use Active Directory Lightweight Directory Services as the data store. Active Directory Lightweight Directory Services runs as a nonoperating-system service, and, as such, it does not require deployment on a domain controller. Running as a nonoperating-system service allows multiple instances of Active Directory Lightweight Directory Services to run concurrently on a single server, and each instance can be configured independently for servicing multiple applications. Active Directory Rights Management Services Active Directory Rights Management Services is information protection technology that works with Active Directory Rights Management Services-enabled applications to help safeguard digital information from unauthorized use. Content owners can define exactly how a recipient can use the information, such as who can open, modify, print, forward or take other actions with the information. Organizations can create custom usage rights templates such as ―Confidential—Read Only‖ that can be applied directly to information such as financial reports, product specifications, customer data and e-mail messages. Application Server Application Server provides a complete solution for hosting and managing high- performance distributed business applications. Integrated services, such as the .NET Framework, Web Server Support, Message Queuing, COM+, Windows Communication Foundation, and Failover Clustering support boost productivity throughout the application life cycle, from design and development through deployment and operations. Dynamic Host Configuration Protocol (DHCP) Server The DHCP allows servers to assign, or lease, IP addresses to computers and other devices that are enabled as DHCP clients. Deploying DHCP servers on the network automatically provides computers and other TCP/IP-based network devices with valid IP addresses and the additional configuration parameters these devices need, called DHCP options, that allow them to connect to other network resources, such as DNS servers, WINS servers and routers. DNS Server DNS provides a standard method for associating names with numeric Internet addresses. This makes it possible for users to refer to network computers by using easy-to-remember names instead of a long series of numbers. Windows DNS services can be integrated with DHCP services on Windows, eliminating the need to add DNS records as computers are added to the network. Fax Server Fax Server sends and receives faxes, and allows you to manage fax resources such as jobs, settings, reports and fax devices on this computer or on the network. File Services File Services provides technologies for storage management, file replication, distributed namespace management, fast file searching and streamlined client access to files. Hyper-V The Hyper-V server virtualization role provides an entirely new deployment and licensing paradigm to enable multiple operating system instances — from both Microsoft and potentially third-party operating system vendors — to run in a virtual infrastructure separated from the hardware by a slim ―hypervisor‖-based virtualization technology. Network Policy and Access Services Network Policy and Access Services delivers a variety of methods to provide users with local and remote network connectivity, to connect network segments, and to allow network administrators to centrally manage network access and client health 182 Windows Server 2008 Reviewers Guide policies. With Network Access Services, you can deploy VPN servers, dial-up servers, routers, and 802.11 protected wireless access. You can also deploy RADIUS servers and proxies, and use Connection Manager Administration Kit to create remote access profiles that allow client computers to connect to your network. Print Services Print Services enables the management of print servers and printers. A print server reduces administrative and management workload by centralizing printer management tasks. Terminal Services Terminal Services provides technologies that enable users to access Windows-based programs that are installed on a terminal server, or to access the Windows desktop itself from almost any computing device. Users can connect to a terminal server to run programs and to use network resources on that server. Universal Description, Discovery, and Integration Services (UDDI) UDDI Services provides UDDI capabilities for sharing information about Web services within an organization’s intranet, between business partners on an extranet or on the Internet. UDDI Services can help improve the productivity of developers and IT professionals with more reliable and manageable applications. With UDDI Services you can prevent duplication of effort by promoting reuse of existing development work. Web Server (IIS) Web Server (IIS) enables sharing of information on the Internet, an intranet or an extranet. It is a unified Web platform that integrates IIS 7.0, ASP.NET, Windows Communication Foundation and supports Windows SharePoint ® Services. IIS 7.0 also features enhanced security, simplified diagnostics and delegated administration. Windows Deployment Services You can use Windows Deployment Services to install and configure Microsoft Windows operating systems remotely on computers with Pre-boot Execution Environment (PXE) boot ROMs. Administration overhead is decreased through the implementation of the WdsMgmt MMC snap-in, which manages all aspects of Windows Deployment Services. Windows Deployment Services also provides end users with an experience consistent with Windows Setup. The following graphic shows the File Services role home page in Server Manager. 184 Windows Server 2008 Reviewers Guide Windows. Peer Name Resolution Protocol (PNRP) PNRP allows applications to register on and resolve names from your computer, so other computers can communicate with these applications. Quality Windows Audio Video Experience (qWave) qWave is a networking platform for audio and video (AV) streaming applications on Internet protocol home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service for AV applications. It provides admission control, run-time monitoring and enforcement, application feedback, and traffic prioritization. On Windows Server platforms, qWave provides only rate-of-flow and prioritization services. Recovery Disc Recovery Disc is a utility for creating a Windows operating system installation disc. By using Recovery Disc, you can recover data on your computer if you do not have a Windows product disc, or cannot access recovery tools provided by your computer’s manufacturer. Remote Assistance Remote Assistance enables you (or a support person) to offer assistance to users with computer issues or questions. Remote Assistance allows you to view and share control of the user’s desktop to troubleshoot and fix the issues. Users can also ask for help from friends or co-workers. Remote Server Administration Tools Remote Server Administration Tools enables remote management of Windows Server 2003 and Windows Server 2008 from a computer running Windows Server 2008, by allowing you to run some of the management tools for roles, role services and features on a remote computer. Removable Storage Manager (RSM) RSM manages and catalogs removable media and operates automated removable media devices. RPC Over HTTP Proxy RPC Over HTTP Proxy is a proxy that is used by objects that receive remote procedure calls over HTTP. This proxy allows clients to discover these objects even if the objects are moved between servers or if they exist in discrete areas of the network, usually for security reasons. Services for Network File System (NFS) Services for NFS is a protocol that acts as a distributed file system, allowing a computer to access files over a network as easily as if they were on its local disks. This feature is available for installation on 64-bit versions of Windows Server 2008 only; in other versions of Windows Server 2008, Services for NFS is available as a role service of the File Services role. SMTP Server SMTP Server supports the transfer of e-mail messages between e-mail systems. Storage Manager for Storage Area Networks (SANs) SANs helps you create and manage logical unit numbers on Fibre Channel and iSCSI disk drive subsystems that support Virtual Disk Service (VDS) in your SAN. Simple TCP/IP Services Simple TCP/IP Services supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo and Quote of the Day. Simple TCP/IP Services is provided for backward compatibility and should not be installed unless it is required. Simple Network Management Protocol (SNMP) Services SNMP is the Internet standard protocol for exchanging management information between management console applications — such as HP Openview, Novell NMS, IBM NetView, or Sun Net Manager — and managed entities. Managed entities can include hosts, routers, bridges and hubs. Subsystem for UNIX-based Applications Subsystem for UNIX-based Applications (SUA), along with a package of support utilities available for download from the Microsoft Web site, enables you to run UNIX- based programs, and compile and run custom UNIX-based applications in the Windows environment. Telnet Client Telnet Client uses the Telnet protocol to connect to a remote telnet server and run applications on that server. Telnet Server Telnet Server allows remote users, including those running UNIX-based operating systems, to perform command-line administration tasks and run programs by using a telnet client. Trivial File Transfer TFTP Client is used to read files from, or write files to, a remote TFTP server. TFTP is 185 Windows Server 2008 Reviewers Guide Protocol (TFTP) Client primarily used by embedded devices or systems that retrieve firmware, configuration information, or a system image during the boot process from a TFTP server. Failover Clustering Failover Clustering allows multiple servers to work together to provide high availability of services and applications. Failover Clustering is often used for file and print services, database, and e-mail applications. Network Load Balancing (NLB) NLB distributes traffic across several servers, using the TCP/IP networking protocol. NLB is particularly useful for ensuring that stateless applications, such as a Web server running IIS, are scalable by adding additional servers as the load increases. Windows Server Backup Windows Server Backup allows you to back up and recover your operating system, applications and data. You can schedule backups to run once a day or more often, and can protect the entire server or specific volumes. Windows System Resource Manager (WSRM) WSRM is a Windows Server operating system administrative tool that can control how CPU and memory resources are allocated. Managing resource allocation improves system performance and reduces the risk that applications, services or processes will interfere with each other to reduce server efficiency and system response. Windows Internet Naming Service (WINS) WINS provides a distributed database for registering and querying dynamic mappings of NetBIOS names for computers and groups used on your network. WINS maps NetBIOS names to IP addresses and solves the problems arising from NetBIOS name resolution in routed environments. Wireless LAN (WLAN) Service WLAN Service configures and starts the WLAN AutoConfig service, regardless of whether the computer has any wireless adapters. WLAN AutoConfig enumerates wireless adapters, and manages both wireless connections and the wireless profiles that contain the settings required to configure a wireless client to connect to a wireless network. Windows Internal Database Windows Internal Database is a relational data store that can be used only by Windows roles and features, such as UDDI Services, Active Directory Rights Management Services, Windows Server Update Services and Windows System Resource Manager. Windows PowerShell Windows PowerShell is a command-line shell and scripting language that helps IT professionals achieve greater productivity. It provides a new administrator-focused scripting language and more than 130 standard command-line tools to enable easier system administration and accelerated automation. Windows Process Activation Service (WPAS) WPAS generalizes the IIS process model, removing the dependency on HTTP. All the features of IIS that were previously available only to HTTP applications are now available to applications hosting WCF services, using non-HTTP protocols. IIS 7.0 also uses WPAS for message-based activation over HTTP. The following graphic shows the Features role home page in Server Manager. 187 Windows Server 2008 Reviewers Guide The main window of the Server Manager console contains the following four collapsible sections:  Server Summary The Server Summary section includes two subsections: System Information and Security Summary. System Information displays the computer name, domain, local administrator account name, network connections and the product ID of the operating system. Commands in the System Information subsection allow you to edit this information. Security Summary displays whether Windows Update and Windows Firewall are enabled. Commands in the Security Summary subsection allow you to edit these settings or view advanced options.  Roles Summary The Roles Summary section contains a table indicating which roles are installed on the server. Commands in this section allow you to add or remove roles, or go to a more detailed console in which you can manage a specific role.  Features Summary The Features Summary section contains a table indicating which features are installed on the server. Commands in this section allow you to add or remove features.  Resources and Support The Resources and Support section displays whether this server is participating in the feedback programs Windows Server CEIP and Windows Error Reporting. Resources and Support is also designed to be a launch point for joining topical 197 Windows Server 2008 Reviewers Guide  Windows Internet Naming Service (WINS)  Telnet client  Quality of Service The Server Core installation option is designed for use in organizations that either have many servers, where some only need to perform dedicated tasks, or in environments where high security requirements require a minimal attack surface on the server. Since no graphical user interface is available for many Windows operations, using the Server Core installation option requires administrators to be experienced in using a command prompt or scripting techniques for local administration of the server. Alternatively, you can manage the Server Core installation with Microsoft Management Console (MMC) snap-ins from another computer running Windows Server 2008 by selecting the Server Core computer as a remote computer to manage. You should review this topic and additional documentation about the Server Core installation option if you are in any of the following groups:  IT planners and analysts who are technically evaluating the product  Enterprise IT planners and designers for organizations  Those responsible for IT security  IT Pros managing the following server roles: DHCP Server, File Services, Print Server, DNS Server, Active Directory Lightweight Directory Services (AD LDS), or Active Directory Domain Services The Server Core installation option does not add new functionality to the server roles it supports. Each server role, however, might have changes for Windows Server 2008. Server Core installations provide the following benefits:  Reduced maintenance. Because a Server Core installation installs only what is required for the specified roles (DHCP Server, File Services, Print Server, DNS Server, AD LDS, or Active Directory Domain Services roles), less servicing is required than on a full installation of Windows Server 2008.  Reduced attack surface. Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.  Reduced management. Because fewer applications and services are installed on a server running a Server Core installation, there is less to manage.  Less disk space required. A Server Core installation only requires about 1 gigabyte (GB) of disk space to install, and approximately 2 GB for operations after the installation. Server Core servers do not have a user interface or provide the ability to run applications. The management experience will also be different using a Server Core installation. A Server Core installation requires you to initially configure the system from the command line, or using scripted methods such as an unattended installation, because it does not include the traditional full user interface. Once the server is configured, you can manage it from the command line, either locally or remotely with a Terminal Services remote desktop connection. You can also use MMC . Tasks 1 78 7.03 Server Manager 179 Roles 180 Server Roles in Server Manager 180 Features 183 Features in Server Manager 183 Server Manager Console 186 Server Manager Wizards 188 Add Roles. Remote Server Administration Tools Remote Server Administration Tools enables remote management of Windows Server 2003 and Windows Server 20 08 from a computer running Windows Server 20 08, by. in Server Manager. 187 Windows Server 20 08 Reviewers Guide The main window of the Server Manager console contains the following four collapsible sections:  Server Summary The Server