Expert Reference Series of White Papers Windows Server 2008: What to Expect 1-800-COURSES www.globalknowledge.com Windows Server 2008: What to Expect Bradford S Werner, Technical Evangelist, MCSE, MCT, etc Introduction With every new release of Windows Server, I always see lists of “What’s New” and “What’s Hot,” yet what I’m usually asked is, “Is it worth it?,” or “When should I upgrade?” Therefore, with each passing Beta and Release Candidate toward the Release to Manufacturing (RTM) for Windows Server 2008 (formerly known as Windows code name “Longhorn” Server), I’d like to present a different view of the road ahead for your Windows Server deployments It’s not focused on the next code name “Vienna,” but simply Windows Server 2008: What to Expect Rather than a feature-by-feature focus, here’s a look at an Information Technology (IT-y) perspective of WIndows Server 2008: Predictability Virtuality Modularity Security Maintainability Predictability Most people, and certainly many IT professionals who are dealing with ever changing technology, appreciate consistency and predictability Therefore, when people hear that a new version of Windows Server is coming out, they often ask, “How different is it?” Another hidden aspect of the question is usually, “Please, tell me that there’s a lot that’s the same as what I already know!” If you were in a Windows IT support role during the Windows NT 4.0 Server to Windows 2000 Server transition era, you may be wondering, “Is this a quantum leap or more of a small easy upgrade?” Before getting into some detailed features, let’s first look at two aspects of how similar and different is Windows Server 2008 compared with previous version of Windows Server Specifically, let’s look at the underthe-hood version numbers and then look at the editions This will give us a big picture of the relationships between various Windows Server versions and editions Figure Copyright ©2008 Global Knowledge Training LLC All rights reserved Page The leap from Windows NT 4.0 Server to Windows 2000 Server (and NT 4.0 Enterprise to W2K Advanced Server) was a rather difficult one for many administrators and designers Under the hood, Windows 2000 is essentially Windows NT 5.0 and, in fact, had that name during its development Similarly, Windows Server 2003 is NT 5.2, with Windows XP being the NT 5.1 in between While there were some notable advancements from Windows 2000 Server to Windows Server 2003, the minor version number (5.0 to 5.2) increment is largely indicative of the degree of change and potential complexity of upgrading the environment from the older version to the newer Windows Server 2003 Release (R2) is an interim update release between service packs, which provides a number of optional components that were not included in the original released to manufacturing (RTM) version of Windows Server 2003 Although some of these such as Active Directory Federation Services (ADFS) and the vastly reworked Distributed File System (DFS) provide a tremendous value-added capability and integration benefit beyond Windows Server 2003 RTM, the version number on Windows Server 2003 R2 is the same In other words, version numbers don’t always reflect changes in functionality and vice versa Moving from Windows Server 2003 R2 or other platforms to Windows Server 2008 can require a tremendous learning curve to fully utilize all of its features Yet there are a number of predictable aspects of Windows Server 2008 for those professionals who are familiar with Windows Server 2003 R2 which help to ease the transition While Windows Vista effectively represents the client offering of Windows NT 6.0 technologies, Windows Server 2008 is akin to Windows NT 6.0 Server by any other name If the under-the-hood version number could be used as a guide, it would be clear that from NT 5.2 to NT 6.0, certainly Windows Server 2008 represents a major non-trivial update compared with the predecessor Windows Server 2003 Even though there are notable feature and architectural changes in how Windows Server 2008 can be used compared with earlier versions of Windows Server, let’s now look at some similarities so that you understand that some of this new operating system is familiar relative to older versions Editions Windows Server 2008 will be offered by Microsoft in a number of editions or stock keeping units (SKUs) Many of these have names that are luckily similar to Windows Server 2003 editions The simple list is as follows: Edition Edition Name Web Windows Web Server 2008 Standard Windows Server 2008 Standard Enterprise Windows Server 2008 Enterprise Datacenter Windows Server 2008 Data Center Itanium Windows Server 2008 for Itanium-based Systems Table Note that the Web, Standard, Enterprise, and Datacenter editions are available for both x86 and x64 platforms, yet the Itanium edition is notably for Itanium-Based systems as the name clearly states We’ve ordered the list here from low-end to high-end intended system for your convenience Copyright ©2008 Global Knowledge Training LLC All rights reserved Page Windows Server 2008 is installed, configured, and maintained based on a model of roles and features The available roles depend on what edition you have Here’s a quick reference Role Web Standard Enterprise Datacenter Itanium File Services - + + Print Services + + + Fax Server + + + + + + + Application Server + + + + UDDI Server + + + Terminal Services - + + Active Directory (AD) Domain Services + + + AD Lightweight Directory Services + + + AD Certificate Services - + + AD Rights Management Services + + + + + Web Services (IIS) + AD Federation Services Network Policy and Access Services - + + DHCP Server + + + DNS Server + + + Windows Deployment Services + + + Hyper-V + + + Table Many of these roles are updates to those supported by Windows Server 2003, and the correlation to the editions of the operating system is also largely consistent with previous versions of Windows Server We shall investigate some of these roles and some of the features of Windows Server 2008 in future sections of this white paper Virtuality Microsoft Windows Server Hyper-V provides the new hypervisor approach to virtual server technologies Virtualization and hosting several virtual machines per physical server has become such a common aspect of server deployment and administration that by default the Standard, Enterprise, and Datacenter editions of Windows Server 2008 include the Hyper-V technologies The Hyper-V role is not available in the Web and Itanium editions There are actually three additional SKUs for Windows Server 2008 than were listed in table X – the Standard, Enterprise, and Datacenter editions are alternately available without the Hyper-V role for those customers who not need virtualization with this hypervisor Considering this, the five editions, plus these three other editions without the Hyper-V which correlate to the editions that normally have it, gives us eight editions overall Copyright ©2008 Global Knowledge Training LLC All rights reserved Page The SKUs that include Hyper-V should be available within 180 days after the non-Hyper-V SKUs are available The Hyper-V technology is an alternative to the Microsoft Virtual Server 2005 R2 and VMware Server type offerings With Hyper-V, a mix of Windows and non-Windows operating systems could be run in virtual machines (VMs) on the physical server More like VMware ESX Server, Hyper-V is a small virtualization layer that runs directly on the hardware without the need for a full host operating system In fact, as Microsoft now enters the hypervisor space in the world of virtualization for the first time, it’s interesting to note that not only are VMware ESX Server and the Xen hypervisor already available, but that Oracle VM Server now uses a modified version of the Xen hypervisor The advantage of hypervisors over Microsoft Virtual Server 2005 R2 and the regular VMware Server is primarily in the removal of a dependency on a full-blown operating system on the physical host server Windows Server licensing has changed to allow unused VMs not to count against the tally, with only the number of concurrently running VMs requiring active licenses Modularity With 17 server roles and 30 differentiated features, there are several modules of Windows Server 2008 that can be used independent of one another Some components of Windows are related to one another and, in some cases, even dependent upon one another An example of the modularity of these roles and features may be illustrated best with the example of Active Directory Figure Copyright ©2008 Global Knowledge Training LLC All rights reserved Page Active Directory is not just one service The evolution of Active Directory of the past several years has brought much terminology to the world of Windows, both in terms of Internet technologies and some lingo shared with other vendors products, and in terms of Microsoft’s expansion and repackaging of the Active Directory universe The most fundamental form of Active Directory (AD) is the Active Directory Lightweight Directory Services (AD LDS), formerly known (e.g., in Windows Server 2003 R2) as Active Directory Application Mode (ADAM) AD LDS includes the core services of AD including an implementation of the Lightweight Directory Access Protocol (LDAP), the AD schema, and a replication topology that may be shared across several workstations and/or servers hosting AD LDS Each deployment of AD LDS on servers and workstations that works with the same schema and replication topology is called an instance Each AD LDS instance can contain one or more naming contexts (NCs), which are also called directory partitions Each NC typically supports a specific application, such as human resources benefits information While some applications may use a database, and others may use both a database and a directory, some applications could use just a directory consisting of one or more LDAP accessible AD LDS NCs The most common form of AD is Active Directory Domain Services (AD DS), formerly known as just AD Building on the foundation of AD from Windows 2000 Server and Windows Server 2003, AD DS includes several services beyond those that are included in AD LDS At the core of AD DS is the same multi-NC capable deployment model, which includes the common schema and configuration But such AD DS deployments are called forests instead of instances, as they are with AD LDS Like an AD LDS instance, each AD DS forest may contain one or more NCs At least one NC in an AD DS forest must be a domain NC Each AD DS forest may have multiple domains and multiple non-domain NCs This is true of Windows Server 2003 AD as well In addition, the forestwide Global Catalog, Kerberos, Windows NT 4.0 Security Accounts Manager (SAM) backward compatibility, Group Policy, and the effective full-mesh automatic trusts between domains in the same forest are all aspects of AD in Windows 2000 Server, Windows Server 2003, and AD DS in Windows Server 2008 Certificate Services is a Windows Component for Windows 2000 Advanced Server and Windows Server 2003 Enterprise Edition Now, with Windows Server 2008, the upgrade to this is called AD Certificate Services (AD CS) While certain features are still reserved for the Windows Server 2008 Enterprise and Datacenter editions, the ability to create certificate authorities (CAs) on the Standard edition is a welcome ability from a licensing standpoint This is expected to help enable public key infrastructure (PKI) deployment in smaller- and mediumsized organizations where the Enterprise edition may not be utilized Use of internal CAs to support PKI can benefit from a synergy of AD DS and AD CS feature sets and be used to enable email content security with S/MIME, better control of encrypting file system (EFS) security, network transfer security with SSL/TLS, network authentication (e.g., 802.1x), smart card deployment, and much more The AD Federation Services (AD FS) debuted in Windows Server 2003 R2, and have been upgraded in Windows Server 2008 These Web Services (WS) federation services help to facilitate use of web-based applications across organization boundaries AD FS utilizes AD DS in each organization to help build relationships within which claims of access abilities may be supported for secure access to these web-based applications Beside the name changes and assimilation of other services into the AD fold, there is also a new service available in Windows Server 2008 called AD Rights Management Services (AD RMS) AD RMS requires that AD DS and a database server be available in the organization, and IIS must be installed on the AD RMS servers, including message queueing and ASP.NET Then AD RMS-enabled software such Microsoft Office 2007’s versions of Word, PowerPoint, and Outlook may be used to establish specific usage rights on content for particu- Copyright ©2008 Global Knowledge Training LLC All rights reserved Page lar people Policy-based configuration of AD RMS allows management of rights, such as the ability to open, modify, print, or forward content With upgrades to several components, including, for instance, the AD DS read-only domain controller (RODC) option, Windows Server 2008 provides a suite of powerful integrated Active Directory services in the AD LDS, AD DS, AD CS, AD FS, and AD RMS roles In addition to these roles, features such as the UNIX Identity Management (Directory uIDM) and ADFS Web Agent may also be utilized, based on the AD infrastructure Security Windows Server 2008 supports all of the security features of the previous generations of Windows Server products as well as many security features from Windows Vista For now, let’s focus on just three: a leaner way to install Windows Server called Server Core, a special limited functionality domain controller called a ReadOnly Domain Controller, and a computer health compliance feature called Network Access Protection Server Core Windows Server 2008 with all of its features and roles is a fairly large operating system by any measure One part of systems hardening best practices is to reduce the attack surface of computer and network systems The author developed more than one Windows Systems Hardening course that recommended reducing the number of services and subsystems installed on each computer as a part of the hardening process The ability to choose which features and roles in Windows Server 2008’s Server Manager is a step in the right direction, yet even the basic full installation of Windows includes too many components in the opinion of many experts Therefore, Microsoft offers two ways to install Windows Server 2008 One method is to still perform a full installation and, certainly, not installing excess features or roles beyond current needs is highly recommended The second installation method for Windows Server 2008 is to install only a Server Core The Server Core installation approach does not include many traditionally expected Windows components Therefore, with a more limited foundation of components when compared with a regular full installation, the Server Core installation does not support all server roles and features While the Server Core installation is available for Internet Information Services (IIS) on the Web edition, Server Core installations offer the broadest array of options in the Standard, Enterprise, and Datacenter editions Here, the Server Core installation is available for the following roles: • Active Directory Lightweight Directory Services (AD LDS) •Active Directory Domain Services (AD DS) • Domain Name System (DNS) Server • Dynamic Host Configuration Protocol (DHCP) Server • File Services • Hyper-V • Print Services • Internet Information Services (IIS) Web Services The Server Core installation option is not available for other roles nor for the Itanium edition Read-Only Domain Controller Several people have reacted to the news that Windows Server 2008 features a Read-Only Domain Controller (RODC) option as if this represents a reversion to the days of Windows NT 4.0’s Backup Domain Controller (BDC)-type technology Could the move to the multi-master nature of Active Directory in Windows 2000 Server Copyright ©2008 Global Knowledge Training LLC All rights reserved Page have been wrong? This belief is unfounded First, even an Active Directory domain with just two domain controllers (DCs), one of which is a regular DC and the other a RODC, would still have all the advantages of Active Directory beyond NT 4.0 domain technology with the exception of the multi-master abilities Second, the key distinction between a RODC and a BDC becomes evident when there are more than two DCs per domain A domain based on Windows NT 4.0 technology could have only one read-writable Primary Domain Controller (PDC), and all other DCs in the domain must be read-only BDCs Windows Server 2008 continues the natural advantage of multi-master updates and replication intrinsic in Active Directory, but allows IT pros deploying Active Directory to choose which DCs are read-writable and which are read-only with a great degree of freedom For example, a domain with 78 DCs could have 75 regular DCs and RODCs if that meets the needs of the organization Why would anyone want a RODC? If you consider the new RODC offering to be an expansion of the roles for the Branch Office Management initiative, which brought the new Distributed File System namespace and replication model and the Print Management Component in Windows Server 2003 Release (R2), we have a good context to understand the need With Windows Server 2003 or Windows 2000 Server, the domain services for users in a branch office could be supported either by having one or more local domain controllers that were read-writable or by having no domain controllers locally In the latter scenario, with no local domain controllers, users in the branch office rely on the wide area networks (WANs) back to the larger offices (e.g., headquarters) for domain services including authentication – the ability to log on using domain-based user account credentials This represents a potential liability in the event of a WAN degradation or outage to the branch facility The alternative – having one or perhaps more local DCs in the branch location – may present a far greater liability (depending on the mission criticality of domain services at the branch office) If any domain controller cannot be properly secured, not just in terms of network security but physical security as well, sensitive data in the domain may be compromised If a DC is not physically secure, not only could data potentially be scavenged from the DC, but inappropriate data could be injected into the vulnerable DC With an RODC such potential damage could be localized With a normal read-writable DC, such damage would replicate throughout the domain and possibly throughout the entire forest The ability to breach the security of a DC and inject data, not only into the same domain that the DC serves, but to all other naming contexts (such as other domains) in the same Active Directory forest, was quietly confirmed by the author in Windows 2000 and later publicly mentioned by a Microsoft employee at an Active Directory Experts conference (based on independent testing) the following year The purpose of an RODC is deliver all read-only benefits of a local DC while constraining the extent of such potential damage Network Access Protection Have you ever had anyone access your network who shouldn’t be on it? Windows Server 2003 has some great facilities to help prevent unauthorized access via Ethernet switches, wireless access points (WAPs), virtual private network (VPN) servers, and, of course, dial-up access Some of the elements involved include Windows XP, Server 2003, and Vista’s inclusion of an 802.1x authentication component, use of the Internet Authentication Service (IAS) in Windows Server 2003, and more Windows Server 2003 also includes Network Access Quarantine Control (NAQC) functionality to isolate remote access clients that not meet the requirements specified in an administrator-specified script Windows Server 2008 introduces a number of changes, additions, and extensions to this model The Network Access Protection (NAP) feature of Windows Server 2008 can work with a number of kinds of clients to pro- Copyright ©2008 Global Knowledge Training LLC All rights reserved Page vide pervasive access restrictions The Network Policy and Access Services role performs several integral functions in this model Figure The Network Policy Access Services (NPAS) role can include the following services: • Network Policy Server (NPS) • Routing and Remote Access Services (RRAS) • Remote Access Service (RAS) • Routing • Health Registration Authority (HRA) • Host Credential Authorization Protocol (HCAP) Copyright ©2008 Global Knowledge Training LLC All rights reserved Page The first of these, the Network Policy Server (NPS) aspect of NPAS, can provide three features: • Remote Authentication Dial-In User Service (RADIUS) server • Network Access Protection (NAP) policy server • RADIUS proxy Because the RADIUS service was performed by the Windows Server 2003 Internet Authentication Service (IAS), we could say that NPS replaces or upgrades IAS; yet, because we also have the NAP policy server ad RADIUS proxy aspects now as well, it’s safe to say that NPS goes well beyond IAS Many of my students in Windows Server 2003 Security training thought that 802.1x and VPN authentication, coupled with IAS for RADIUS, was non-trivial Certainly, the new NPS, HRA, and HCAP functionality elevates the topic of NAP to a whole new, definitely non-trivial level Yet, conceptually it’s not really all that complicated At a conceptual level, NAP is used to check if computers have a specific level (or set) of software updates, antivirus signatures, and other security configuration An administrator defines this “health” certification configuration Any clients utilizing Internet Protocol security extensions (IPsec) (available as part of Windows since Windows 2000), the Dynamic Host Configuration Protocol (DHCP), VPN, and local area network (e.g., Ethernet, 802.11 wireless) connectivity must comply with this health certification Compliant clients are allowed potentially unrestricted access to the network (pending other policies and restriction mechanisms) Essential to NAP is the concept of remediation That allows noncompliant clients to meet the health requirements and join the unrestricted network To discuss this at a slightly more technical level, it’s useful to treat any Ethernet switch, wireless access point, VPN server, or DHCP server generically as an “access server.” Each client sends a statement of health (SoH) to their access server, which then communicates this to the NPS When a client’s SoH doesn’t comply with the required health policy, the NPS instructs the access server to deny access to the client to the unrestricted network, but to allow the client to access a special remediation network This remediation network would include servers such as DNS servers, software update servers, and antivirus signature update servers Once the client complies with the health policy, they may attempt access again In addition to these core functions of NAP, IPsec clients, which have no natural access server, can obtain network access through communication with a Health Registration Authority (HRA) server that issues the IPsec clients health certificates Also, Cisco Network Admission Control capable clients can be integrated into a NAP infrastructure by using the Host Credential Authorization Protocol (HCAP) component of NPAS Certainly, NPAS and its role in the NAP infrastructure can be utilized to take network access to a new level Note that NAP merely checks for compliance with stated health configuration It does not actively seek out virus or worm software nor protect from these in any direct way The intention of NAP is to require all clients to be operating at a specific, less vulnerable, configuration than without NAP It is the stronger configuration that might directly protect each client (workstation, server, etc.) and, in turn, the entire network Maintainability IT Professionals not only need systems that offer features and functionality, but systems which are maintainable For many years, Windows Server and Windows in general have been heralded as easy-to-maintain Two very interesting newcomers in this maintainability tradition have been added to Windows Server 2008: Windows PowerShell and Server Manager Copyright ©2008 Global Knowledge Training LLC All rights reserved Page 10 Windows PowerShell While Windows PowerShell is not unique to Windows Server 2008, it is perhaps the most exciting new feature to be included with the new Windows Server operating system Windows PowerShell (hereinafter referred to as PowerShell) is typically described as both an interactive command shell and a scripting environment What is so exciting about the Windows PowerShell in Windows Server 2008? PowerShell represents a radical shift in the administration of Windows systems because it is the new foundation for management and automation of Windows and several other Microsoft products The Microsoft Management Console (MMC) framework is still used for many graphical management tools, but the newer consoles released from Microsoft are also based on Windows PowerShell A role reversal has been occurring – in other words: Software developers include management frameworks with their software The interpretive shell PowerShell is used as the direct administrator interface to those frameworks The graphical management consoles are built on top of the PowerShell environment Figure Therefore, the graphical management tools can still provide administrators with a quick and easy interface for managing the most commonly used aspects of Windows and services based on the Windows platform But for the ultimate degree of flexibility and control required for complex operations or where automation is desired, the PowerShell foundation provides access to all management features Server Manager Are you a command-line or graphical type of person? Windows PowerShell is immensely powerful and well suited to automation, but many Windows administrators simply prefer a graphical user interface (GUI) Windows 2000 and Windows Server 2003 include a Computer Management console that may be used for certain kinds of administration either locally or across a network Yet some management tasks required the use of Control Panel applets or a command line interface In addition, there are Manage Your Server and Configure Your Server applications as well Some administrators would resort to using Remote Desktop (or Terminal Services) for administration of their servers While Windows Server 2008 certainly still has Computer Management, Control Panel, Remote Desktop, and a far more powerful and flexible Terminal Services, it also has something more exciting in the one-stop-shopping GUI management department: Server Manager Copyright ©2008 Global Knowledge Training LLC All rights reserved Page 11 Figure Windows Server 2008’s Server Manager may be used to manage Roles, Features, Diagnostics, Configuration, and Storage all in one console Unless you’re purely going to use PowerShell for all of your Windows administration, you simply must check out Server Manager Summary Windows Server 2008 is essentially a major upgrade from Windows Server 2003 R2 that offers far more features and updates to previously existing features Due to space constraints, we’ve focused on just a few of the newer aspects of the operating system, including: • Predictability: the available editions of the operating system: Web, Standard, Enterprise, Datacenter, and Itanium; • Virtuality: the new hypervisor for virtualization, called Hyper-V, which is expected to be available for Standard, Enterprise, and Datacenter editions 180 days after the main release of the operating system; • Modularity: the evolution of a broader modular approach to Active Directory (AD) components, including AD Lightweight Directory Services, AD Domain Services, AD Certificate Services, AD Federation Services, and the new AD Rights Management Services; • Security: features such as the Server Core installation option, Read-Only Domain Controller option, and Network Access Protection (NAP); • Maintainability: the best of both worlds for different Windows management styles: Windows PowerShell and Server Manager There are several other features that deserve investigation which we’ll save for another paper, including but not limited to: Copyright ©2008 Global Knowledge Training LLC All rights reserved Page 12 • Windows Deployment Services (WDS) – the replacement for the Remote Installation Service (RIS); • Terminal Services – which now includes the Remote Application (as opposed to just Remote Desktop) model and also a new Terminal Services Gateway component; • Failover Clustering – enhancements and a renaming of the Server Cluster feature for Enterprise and Datacenter editions; • Internet Information Services (IIS) 7.0 – streamlined administration tools and enhanced management frameworks accompany a higher-performing web service We hope that you enjoyed our brief tour of What to Expect in Windows Server 2008, and hope to provide you with further information in the future, whether in the form of a white paper, training course, or consulting However, your transition into the world of Windows Server 2008 unfolds, we hope that it’s a fruitful and relatively painless journey Learn More Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge Managing and Maintaining Server 2008 MCITP: Server 2008 Administrator Boot Camp MCITP: Server 2008 Combo Boot Camp MCITP: Server 2008 Enterprise Administrator Upgrade Boot Camp Migrating to Server 2008 For more information or to register, visit www.globalknowledge.com or call 1-800-COURSES to speak with a sales representative Through expert instruction, you will understand key concepts and how to apply them to your specific work situation Choose from more than 700 courses, delivered through Classrooms, e-Learning, and On-site sessions, to meet your IT and management training needs About the Author Rev Dr Bradford S Werner, Technical Evangelist, is the president of Werner Training and Consulting, Inc – a software development, consulting, and training business in Phoenix, Arizona Brad has over 27 years of experience in systems engineering and software development He is expert with embedded systems development and systems integration Besides embedded systems, Brad has developed operating systems, compilers, and other software for UNIX, Mac, and of course Windows systems He's a bestselling author whose software, books, and award-winning course materials have been used worldwide Windows-related courses include a dozen courses on Windows Server and Security topics Brad holds a B.S in Computer Science, completed half of a Masters in Telecommunications, and holds a Doctorate in Metaphysics, as well as other certifications Copyright ©2008 Global Knowledge Training LLC All rights reserved Page 13 [...]... Maintaining Server 2008 MCITP: Server 2008 Administrator Boot Camp MCITP: Server 2008 Combo Boot Camp MCITP: Server 2008 Enterprise Administrator Upgrade Boot Camp Migrating to Server 2008 For more information or to register, visit www.globalknowledge.com or call 1-800-COURSES to speak with a sales representative Through expert instruction, you will understand key concepts and how to apply them to your.. .Windows PowerShell While Windows PowerShell is not unique to Windows Server 2008, it is perhaps the most exciting new feature to be included with the new Windows Server operating system Windows PowerShell (hereinafter referred to as PowerShell) is typically described as both an interactive command shell and a scripting environment What is so exciting about the Windows PowerShell in Windows Server 2008? ... department: Server Manager Copyright 2008 Global Knowledge Training LLC All rights reserved Page 11 Figure 6 Windows Server 2008 s Server Manager may be used to manage Roles, Features, Diagnostics, Configuration, and Storage all in one console Unless you’re purely going to use PowerShell for all of your Windows administration, you simply must check out Server Manager Summary Windows Server 2008 is essentially... streamlined administration tools and enhanced management frameworks accompany a higher-performing web service We hope that you enjoyed our brief tour of What to Expect in Windows Server 2008, and hope to provide you with further information in the future, whether in the form of a white paper, training course, or consulting However, your transition into the world of Windows Server 2008 unfolds, we hope that... are Manage Your Server and Configure Your Server applications as well Some administrators would resort to using Remote Desktop (or Terminal Services) for administration of their servers While Windows Server 2008 certainly still has Computer Management, Control Panel, Remote Desktop, and a far more powerful and flexible Terminal Services, it also has something more exciting in the one-stop-shopping GUI... for complex operations or where automation is desired, the PowerShell foundation provides access to all management features Server Manager Are you a command-line or graphical type of person? Windows PowerShell is immensely powerful and well suited to automation, but many Windows administrators simply prefer a graphical user interface (GUI) Windows 2000 and Windows Server 2003 include a Computer Management... shell PowerShell is used as the direct administrator interface to those frameworks The graphical management consoles are built on top of the PowerShell environment Figure 4 Therefore, the graphical management tools can still provide administrators with a quick and easy interface for managing the most commonly used aspects of Windows and services based on the Windows platform But for the ultimate degree... of course Windows systems He's a bestselling author whose software, books, and award-winning course materials have been used worldwide Windows- related courses include a dozen courses on Windows Server and Security topics Brad holds a B.S in Computer Science, completed half of a Masters in Telecommunications, and holds a Doctorate in Metaphysics, as well as other certifications Copyright 2008 Global... features such as the Server Core installation option, Read-Only Domain Controller option, and Network Access Protection (NAP); • Maintainability: the best of both worlds for different Windows management styles: Windows PowerShell and Server Manager There are several other features that deserve investigation which we’ll save for another paper, including but not limited to: Copyright 2008 Global Knowledge... PowerShell represents a radical shift in the administration of Windows systems because it is the new foundation for management and automation of Windows and several other Microsoft products The Microsoft Management Console (MMC) framework is still used for many graphical management tools, but the newer consoles released from Microsoft are also based on Windows PowerShell A role reversal has been occurring – ... Maintaining Server 2008 MCITP: Server 2008 Administrator Boot Camp MCITP: Server 2008 Combo Boot Camp MCITP: Server 2008 Enterprise Administrator Upgrade Boot Camp Migrating to Server 2008 For more... Windows Web Server 2008 Standard Windows Server 2008 Standard Enterprise Windows Server 2008 Enterprise Datacenter Windows Server 2008 Data Center Itanium Windows Server 2008 for Itanium-based Systems.. .Windows Server 2008: What to Expect Bradford S Werner, Technical Evangelist, MCSE, MCT, etc Introduction With every new release of Windows Server, I always see lists of What s New” and What s