Windows Server 2008: The Definitive Guide by Jonathan Hassell Publisher: O'Reilly Pub Date: March 15, 2008 Print ISBN-13: 978-0-59-651411-2 Pages: 492 Table of Contents | Index Overview This practical guide has exactly what you need to work with Windows Server 2008 Inside, you'll find step-by-step procedures for using all of the major components, along with discussions on complex concepts such as Active Directory replication, DFS namespaces and replication, network access protection, the Server Core edition, Windows PowerShell, server clustering, and more All of this with a more compact presentation and a tighter focus on tasks than you'll find in bulkier references Windows Server 2008: The Definitive Guide takes a refreshing approach You won't find the history of Windows NT, or discussions on the way things used to work Instead, you get only the information you need to use this server If you're a beginning or intermediate system administrator, you learn how the system works, and how to administer machines running it The expert administrators among you discover new concepts and components outside of your realm of expertise Simply put, this is the most thorough reference available for Windows Server 2008, with complete guides to: Installing the server in a variety of different environments File services and the Windows permission structure How the domain name system (DNS) works Active Directory, including its logical and physical structure, hierarchical components, scalability, and replication Group Policy's structure and operation Managing security policy with predefined templates and customized policy plans Architectural improvements, new features, and daily administration of IIS 7 Terminal Services from both the administrator's user's point of view Networking architecture including DNS, DHCP, VPN, RADIUS server, IAS, and IPSec Windows clustering services - applications, grouping machines, capacity and network planning, user account management Windows PowerShell scripting and command-line technology With Windows Server 2008: The Definitive Guide, you to come away with a firm understanding of what's happening under the hood, but without the sense that you're taking a graduate course in OS theory If you intend to work with this server, this is the only book you need Windows Server 2008: The Definitive Guide by Jonathan Hassell Publisher: O'Reilly Pub Date: March 15, 2008 Print ISBN-13: 978-0-59-651411-2 Pages: 492 Table of Contents | Index Preface Chapter 1 Introducing Windows Server 2008 Section 1.1 The Biggest Changes Section 1.2 Networking Improvements Section 1.3 Security Improvements Section 1.4 Manageability Improvements Section 1.5 Performance and Reliability Upgrades Section 1.6 Windows Server 2008 Editions Section 1.7 Hardware Requirements Section 1.8 The Last Word Chapter 2 Installation and Deployment Section 2.1 Installing Windows Server 2008 Section 2.2 Initial Configuration Tasks Section 2.3 Deployment Section 2.4 The Last Word Chapter 3 File Services Section 3.1 File and Print Server Features Section 3.2 Setting Up File Sharing Services Section 3.3 NTFS File and Folder Permissions Section 3.4 The File Server Resource Manager Section 3.5 Disk-Based Quotas Section 3.6 Using Offline Files and Folders Section 3.7 Using Previous Versions Section 3.8 The Distributed File System Section 3.9 Command-Line Utilities Section 3.10 The Last Word Chapter 4 Domain Name System Section 4.1 Nuts and Bolts Section 4.2 Zones Versus Domains Section 4.3 Resource Records Section 4.4 Using Primary and Secondary Nameservers Section 4.5 Building a Nameserver Section 4.6 Subdomains and Delegation Section 4.7 Dynamic DNS Section 4.8 Active Directory-Integrated Zones Section 4.9 Forwarding Section 4.10 The Split DNS Architecture Section 4.11 Backup and Recovery Section 4.12 Command-Line Utilities Section 4.13 The Last Word Chapter 5 Active Directory Section 5.1 Active Directory Domain Services Objects and Concepts Section 5.2 Building an AD DS Structure Section 5.3 Understanding Operations Master Roles Section 5.4 Understanding Directory Replication Section 5.5 Active Directory Troubleshooting and Maintenance Section 5.6 The Last Word Chapter 6 Group Policy and IntelliMirror Section 6.1 An Introduction to Group Policy Section 6.2 Group Policy Implementation Section 6.3 Local Group Policy Section 6.4 Domain Group Policy Section 6.5 Deployment Considerations Section 6.6 Troubleshooting Group Policy Section 6.7 Other Group Policy Management Tools Section 6.8 Command-Line Utilities Section 6.9 The Last Word Chapter 7 Windows Security and Patch Management Section 7.1 Understanding Security Considerations Section 7.2 Locking Down Windows Section 7.3 Using Auditing and the Event Log Section 7.4 The Last Word Chapter 8 Internet Information Services 7 Section 8.1 Major Improvements Section 8.2 The New Architecture Section 8.3 Roles Section 8.4 Managing IIS Graphically Section 8.5 Managing IIS from the Command Line Section 8.6 The Last Word Chapter 9 Windows Server 2008 Server Core Section 9.1 The Lack of a Shell Section 9.2 Realistic Deployment Scenarios Section 9.3 No Managed Code Section 9.4 Few Third-Party Software Applications Section 9.5 Installation Section 9.6 Initial Configuration Section 9.7 Administering Windows Server 2008 Server Core Machines Section 9.8 The Last Word Chapter 10 Terminal Services Section 10.1 The Remote Desktop Protocol Section 10.2 Adding the Terminal Server Role Section 10.3 Enabling Remote Desktop Section 10.4 On the User's Side Section 10.5 Terminal Services Administration Section 10.6 Terminal Services RemoteApp Section 10.7 Terminal Services Web Access Section 10.8 Terminal Services Gateway Section 10.9 Command-Line Utilities Section 10.10 The Last Word Chapter 11 DHCP and Network Access Protection Section 11.1 Dynamic Host Configuration Protocol Section 11.2 Network Access Protection Section 11.3 The Last Word Chapter 12 An Introduction to Clustering Technologies Section 12.1 Network Load-Balancing Clusters Section 12.2 Server Clustering Section 12.3 Command-Line Utilities Section 12.4 The Last Word Chapter 13 PowerShell Section 13.1 Why PowerShell? Section 13.2 Installing PowerShell Section 13.3 PowerShell and Security Section 13.4 Starting Up PowerShell Section 13.5 Cmdlets: The Heart of PowerShell Section 13.6 Getting Help with PowerShell Section 13.7 Using Data Stores and PowerShell Providers Section 13.8 The Pipeline Section 13.9 Formatting Basics Section 13.10 Variables Section 13.11 Writing Scripts Section 13.12 Objects: NET, WMI, and COM Section 13.13 Advanced PowerShell Section 13.14 Learning More About PowerShell Section 13.15 The Last Word Chapter 14 Hyper-V Section 14.1 How It Works Section 14.2 Getting Started with Hyper-V Section 14.3 Virtualization Strategy Section 14.4 The Last Word Colophon Index Windows Server 2008: The Definitive Guide by Jonathan Hassell Copyright © 2008 Jonathan Hassell All rights reserved Printed in the United States of America Published by O'Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472 O'Reilly books may be purchased for educational, business, or sales promotional use Online editions are also available for most titles (safari.oreilly.com) For more information, contact our corporate/institutional sales department: (800) 998-9938 or corporate@oreilly.com Editor: John Osborn Production Editor: Rachel Monaghan Copyeditor: Colleen Gorman Proofreader: Rachel Monaghan Indexer: Lucie Haskins Cover Designer: Karen Montgomery Interior Designer: David Futato Illustrator: Jessamyn Read Printing History: March 2008: First Edition Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly Media, Inc Windows Server 2008: The Definitive Guide, the image of an albatross, and related trade dress are trademarks of O'Reilly Media, Inc Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and O'Reilly Media, Inc was aware of a trademark claim, the designations have been printed in caps or initial caps While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein This book uses RepKover™, a durable and flexible lay-flat binding ISBN: 978-0-596-51411-2 [M] Preface Microsoft's server-oriented Windows operating systems have grown by leaps and bounds in capabilities, complexities, and sheer number of features since the release of Windows NT Server in the early 1990s With each release, system administrators have found themselves grappling with new concepts, from domains, directory services, and virtual private networks, to client quarantining, disk quota, and universal groups Just when you've mastered one set of changes, another comes along and suddenly you're scrambling once again to get up to speed A vicious cycle this IT business is One source of help for the beleaguered administrator has always been the technical book market and its communities of authors, publishers, and user groups Major releases of popular operating systems have always been accompanied by the publication of books written to support them, often encouraged by the software manufacturers Some tout themselves as complete guides to their software compadres, while others approach their subject gingerly, as though their readers were of a questionable intellectual capacity But over the years, many of these books have become as complex, and have accumulated as much detritus, as the operating systems they explain You now see on the shelves of your friendly local bookstores 1,200plus-page monstrosities that you might find useful, but only if you enjoy dealing with 30 pounds of paper in your lap or on your desk, and only if you find it productive to wade through references to "how things worked" four versions of Windows NT ago After all, there's a limit to how many times you can revise something before it's best to simply start from scratch Do you need all of that obsolete information to do your job efficiently? I'm wagering that you don't (my luck in Las Vegas notwithstanding), and it was in that spirit that I set out to write Windows Server 2008: The Definitive Guide I have trimmed the content of this volume to include just enough background on a subject for you to understand how different features and sessions connecting to controlling disconnecting logging off NAP process 2nd resetting restricting users shadowing temporary folder usage viewing information 2nd set-executionpolicy cmdlet Set-Item cmdlet Set-ItemProperty cmdlet SetGPOCreationPermissions.wsf script SetSOMPermissions.wsf script Setup log setup security.inf file setup.iss file SetupCommand directive SHADOW command 2nd shadow copies 2nd 3rd Share and Storage Management share permissions shared folders ABE support AD DS support creating 2nd default shares hidden shares offline access publishing shares 2nd shared printers SHAs (system health agents) 2nd shutdown process 2nd SHVs (system health validators) configuring 2nd 3rd defined NAP limitations SIDs (security identifiers) IIS support replication and RID master role and Sysprep support Simple Mail Transfer Protocol (SMTP) 2nd 3rd Simple Network Management Protocol (SNMP) 2nd 3rd single instance storage (SIS) single-master replication SIS (single instance storage) site links sites AD DS support creating links defined GPO support replicating slaving 2nd 3rd slow link threshold SMB protocol SMTP (Simple Mail Transfer Protocol) 2nd 3rd SNMP (Simple Network Management Protocol) 2nd 3rd SOA (start of authority) records editing zone files functionality manipulating nameservers and stub zones and software installation 2nd software policies 2nd 3rd software restriction policies Sort-Object cmdlet special permissions split DNS architecture spoofing technique SQL Server provider (PowerShell) SRV (service) records 2nd standalone namespaces 2nd standard permissions 2nd starter GPOs startup process 2nd 3rd storage considerations storage reports 2nd Storage Utilization Monitoring Stored User Names and Passwords applet streaming media services 2nd stub zones subdomains 2nd superscope switches, hubs and Sysprep tool 2nd system access control list (SACL) system health agents (SHAs) 2nd System log 2nd 3rd system policies auditing support overriding remote control permissions software installation storage location System Volume Information folder System.IO.DirectoryInfo objects System.IO.FileInfo objects System.Random class Systems Management Server 2nd SYSVOL default share Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Take Ownership permission 2nd 3rd Task Manager TCP/IP protocol clustering support name resolution NLB support node support stack enhancements Telnet protocol templates classes as file screening via Group Policy support local Group Policy security temporary folders Terminal Server role Terminal Service Remote Programs Terminal Services (TS) AD DS support 2nd adding roles 2nd administering client-side considerations command-line utilities enhancements functionality installing permissions support RDP support 2nd software restriction policies TCP port number Terminal Services Configuration administering TS changing ports creating connection listener encryption support functionality remote control permissions restricting connections 2nd Terminal Services Licensing Terminal Services Manager (TSM) administering TS changing ports connecting to sessions controlling sessions disconnecting sessions functionality logging off sessions resetting sessions sending messages viewing session information 2nd TFTP (trivial file transfer protocol) time synchronization 2nd 3rd time to live (TTL) 2nd 3rd timestamps TLDs (top-level domains) 2nd TLS (Transport Layer Security) top-level domains (TLDs) 2nd TPM (Trusted Platform Module) tracing failed requests transform files transitive forest root trusts transitive trusts 2nd Transport Layer Security (TLS) Traverse Folder special permission trees 2nd trivial file transfer protocol (TFTP) troubleshooting AD DS adding domains DNSLint support Group Policy Trusted Platform Module (TPM) trusts AD DS support defined transitive 2nd Trustworthy Computing Initiative TS EasyPrint TS Gateway functionality 2nd 3rd 4th NAP support TS Licensing TS RemoteApp 2nd TS Session Broker 2nd TS Web Access 2nd 3rd tscon utility tsdiscon utility tskill utility tsprof utility tsshutdn utility TTL (time to live) 2nd 3rd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] UAC (User Account Control) UDP (User Datagram Protocol) unattend file 2nd unattended installation PowerShell script support Server Core UNC (universal naming convention) 2nd _ (underscore) 2nd underscore (_) 2nd unicast mode (NLB) 2nd 3rd universal groups 2nd universal naming convention (UNC) 2nd Unix PS command up-to-date (UTD) vectors update sequence numbers (USNs) UPDATE.EXE tool UPDATE.MSI file UPDATE.ZAP file UPNs (user principal names) URLScan utility USB flash drives User Access permission User Account Control (UAC) user accounts administrative tasks anonymous users auditing configuring with TS creating creating with LDAP disk-based quotas installation process and licensing TS lockout policies 2nd 3rd NTFS permissions offset interval refresh interval WDS requirements User Accounts applet user classes User Datagram Protocol (UDP) user principal names (UPNs) usernames account lockout policies AD DS support displaying for logon Stored User Names and Passwords applet Users group USNs (update sequence numbers) UTD (up-to-date) vectors Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] validation key Variable provider (PowerShell) variables, PowerShell support VBS file extension 2nd VBScript language vendor classes Veritas WinInstall LE tool version numbers VHDs (virtual hard disks) virtual directories virtual hard disks (VHDs) virtual machines, creating virtual private networks (VPNs) 2nd 3rd virtualization defined Hyper-V support 2nd 3rd strategies viruses 2nd Visual Basic Scripting Edition Volume Activation 1.0 Volume Activation 2.0 Volume Shadow Copy Service (VSS) 2nd 3rd volumes 2nd VPNs (virtual private networks) 2nd 3rd VSS (Volume Shadow Copy Service) 2nd 3rd vssadmin.exe utility 2nd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] W (Write) permission 2nd WDS (Windows Deployment Services) Boot menu Capture Utility configuring creating images functionality 2nd installing modifying images RIS replacement 2nd Server Core and unattended installations WIM support Windows PE support 2nd 3rd WDS client unattend file WDS Configuration Wizard 2nd WDSUTIL utility 2nd web applications application pools and 2nd NLB clustering Web Management Service (WMS) Web Server role (IIS) web sites adding virtual directories adjusting properties creating 2nd web.config file Where-Object cmdlet WIM (Windows Imaging Format) Win32_OperatingSystem class Windows Automated Installation Kit 2nd Windows Communication Foundation Windows Error Reporting Windows Firewall with Advanced Security Windows Imaging Format (WIM) Windows Internet Naming Service (WINS) 2nd 3rd Windows Load Balancing Service Windows log Windows Media Player Windows Media Services (WMS) Windows PE (Pre Environment) 2nd 3rd Windows Presentation Foundation Windows Process Activation Service (WPAS) 2nd Windows Remote Shell (WinRS) 2nd Windows Search Service 2nd 3rd Windows Server 2008 assessing release editions supported hardware requirements IIS improvements manageability improvements networking improvements performance improvements 2nd 3rd reliability improvements Resource Kit Tools SDM support security improvements Server Core support Windows systems account lockout policies local options network options password policies Windows Time Service 2nd Windows Update Windows Workflow Foundation WINPOLICIES tool WinRS (Windows Remote Shell) 2nd WINS (Windows Internet Naming Service) 2nd 3rd witness disk wlbs drainstop command wlbs.exe program WMI (Windows Management Instrumentation) PowerShell support 2nd Server Core support WMI filters 2nd 3rd WMI objects 2nd WMI Query Language (WQL) WMS (Web Management Service) WMS (Windows Media Services WPAS (Windows Process Activation Service) 2nd WQL (WMI Query Language) Write (W) permission 2nd Write Attributes permission 2nd Write Data special permission Write Extended Attributes permission 2nd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] X.509 certificates XCOPY command XML applicationHost.config file PowerShell support WDS client unattend file XPS print path Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] ZAP file method 2nd 3rd zone files backup limitations CNAME record format defined editing host record format MX record format nameservers and NS record format PTR record format SOA record format SRV record format zone modification notification zone transfers Active Directory-integrated zones and controlling process expiration date forcing full 2nd incremental 2nd nameservers and refresh interval secondary nameservers and zones Active Directory-integrated DNS defined DNSCmd utility domains and entering records into exporting to files nameservers and resource records stub ... Printing History: March 2008: First Edition Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly Media, Inc Windows Server 2008: The Definitive Guide, the image of an... Microsoft developers worked in tandem on Windows Vista and the next release of Windows on the server When Windows Vista was released to manufacturing, the teams split again, and the Windows Server 2008 group added a few new features and then focused on performance and reliability until the release... Microsoft developers worked in tandem on Windows Vista and the next release of Windows on the server When Windows Vista was released to manufacturing, the teams split again, and the Windows Server 2008 group added a few new features and then focused on performance and reliability until the release