mp windows server 2012 r2 inside out configuration storage and essentials feb 2014

Because Windows 8.1 uses this kernel also, the two operating systems share a common code base and many common features, enabling you to apply readily what you know about Windows 8.1 to W

Inside OUT

OUT

Inside

Foreword by Rajesh Jha

Corporate Vice President, Exchange Server Group, Microsoft Corporation

About the Author

Tony Redmond is a Microsoft Most

Valuable Professional (MVP) and one

of the leading voices in the Exchange Server community He has two decades

of experience with enterprise mail, focusing on Exchange Server since version 4.0 As an industry consultant,

he guides customers through Exchange Server deployment and management issues, and he’s written 10 books

Conquer Mailbox administration—from

the inside out!

Focusing on the Mailbox server role, dive into Exchange Server

2013—and really put your enterprise messaging to work! This

supremely organized reference packs hundreds of timesaving

solutions, troubleshooting tips, and workarounds for managing

mailboxes and high availability Discover how the experts tackle

core operations and support tasks—and challenge yourself to

new levels of mastery.

• Prepare for installation or upgrade

• Master role-based access control (RBAC) fundamentals

• Create, manage, move, and archive mailboxes

• Implement email address policies

• Configure and manage distribution groups

• Understand Store components and functionality

• Deliver high availability through database availability groups (DAG)

• Manage compliance, retention, mailbox search, and data loss

prevention

• Use the Exchange Management Shell and cmdlets

• Administer public folder architecture

Celebrating 30 years!

Stanek

Also look for

Microsoft Exchange Server 2013 Inside Out:

Connectivity, Clients, and UM

9780735678378

For experienced Exchange Server administrators

Windows Server 2012 R2 Configuration,

Storage, & Essentials

William R Stanek Windows technologies expert + award winning author

spine = 1.71”

PUBLISHED BY

Microsoft Press

A Division of Microsoft Corporation

One Microsoft Way

Redmond, Washington 98052-6399

Copyright © 2014 by William R Stanek

All rights reserved No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher

Library of Congress Control Number: 2013955709

ISBN: 978-0-7356-8267-2

Printed and bound in the United States of America

First Printing

Microsoft Press books are available through booksellers and distributors worldwide If you need support related

to this book, email Microsoft Press Book Support at mspinput@microsoft.com Please tell us what you think

of this book at http://www.microsoft.com/learning/booksurvey

Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty /Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies All other marks are property

of their respective owners

The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred

This book expresses the author’s views and opinions The information contained in this book is provided without any express, statutory, or implied warranties Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book

Acquisitions Editor: Anne Hamilton

Developmental Editor: Karen Szall

Project Editor: Rosemary Caperton

Editorial Production: nSight, Inc

Technical Reviewer: Bob Hogan; Technical Review services provided by Content Master, a member of

CM Group, Ltd

Copyeditor: Kerin Forsyth

Indexer: Lucie Haskins

Cover: Twist Creative • Seattle

To my readers—thank you for being there with me through many books and many years.

To my wife—for many years, through many books, many millions of words, and many thousands of pages she’s been there, providing support and encour- agement and making every place we’ve lived a home.

To my kids—for helping me see the world in new ways, for having exceptional patience and boundless love, and for making every day an adventure.

To Anne, Karen, Martin, Lucinda, Juliana, and many others who’ve helped out

in ways both large and small.

Special thanks to my son Will for not only installing and managing my sive dev lab for all my books since Windows 8 Pocket Consultant but for also performing check reads of all those books as well.

vii

Table of contents

What do you think of this book? We want to hear from you!

Microsoft is interested in hearing your feedback so we can improve our books and learning resources

for you To participate in a brief survey, please visit:

http://aka.ms/tellpress

Introduction .xvii

Who is this book for? xviii

Conventions used in this book xviii

How to reach the author xviii

Errata & book support xix

We want to hear from you xix

Stay in touch xix

Chapter 1 Introducing Windows Server 2012 R2 1

Getting to know Windows Server 2012 R2 .2

Windows 8.1 and Windows Server 2012 R2 6

Planning for Windows Server 2012 R2 8

Your plan: The big picture .8

Identifying your organizational teams 10

Assessing project goals 12

Analyzing the existing network 16

Defining objectives and scope 23

Defining the new network environment 29

Final considerations for planning and deployment 33

Thinking about server roles and Active Directory 34

Planning for server usage 34

Designing the Active Directory namespace 37

Managing domain trusts 38

Identifying the domain and forest functional level 38

Defining Active Directory server roles 40

Planning for availability, scalability, and manageability 41

Planning for software needs 42

Planning for hardware needs 44

viii Table of contents

Chapter 2 Deploying Windows Server 2012 R2 57

Getting a quick start 57

Product licensing 59

Preparing for a Windows Server 2012 R2 installation 60

Understanding installation options 60

Determining which installation type to use 62

Using Windows Update 64

Preinstallation tasks 65

Installing Windows Server 2012 R2 66

Installation on BIOS-based systems 67

Installation on EFI-based systems 68

Planning partitions 68

Naming computers 70

Network and domain membership options 71

Performing a clean installation 73

Performing an upgrade installation 77

Activation sequence 78

Performing additional administration tasks during installations 80

Accessing a command prompt during installation 81

Forcing disk-partition removal during installation 84

Loading mass storage drivers during installation 85

Creating, deleting, and extending disk partitions during installation 86

Troubleshooting installation 87

Start with the potential points of failure 87

Continue past lockups and freezes 89

Postinstallation tasks 91

Chapter 3 Boot configuration 97

Boot from hardware and firmware 97

Hardware and firmware power states 98

Diagnosing hardware and firmware startup problems 99

Resolving hardware and firmware startup problems 103

Boot environment essentials 105

Managing startup and boot configuration 107

Managing startup and recovery options 107

Managing System Boot Configuration 108

Working with BCD Editor 112

Managing the boot configuration data store and its entries 114

Viewing BCD entries 114

Creating and identifying the BCD store 117

Importing and exporting the BCD store 118

Creating, copying, and deleting BCD entries 119

Setting BCD entry values 120

Changing Data Execution Prevention and physical address extension options 126

Changing the operating system display order 127

Changing the default operating system entry 128

Changing the default timeout 129

Changing the boot sequence temporarily 129

Table of contents ix

Chapter 4 Managing Windows Server 2012 R2 131

Working with the administration tools 131

Using Control Panel utilities 134

Using graphical administrative tools 135

Using command-line utilities 139

Working with Server Manager 144

Getting to know Server Manager 144

Adding servers for management 149

Creating server groups 150

Enabling remote management 151

Working with Computer Management 153

Computer Management system tools 154

Computer Management storage tools 155

Computer Management Services And Applications tools 155

Chapter 5 Windows Server 2012 R2 MMC administration 157

Using the MMC 157

MMC snap-ins 158

MMC modes 160

MMC window and startup 162

MMC tool availability 164

MMC and remote computers 167

Building custom MMCs 168

Step 1: Creating the console 169

Step 2: Adding snap-ins to the console 170

Step 3: Saving the finished console 175

Designing custom taskpads for the MMC 179

Getting started with taskpads 180

Understanding taskpad view styles 182

Creating and managing taskpads 183

Creating and managing tasks 186

Publishing and distributing your custom tools 192

Chapter 6 Configuring roles, role services, and features 193

Using roles, role services, and features 194

Making supplemental components available 200

Installing components with Server Manager 201

Viewing configured roles and role services 201

Managing server roles and features 202

Managing server binaries 209

Installing components at the prompt 213

Going to the prompt for Server Management 214

Understanding component names 215

Tracking installed roles, role services, and features 220

Installing components at the prompt 221

Removing components at the prompt 224

x Table of contents

Chapter 7 Managing and troubleshooting hardware 227

Understanding hardware installation changes 227

Choosing internal devices 227

Choosing external devices 230

Installing devices 233

Understanding device installation 233

Installing new devices 237

Viewing device and driver details 243

Working with device drivers 246

Device driver essentials 246

Understanding and troubleshooting driver signing 247

Viewing driver information 247

Viewing Advanced, Resources, and other settings 250

Installing and updating device drivers 252

Restricting device installation by using Group Policy 255

Rolling back drivers 256

Removing device drivers for removed devices 257

Uninstalling, reinstalling, and disabling device drivers 258

Managing hardware 258

Adding non–Plug and Play, older hardware 258

Enabling and disabling hardware 260

Troubleshooting hardware 260

Resolving resource conflicts 264

Chapter 8 Managing the registry 267

Introducing the registry 267

Understanding the registry structure 270

Registry root keys 274

HKEY_LOCAL_MACHINE 275

HKEY_USERS 281

HKEY_CLASSES_ROOT 282

HKEY_CURRENT_CONFIG 282

HKEY_CURRENT_USER 282

Registry data: How it is stored and used 283

Where registry data comes from 283

Types of registry data available 284

Registry administration 286

Searching the registry 286

Modifying the registry 287

Modifying the registry of a remote machine 290

Importing and exporting registry data 291

Loading and unloading hive files 294

Working with the registry from the command line 294

Backing up and restoring the registry 296

Maintaining the registry 297

Using the Microsoft Fix It Utility 298

Removing registry settings for active installations that have failed 299

Table of contents xi

Removing partial or damaged settings for individual applications 299

Securing the registry 300

Preventing access to the registry utilities 300

Applying permissions to registry keys 302

Controlling remote registry access 305

Auditing registry access 307

Chapter 9 Software and User Account Control administration 311

Software installation essentials 311

Mastering User Account Control 314

Elevation, prompts, and the secure desktop 315

Configuring UAC and Admin Approval Mode 317

Maintaining application integrity 321

Application access tokens 321

Application run levels 324

Configuring run levels 326

Controlling application installation and run behavior 328

Chapter 10 Performance monitoring and tuning 331

Tuning performance, memory usage, and data throughput 331

Tuning Windows operating system performance 331

Tuning processor scheduling 332

Tuning virtual memory 333

Other important tuning, memory, and data considerations 338

Tracking a system’s general health 339

Monitoring essentials 339

Getting processor and memory usage for troubleshooting 343

Getting information on running applications 350

Monitoring and troubleshooting processes 353

Monitoring and troubleshooting services 359

Getting network usage information 362

Getting information on user and remote user sessions 363

Tracking events and troubleshooting by using Event Viewer 366

Understanding the event logs 367

Accessing the event logs and viewing events 369

Viewing event logs on remote systems 374

Sorting, finding, and filtering events 375

Archiving event logs 379

Tracking events using Windows PowerShell 381

Using subscriptions and forwarded events 383

Chapter 11 Comprehensive performance analysis and logging 387

Establishing performance baselines 388

Tracking per-process resource usage 389

Tracking the overall reliability of the server 399

Comprehensive performance monitoring 402

Using Performance Monitor 402

xii Table of contents

Selecting performance objects and counters to monitor 404

Choosing views and controlling the display 406

Monitoring performance remotely 410

Resolving performance bottlenecks 412

Resolving memory bottlenecks 412

Resolving processor bottlenecks 415

Resolving disk I/O bottlenecks 416

Resolving network bottlenecks 418

Performance logging 421

Creating and managing data collector sets 422

Viewing data collector reports 431

Configuring performance counter alerts 434

Monitoring performance from the command line 435

Analyzing trace logs at the command line 439

Chapter 12 Storage management essentials 441

Essential storage technologies 441

Using internal and external storage devices 442

Storage-management features and tools 445

Storage-management role services 449

Booting from SANs and using SANs with clusters 453

Working with SMB 3.0 455

Installing and configuring file services 458

Configuring the File And Storage Services role 459

Configuring multipath I/O 462

Meeting performance, capacity, and availability requirements 467

Configuring Hyper-V 469

Chapter 13 Configuring disks and storage 477

Configuring storage 477

Using the Disk Management tools 477

Adding new disks 482

Using the MBR and GPT partition styles 484

Using the disk storage types 489

Creating and managing virtual hard disks for Hyper-V 493

Converting FAT or FAT32 to NTFS 496

Working with removable disks 497

Managing MBR disk partitions on basic disks 498

Creating partitions and simple volumes 498

Formatting a partition, logical drive, or volume 502

Configuring drive letters 504

Configuring mount points 506

Extending partitions 507

Shrinking partitions 511

Deleting a partition, logical drive, or volume 513

Managing GPT disk partitions on basic disks 514

ESP 514

Table of contents xiii

MSR partitions 515

Primary partitions 516

LDM Metadata and LDM Data partitions 517

OEM or unknown partitions 517

Managing volumes on dynamic disks 517

Creating a simple or spanned volume 518

Configuring RAID 0: Striping 520

Recovering a failed simple, spanned, or striped disk 521

Moving dynamic disks 521

Configuring RAID 1: Disk mirroring 522

Mirroring boot and system volumes 524

Configuring RAID 5: Disk striping with parity 528

Breaking or removing a mirrored set 529

Resolving problems with mirrored sets 530

Repairing a mirrored system volume 531

Resolving problems with RAID-5 sets 532

Chapter 14 TPM and BitLocker Drive Encryption 533

Working with trusted platforms 533

Managing TPM 535

Understanding TPM states and tools 535

Managing TPM owner authorization information 538

Preparing and initializing a TPM for first use 540

Turning an initialized TPM on or off 543

Clearing the TPM 543

Changing the TPM owner password 545

Introducing BitLocker Drive Encryption 546

BitLocker essentials 547

BitLocker modes 548

BitLocker changes 550

Using hardware encryption, secure boot, and Network Unlock 551

Hardware-encrypted drives 551

Optimizing encryption 553

Setting permitted encryption types 554

Preparing BitLocker for startup authentication and secure boot 555

Using Network Unlock 556

Provisioning BitLocker prior to deployment 558

Deploying BitLocker Drive Encryption 558

Setting up and managing BitLocker Drive Encryption 563

Configuring and enabling BitLocker Drive Encryption 564

Determining whether a computer has BitLocker-encrypted volumes 567

Enabling BitLocker on fixed data drives 568

Enabling BitLocker on removable data drives 570

Enabling BitLocker on operating-system volumes 572

Managing and troubleshooting BitLocker 576

xiv Table of contents

Chapter 15 File system essentials 581

Understanding the disk and file-system structure 581

Using FAT 585

File allocation table structure 585

FAT features 586

Using NTFS 588

NTFS structure 589

NTFS features 593

Analyzing the NTFS structure 594

Advanced NTFS features 596

Hard links 597

Data streams 598

Change journals 600

Object identifiers 602

Reparse points 603

Sparse files 605

Transactional NTFS 606

Using ReFS 608

ReFS features 608

ReFS structures 610

ReFS advantages 612

ReFS integrity streams, data scrubbing, and salvage 613

Using file-based compression 615

NTFS compression 615

Compressed (zipped) folders 618

Chapter 16 Maintaining and optimizing storage 621

Managing NTFS disk quotas 621

How quota management works 621

Configuring disk quotas 623

Customizing quota entries for individual users 625

Managing disk quotas after configuration 629

Exporting and importing quota entries 631

Automated disk maintenance 632

Preventing disk-integrity problems 632

Running Check Disk interactively 635

Analyzing FAT volumes by using ChkDsk 638

Analyzing NTFS volumes by using ChkDsk 638

Repairing volumes and marking bad sectors by using ChkDsk 639

Automated optimization of disks 640

Preventing fragmentation of disks 640

Fixing fragmentation by using Optimize Drives 643

Understanding the fragmentation analysis 646

Chapter 17 Managing storage spaces 651

Understanding storage spaces 651

Using and configuring offloaded transfers 653

Table of contents xv

Understanding how offloaded transfers work 654

Verifying support for offloaded transfers 655

Working with available storage 656

Storage Management Essentials 656

Creating storage pools and allocating space 660

Creating storage spaces 661

Creating a virtual disk in a storage space 665

Creating a standard volume 670

Diagnosing and resolving problems with storage spaces 673

Configuring data deduplication 675

Understanding data deduplication 675

Selecting data for deduplication 676

Interoperability with data deduplication 677

Deduplicating volumes 678

Monitoring deduplication 682

Chapter 18 Managing file sharing 687

File-sharing essentials 688

Understanding file-sharing models 688

Enabling file sharing 689

Using and finding shares 691

Navigating SMB versions 696

Hiding and controlling share access 697

Special and administrative shares 698

Accessing shares for administration 700

Creating and publishing shared folders 700

Creating shares by using File Explorer 701

Creating shares by using Computer Management 705

Creating shared folders in Server Manager 709

Changing shared folder settings 714

Publishing shares in Active Directory 715

Managing share permissions 716

Understanding share permissions 716

Configuring share permissions 718

Configuring synced sharing 722

Understanding Work Folders and sync shares 722

Deploying sync shares through Group Policy 725

Creating sync shares and enabling SMB access 727

Accessing Work Folders on clients 731

Chapter 19 File security, access controls, and auditing 733

Managing access permissions 733

File and folder ownership 734

Permission inheritance for files and folders 735

Configuring access permissions 738

Troubleshooting permissions 746

Managing file shares after configuration 748

xvi Table of contents

Managing claims-based access controls 750

Understanding central access policies 751

Enabling dynamic controls and claims-based policy 751

Defining central access policies 753

Auditing file and folder access 755

Enabling basic auditing for files and folders 757

Enabling advanced auditing 758

Specifying files and folders to audit 760

Extending access policies to auditing 764

Monitoring the security logs 766

Chapter 20 Managing file screening and storage reporting 767

Understanding file screening and storage reporting 767

Managing file screening and storage reporting 771

Managing global file-resource settings 772

Managing the file groups to which screens are applied 782

Managing file-screen templates 783

Creating file screens 786

Defining file-screening exceptions 786

Scheduling and generating storage reports 787

Index 791

What do you think of this book? We want to hear from you!

Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you To participate in a brief online survey, please visit:

microsoft.com/learning/booksurvey

xvii

Introduction

Welcome to Windows Server 2012 R2 Inside Out: Configuration, Storage, & Essentials As the

author of many popular technology books, I’ve been writing professionally about Windows

and Windows Server since 1994 Over the years, I’ve gained a unique perspective—the kind

of perspective you can gain only after working with technologies for many years The

advan-tage for you, the reader, is that my solid understanding of these technologies allowed me to

dig into Windows Server 2012 R2 architecture, internals, and configuration to see how things

really work under the hood and then pass this information on to you throughout this book

Anyone transitioning to Windows Server 2012 R2 from Windows Server 2012 may be surprised

at just how much has been updated; changes both subtle and substantial have been made

throughout the operating system For anyone transitioning to Windows Server 2012 R2 from

Windows Server 2008 R2 or an earlier release of Windows Server, I’ll let you know right up

front that Windows Server 2012 and Windows Server 2012 R2 are substantially different from

earlier versions of Window Server Not only are there major changes throughout the

operat-ing system, but this just might be the first version of Windows Server that you manage usoperat-ing a

touch-based user interface If you do end up managing it this way, mastering the touch-based

UI and the revised interface options will be essential for your success For this reason, I discuss

both the touch UI and the traditional mouse-and-keyboard techniques throughout this book

When you are working with touch UI–enabled computers, you can manipulate onscreen

ele-ments in ways that weren’t possible previously You can enter text by using the onscreen

key-board and manipulate onscreen elements in the following ways:

● Tap Tap an item by touching it with your finger A tap or double-tap of elements on

the screen generally is the equivalent of a mouse click or double-click

● Press and hold Press your finger down and leave it there for a few seconds Pressing

and holding elements on the screen generally is the equivalent of a right-click

● Swipe to select Slide an item a short distance in the opposite direction of how the

page scrolls This selects the items and might bring up related commands If pressing and holding doesn’t display commands and options for an item, try swiping to select instead

● Swipe from edge (slide in from edge) Starting from the edge of the screen, swipe or

slide in Sliding in from the right edge opens the Charms panel Sliding in from the left edge shows open apps, and then you can easily switch between them Sliding in from the top or bottom edge shows commands for the active element

xviii Introduction

● Pinch Touch an item with two or more fingers and then move those fingers toward

each other Pinching zooms out

● Stretch Touch an item with two or more fingers and then move those fingers away

from each other Stretching zooms in

Who is this book for?

In this book, I teach you how server roles, role services, and features work; why they work the way they do; and how to customize them to meet your needs Regardless of your job title, if you’re deploying, configuring, managing, or maintaining Windows Server 2012 R2, this book

is for you To pack in as much information as possible, I had to assume that you have basic networking skills and a basic understanding of Windows Server and that you are familiar with Windows commands and procedures With this in mind, I don’t devote entire chapters to basic skills or why you want to use Windows Server Instead, I focus on configuration, security, file systems, storage management, performance analysis, performance tuning, troubleshooting, and much more

Conventions used in this book

The following conventions are used in this book:

● Abbreviated menu commands For your convenience, this book uses abbreviated

menu commands For example, “Tap or click Tools, Track Changes, Highlight Changes” means that you should tap or click the Tools menu, select Track Changes, and then tap

or click the Highlight Changes command

● Boldface type Boldface type indicates text that you enter or type.

● Initial capital letters The first letters of the names of menus, dialog boxes, dialog box

elements, and commands are capitalized Example: the Save As dialog box

● Italicized type Italicized type indicates new terms.

● Plus sign (+) in text Keyboard shortcuts are indicated by a plus sign (+) separating

two key names For example, Ctrl+Alt+Delete means that you press the Ctrl, Alt, and Delete keys at the same time

How to reach the author

Email: williamstanek@aol.com

Web: http://www.williamrstanek.com/

Introduction xix

Facebook: https://www.facebook.com/William.Stanek.Author

Twitter: http://twitter.com/williamstanek

Errata & book support

We’ve made every effort to ensure the accuracy of this book Any errors that have been reported since this book was published are listed:

http://aka.ms/WSIO_ConfigSE/errata

If you find an error that is not already listed, you can report it to us through the same page

If you need additional support, email Microsoft Press Book Support at

mspinput@microsoft.com.

Please note that product support for Microsoft software is not offered through the

addresses above

We want to hear from you

At Microsoft Press, your satisfaction is our top priority and your feedback our most valuable asset Please tell us what you think of this book at:

1

CHAPTER 1

Introducing Windows Server

2012 R2

Getting to know Windows Server 2012 R2 .2

Windows 8.1 and Windows Server 2012 R2 6

Planning for Windows Server 2012 R2 .8

Thinking about server roles and Active Directory 35

Planning for availability, scalability, and manageability 43

Windows Server 2012 R2 is the most powerful, versatile, and fully featured server operating

system from Microsoft yet If you’ve been using Windows Server operating systems for a while,

I think you’ll be impressed Why? For starters, Windows Server 2012 R2 includes a significantly

enhanced operating system kernel, the NT 6.3 kernel Because Windows 8.1 uses this kernel

also, the two operating systems share a common code base and many common features,

enabling you to apply readily what you know about Windows 8.1 to Windows Server 2012 R2

In Windows Server 2012 R2, Microsoft delivers a server operating system that is something

more than the sum of its parts It isn’t just a server operating system or a network operating

system It is a best-of-class operating system with the foundation technologies necessary to

provide networking, application, web, and cloud-based services that can be used anywhere

within your organization From top to bottom, Windows Server 2012 R2 is dramatically

differ-ent from earlier releases of Windows Server operating systems—so much so that it also has an

entirely new interface

The way you approach Windows Server 2012 R2 will depend on your background and your

implementation plans If you are moving to Windows Server 2012 R2 from an early Windows

server operating system or switching from UNIX, you’ll find that Windows Server 2012 R2 is

a significant change that requires a whole new way of thinking about the networking,

appli-cation services, and interoperations between clients and servers The learning curve will be

steep, but you will find clear transition paths to Windows Server 2012 R2 You will also find

that Windows Server 2012 R2 has an extensive command-line interface that makes it easier

to manage servers, workstations, and, indeed, the entire network, using both graphical and

command-line administration tools

If you are moving from Windows Server 2008 or Windows Server 2008 R2 to Windows Server

2012 R2, you’ll find the changes are no less significant but are easier to understand You are

already familiar with the core technologies and administration techniques Your learning curve

might still be steep, but in only some areas, not all of them

You can also adopt Windows Server 2012 R2 incrementally For example, you might add

Windows Server 2012 R2 Print And Document Services and Windows Server 2012 R2 File And

2 Chapter 1 Introducing Windows Server 2012 R2

Storage Services to enable the organization to take advantage of the latest enhancements and capabilities without implementing a full transition of existing servers In most but not all cases, incremental adoption has little or no impact on the network while allowing the organization

to test new technologies and roll out features incrementally to users as part of a standard tinuance or upgrade process

con-Regardless of your deployment plans and whether you are reading this book to prepare for implementation of Windows Server 2012 R2 or to manage existing implementations, my mis-sion in this book is to help you take full advantage of all the features in Windows Server 2012 R2 You will find the detailed inside information you need to get up to speed quickly with Windows Server 2012 R2 changes and technologies; to make the right setup and configura-tion choices the first time; and to work around the rough edges, annoyances, and faults of this complex operating system If the default settings are less than optimal, I show you how to fix them so that things work the way you want them to work If something doesn’t function like it should, I let you know, and I show you the fastest, surest way to work around the issue You’ll find plenty of hacks and secrets, too

To pack as much information as possible into this book, I am assuming that you have basic networking skills and some experience managing Windows-based networks and don’t need

me to explain the basic structure and architecture of an operating system Therefore, I won’t waste your time answering such questions as, “What’s the point of networks?” or “Why use Windows Server 2012 R2?” or “What’s the difference between the GUI and the command line?” Instead, I start with a discussion of what Windows Server 2012 R2 has to offer so that you can learn about changes that will most affect you, and then I follow this discussion with a comprehensive, informative look at Windows Server 2012 R2 planning and installation

Getting to know Windows Server 2012 R2

A primary purpose of Windows Server 2012 R2 is to ensure that the operating system can be optimized for use in small, medium, and large enterprises An edition of the server operat-ing system is available to meet your organization’s needs whether you want to deploy a basic server for hosting applications, a network server for hosting domain services, a robust enter-prise server for hosting essential applications, or a highly available data center server for host-ing critical business solutions

Windows Server 2012 R2 is available for production use only on 64-bit hardware Sixty-four-bit computing has changed substantially since it was first introduced for Windows operating sys-tems Computers running 64-bit versions of Windows not only perform better and run faster than their 32-bit counterparts but also are more scalable because they can process more data per clock cycle, address more memory, and perform numeric calculations faster The primary 64-bit architecture Windows Server 2012 R2 supports is based on 64-bit extensions to the x86 instructions set, which is implemented in AMD64 processors, Intel Xeon processors with 64-bit

Getting to know Windows Server 2012 R2 3

extension technology, and other processors This architecture offers native 32-bit processing

and 64-bit extension processing, allowing simultaneous 32-bit and 64-bit computing

Inside OUT

Running 32-bit applications on 64-bit hardware

In most cases, 64-bit hardware is compatible with 32-bit applications; however, 32-bit applications typically perform better on 32-bit hardware Windows Server 2012 R2 64-bit editions support both 64-bit and 32-bit applications using the Windows on Windows 64 (WOW64) x86 emulation layer The WOW64 subsystem isolates 32-bit applications from 64-bit applications This prevents file system and registry problems

The operating system provides interoperability across the 32-bit/64-bit boundary for Component Object Model (COM) and basic operations such as cut, copy, and paste from the Clipboard However, 32-bit processes cannot load 64-bit dynamic-link libraries (DLLs), and 64-bit processes cannot load 32-bit DLLs.

Sixty-four-bit computing is designed for performing operations that are memory-intensive

and require extensive numeric calculations With 64-bit processing, applications can load large data sets entirely into physical memory (that is, random access memory [RAM]), which reduces the need to page to disk and increases performance substantially

NOTE

In this text, I typically refer to 32-bit systems designed for x86 architecture as 32-bit

systems and 64-bit systems designed for x64 architecture as 64-bit systems Support for

Itanium 64-bit (IA-64) processors is no longer standard in Windows operating systems.

Running instances of Windows Server 2012 R2 can be in either a physical operating system

environment or a virtual operating system environment To support mixed environments

bet-ter, Microsoft introduced a new licensing model based on the number of processors, users, and virtual operating system environments Thus, the four main product editions can be used as

follows:

● Windows Server 2012 R2 Foundation Has limited features and is available only from

original equipment manufacturers (OEMs) This edition supports one physical processor,

up to 15 users, and one physical environment, but it does not support virtualized ronments Although there is a specific user limit, a separate client access license (CAL) is not required for every user or device accessing the server

4 Chapter 1 Introducing Windows Server 2012 R2

● Windows Server 2012 R2 Essentials Has limited features This edition supports up to

two physical processors, up to 25 users, and one physical environment, but it does not support virtualized environments Although there is a specific user limit, a separate CAL

is not required for every user or device accessing the server

● Windows Server 2012 R2 Standard Has all the key features It supports up to 64

physical processors, one physical environment, and up to two virtual instances Two incremental virtual instances and two incremental physical processors are added for each Standard license Thus, a server with four processors, one physical environment, and four virtual instances would need two Standard licenses, and the same server with eight virtual environments would need four Standard licenses CALs are required for every user or device accessing the server

● Windows Server 2012 R2 Datacenter Has all the key features It supports up to 64

physical processors, one physical environment, and unlimited virtual instances Two incremental physical processors are added for each Datacenter license Thus, a server with two processors, one physical environment, and 32 virtual instances would need only one Datacenter license, but the same server with four processors would need two Datacenter licenses CALs are required for every user or device accessing the server.NOTE

Windows Server 2012 R2 Datacenter is not available for retail purchase If you want to use the Datacenter edition, you need to purchase it through Volume Licensing, an OEM,

or a Services Provider License Agreement (SPLA)

You implement virtual operating system environments by using Hyper-V, a virtual-machine technology that enables multiple guest operating systems to run concurrently on one com-puter and provides separate applications and services to client computers, as shown in Figure 1-1 As part of the Hyper-V role, which can be installed on servers with x64-based pro-cessors that implement hardware-assisted virtualization and hardware data execution protec-tion, the Windows hypervisor acts as the virtual machine engine, providing the necessary layer

of software for installing guest operating systems For example, you can use this technology to run Ubuntu, Linux, and Windows Server 2012 R2 concurrently on the same computer

Getting to know Windows Server 2012 R2 5

Figure 1-1 A conceptual view of virtual machine technology.

NOTE

With Hyper-V enabled, Windows Server 2012 R2 Standard and Windows Server 2012 R2 Datacenter support up to 320 logical processors Otherwise, these operating sys- tems support up to 640 logical processors.

For traffic routing between virtual and physical networks, Windows Server 2012 R2 includes

Windows Server Gateway, which is integrated with Hyper-V Network Virtualization You

can use Windows Server Gateway to route network traffic regardless of where resources are

located, enabling you to support integration of public and private cloud services with your

internal networks and integration of multitenant implementations with Network Address

Translation (NAT) and virtual private networks (VPNs)

Hyper-V also is included as a feature of Windows 8.1 Pro and Windows 8.1 Enterprise The

number of virtual machines you can run on any individual computer depends on the

comput-er’s hardware configuration and workload During setup, you specify the amount of memory

available to a virtual machine Although that memory allocation can be changed, the amount

of memory actively allocated to a virtual machine cannot be otherwise used Virtualization can offer performance improvements, reduce the number of servers, and reduce the total cost of

6 Chapter 1 Introducing Windows Server 2012 R2

Windows 8.1 and Windows Server 2012 R2

Like Windows Server 2012 R2, Windows 8.1 has several main editions These editions include the following:

● Windows 8.1 The entry-level operating system designed for home users

● Windows 8.1 Pro The basic operating system designed for use in Windows domains

● Windows 8.1 Enterprise The enhanced operating system designed for use in Windows

domains with extended management featuresWindows 8.1 Pro and Windows 8.1 Enterprise are the only editions intended for use in Active Directory domains You can manage servers running Windows Server 2012 R2 from

a computer running Windows 8.1 Pro or Windows 8.1 Enterprise by using the Remote Server Administration Tools (RSAT) for Windows 8.1 Download the tools from the Microsoft

Download Center (http://download.microsoft.com).

Windows 8.1 uses the NT 6.3 kernel, the same kernel that Windows Server 2012 R2 uses Sharing the same kernel means that Windows 8.1 and Windows Server 2012 R2 share the fol-lowing components, among others:

● Automatic Updates Responsible for performing automatic updates to the operating

system This ensures that the operating system is up to date and has the most recent security updates If you update a server from the standard Windows Update to Microsoft Update, you can get updates for additional products By default, automatic updates are installed but not enabled on servers running Windows Server 2012 R2 You can config-ure automatic updates by using the Windows Update utility in Control Panel

● BitLocker Drive Encryption Provides an extra layer of security for a server’s hard disks

This protects the disks from attackers who have physical access to the server BitLocker encryption can be used on servers with or without a Trusted Platform Module (TPM) When you add this feature to a server by using the Add Roles And Features Wizard, you can manage it by using the BitLocker Drive Encryption utility in Control Panel

● Remote Assistance Provides an assistance feature that enables an administrator to

send a remote assistance invitation to a more senior administrator The senior istrator can then accept the invitation to view the user’s desktop and temporarily take control of the computer to resolve a problem When you add this feature to a server by using the Add Roles And Features Wizard, you can manage it by using options on the Remote tab of the System Properties dialog box

admin-● Remote Desktop Provides a remote connectivity feature that enables you to connect

to and manage a server from another computer By default, Remote Desktop is installed

Windows 8.1 and Windows Server 2012 R2 7

but not enabled on servers running Windows Server 2012 R2 You can manage the Remote Desktop configuration by using options on the Remote tab of the System Prop-erties dialog box You can establish remote connections by using the Remote Desktop Connection utility

● Task Scheduler Enables you to schedule execution of one-time and recurring tasks,

such as tasks used for performing routine maintenance Like Windows 8.1, Windows Server 2012 R2 makes extensive use of the scheduled task facilities You can view and work with scheduled tasks in Computer Management

● Desktop Experience Installs additional Windows 8.1 desktop functionality on a server

You can use this feature when you use Windows Server 2012 R2 as your desktop ing system When you add this feature by using the Add Roles And Features Wizard, the server’s desktop functionality is enhanced, and these programs are installed: Windows Media Player, desktop themes, Video for Windows (AVI support), Disk Cleanup, Sync Center, Sound Recorder, Character Map, and Snipping Tool

operat-● Windows Firewall Helps protect a computer from attack by unauthorized users

Win-dows Server 2012 R2 includes a basic firewall called WinWin-dows Firewall and an advanced firewall called Windows Firewall With Advanced Security By default, the firewalls are not enabled on server installations

● Windows Time Synchronizes the system time with world time to ensure that the

sys-tem time is accurate You can configure computers to synchronize with a specific time server The way Windows Time works depends on whether a computer is a member of a domain or a workgroup In a domain, domain controllers are used for time synchroniza-tion, and you can manage this feature through Group Policy In a workgroup, you use Internet time servers for time synchronization, and you can manage this feature through the Date And Time utility

● Wireless LAN Service Installs the Wireless LAN Service feature to enable wireless

con-nections Wireless networking with Windows Server 2012 R2 works the same as it does with Windows 8.1 If a server has a wireless adapter, you can enable this feature by using the Add Roles And Features Wizard

In most instances, you can configure and manage these core components in exactly the same

way on both Windows 8.1 and Windows Server 2012 R2 Windows 8.1 and Windows Server

2012 R2 have many enhancements to improve security, such as memory randomization and

other enhancements to prevent malware from inserting itself into startup and running

pro-cesses Windows 8.1 and Windows Server 2012 R2 use address space layout randomization

(ASLR) to determine randomly how and where important data is stored in memory, which

makes it much more difficult for malware to find the specific locations in memory to attack

8 Chapter 1 Introducing Windows Server 2012 R2

Windows 8.1 and Windows Server 2012 R2 require a processor that includes hardware-based Data Execution Prevention (DEP) support DEP uses the Never eXecute (NX) bit to mark blocks

of memory as data that should never be run as code DEP has two specific benefits It reduces the range of memory that malicious code can use and prevents malware from running any code in memory addresses marked as Never eXecute

If your organization doesn’t use an enterprise malware solution, you’ll also be interested

to know that Windows Defender for Windows 8.1 and Windows Server 2012 R2 has been upgraded to a more fully featured program Windows Defender now protects against viruses, spyware, rootkits, and other types of malware Windows Defender is also available on Server Core installations of Windows Server 2012 R2, though without the user interface If you add Windows Defender as an option on a Server Core installation, the program is enabled by default

Planning for Windows Server 2012 R2

Deploying Windows Server 2012 R2 is a substantial undertaking, even on a small network Just the task of planning a Windows Server 2012 R2 deployment can be a daunting process, espe-cially in a large enterprise The larger the business, however, the more important it is for the planning process to be thorough and fully account for the proposed project’s goals and to lay out exactly how those goals will be accomplished

Accommodating the goals of all the business units in a company can be difficult, and it is best accomplished with a well-planned series of steps that includes checkpoints and plenty

of opportunity for management participation The organization as a whole will benefit from your thorough preparation, and so will the information technology (IT) department Careful planning can also help you avoid common obstacles by helping you identify potential pit-falls and then determine how best to avoid them or at least be ready for any unavoidable complications

Your plan: The big picture

A clear road map can help with any complex project, and deploying Windows Server 2012 R2

in the enterprise is certainly a complex project A number of firms have developed models to describe IT processes such as planning and systems management For our purposes, I break down the deployment process into a roughly sequential set of tasks:

1 Identify the team For all but the smallest rollouts of a new operating system, a team

of people will be involved in both the planning and deployment processes The actual size and composition of this team will be different in each situation Collecting the right mixture of skills and expertise will help ensure the success of your project

Planning for Windows Server 2012 R2 9

2 Assess your goals Any business undertaking the move to Windows Server 2012 R2 has

many reasons for doing so, only some of which are obvious to the IT department You need to identify the goals of the entire company carefully before determining the scope

of the project to ensure that all critical goals are met

3 Analyze the existing environment Examine the current network environment, even

if you think you know exactly how everything works—you will often find you are only

partially correct Gather hardware and software inventories, network maps, and lists of which servers are providing which services Also, identify critical business processes and examine the administrative and security approaches that are currently in place Windows Server 2012 R2 offers a number of improvements, and you’ll find it useful to know which ones are particularly important in your environment

4 Define the project scope Project scope is often one of the more difficult areas to

pin down and one that deserves particular attention in the planning process Defining scope requires prioritizing the goals of the various groups within the organization and then realistically assessing what can be accomplished within an acceptable budget and time frame It’s not often that the wish list of features and capabilities from the entire company can be fulfilled in the initial, or even a later, deployment

5 Design the new network environment After you have pinned down the project

scope, you must develop a detailed design for the new operating system deployment and the affected portions of the network During this time, you should create documentation describing the end state of the network and the process of getting there This design document serves as a road map for the people building the testing environment and, with refinements during the testing process, for the IT department later

6 Test the design Thorough testing in the lab is an often overlooked but critically

important phase of deploying a new network operating system By building a test lab and putting a prototype environment through its paces, you can identify and solve many problems in a controlled environment rather than in the field

7 Install Windows Server 2012 R2 After you have validated your design in the lab and

management has approved the deployment, you can begin to install Windows Server

2012 R2 in your production environment The installation process has two phases:

■ Pilot phase During the pilot phase, you deploy and test a small group of servers

running Windows Server 2012 R2 (and perhaps clients running Windows 8.1) in a production environment You should pick a pilot group that is comfortable work-ing with new technology and for which minor interruptions will not pose signifi-cant problems In other words, this is not a good thing to do to the president of the company or the finance department just before taxes are due

10 Chapter 1 Introducing Windows Server 2012 R2

■ Rollout After you have determined that the pilot phase was a success, you can

begin the rollout to the rest of the company Make sure you schedule adequate downtime and allow for ongoing minor interruptions and increased support demands as users encounter changed functionality

As mentioned, these steps are generally sequential but not exclusively so You are likely to find that as you work through one phase of planning, you must return to activities that are techni-cally part of an earlier phase This is actually a good thing because it means you are refining your plan dynamically as you discover new factors and contingencies

Inside OUT

Getting off to a quick start

People need not be assigned to all these tasks at the beginning of the planning cess If you have people who can take on the needs analysis and research on the current and new network environment, you can get the project underway while recruiting the rest of the project team.

pro-Identifying your organizational teams

A project like this requires a lot of time and effort and a broad range of knowledge, expertise, and experience Unless you are managing a very small network, this project is likely to require more than one person to plan and implement it Team members are assigned to various roles, each of which is concerned with a different aspect of the project

Each of these roles can be filled by one or more persons, devoting all or part of their day—and beyond in some cases—to the project No direct correlation exists between a team role and a single individual who performs it In a large organization, a team of individuals might fulfill each of these roles, whereas in a small organization, one person can fill more than one role

work-As with IT processes, a number of vendors and consultants have put together team models, which you can use in designing your own team Specific teams you might want to use include:

● Architecture team In increasingly complex IT environments, someone needs to be

responsible for overall project architecture and providing guidance for integrating the project into existing architecture This role is filled by the architecture team Specific deliverables include the architecture design and guidance for the integration solution

● Program management team Program management’s primary responsibility is

ensur-ing that project goals are met within the constraints set forth at the beginnensur-ing of the

Planning for Windows Server 2012 R2 11

project Program management handles the functional design, budget, schedule, and reporting Specific deliverables include a vision or scope document, functional specifica-tions, a master project plan, a master project schedule, and status reports

● Product management team This team is responsible for identifying the business and

user needs of the project and ensuring that the final plan meets those needs Specific deliverables include the project charter, team orientation guidance and documents for project structure and initial risk assessment

● User experience team This team manages the transition of users to the new

environ-ment This includes developing and delivering user training and conducting an analysis

of user feedback during testing and the pilot deployment Specific deliverables include user reference manuals, usability test scenarios, and user interface graphical elements

● Development team The development team is responsible for defining the physical

design and feature set of the project and estimating the budget and time needed for project completion Specific deliverables include any necessary source code or binaries and necessary integrated-solution components

● Testing team The testing team is critical in ensuring that the final deployment is

suc-cessful It designs and builds the test environment, develops a testing plan, and then performs the tests and resolves any issues it discovers before the pilot deployment occurs Specific deliverables include test specifications, test cases with expected results, test metrics, test scripts, test data, and test reports

● Release management team The release management team designs the test

deploy-ment and then performs that deploydeploy-ment as a means of verifying the reliability of the deployment before widespread adoption Specific deliverables include deployment processes and procedures, installation scripts and configuration settings for deployment, operations guides, help desk and support procedures, knowledge base, help and train-ing materials, operations documentation, and troubleshooting documentation

Working together, these teams cover the various aspects of a significant project such as

roll-ing out Windows Server 2012 R2 Although all IT projects have some throll-ings in common, and

therefore need someone to handle those areas of the project, that’s where the commonality

stops Each company has IT needs related to its specific business activities This might mean

additional team members are needed to manage those aspects of the project For example, if

external clients, the public, or both also access some of your IT systems as users, you have a set

of user acceptance and testing requirements different from many other businesses

The project team needs business managers who understand and can represent the needs of

the various business units This requires knowledge of the business operations and a clear

pic-ture of the daily tasks staff performs

12 Chapter 1 Introducing Windows Server 2012 R2

Representatives of the IT department bring their technical expertise to the table not only to detail the inner workings of the network but also to help business managers realistically assess how technology can help their departments and separate the impractical goals from the real-istic ones

Make sure that all critical aspects of business operations are covered—include representatives from all departments that have critical IT needs and be sure the team takes the needs of the entire company into account This means that people on the project team must collect infor-mation from line-of-business managers and the people actually doing the work (Surprisingly enough, the latter escapes many a project team.)

After you have gathered a team, management must ensure that team members have quate time and resources to fulfill the tasks required of them for the project This can mean shifting all or part of their usual workload to others for the project duration or providing resources such as Internet access, project-related software, and so on Any project is easier—and more likely to be successful—with this critical real-time support from management

ade-Inside OUT

Hiring talent

Sometimes people are not available in-house with all the needed skills, and you must look to consultants or contracted workers Examine which tasks should be outsourced and exactly what you must receive from the relationship Pay particular attention to highly specialized or complex areas—the Active Directory Domain Services (AD DS) architecture, for example—and those with a high rate of change.

One-time tasks, such as creating user training programs and documentation, are also good candidates for outsourcing For areas in which there will be an ongoing need for the lacking expertise, such as security, it might be a better idea to send a staff member

to get additional training.

Assessing project goals

Carefully identifying the goals behind moving to Windows Server 2012 R2 is an important part

of the planning process Without a clear list of objectives, you are unlikely to achieve them Even with a clear set of goals in mind, it is unlikely you will accomplish them all Most large business projects involve some compromises, and the process of deploying Windows Server

2012 R2 is unlikely to be an exception

Although deploying a new operating system is ultimately an IT task, most of the reasons behind the deployment won’t be coming from the IT department Computers are, after all, tools business uses to increase productivity, enhance communications, facilitate business tasks,

Planning for Windows Server 2012 R2 13

and so on; the IT department is concerned with making sure that the computer environment

the business needs is implemented

Inside OUT

Creating documentation almost painlessly

During the planning process, and as you begin to use the new network environment, you’ll be creating numerous documents describing the current state of the network, the planned changes, IT standards, administrative procedures, and the like It’s a good idea to take advantage of all this up-to-date information to create policies and pro- cedures documents, which will help ensure that the network stays in compliance with your new standards and that administration is accomplished as intended.

The same set of documents can also serve as a basis for user guides and administrator and user training and can be made available through the corporate intranet If the peo- ple working on the project, especially those performing testing, take notes about any error conditions they encounter and the resolutions to them, you’ll also have a good start on frequently asked questions (FAQs) and other technical support data.

The business perspective

Many discussions of the business reasons for new software deployments echo common

themes: enhance productivity, eliminate downtime, reduce costs, and the like Translating these often somewhat vague (and occasionally lofty) aspirations into concrete goals sometimes takes

a bit of effort It is well worth taking the time, however, to refine the big picture into specific

objectives before moving on An IT department should serve the needs of the business, not

the other way around; if you don’t understand those needs clearly, you’ll have a hard time

ful-filling them

Be sure to ask for the input of people close to where the work is being done—department

managers from each business area should be asked about what they need from IT, what works now, and what doesn’t These people care about the day-to-day operations of their computing environment Will the changes help their staff members do their work? Ask about work pat-

terns, both static and burst—the finance department’s workflow is not the same in July as it is

in April Make sure to include all departments and any significant subsets—human resources

(HR), finance, sales, business units, executive management, and so on

You should also identify risks that lie at the business level, such as resistance to change, lack

of commitment (frequently expressed as inadequate resources: budget, staff, time, and so on),

or even the occasional bit of overt opposition At the same time, look for positives to exploit;

enthusiastic staff can help energize others, and having a manager in your corner can smooth

14 Chapter 1 Introducing Windows Server 2012 R2

many bumps along the way By getting people involved, you can gain allies who are vested in the success of the project

Inside OUT

Talk to the people who will use the technology

Not to put too fine a point on it, make sure that the team members who will be dling aspects of the user experience actually talk with users The only way to assess adequately what the people doing the work need in critical areas such as usability, training, and support is to get in the trenches and see what they are doing If possible, have meetings at the user’s workstation because it can provide additional insight into daily operations If passwords are visible on sticky notes stuck to monitors—a far too common practice—you know you have security issues.

han-Identifying IT goals

IT goals are often obvious: improve network reliability, provide better security, deliver enhanced administration, and maybe even implement a particular new feature They are also easier to identify than those of other departments—after all, they are directly related to technology

When you define your goals, make sure that you are specific It is easy to say you will improve security, but how will you know when you have done so? What’s improved and by how much?

In many cases, IT goals map to the implementation of features or procedures; for example, to improve security, you will implement Internet Protocol Security (IPsec) and encrypt all traffic to remote networks

Don’t overpromise, either—eliminating downtime is a laudable goal but not one you are likely

to achieve on your network and certainly not one on which you want your next review based

Get to know one another

Business units often seem to have little idea of the IT department’s capabilities and tions—or worse, they have an idea, but it is an extremely unrealistic one This can lead to expectations ranging from improbable to absurd, which is bad for everyone involved.

opera-A major project like this brings together people from all over the company, some from departments that seldom cross paths This is a great opportunity for members of the vari- ous areas of the company to become familiar with IT operations and vice versa A clearer understanding of both the big picture of the business and the workings of other depart- ments will help smooth the interactions of IT with the rest of the company.

Planning for Windows Server 2012 R2 15

Examining the interaction between IT and business units

A number of aspects of your organization’s business should be considered when evaluating

your overall IT requirements and the business environment in which you operate Consider

things such as the following:

● Business organization How large is the business? Are there offices in more than one

location? Does the business operate across international, legal, or other boundaries?

What sorts of departmental or functional boundaries exist?

● Stability Does the business undergo a lot of change? Are there frequent

reorganiza-tions, acquisireorganiza-tions, changes, and the like in business partnerships? What is the expected growth rate of the organization? Conversely, are substantial downsizings planned in the future?

● External relationships Do you need to provide access to vendors, partners, and so on?

Are there external networks that people operating on your network must access?

● Impact of Windows Server 2012 R2 deployment How will this deployment affect the

various departments in your company? Are any areas of the company particularly erant of disruption? Are there upcoming events that must be considered in scheduling?

intol-● Adaptability Is management easily adaptable to change? If not, make sure you get

every aspect of your plan right the first time Having an idea of how staff might respond

to new technologies and processes can help you plan for education and support

Predicting network change

Part of planning is projecting into the future and predicting how future business needs will

influence the activities of the IT department Managing complicated systems is easier when it’s done from a proactive stance rather than a reactive one Predicting network change is an art,

not a science, but it behooves you to hone your skills at it

This is primarily a business assessment, based on things such as expected growth, changes in

business focus, or possible downsizing and outsourcing—each of which provides its own

chal-lenges to the IT department Being able to predict what will happen in the business and what

those changes will mean to the IT department enables you to include room for expansion in

your network design

When attempting to predict what will happen, look at the history of the company Are

merg-ers, acquisitions, spin-offs, and so on common? If so, this indicates a considerable need for

flexibility from the IT department and the need to keep in close contact with people on the

business side to avoid being blindsided by a change in the future

16 Chapter 1 Introducing Windows Server 2012 R2

As people meet to discuss the deployment, talk about what is coming up for the business units Cultivate contacts in other parts of the company and talk with those people regularly about what’s going on in their departments, such as upcoming projects and what’s happening with other companies in the same business sector Reading the company’s news releases and articles in outside sources can also provide valuable hints of what’s to come By keeping your ear to the ground, doing a little research, and thinking through the potential impact of what you learn, you can be much better prepared for whatever is coming up next

The impact of growth on management

Many networks start out with a single administrator (or a small team), which makes sense because many networks are small when first implemented As those networks grow, it is not uncommon for a few administrative tasks to be delegated to others in the company who, although it is not their job, know how to assist the highly limited IT staff This can lead to a haphazard approach to management, where who is doing what isn’t always clear, and the methods for basics (such as data backups) vary from one department to the next, leading to potential problems as time goes by and staff moves on If this sounds familiar

to you, this is a good time to remedy the situation.

Analyzing the existing network

Before you can determine the path to your new network environment, you must determine where you are right now in terms of your existing network infrastructure This requires deter-mining a baseline for network and system hardware, software installation and configuration, operations, management, and security Don’t rely on what you think is the case; actually verify what is in place

Project worksheets consolidate information

A large network environment, with a lot of architectural and configuration information to

be collected, can require juggling enormous amounts of data If this is the case, you might find it useful to use project worksheets of some sort If your company has not created cus- tomized worksheets, you can use those created by Microsoft to aid in the upgrade process Typically, these are available in the operating system deployment kit.

Evaluating the network infrastructure

You should get an idea of what the current network looks like before moving to a new ing system You will require configuration information while designing the modifications to the network and deploying the servers In addition, some aspects of Windows Server 2012

Planning for Windows Server 2012 R2 17

R2, such as the sites used in Active Directory replication, are based on your physical network

configuration (A site is a segment of the network with good connectivity, consisting of one or

more Internet Protocol [IP] subnets.)

For reasons such as this, you want to assess a number of aspects related to your physical

net-work environment Consider such characteristics as the following:

● Network topology Document the systems and devices on your network, including

link speeds, wide area network (WAN) connections, sites using dial-up connections, and

so on Include devices such as routers, switches, servers, and clients, noting all forms of addressing such as computer names and IP addresses for Windows systems

● Network addressing Are you currently employing Internet Protocol version 4 (IPv4)

and Internet Protocol version 6 (IPv6)? What parts of the address space are private, and what parts are public? Which IP subnets are in use at each location?

● Remote locations How many physical locations does the organization have? Are they

all using broadband connections, or are there remote offices that connect sporadically

by dial-up? What is the speed of those links?

● Traffic patterns Monitoring network traffic can provide insights into current

perfor-mance and help you identify potential bottlenecks and other problems before they occur Examine usage statistics, paying attention to both regularly occurring patterns and anomalous spikes or lulls, which might indicate a problem

● Special cases Do any portions of the network have out-of-the-ordinary configuration

needs such as test labs that are isolated from the rest of the network?

Inside OUT

Mapping the territory

Create a network map illustrating the location of all your current resources—this is ier by using tools such as Microsoft Visio Collect as much detailed information as pos- sible about those resources, starting with basics such as what is installed on each server, the services it’s providing, and so on Additional information, such as critical workflow processes and traffic patterns between servers, can also be very useful when it comes time to consolidate servers or deploy new ones The easier it is to cross-reference all this information, the better.

eas-Assessing systems

As part of planning, you should inventory the existing network servers, identifying each

system’s operating system version, IP address, Domain Name System (DNS) names,

18 Chapter 1 Introducing Windows Server 2012 R2

and the services provided by that system Collect such information by performing the following tasks:

● Inventory hardware Conduct a hardware inventory of the servers on your network,

noting central processing unit (CPU), RAM, disk space, and so on Pay particular tion to older machines that might present compatibility issues if upgraded You can use the Microsoft Assessment and Planning (MAP) Toolkit, Microsoft System Center Configu-ration Manager (SCCM), or other tools to help you with the hardware inventory

atten-● Identify operating systems Determine the current operating system on each

com-puter, including the entire version number (even if it runs to many digits), in addition to service packs, hot fixes, and other post-release additions

● Assess your current Windows domains Do you have only Windows domains on the

network? Are all domains using Active Directory? Do you have multiple Active Directory forests? If you have multiple forests, detail the trust relationships List the name of each domain, what it contains (users, resources, or both), and which servers are acting as domain controllers

● Identify localization factors If your organization crosses international boundaries,

language boundaries, or both, identify the localized versions of Windows Server in use and the locations in which they are used This is critical when upgrading to Windows Server 2012 R2 because attempting an upgrade using a different localized version of Windows Server 2012 R2 might fail

● Assess software licenses Evaluate licenses for servers and client access This helps you

select the most appropriate licensing program

● Identify file storage Review the contents and configuration of existing file servers,

identifying partitions and volumes on each system Identify existing distributed file system (DFS) servers and the contents of DFS shares Don’t forget shares used to store user data

Inside OUT

Where is the data?

Locating file shares that are maintained at a departmental, team, or even individual level can take a little bit of investigation However, the effort to do so can be well worth it because you can centralize the management of data that is important to individual groups while providing valuable services such as ensuring that regular data backups are performed.

Planning for Windows Server 2012 R2 19

You can gather hardware and software inventories of computers that run the Windows

operat-ing system by usoperat-ing a tool such as SCCM Review the types of clients that must be supported

so that you can configure servers appropriately This is also a good time to determine any

cli-ent systems that must be upgraded (or replaced) to use Windows Server 2012 R2 functionality You can also gather this information with scripts or a software management program

Identify network services and applications

Look at your current network services, noting which services are running on which servers and the dependencies of these services Do this for all domain controllers and member servers that you’ll be upgrading You’ll use this information later to plan for server placement and service

hosting on the upgraded network configuration Some examples of services to document are

as follows:

● DNS services You must assess your current DNS configuration If you’re currently using

a non-Microsoft DNS server, you want to plan DNS support carefully because Active Directory relies on Windows Server 2012 R2 DNS If you’re using Microsoft DNS but are not using Active Directory–integrated zones, you might want to plan a move to Active Directory-integrated zones

● WINS services You should assess the use of Network Basic Input/Output System

( NetBIOS) by older applications and computers running early versions of the Windows operating system to determine whether NetBIOS support (such as Windows Internet Naming Service [WINS]) will be needed in the new network configuration If you’ve removed older applications and computers running early versions of the Windows operating system from your organization, support for WINS is no longer needed You can remove the WINS Server feature from your servers by using the Remove Roles And Features Wizard When you remove this feature, the WINS Server service also is removed because it is no longer needed

● File shares Standard file shares use Server Message Block (SMB), a client-server

tech-nology for distributing files over networks Windows desktop operating systems have an SMB client Windows Server operating systems also have SMB server technology Cur-rent Windows operating systems support SMB 3.0, which supports end-to-end encryp-tion and eliminates the need for IPsec to protect SMB data in transit If you’ve removed all computers running Windows XP and Windows Server 2003 from your organization, neither support for SMB 1.0 nor the Computer Browser service that SMB 1.0 used are needed You can remove the SMB 1.0/CIFS File Sharing Support feature from your serv-ers by using the Remove Roles And Features Wizard When you remove this feature, the Computer Browser service also is removed because it is no longer needed

● Print services List printers and the print server assigned to each one Consider who is

assigned to the various administrative tasks and whether the printer will be published in

20 Chapter 1 Introducing Windows Server 2012 R2

Active Directory Also, determine whether all the print servers will be upgraded in place

or whether some will be consolidated

● Network applications Inventory your applications, creating a list of the

applica-tions that are currently on the network, including the version number (and post-release updates and such), which server hosts it, and how important each application is to your business Use this information to determine whether upgrades or modifications are needed Watch for software that is never used and thus need not be purchased or sup-ported—every unneeded application you can remove represents savings of both time and money

This list is only the beginning Your network will undoubtedly have many more services that you must take into account

CAUTION

Make sure that you determine any dependencies in your network configuration

Discovering after the fact that a critical process relied on the server that you just decommissioned will not make your job any easier You can find out which Microsoft and third-party applications are certified to be compatible with Windows Server 2012

R2 in the Windows Server Catalog (http://www.windowsservercatalog.com/)

Identifying security infrastructure

When you document your network infrastructure, you will need to review many aspects of your network security In addition to security concerns that are specific to your network envi-ronment, the following factors should be addressed:

● Consider exactly who has access to what and why Identify network resources, security groups, and assignment of access permissions

● Determine which security protocols and services are in place Are adequate virus tection, firewall protection, email filtering, and so on in place? Do any applications or services require older NTLM authentication? Have you implemented a public key infra-structure (PKI) on your network?

pro-● Examine auditing methods and identify the range of tracked access and objects

● Determine which staff members have access to the Internet and which sorts of access they have Look at the business case for access that crosses the corporate firewall—does everyone who has Internet access actually need it, or has it been provided across the board because it was easier to provide blanket access than to provide access selectively? Such access might be simpler to implement, but when you look at Internet access from the security perspective, it presents many potential problems