Windows Server 2003: The Complete Reference potx

Ifyou’re moving to Windows Server 2003 from Windows NT, learning about Active Directory, Group Policies, and the othermanagement features may seem overwhelming at first, and in fact, the

Windows ®

Server 2003: The Complete Reference

Kathy Ivens with Rich Benack, Christian Branson, Kenton Gardinier, John Green, David Heinz, Tim Kelly, John Linkous, Christopher McKettrick, Patrick J Santry, Mitch Tulloch

Copyright © 2003 by The McGraw-Hill Companies, Inc All rights reserved Manufactured in the United States of America Except as mitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher

per-0-07-223028-2

The material in this eBook also appears in the print version of this title: 0-07-219484-7

All trademarks are trademarks of their respective owners Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention

of infringement of the trademark Where such designations appear in this book, they have been printed with initial caps McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in cor- porate training programs For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw- hill.com or (212) 904-4069

TERMS OF USE

This is a copyrighted work and The McGraw-Hill Companies, Inc (“McGraw-Hill”) and its licensors reserve all rights in and to the work Use of this work is subject to these terms Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent You may use the work for your own noncommercial and personal use; any other use

of the work is strictly prohibited Your right to use the work may be terminated if you fail to comply with these terms THE WORK IS PROVIDED “AS IS” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WAR- RANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PAR- TICULAR PURPOSE McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any dam- ages resulting therefrom McGraw-Hill has no responsibility for the content of any information accessed through the work Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, con- sequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised

of the possibility of such damages This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.

DOI: 10.1036/0072230282

Want to learn more?

We hope you enjoy this McGraw-Hill eBook! If you d like more information about this book, its author, or related books and websites, please click here

,

I’d like to thank all the talented people at McGraw-Hill/Osborne who worked so hard to bring this book to you, with special homage to Tracy Dunkelberger and Athena Honore, who were directly involved in every step of this book’s creation Picture me delivering a loud and enthusiastic round of applause as I give special thanks to the technical editor, David Heinz, for his expertise, and a standing ovation

for copy editor Bill McManus for his extremely skillful work.

I owe Chris Cannon, Microsoft’s Product Manager for Servers, more than I can ever repay, for providing explanations, information, and an incredible amount of patience (all delivered with a much appreciated sense of humor) Brandi Muller

of Waggener Edstrom Strategic Communications was a life saver whenever I

needed information.

—Kathy Ivens

This chapter is dedicated to my loving wife, Connie, for all her support in my

career and in our marriage.

com-business problems we face today.

About the Author

Kathy Ivenshas been a computer consultant and author since 1985 She has writtenand contributed to more than forty books, and hundreds of magazine articles She also

writes the Reader Challenge for Windows 2000 Magazine (formerly known as Windows

Mathematics from the University of Illinois at Urbana as well as a B.S in ComputerInformation Management from the College of St Mary in Nebraska He has earned anM.S in Geography with a specialization in Remote Sensing and computer mappingfrom the University of Nebraska at Omaha Rich also has advanced blackbelts in TaeKwon Do and Hap Ki Do

Christian Bransonhas been a Systems Engineer for 12 years He worked forMicrosoft Product Support Services for six years as a support professional and a labengineer He has also been a network administrator in San Antonio's largest hospitalsystem, and a field support engineer as a contractor to the Army He lives in Dallaswith Tanya, his wife of 24 years, and their son, Ian

Kenton Gardinier, MCSA, MCSE, and CISSP, is a senior consultant withConvergent Computing He has designed and implemented technical and businessdriven solutions for organizations of all sizes for over 10 years He is an author of

numerous books (his latest is Windows Server 2003 Unleashed), print magazine articles,

and online articles on computer technology In addition, he speaks on technologyissues at conferences nationwide

John Green, MCSE and MCDBA, is a former member of the Windows and NETMagazine lab and author of numerous magazine articles He is president of NereusComputer Consulting

David Heinzhas been involved in computer systems management for eight years

He has worked for several small businesses and for Micron Technology as a systemsmanager He is a columnist at www.myitforum.com He lives in Las Vegas with hisfamily and can be reached at dheinz99@yahoo.com

Tim Kellyis a technology leader for a major credit card processing company Heleads the development and implementation of a new process management web

application for customers in multiple vertical industries, based on the Microsoft NET

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7

Blind Folio iv Composite Default screen

development environment and Windows 2000/Windows 2003 platforms He workedfor three years with Microsoft (1998-2001), at the time of the rollout of Windows 2000and assisted multiple corporate customers with Active Directory implementations,Exchange 2000 implementations, and transitions from Windows NT 4.0 to Windows

2000 technologies He has worked extensively in the electronic commerce and highlyavailable web applications space for the last five years, and counts as his specialties IIS,Microsoft Clustering Technologies, Microsoft SQL Server availability, Active Directory,and core networking technologies He is a graduate of the University of Idaho (B.S.),and Auburn University (M.B.A.) and has 10 years experience in the technology field.When not having fun losing hair to new technology, Tim enjoys family time with hiswonderful wife, Lynn, and sons Russell and Jackson He also enjoys jumping out ofperfectly safe airplanes

John Linkousis president of Technology Workflow Solutions, LLC (www

techworkflow.com), an end-to-end technology integration vendor He specializes

in integrating a broad range of technologies, including operating systems, messagingproducts, relational and object-oriented database systems, vertical market products,and enterprise management solutions across multiple platforms His company’s clientsinclude organizations in the financial services, healthcare, aerospace, and food serviceindustries When John’s not in a plane, train, automobile, or data center, he lives insuburban Philadelphia, PA He can be reached at jlinkous@techworkflow.com

Christopher McKitterickreceived his M.A in writing from the University ofKansas He has a B.A in English, with minor concentrations in writing, astronomy, andpsychology He has been a technical writer, developmental editor, and documentationmanager at Microsoft in the Windows Division for nearly five years, and also hasnumerous fiction, poetry, essay, nonfiction, and miscellaneous publications to his name.Chris is currently teaching technical communications at the University of Kansas, hastaught astronomy and fiction writing, directed observatory and planetarium programs,built nearly 100 telescopes, and is an expert on restoring automobiles Chris chairs theTheodore Sturgeon Memorial Award for best short science fiction of the year; has served

as a juror for the John W Campbell Memorial Award for best science fiction novel ofthe year; and works with the Center for the Study of Science Fiction (http://www.ku.edu/~sfcenter/index.html)

Patrick J Santry,MCT, MCSE, MCSA, MCP+SB, A+, i-Net+, CIW CI, is anindependent consultant specializing in Web-based solutions using Microsoft NETtechnologies Patrick is a contributing author and technical editor of several booksand magazine articles on Microsoft technologies

Mitch Tulloch, MCSE, Cert.Ed., is a consultant, trainer and author of more than a

dozen computing books including Administering IIS4, Administering IIS5, Administering

Exchange Server 5.5, and Administering Exchange 2000 Server, all from McGraw-Hill/

Osborne He is also the author of the Microsoft Encyclopedia of Networking, now in its second edition, and the upcoming Microsoft Encyclopedia of Security, both from

Microsoft Press Mitch has also developed university-level IT courses and writtenfeature articles for industry magazines like NetworkWorld He can be reached

through his website, www.mtit.com

This page intentionally left blank.

Acknowledgments xxv

Introduction xxvi

1 Introducing Windows Server 2003 1

Windows Server 2003 Editions 2

Standard Edition 2

Enterprise Edition 2

Datacenter Edition 3

Web Edition 3

Brand New in Windows Server 2003! 3

New Remote Administration Tools 3

New Active Directory Features 8

Availability and Reliability Improvements 12

Resultant Set of Policies 14

2 Installation 15

Hardware Requirements 16

Hardware Compatibility List 16

Symmetric Multiprocessing Hardware 16

Clustering Hardware 16

Plug and Play Support 18

ACPI Issues 18

Developing a Deployment Plan 19

Document the Hardware 19

Document the Network 20

Document the Software 21

Document the Legacy Components 21

Prepare for Problems 22

vii

For more information about this title, click here.

Complete the Preinstallation Tasks 22

Understanding Installation Models 25

Winnt.exe vs Winnt32.exe 26

Installing from CD 29

Booting to the Windows Server 2003 CD 29

Running Setup.exe from CD 30

Installing from an MS-DOS Boot Disk 30

Using Network Sharepoints 31

Using Logon Scripts and Batch Files 31

Automated Installations 32

Choosing an Automated Installation Type 32

Unattended Installation 37

SYSPREP 40

Remote Installation Services (RIS) 53

3 System Basics for Servers 63

Manage Your Server 64

Configure Your Server Wizards 64

Removing Server Roles 70

Configure Your Server Log 72

Set Up Server Roles Manually 72

Remote Desktop 72

Enable Remote Desktop on the Server 73

Client Remote Connection Software 76

Starting a Remote Desktop Session 80

Running a Remote Desktop Session 82

Leaving a Remote Desktop Session 83

Managing the Connections from the Server 85

Joining the Console Session 86

Using a Snap-in for Remote Desktop 87

Changes in IIS 88

Use Web Edition for IIS 89

Installing IIS 89

Preventing IIS Installation 90

Activation 91

Do You Need to Activate Your Copy? 92

How Activation Works 92

Activating Your Installation 92

Activating after the Grace Period 93

Software Compatibility Tools 93

Test Compatibility with the Wizard 94

Set Compatibility Options Manually 97

4 The Windows Server 2003 Registry 99

Overview of the Registry 100

Registry Structure 102

Hives and Hive Files 103

viii W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter Composite Default screen

Registry Data Items 104

HKEY_CLASSES_ROOT 106

HKEY_CURRENT_USER 109

HKEY_LOCAL_MACHINE 116

HKEY_USERS 117

HKEY_CURRENT_CONFIG 117

Regedit.exe 117

Prevent Regedit from Displaying the Last Accessed Key 117

Accessing Remote Registries 118

Searching the Registry 120

Creating Favorites 121

Tweak and Troubleshoot with the Registry 122

Exporting Keys 122

Adding Items to the Registry 123

Deleting Registry Items 124

Changing Registry Item Values 124

Using Registration Files 124

Registry Security 128

Understanding Permissions 128

Working with Permissions 129

Change Ownership of a Key 132

Auditing the Registry 133

Reg.exe 136

General Guidelines for Reg.exe 137

Reg Add 137

Reg Delete 138

Reg Copy 139

Reg Compare 139

Reg Export 140

Reg Import 140

Reg Save 140

Reg Restore 141

Reg Load 141

Reg Unload 141

Reg Query 142

Regmon 142

5 Booting 143

Hardware Bootup 144

POST 145

Memory Errors 145

Drive Errors 146

SCSI Errors 147

Operating System Boot 147

MBR Code Executes 148

Windows Server 2003 Startup Files Execute 149

Boot Selection Menu Displays 149

Ntdetect Launches 150

Ntoskrnl Runs and HAL Is Loaded 150

Drivers and Services Load 150

Operating System Loads 151

The Computer Logs On 151

Logon Services Load 156

About Boot.ini 156

Boot.ini Contents 156

x86 ARC Path Statements 158

Tweaking Boot.ini 161

The Advanced Options Menu 165

Safe Mode 165

Enable Boot Logging 166

Enable VGA Mode 167

Last Known Good Configuration 167

Directory Services Restore Mode 169

Debugging Mode 169

Creating a Bootable Floppy Disk 169

Creating a Bootable Floppy Disk from Your Own System 169

Creating a Bootable Floppy Disk on Another Windows Server 2003 Computer 170

Creating a Bootable Floppy Disk on a Computer Running a Different Version of Windows 170

Creating a Quick Boot.ini File 171

6 Windows Server 2003 User Interface 173

First Boot 174

First Logon 174

Joining a Domain 174

Local vs Domain Logon Names and the Interface 175

Manage Your Server 175

Video Settings 176

The Desktop 176

Enabling the Themes Service 177

Switching Themes 177

Modifying Themes 177

Deleting Themes 178

Start Menu 178

Start Menu Left Pane 178

Right Pane of the Start Menu 181

Enabling the Classic Start Menu 181

Taskbar 182

Notification Area 182

Grouping Taskbar Buttons 185

Locking the Taskbar 186

Taskbar Toolbars 186

Folder Behavior and Views 186

Folder Opening Behavior 186

Viewing Folders and Files 188

x W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter Composite Default screen

Show File Extensions to Avoid Danger 189

File Associations 190

Help and Support Services 190

Using the Index 190

Searching for Topics 192

Working with Help Pages 193

Customizing the Help System 194

7 The Command Prompt 197

Tricks and Tips for the Command Prompt 198

Finding the Command Prompt Menu Item 198

Quick Access to a Command Prompt from the GUI 198

Quick Tricks for Keystrokes 199

Use Doskey to Recall and Edit Commands 199

The Command Prompt Window 201

Change the Properties of the Command Prompt Window 201

Options Tab 202

Font Tab 203

Layout Tab 204

Window Colors Tab 205

Copy and Paste in the Command Prompt Window 206

Command Extensions 206

Commands with Extensions 207

Disabling Command Extensions 207

Managing Conflicts in Command Extensions Configuration 208

Folder and Filename Completion 208

Enable Folder and Filename Completion for a Command Session 208

Enable Folder and Filename Completion Permanently 209

Wildcard Shortcuts 210

Windows Server 2003 Commands 210

Commands Not Supported in Windows Server 2003 211

Commands Not Supported in Enterprise or Data Center Server 213

Commands That Have Changed 213

Using UNCs on the Command Line 217

Viewing and Manipulating Files via UNCs 217

Using Pushd and Popd to Access Remote Computers 217

Pushd and Net Use 218

Use Subst for Local Virtual Drives 219

Help for Commands 220

8 System Maintenance Tools 221

Defragmentation 222

Disk Defragmenter Snap-in 222

Analyze the Drive 223

Defragment the Drive 224

Limitations of the Disk Defragmenter 225

Defrag.exe 226

Troubleshooting Defragmentation 227

Optimize Disk Defragmenter Performance 230

Scheduled Tasks 230

Scheduled Tasks Execution File 231

Use the Scheduled Task Wizard 231

Create a Scheduled Task Manually 232

Modify or Delete Scheduled Tasks 236

Run and Stop Scheduled Tasks 237

Check the Status of Scheduled Tasks 237

Set Global Options for Scheduled Tasks 238

Work with Tasks on Remote Computers 238

AT.exe 240

Schtasks.exe 241

Create Tasks with Schtasks.exe 242

Manage Existing Tasks with Schtasks.exe 243

Disk Cleanup 244

Run Disk Cleanup 245

Decide What to Delete 245

Compress Old Files 246

Additional Options for Disk Cleanup 246

Using Cleanmgr.exe 247

System Information 247

Navigating the System Information Window 248

Save System Data to a File 249

Export System Data 249

Run a System Tool from the System Information Window 249

Connect to a Remote Computer 250

Use Msinfo32.exe 250

Local Computer Management Snap-in 253

System Tools Tree 254

Storage 265

Removable Storage 265

Services and Applications 274

9 Printing 275

New Printing Features 276

Printing Basics 277

Printing Processes 277

Create the Output File 277

Process the Output File 278

Route the Print Job 278

Send the Print Job 278

Printing Components 278

Spooler 278

Spool Files 280

Printer Drivers 280

xii W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter Composite Default screen

Windows Server 2003 Print Processor 282

Other Print Processors 283

Print Router 283

Print Monitors 284

Language Monitors 292

Print Providers 292

Installing Local Printers 293

Plug and Play Printer Installation 293

Manual Installation of Printers 294

Installing USB Printers and IEEE Printers 295

Installing Infrared Printers 295

Install a Network-ready Printer 295

Sharing Printers 297

Create a Printer Share 297

Set Printer Permissions 298

Audit Printer Access 300

Add Drivers for Other Windows Versions 304

Using Printer Location Tracking 306

Printer Location Tracking Requirements 306

Printer Location Naming Requirements 306

Installing Remote Printers 308

Connect to Remote Printers 308

Search Active Directory 309

Browse the Network 312

Planning Printer Deployment 312

One-to-One Printer Drivers 313

Printer Pools 313

Many-to-One Printer Drivers 314

Configuring Print Servers 315

Print Server Forms 316

Print Server Ports 316

Print Server Drivers 316

Server Spooler Options 317

Configuring Printers 318

Printing Preferences 318

Printer Properties 320

Administering Printers 326

Managing Remote Printers 326

Redirecting Print Jobs 326

Manipulate Print Jobs in the Queue 327

Printing to a File 327

Printing from DOS 328

10 Networking with TCP/IP 329

The Ins and Outs of TCP/IP 330

Microsoft’s TCP/IP Rollout 331

Windows Server 2003 TCP/IP Enhancements 332

TCP/IP Enhancements 339

TCP/IP and the Windows Server 2003 Networking Model 341

The TCP/IP Protocol Stack 342

Anatomy of a TCP Session 349

Installing and Configuring TCP/IP 351

IP Address 352

Subnet Mask 353

IP Address Types 354

Understanding a Subnet 355

Default Gateway 356

Advanced IP Addressing 356

Preferred and Alternate DNS Servers 356

Understanding Name Registration and Resolution 357

Using a HOSTS File 358

Using the Domain Name System 358

NetBIOS Names 359

Node Types 360

NetBIOS Name Registration 361

NetBIOS Name Resolution 362

When to Stop Relying on NetBIOS 365

TCP/IP Tools 366

Ping 366

Tracert 368

Pathping 369

Ipconfig 370

Netstat 371

ARP 372

Route 372

11 DHCP and IP addressing 377

Public IP Addresses 378

Private IP Addresses 379

Understanding DHCP 379

Origins of DHCP 379

IP Address Allocation 380

Other DHCP Capabilities 381

DHCP Communications 384

Running the Microsoft DHCP Server 386

DHCP and Name Resolution 391

12 Understanding DNS 393

Introduction to the Domain Name System 394

How Did This Begin? 394

The Domains 396

FQDN (Fully Qualified Domain Name) 398

The Zones 398

Primary Zone 398

Secondary Zone 398

xiv W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter Composite Default screen

Active Directory Integrated 398

Stub Zone 399

Delegation 399

The Records 399

Zone Transfer/Replication 401

The Files 402

Windows Server 2003 DNS 402

Client-Side Registry Entries 405

DNS Tools 410

Installing DNS Manually 412

Installing DNS Using the Manage Your Server Wizard 412

Setting a Forward Lookup Zone 413

Security Options 414

DHCP Integration 414

RFCs 414

WINS 415

LMHOSTS 418

13 Routing and Remote Access Service 423

Changes in Routing and Remote Access for Windows Server 2003 424

IP Routing Overview 424

Routing Algorithms 427

Routing Protocols 429

Routing and Remote Access Service Fundamentals 433

Remote Connectivity vs Remote Control 433

Network Protocols 434

Access Protocols 437

Access Methods 442

Internet Connection Sharing 444

Securing RRAS 445

Authentication Methods 445

Callback 448

Caller ID 449

Virtual Private Networking Fundamentals 449

Authentication 450

Tunneling 450

Encryption 450

VPN Implementation Considerations 452

Choosing a VPN Solution 453

Installing RRAS 453

Enabling RRAS 454

Configuring RRAS 455

Configuring Remote Access (Dial-up or VPN) 456

Configuring a Router with Network Address Translation 458

Configuring VPN Access and NAT 462

Configuring a Secure Connection Between Two Private Networks 463

Configuring a Custom RRAS Configuration 465

Configuring Internet Connection Sharing 466

Configuring RRAS Clients 470

Configuring Remote Access Policies 474

Managing and Troubleshooting RRAS 480

Managing Multiple RRAS Servers 480

Monitoring Connections 482

Viewing Routing Tables 482

Adding Static Routes 483

Event Logging 485

Where Did My Options Go? 487

RRAS and 64-bit Versions of Windows Server 2003 487

14 Client Networking Services 489

Windows Client Networking Service 490

Client for Microsoft Networks 490

File and Printer Sharing for Microsoft Networks 491

Browser Service 492

Novell NetWare Services 493

Windows vs NetWare Communications 493

NWLink 494

Client Service for NetWare 496

Services for NetWare 497

Services for Macintosh 499

Macintosh Network Protocols 499

Authenticating Macintosh Clients 503

File Services for Macintosh 505

Print Services for Macintosh 508

UNIX Integration Services 509

POSIX 509

Print Services for UNIX 510

UNIX Network Connectivity 512

Telnet 513

15 File Systems and Functions 519

FAT and FAT32 520

NTFS 521

NTFS Master File Table 522

NTFS Fragmentation 523

NTFS Compression 525

Upgrading to NTFS 527

Deciding on a File System 528

Converting to NTFS 529

Formatting a Volume for NTFS 530

NTFS Permissions 532

NTFS Permissions vs Share Permissions 532

Default Permissions 533

Inherited Permissions 535

Tweaking Permissions 538

xvi W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter Composite Default screen

Effective Permissions 540

Understanding the Deny Permission 541

16 Disk and File Management 543

Distributed File System 544

When to Use DFS 544

DFS Terminology 545

Stand-alone vs Domain DFS 545

Creating a DFS Root 546

Adding a Link to the Root 550

Mapping Drives to the Root for Users 552

Managing DFS 552

Shadow Copies of Shared Folders 553

Enabling Shadow Copies 553

Configuring Shadow Copies 555

Disabling Shadow Copies 556

Installing Client Software for Shadow Copies 557

Accessing Previous Versions of Files 558

Disk Quotas 561

Requirements for Disk Quotas 562

Planning Default Quotas 563

Enabling and Applying Quotas 564

Set Individual Quota Entries 565

Quota Reports 566

Moving Quota Entries to Another Volume 567

Remote Storage Service 568

Quick Overview of RSS 568

Installing RSS 569

Tweaking RSS Settings 570

Using the Files Managed by RSS 572

RSS Backups 573

Removing RSS 573

Removable Storage Management 574

Configuring Removable Storage 574

Libraries 575

Media Pools 576

Media Identification 577

Media States 577

Managing Media Pools 578

Managing Media 581

Managing the Work Queue 581

Managing Operator Requests 583

RSM Tricks and Tips 583

17 Windows Server 2003 Security 585

Windows Server 2003 Authentication 586

NTLM Authentication 586

NTLM Telnet Authentication 586

Kerberos Overview 587

Public Key Infrastructure and Windows Server 2003 Authentication 589

Protecting Data Using Windows Server 2003 Encrypting File System 591

Administrative Issues with EFS 592

Using the System Key 594

Use of SYSKEY in the Domain 596

Password-Protected Screensavers 596

Internet Protocol Security 599

IPSec Monitor Snap-In 602

Local Security Policies 603

Local Security Account Policies 603

Account Lockout Policies 604

Local Policies 605

Implementing Auditing 607

Detecting Security Breaches Through Auditing of Logs 611

Protecting Event Logs 612

Trust Relationships Between Domains 613

Patch Management 615

Microsoft Network Security Hotfix Checker (HFNETCHK) 615

Microsoft Baseline Security Analyzer (MBSA) 616

Checklist 619

18 Domain Controllers 621

Creating a New Domain 622

Planning DC Deployment 623

Installing Active Directory 623

Active Directory and DNS 623

Installing the First DC in a New Domain 624

Installing Additional DCs in a New Domain 625

Creating Additional DCs by Restoring a Backup 626

Upgrading Windows 2000 Domains 628

Preparing the Forest and Domain 628

Upgrade the Windows 2000 DCs 630

Upgrading Windows NT 4 Domains 630

DNS Decisions 630

Domain and Forest Functionality 631

Upgrading the DCs 632

Understanding DC Roles 633

Replication: The Motivation for Roles 634

Assigning Roles 635

Schema Master 635

Domain Naming Master 638

Relative ID Master 640

PDC Emulator Master 642

Infrastructure Master 644

xviii W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter Composite Default screen

W32Time 646

Understanding the Time Synchronization Hierarchy 646

Understanding the Synchronization Process 647

Using an External Time Server 648

W32Time Event Log Entries 650

Global Catalog 651

Global Catalog Searches 651

Global Catalog Authentication Tasks 652

Global Catalogs Maintain Universal Groups 652

Universal Group Membership Caching 652

Enabling/Disabling Global Catalog on a DC 653

19 Understanding Active Directory 655

Active Directory Structure 656

Active Directory Users and Computers 656

LDAP and Active Directory 659

Distinguished Names 659

Relative Distinguished Names 660

Planning Your Active Directory Structure 660

Centralized or Decentralized Administrative Control 660

Geographical Location 664

Organizational Structure 664

Mixed Organizational Structure 664

Searching Active Directory 665

Active Directory Users and Computers 665

Using Windows Search 666

Maintaining Active Directory 666

Active Directory Sites and Services 670

Creating a Site Structure 670

Inter-Site Transports 671

Subnets 672

Services 672

Tools for Maintaining and Troubleshooting Sites and Services 673

Active Directory Domains and Trusts 676

20 Managing Groups and OUs 679

Windows Server 2003 Groups 680

Local Groups 680

Domain Groups 686

Understanding Group Scopes 687

Default Domain Groups 689

Special Identities 691

Using Groups for Permissions 692

Organizational Units 694

Create an OU 695

Locate Objects in an OU 696

Delegate Administration of an OU 696 Managing Delegations 698

21 Managing Users and Logons 701

Understanding User Accounts 702

Local Accounts 702 Domain Accounts 702 Groups 703 Managing Domain Accounts 703

Built-in Domain Accounts 703 Domain User Accounts 704 Managing UPNs 710 Managing Local User Accounts 711

Creating Local User Accounts 712 Configuring Local User Accounts 712 Overview of the Logon Process 714

Local Logon 714 Domain Logon 715 Logon to Trusted Domains 715 Remote Logon 715 Authentication 716

Kerberos 716 NTLM 716 Passwords 717

New Password Requirements 717 Strong Passwords 718 Domain Password Policies 718 Bad Password Lockouts 720 Password Reset Disks 722 User Profiles 723

Local Profiles 724 Configuring the Default User Profile 724 Roaming Profiles 726 Mandatory Profiles 729 Home Folders 730

Adding Home Folders to Profiles 730 Redirecting Documents to the Home Folder 731 Logon Scripts 735

Enable Logon Scripts in User Properties 735 Enable Logon Scripts with a Group Policy 735

Client Machines 737

Group Policy Basics 738

Requirements for Using Group Policy 740 Interoperability with Older Operating Systems 742 Group Policy Processing and Inheritance 743 Filtering Group Policy 746

xx W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter Composite Default screen

Group Policy Objects 746

Editing Group Policy Objects 747 Group Policy Settings 748

Computer Configuration 748 User Configuration 753 Custom Templates 759 Using GPMC to Manage Group Policy 760

Creating Group Policy Objects 760 Linking Group Policy Objects to Active Directory

Containers 761 Delegating Group Policy Management 762 Group Policy Modeling 762 Group Policy Results 763 Backing Up Group Policy Objects 763 Importing GPO Settings 764 Restoring Backed-Up Group Policy Objects 764 Copying Group Policy Objects 764 Migrating GPO Settings 764 Scripting GPMC Operations 764

23 Network Software Installation 767

Remote Installation Services 769

Setup of Remote Installation Software 770 RIS for Managing Your Windows 2003 Environment 775 Intellimirror and Active Directory Software Installation and

Maintenance 777 Intellimirror 778 Software Restriction Policies 783

24 Clustering 785

Network Load Balancing Clusters 786

Network Load Balancing Advantages 787 NLB Architecture 788 Installing and Configuring Network Load Balancing 790 Using Nlbmgr.exe to Configure Clusters and Nodes 800 Administering Network Load Balancing 803 Server Clusters 807

Server Cluster Architecture 807 Using Server Clusters in Your Environment 815 Installing Cluster Service 818

25 Tweaking and Optimizing Performance 827

Examining Performance Optimization 828

Establishing Service Levels and Goals 829 Establishing Policies and Procedures 830 Establishing Baseline Values 831

Workload Characterization 831

Benchmarks and Vendor-supplied Information 831 Data Collection: What Is Being Monitored 832 Performance Monitoring Tools 833

Task Manager 834 Network Monitor 835 Performance Snap-in 836 Third-Party Utilities 849 Monitoring and Optimizing System Resources 850

Monitoring Memory 851 Monitoring the Processor 852 Monitoring the Disk Subsystem 853 Monitoring Network Performance 853 Controlling System Resources 854

Windows System Resource Monitor 854

26 Disaster Planning and Recovery 857

Backup 858

New Backup Features 858 Backup Permissions Issues 861 Disk Quotas and Backup Files 861 Backup Types 861 Backing Up 862 Configure the Backup Software 862 Create a Backup Job 865 Schedule a Backup 869 Use Backup Batch Files 869 Working with Removable Storage Manager 872 Restore 873

Restore Files and Folders 873 Set Restore Options 873 Restoring Domain Controllers 877 Choosing a Restore Type for a DC 878 Recovery Console 880

Access the Recovery Console from the CD 880 Preinstall the Recovery Console 881 Using the Recovery Console 881 Changing the Rules for Recovery Console 888 Uninstalling the Recovery Console 890 Automated System Recovery (ASR) 891

Create an ASR Recovery System 891 Recover a System with ASR 892 Creating Boot Disks 893 STOP Errors: Blue Screen of Death 893

What Causes a BSOD? 894 Preparing for BSODs 894 Configure System Recovery Options 894 Configuring the Dump File Type 896 Configuring Administrative Alerts 897

xxii W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter Composite Default screen

Testing the Configuration with a BSOD 901 Understanding Crashes 901 Forcing a BSOD 903 Investigating a BSOD 904 Common STOP Errors 906 Windows Error Reporting 911

Enable Error Reporting in System Properties 912 Enable Error Reporting in Group Policies 915 Sending Reports 918 Collecting and Viewing Reports 918 Chkdsk 920

Chkdsk 920 Autochk.exe 922 Chkntfs.exe 923

A Internet Information Services 6 (II 6) 925

New Features of IIS 6 926

Enhanced Architecture 926 Enhanced Security 929 Enhanced Manageability 930 Common Administration Tasks 930

Install IIS 930 Manage IIS 931 Enable Web Service Extensions 932 Create a Web Site 932 Configure a Web Site 934 Create an Application 934 Create an Application Pool 936 Configure Recycling 937 Configure Idle Time Out 939 Create a Web Garden 940 Configure Health Monitoring 940 Configure Application Pool Identity 940 Configure Application Settings 940 Enable Direct Metabase Edit 942 Back Up the Metabase 944 Restore the Metabase 946 Export the Metabase 947 Import the Metabase 948

Index 951

This page intentionally left blank.

Special thanks to Andy Erlandson, the director of PSS Security, for his support in

allowing me to work on this book Thanks to my coworkers on the PSS Securityteam for all your technical help I would also like to thank Dave Poole, Director ofthe DoD Cyber Crime Institute (DCCI), for his support while I was with the DCCC

—Rich BenackFirst and foremost, I would like to thank Kathy Ivens This opportunity would nothave come my way without her My thanks to my wife, Tanya, and son, Ian, for theirsupport I love you both This would not be complete without naming those who allowed

it to happen: Thanks to Sean Johnson, Dallas Lab group manager, and Matt Loschen,National Lab Manager

—Christian BransonOver the years I have been extremely lucky to work with a great group of peoplewho allowed me to grow and become better in my field While I know I may forgetmany, those that loom large are Thomas Stewart for forcing me to learn to program,Dave Spray for trusting me to catch on when I was not too sure I would, and Jean forpushing when I needed to be pushed I love you

—David Heinz

xxv

Thanks to the extremely professional McGraw Hill/Osborne staff, especiallyAthena Honore, and Dave Heinz.

—Tim KellyI’d like to thank Kathy Ivens for her fantastic help, and for mentoring me throughoutthe development of this book I’d also like to thank VMWare Corporation for their excellentWorkstation and GSX Server products, without which this book would have beentremendously more difficult to write

—John Linkous

Introduction

Windows Server 2003 is the new and improved version of Windows 2000, offering newfeatures and functions that make administration of your network efficient and easier Ifyou’re moving to Windows Server 2003

from Windows NT, learning about Active Directory, Group Policies, and the othermanagement features may seem overwhelming at first, and in fact, the learning curvecan be quite consuming This book helps you put the concepts and tasks you need tounderstand into an orderly pattern, which will shorten your learning curve

Is This Book for You?

This book is written for network administrators, IT professionals, and power users.Throughout the book, the authors assume that the reader is familiar with basic networkingissues and jargon In addition, all directions for performing tasks assume you’re logged

on to your network with administrative permissions

We wrote this book for the people who bear the responsibilities for managingWindows networks You can translate “managing” to include deployment, configuration,and day to day administration

xxvi W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter Composite Default screen

Chapter 1

Introducing Windows Server 2003

1

Windows Server 2003 is an evolutionary step from Windows 2000, and it offers

a lot of features that were on my “wish list” as I worked with Windows 2000.For administrators currently running Windows 2000 networks, deployingthis new version of Windows won’t present an onerous learning curve, because thebasics haven’t changed very much For administrators currently running Windows NTnetworks, this fine-tuned version of Microsoft’s corporate operating system is so filledwith administrative tools and controls that you’ve run out of reasons to stay with NT

Windows Server 2003 Editions

Windows Server 2003 is available in the following four editions:

■ Windows 2003 Standard Server

■ Windows 2003 Enterprise Server (32-bit and 64-bit versions)

■ Windows 2003 Datacenter Server (32-bit and 64-bit versions)

■ Windows 2003 Web Server

In this section, I’ll present an overview of the distinguishing features for each version

Standard Edition

Windows Server 2003 Standard edition is suitable for most network chores It supportsfour-way symmetric multiprocessing (SMP), and 4GB of RAM You can use Standardedition for Network Load Balancing (but not for Cluster Services) and for TerminalServer hosting

In a large organization, this edition is perfect for file services, supporting DistributedFile System (DFS), Encrypting File System (EFS), and Shadow Copies You can also useStandard edition for Remote Installation Services (RIS), and for web services Thisedition can run all network management services, NET application services, andmultimedia You can use Standard edition as an all-purpose server for departmentaland small-site locations For small organizations, Standard edition works well in anyrole, from providing file and print services, to acting as a domain controller

Enterprise Edition

Enterprise edition is “muscled up” to meet all the needs of businesses of all sizes

It supports eight-way SMP, 32GB of RAM in the 32-bit version, and 64GB of RAM

in the 64-bit version It supports server clusters, handling up to eight nodes

Its ability to scale makes it a good choice for any role in a large organization,offering a solid base for applications, web services (especially if you need web clusters),and infrastructure management

2 W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Chapter 1 Composite Default screen

Enterprise edition replaces Windows 2000 Advanced Server.

Datacenter Edition

The powerhouse of the Windows platform, Datacenter edition supports 32-way SMP

in the 32-bit version, and 64-way SMP in the 64-bit version It can handle 64GB RAM inthe 32-bit version, and 512GB RAM in the 64-bit version Eight-node clustering is built

in As with its Windows 2000 version, Datacenter is available through OEMs who

participate in the Datacenter program, and who provide support

Web Edition

This new Windows product is built to develop and run a web site It includes IIS 6.0,and other components that let youhost web applications, web pages, and XML webservices You cannot use Web edition to run web server farms that require clusters

Nor can you install any network management services, such as Active Directory, DNSservices, or DHCP services Web edition is not available as a retail product; you must

purchase it preinstalled from an OEM, or from a Microsoft System Builder partner

Brand New in Windows Server 2003!

If you’ve been running your enterprise on Windows 2000, you’ll find a lot of new

features, some of which are subtle improvements on existing features, and others thatare brand- spanking new If you’ve been running a Windows NT enterprise, because

you adopted a “wait and see” attitude about Windows 2000, the new features in

Windows Server 2003 should reassure you that upgrading provides more power to

your users, and to you as an administrator In this section, I’ll present an overview of

the versions and new features available for Windows Server 2003 Detailed instructionsfor using the features mentioned here are found throughout this book

New Remote Administration Tools

Windows Server 2003 offers several tools that make it easier for you to manage serversand domains remotely Youcan view, change, or troubleshoot server-based services, anddomain settings, from your own workstation In addition, you can delegate specific

tasks to other members of your IT department, and let them manage aspects of your

enterprise from their own workstations, or from a help desk center

RIS Now Deploys Servers

Previously, RIS was only available for client/workstation versions of Windows With

Windows Server 2003, you can use the new NET RIS functions to roll out all versions

of Windows Server 2003 except Datacenter

The client-side software (called Remote Desktop Connection) is built in to Windows XP(the client member of the Windows Server 2003 family) For versions of Windows earlierthan XP, youcan install the client-side software from the Windows Server 2003 CD, or from

a network sharepoint that contains the Windows Server 2003 installation files

Configuring a server for remote access takes only a few mouse clicks All WindowsServer 2003 servers have a local group called Remote Desktop Users Group, to whichyou can add users and configure security See Chapter 3 for a full discussion of setting

up and using Remote Desktop for Administration

Remote Assistance

Your help desk personnel will tell you that often the best way to help a user is to go

to the user’s workstation (or send someone else) Sometimes the problem is just toocomplicated to walk a user through the solution, and sometimes the user needs

detailed instructions that would take forever if you have to wait for the user to find theappropriate dialogs or menu options Remote Assistance provides a way to work on aremote user’s computer without leaving your own desk Remote Assistance works ineither of two ways:

■ A novice user requests help from an experienced user

■ An experienced user provides help to a novice user without receiving

a request for help

When a support person connects to a user’s machine with Remote Assistance, thesupport person can view the user’s screen and even use his own mouse and keyboard

to control the user’s computer To add to all of this convenience, Remote Assistanceprovides a chat feature and a file exchange function To use Remote Assistance, thefollowing criteria must be met:

■ The computers must be running either Windows Server 2003 or Windows XP

■ The computers must be connected over a LAN or the Internet

Composite Default screen

This means your support personnel who are working on Windows XP workstationsdon’t have to go to a Windows Server 2003 computer to provide assistance to users.

Requesting Help A user working at a computer running Windows Server 2003

or Windows XP can request help from another user running Windows Server 2003 or

Windows XP Remote Assistance requests are enabled by default in Windows XP, so

any users running Windows XP can request assistance from any experienced user

running Windows Server 2003 or Windows XP On computers running Windows

Server 2003, you must enable the Remote Assistance feature in order to request help

A group policy is available for enabling and disabling requests for Remote Assistance,

on both the domain/OU level and on the local Windows Server 2003/Windows XP

computer You can find the policy at Computer Configuration\Administrative Templates\System\Remote Assistance

To open the local group policy editor, choose Start | Run and type gpedit.msc.

If the group policy is not configured, you can enable or disable the feature in theSystem Properties dialog (right-click My Computer and choose Properties) Move to

the Remote tab and select the option Turn on Remote Assistance and allow invitations

to be sent from this computer Click Advanced to open the Remote Assistance Settingsdialog, in which you can do the following:

■ Enable or disable the remote control feature

■ Set a limit for the amount of time a request for assistance is valid

If the group policy is enabled or disabled, instead of Not Configured, it takes precedence over the settings in the System Properties dialog.

To request help, take the following steps:

1 Click Start and choose Help and Support

2 In the right pane, click Remote Assistance, which is under Ask for Assistance

in Windows XP, and under Support Tasks in Windows Server 2003

3 Click Invite someone to help you

The system opens Outlook Express or Outlook, depending on which application isthe default e-mail program, to send the request The requesting user enters the recipient’se-mail address, or opens the address book to select the recipient

If you’re not using Outlook or Outlook Express, the process fails This feature doesn’t work with any other e-mail software, including the popular Eudora.

If both users are working at computers running Windows XP, and both users arealso signed in to Windows Messenger, the requesting user can use an instant message,instead of e-mail, to request help

Once the Remote Assistance connection is made, the support person (the invitee)has access to the computer of the user (the inviter) If the user gives permission, thesupport person can take control of the user’s computer, and perform any task that theuser could perform (Not only must the user specifically give permission, but grouppolicies, or the settings in the System Properties dialog, must support the “take

The group policy is called Offer Remote Assistance, and you can enable it on a local

computer by opening the local GPE (enter gpedit.msc in the Run dialog) and expanding

the console pane to Computer Configuration\Administrative Templates\System\Remote Assistance

6 W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Chapter 1 Composite Default screen

Specify whether the remote user can take control of the computer or merely viewthe screen Then click Show, and add the names of groups or users who can access the

computer with Remote Assistance Use the format Domain\UserName or Domain\

1 Click Start and then click Help and Support

2 In the Support Tasks section, click Tools

3 In the left pane, click Help and Support Center Tools

4 Click Offer Remote Assistance.

5 Enter the name, or IP address, of the target computer, and click Connect

No Browse button exists, so you must know the computer name or IP address.Manage Headless Servers

Remotely administered server support is a new feature that lets you install and manage

headless computers, which are computers that lack monitors, VGA display adaptors,

keyboards, or mice Many companies have hundreds, or even thousands, of servers,and it isn’t unusual to find “server rooms” filled with rows of computers

Computer manufacturers now build computers that contain BIOS sets that let thecomputer boot, without error, in the absence of basic components such as input devices

or video controllers (This is the beginning of the end of our favorite BIOS message:Keyboard error, pressF2to continue.)

Installing headless servers means you don’t have to spend money for keyboards,monitors, or mice, or even for KVM switches and cable Even more important, youdon’t have to worry about providing the desktop real estate to hold all those hardwarecomponents

New Active Directory Features

Windows Server 2003 introduces new features and functions to AD and the GroupPolicy Editor Of course, if you’re coming to Windows Server 2003 from Windows NT,all the AD and group policy features are new to you You can learn about AD inChapter 19 and group policies in Chapter 22, so in this section, I’ll simply present anoverview of some of the new features

8 W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Chapter 1 Composite Default screen

New Ways to Navigate and Manage Active Directory

It’s now easier to find and manipulate AD objects The search functions are improved,

so finding what youneed is not just easier, it’s also faster The search capabilities depend,

of course, on the amount of information you enter when you’re setting up AD objects.For example, if you enter information about a user’s work environment (department,

division, name of manager, and so on), you can search on those filters

To manipulate objects in AD, you can select multiple objects simultaneously andmodify their properties in one fell swoop Additionally, you can drag and drop objectsbetween containers This is a nifty way to add users (or groups) to a group

Administrators can now impose AD quotas to limit the number of objects a user,group, or computer can own Domain Administrators and Enterprise Administrators

are exempt from quotas

You can redirect the default location for user and computer accounts Moving theseaccounts from the Users and Computers containers into OUs means you can apply

Creating a saved query starts with right-clicking the Saved Queries folder andchoosing New | Query Name the query and, optionally, provide a description

10 W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Chapter 1

Then, create the query using the tools in the New Query dialog Click Browse toselect the container you want to use as the query root

Click Define Query to define a common query based on Users, Computers, orGroups (you cannot mix and match the object type)

Application Directory Partitions

An application directory partition is a directory partition that is configured for limitedreplication, replicating data only to specific DCs After replication, each of the participatingDCs holds a complete replica of the partition

Composite Default screen

Both applications and OS services can store data in an application directorypartition, and the only restriction is that an application directory partition can’t containsecurity principals Most of the time, an application directory partition is created by an

application, which manages the partition in addition to storing its data in the partition

However, administrators can use the Ntdsutil command-line tool to manually create

application directory partitions, or manage partitions created by applications

An application directory partition can be a child of a domain directory, or of anotherapplication directory partition For example, if I create an application directory partition

named AppsA as a child of my ivenseast.com domain, its DNS name is appsa.ivenseast

.com, and its distinguished name is dc=appsa, dc=ivenseast, dc=com If I then create an

application directory partition named AppsB as a child of the first application directory

partition, its DNS name is appsb.appsa.ivenseast.com and its distinguished name is

dc=appsb, dc=appsa, dc=ivenseast, dc=com You can see that the hierarchical logic

of these partitions makes it easy to manage them

You can also establish an application directory partition as the root of a new tree in

an existing forest For example, ivenseast.com is the root of the only domain tree in my

forest I can create an application directory partition with the DNS name appsc and the

distinguished name dc=appsc This application directory partition isn’t part of the

same tree as ivenseast.com; instead, it’s the root of a new tree in the forest

You cannot make a domain directory partition a child of an application directory partition.

The benefit of this feature is obvious: it reduces replication traffic across the forest

Additionally, you can replicate data only to DCs where the data is useful to the users whoconnect to those DCs, which means intersite replication can be drastically reduced

Improved Replication

Windows Server 2003 has changed the way the AD database and the global catalog

are replicated, using a new paradigm called linked value When attributes change in the

global catalog, only the changes are replicated For example, after changes, individual

group members are replicated, instead of treating the entire group membership as a

single replication unit In addition, new algorithms make replication processes faster

and more efficient, working across multiple sites and domains within forests

Rename AD and Domains

Windows Server 2003 lets youchange a domain’s DNS and NetBIOS names Previously,

renaming a domain required you to create a new domain, and then migrate all the

existing domain objects to the new domain This new feature is a welcome addition to

administrators in companies that are involved in mergers and acquisitions In addition,this is a great tool for administrators who decide to separate the internal infrastructure

from the Internet by creating separate DNS names (a good security scheme)

12 W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference / Windows Ser ver 2003: TCR / Ivens / 219484-7 / Chapter 1

Availability and Reliability Improvements

We’re all trying to get to “four nines,” and Windows Server 2003 introduces sometools to help

Automated System Recovery

Floppy disk–based recovery procedures have become more and more difficult toimplement in Windows The last “workable” (and I use the term loosely) floppy diskrecovery process was the Emergency Repair Disk (ERD) in Windows NT 4 Windows

2000 also provided a way to create an ERD, but the size of the data files made it

almost useless

Automated System Recovery (ASR) is a floppy-based recovery tool, but unlike theERD, the ASR is linked to a related backup of the files required to start Windows Youcan store this backup on a local tape drive or a locally attached removable disk SeeChapter 26 for details

Emergency Management Services

Emergency Management Services (EMS) provides a mechanism to manage serverswhen the operating system is not functional When a server is operating normally, youcan manage it remotely with the regular administrative tools provided with Windows

Server 2003 Remote management of servers with these tools is called in-band management,

or working with an in-band connection In-band connections include NICs, modems,

ISDN, and other familiar devices

When an in-band connection is unavailable, you can use EMS to access and administer

a Windows Server 2003 computer This is referred to as working with an out-of-band

connection, which doesn’t even require operating system network drivers You can even

use an out-of-band connection to troubleshoot a server that isn’t fully initialized andfunctioning Most of the time, you can do this remotely, as long as the server is equippedwith out-of-band hardware (headless servers fit this description) In fact, the only timeyou ever have to travel to the server is when you need to install hardware

EMS works in terminal text mode, not the GUI, so you can use this tool with a widerange of communication media (the most common are serial ports), through standardout-of-band tools such as terminal emulators Of course, this also means you can useEMS with other platforms, such as UNIX and Linux

User State Migration Tool

When you’re deploying Windows Server 2003 as an upgrade, the User State MigrationTool (USMT) captures existing settings, files, and documents You won’t have toreconfigure those settings

Composite Default screen