Windows Server 2008 Reviewers Guide phần 10 potx

Shell Application Management Manages access to the toolbar, taskbar, Start └ Start Menu and Taskbar Shell First Experience, Logon, and Privileges Configures the logon experience to incl

Trang 1

not connections to those resources must be secure

Shell Application Management

Manages access to the toolbar, taskbar, Start

└ Start Menu and Taskbar Shell First Experience,

Logon, and Privileges

Configures the logon experience to include expanded Group Policy settings in:

User Configuration └ Administrative Templates └ Windows Components

Shell Sharing, Sync, and Roaming

Customizes:

User Configuration └ Administrative Templates └ Windows Components

features

Computer Configuration └ Administrative Templates └ Windows Components └ Tablet PC

User Configuration └ Administrative Templates └ Windows Components └ Tablet PC

the security, ease-of-use, and manageability

of Terminal Services remote connections You can:

supported devices to the remote computer in a Terminal Services session

Security (TLS) 1.0 or native Remote Desktop Protocol (RDP) encryption, or negotiate a security method

level (FIPS Compliant, High, Client Compatible, or Low)

Computer Configuration └ Administrative Templates └ Windows Components └ Terminal Services User Configuration └ Administrative Templates └ Windows Components └ Terminal Services

Troubleshooting and Diagnostics

Controls the diagnostic level from automatically detecting and fixing problems

to indicating to the user that assisted resolution is available for:

Computer Configuration └ Administrative Templates └ System

└ Troubleshooting and Diagnostics

prompt

Computer Configuration └ Windows Settings └ Security Settings └ Local Policies

Trang 2

 Identify the least-privileged user accounts

 Virtualize file and registry write failures to per-user locations

└ Security Options

Windows Error Reporting Disables Windows Feedback only for Windows

or for all components By default, Windows Feedback is turned on for all Windows components

Computer Configuration └ Administrative Templates └ Windows Components └ Windows Error Reporting User Configuration

└ Administrative Templates └ Windows Components └ Windows Error Reporting

Trang 3

Section 8: High Availability

Section 8: High Availability 225

8.01 High Availability Introduction 226

Scenario Value Proposition 226

Special Hardware Requirements 226

8.02 Failover Clustering 227

New Validation Wizard 227

Support for GPT Disks in Cluster Storage 227

Improvements to Setup and Migration 227

Improvements to Management Interfaces 228

Improvements to Stability and Security for Increased Availability 228

Improvements to the Way a Cluster Works With Storage 229

Improvements to Networking and Security 229

Compatibility 229

Deployment 230

8.03 Network Load Balancing 231

Trang 4

Section 9: Better Together

Section 9: Better Together 232

9.01 Better Together — Windows Server 2008 and Windows Vista 233

More Efficient Management 233

Greater Availability 234

Faster Communications 234

Windows Deployment Services 235

Network Access Protection 235

Policy-Based Quality of Service 235

SMB 2.0 236

Simplified Remote Access 236

Recovery and Troubleshooting 237

Trang 5

Section 10: Miscellaneous

Section 10: Miscellaneous 238

10.01 System Requirements 239

System Requirements for Windows Server® 2008 239

Full Versus Server Core Installations 240

10.02 Detailed Table of Contents 241

Trang 6

Display Data Prioritization 31

Single Sign-On 32

Prerequisites for Deploying Single Sign-On 32

Recommended Configuration of a Terminal Server When Using Single Sign-On 33

3.03 Terminal Services Gateway 34

TS CAPs 37

Computer Groups Associated With TS RAPs 37

TS RAPs 38

Monitoring Capabilities 38

Group Policy Settings for TS Gateway 39

3.04 Terminal Services RemoteApp 41

Additional References 42

3.05 Terminal Services Web Access 43

Lets You Easily Deploy RemoteApps Over the Web 44

Deployment 44

List of RemoteApps Is Dynamically Updated 44

Includes the TS Web Access Web Part 45

3.06 Terminal Services Printing 46

Group Policy Settings 47

3.07 Terminal Services Session Broker 49

Additional Information 51

3.08 Terminal Services Licensing 52

3.09 Windows System Resource Manager 54

Installing Terminal Server 54

Resource-Allocation Policies 54

Monitoring Performance 55

Section 4: Branch Office 56 4.01 Branch Office Introduction 57

4.02 Read-Only Domain Controller 58

Read-Only Active Directory Domain Services Database 59

Unidirectional Replication 60

Credential Caching 60

Administrator Role Separation 60

Read-Only DNS 61

Deployment 61

4.03 BitLocker Drive Encryption 62

Full-Volume Encryption 63

Integrity Checking 63

Recovery Options 64

Remote Management 65

Secure Decommissioning 65

BitLocker Drive Encryption — Group Policy Settings 66

TPM Behavior — Group Policy Settings 67

Deployment 67

4.04 Server Core 69

4.05 Distributed File System 70

DFS Namespaces Functionality 70

Access-Based Enumeration 70

Cluster Support 71

Trang 7

Improved Command-Line Tools 71

Search for Folders or Folder Targets within a Namespace 71

Windows Server 2008 Mode Domain-Based Namespaces 71

DFS Replication Functionality 71

Content Freshness 71

Improvements for Handling Unexpected Shutdowns 72

DFS Replication Performance Improvements 72

Propagation Report 73

Replicate Now 73

Support for Read-Only Domain Controllers 73

SYSVOL Replication using DFS Replication 73

Section 5: Security and Policy Enforcement 75 5.01 Security and Policy Enforcement Introduction 78

5.02 Network Policy and Access Services 79

Role Services for Network Policy and Access Services 80

Managing the Network Policy and Access Services Server Role 82

Additional Resources 84

5.03 Network Access Protection 85

Key Processes of NAP 86

Policy Validation 86

NAP Enforcement and Network Restriction 87

Remediation 87

Ongoing Monitoring to Ensure Compliance 87

NAP Enforcement Methods 88

NAP Enforcement for IPsec Communications 88

NAP Enforcement for 802.1X 88

NAP Enforcement for VPN 88

NAP Enforcement for DHCP 88

NAP Enforcement for TS Gateway 89

Combined Approaches 89

Deployment 89

NAP Client Components 90

NAP Server Components 91

5.04 Network Policy Server 93

5.05 Routing and Remote Access Service 96

Remote Access 96

Routing 97

NAP Enforcement for VPN 97

SSTP Tunneling Protocol 97

New Cryptographic Support 98

Removed Technologies 98

5.06 Next-Generation TCP/IP Protocols and Networking Components 99

Next-Generation TCP/IP Stack 99

Receive Window Auto-Tuning 99

Compound TCP 100

Enhancements for High-Loss Environments 100

Neighbor Un-reach-ability Detection for IPv4 101

Changes in Dead Gateway Detection 101

Changes in PMTU Black Hole Router Detection 101

Routing Compartments 102

Network Diagnostics Framework Support 102

Windows Filtering Platform 103

Trang 8

Explicit Congestion Notification 103

IPv6 Enhancements 103

IPv6 Enabled by Default 103

Dual IP Stack 103

GUI-Based Configuration 104

Teredo Enhancements 104

Integrated IPsec Support 104

Multicast Listener Discovery Version 2 104

Link-Local Multicast Name Resolution 104

IPv6 Over PPP 104

Random Interface IDs for IPv6 Addresses 105

DHCPv6 Support 105

Quality of Service 105

Policy-Based QoS for Enterprise Networks 105

5.07 Windows Firewall with Advanced Security 106

Windows Firewall Is Turned On by Default 107

IPsec Policy Management Is Simplified 108

Support for Authenticated IP 108

Support for Protecting Domain Member to Domain Controller Traffic by Using IPsec 109

Improved Cryptographic Support 109

Settings Can Change Dynamically Based on the Network Location Type 109

Integration of Windows Firewall and IPsec Management into a Single User Interface 110

Full Support for IPv4 and IPv6 Network Traffic Protection 110

Additional References 111

5.08 Cryptography Next Generation 112

Deployment 113

Certificate-Enabled Applications 113

5.09 Active Directory Certificate Services 115

Active Directory Certificate Services: Web Enrollment 115

Active Directory Certificate Services: Policy Settings 117

Managing Peer Trust and Trusted Root CA Stores 118

Managing Trusted Publishers 119

Blocking Certificates That Are Not Trusted According to Policy 119

Managing Retrieval of Certificate-Related Data 120

Managing Expiration Times for CRLs and OCSP Responses 120

Deploying Certificates 121

Active Directory Certificate Services: Network Device Enrollment Service 121

Registry Keys in MSCEP 122

Active Directory Certificate Services: Enterprise PKI 123

CA Health States 123

Support for Unicode Characters 124

Active Directory Certificate Services: Online Certificate Status Protocol Support 125

Online Responder 126

Responder Arrays 127

Group Policy 128

Deployment 129

5.10 Active Directory Domain Services 130

Active Directory Domain Services: Auditing 130

Auditing Active Directory Domain Services Access 131

Directory Service Changes — Active Directory Domain Services Events 132

Global Audit Policy 132

SACL 133

Schema 133

Registry Settings 133

Registry Key Values — Active Directory Domain Services Auditing 133

Trang 9

Active Directory Domain Services: Fine-Grained Password Policies 134

Storing Fine-Grained Password Policies 134

Defining the Scope of Fine-Grained Password Policies 135

RSOP 136

Security and Delegation 137

Active Directory Domain Services: Read-Only Domain Controller 137

Active Directory Domain Services: Restartable Active Directory Domain Services 138

Active Directory Domain Services: Snapshot Exposure 139

Active Directory Domain Services: User Interface Improvements 141

New Active Directory Domain Services Installation Wizard 142

Active Directory Domain Services Installation Wizard 143

Staged Installation for RODCs 143

Additional Wizard Improvements 144

New MMC Snap-In Functions 144

5.11 Active Directory Federation Services 146

Improved Installation 148

Improved Application Support 148

Better Administrative Experience When Establishing Federated Trusts 148

New Settings 151

Active Directory Federation Services Web Agent Property Pages 151

5.12 Active Directory Lightweight Directory Services 152

5.13 Active Directory Rights Management Services 155

Improved Installation and Administration Experience 157

Self-Enrollment of Active Directory Rights Management Services Server 158

Integration With Active Directory Federation Services 158

New Active Directory Rights Management Services Administrative Roles 159

Section 6: Web and Applications Platform 160 6.01 Web and Applications Platform Introduction 161

6.02 Internet Information Services 7.0 162

Flexible Extensibility Model for Powerful Customization 162

Powerful Diagnostic and Troubleshooting Tools 163

Delegated Administration 163

Enhanced Security and Reduced Attack Surface through Customization 163

True Application Xcopy Deployment 163

Application and Health Management for WCF Services 163

Improved Administration Tools 163

Integrated Management Support for Web Services 163

Windows Firewall Is Turned On by Default 163

Editions 164

Configuration 164

Administration Tools 165

Core Web Server 166

Diagnostics 166

6.03 Application Server 168

Application Server Core 168

Web Server 170

COM+ Network Access 170

Windows Process Activation Service 170

TCP Port Sharing 170

Distributed Transactions 171

6.04 Transactional NTFS 172

Trang 10

Section 7: Server Management 174

7.01 Server Management Introduction 176

7.02 Initial Configuration Tasks 177

Default Settings in Initial Configuration Tasks 178

7.03 Server Manager 179

Roles 180

Server Roles in Server Manager 180

Features 183

Features in Server Manager 183

Server Manager Console 186

Server Manager Wizards 188

Add Roles Wizard 188

Add Role Services Wizard 189

Add Features Wizard 189

Remove Roles Wizard 190

Remove Role Services Wizard 190

Remove Features Wizard 190

Server Manager Command Line 190

Registry Settings 191

How Do I Open Server Manager? 191

7.04 Windows PowerShell 193

Windows PowerShell Features 194

Windows PowerShell Cmdlets 194

A New Scripting Language 195

Windows Commands and Utilities 195

7.05 Server Core 196

7.06 Windows Server Backup 200

7.07 Windows Reliability and Performance Monitor 203

Data Collector Sets 203

Wizards and Templates for Creating Logs 204

Resource View 204

Reliability Monitor 204

Unified Property Configuration for All Data Collection, Including Scheduling 205

User-Friendly Diagnosis Reports 205

7.08 Windows Deployment Services 206

Create and add Boot Images 208

Create a Capture Image 208

Create a Discover Image 208

Create an Install Image 209

Associate an Unattend File with an Image 209

Enable multicast transmission of an image 210

Use Transport Server to enable multicast download of data 210

Deployment 210

7.09 Group Policy 212

New Categories of Policy Management 213

New Format and Functionality of Administrative Template Files (ADMX) 216

Starter Group Policy Objects 217

Comments for GPOs and Policy Settings 217

Network Location Awareness 217

Trang 11

Group Policy Service 219

Events and Logging 219

Multiple Local Group Policy Objects 220

Finding Specific Administrative Template Policy Settings 220

Section 8: High Availability 225 8.01 High Availability Introduction 226