OReilly windows server 2008 the definitive guide mar 2008 ISBN 0596514115

Inside, you'll find step-by-step procedures for using all of the major components, along withdiscussions on complex concepts such as Active Directory replication, DFS namespaces and repl

Trang 1

by Jonathan Hassell

Publisher: O'Reilly Pub Date: March 15, 2008 Print ISBN-13: 978-0-59-651411-2 Pages: 492

Table of Contents | Index

Overview

This practical guide has exactly what you need to work withWindows Server 2008 Inside, you'll find step-by-step

procedures for using all of the major components, along withdiscussions on complex concepts such as Active Directory

replication, DFS namespaces and replication, network accessprotection, the Server Core edition, Windows PowerShell, serverclustering, and more All of this with a more compact

Installing the server in a variety of different environmentsFile services and the Windows permission structure

How the domain name system (DNS) works

Trang 2

course in OS theory If you intend to work with this server, this

is the only book you need

Trang 7

Section 14.4 The Last Word

Colophon

Index

Trang 8

most titles (safari.oreilly.com) For more information, contactour corporate/institutional sales department: (800) 998-9938 orcorporate@oreilly.com

Trang 9

albatross, and related trade dress are trademarks of O'ReillyMedia, Inc

Many of the designations used by manufacturers and sellers todistinguish their products are claimed as trademarks Wherethose designations appear in this book, and O'Reilly Media, Inc.was aware of a trademark claim, the designations have beenprinted in caps or initial caps

While every precaution has been taken in the preparation of thisbook, the publisher and author assume no responsibility for

errors or omissions, or for damages resulting from the use ofthe information contained herein

This book uses RepKover™, a durable and flexible lay-flat

binding

ISBN: 978-0-596-51411-2

[M]

Trang 10

Microsoft's server-oriented Windows operating systems havegrown by leaps and bounds in capabilities, complexities, andsheer number of features since the release of Windows NT

Server in the early 1990s With each release, system

administrators have found themselves grappling with new

concepts, from domains, directory services, and virtual privatenetworks, to client quarantining, disk quota, and universal

groups Just when you've mastered one set of changes, anothercomes along and suddenly you're scrambling once again to get

up to speed A vicious cycle this IT business is

One source of help for the beleaguered administrator has

always been the technical book market and its communities ofauthors, publishers, and user groups Major releases of popularoperating systems have always been accompanied by the

as much detritus, as the operating systems they explain Younow see on the shelves of your friendly local bookstores 1,200-plus-page monstrosities that you might find useful, but only ifyou enjoy dealing with 30 pounds of paper in your lap or onyour desk, and only if you find it productive to wade throughreferences to "how things worked" four versions of Windows NTago After all, there's a limit to how many times you can revisesomething before it's best to simply start from scratch Do youneed all of that obsolete information to do your job efficiently?I'm wagering that you don't (my luck in Las Vegas

notwithstanding), and it was in that spirit that I set out to write

Windows Server 2008: The Definitive Guide I have trimmed the

content of this volume to include just enough background on asubject for you to understand how different features and

Trang 11

away from reading sections with a firm understanding of what'shappening under the hood of the system, but without the sensethat you're taking a graduate course in OS theory Most of all, Iwant this book to be a practical guide that helps you get yourwork done—"here's how it works; here's how to do it."

The book you're either holding in your hands right now or

reading online provides a more compact presentation, a lowerprice, and a tighter focus on tasks than other books on the

market

I hope that this work meets your expectations, and I hope youturn to it again and again when you need to understand themassive product that is Windows Server 2008

P2.1 Audience

Beginning-to-intermediate system administrators will find thisbook a very helpful reference to learning how Windows Server

2008 works and the different ways to administer machines

running that operating system This book has step-by-step

procedures, discussions of complex concepts such as ActiveDirectory replication, DFS namespaces and replication, networkaccess protection, the Server Core edition, Windows

PowerShell, and server clustering Although I've eliminated

material that isn't relevant to day-to-day administration, youwill still find the chapters full of useful information

Advanced system administrators will also find this book usefulfor discovering new concepts and components outside of theirrealm of expertise I've found that senior system administratorsoften focus on one or two specific areas of a product and areless familiar with other areas of the OS This book provides astepping-stone for further exploration and study of secondaryparts of the operating system

One other item to mention: throughout the book I've tried tohighlight the use of the command line in addition to (or in some

Trang 12

Command lines, in my opinion, are fabulous for quickly and

efficiently getting things done, and they provide a great basisfor launching into scripting repetitive tasks Microsoft has done

an excellent job of integrating command-line functions into thisrevision of Windows, and I've attempted to do the effort justicewithin the text But none of this should make you shy away

from this book if you are a GUI aficionado: you'll still find

everything you're accustomed to within this volume

P2.2 Organization and Structure

In structuring the contents of this book I have tried to make alogical progression through the product, from a high-level

overview through complete discussions and treatments of all itsmajor components Here's how this book is organized:

Chapter 1

Covers the product on a very general basis, from Microsoft'sphilosophy behind the product itself and the different

versions of the product that are available, to an overview ofthe features in this release that are new or otherwise

improved and a complete overview of the system design.This chapter is designed to give the administrator a

complete and systematic overview of the product

Chapter 2

Provides a detailed guide to installing the product in a

variety of environments I also include information on massdeployments using Windows Deployment Services, a vastimprovement over previous image installation options

offered in the box

Chapter 3

Trang 13

to creating shares, publishing them to Active Directory,mapping drives, using the My Network Places applet, andaccessing shares from the Start Run command and fromwithin Internet Explorer Then I dive into a detailed

discussion of the Windows permission structure, includingpermission levels, "special" permissions, inheritance, andownership Here, you'll also find a guide to settings

permissions Also covered in this chapter is an overview ofthe Distributed File System (DFS), and how to set it up andmanage it

Chapter 4

Covers the domain name system, or DNS Because DNS issuch a fundamental component of Active Directory, I

wanted to include a separate treatment of how it works,including a discussion of the different types of resourcerecords and zone files supported, integration with ActiveDirectory, the split DNS architecture, and backup and

recovery of DNS data

Chapter 5

Most installations of Windows Server 2008 will include

installation of the Active Directory technology because somany products that require the server OS are tightly

integrated with Active Directory Chapter 5 provides a

complete guide to the technical portion of Active Directory,including its logical and physical structure, hierarchical

components (domains, trees, forests, and organizationalunits), scalability, and replication Coverage of the LDAPstandards is included, as well as a discussion of migrationand security considerations Then I move into planning

Trang 14

Chapter 6

Discusses Group Policy (GP), one of the most

underappreciated management technologies in any serverproduct Chapter 6 is dedicated to introducing GP and itsstructure and operation I begin with a survey of GP andActive Directory interaction, objects, and inheritance Then Iprovide a practical guide to implementing GP through userand computer policies and administrative templates,

installing software through GP, administration through

scripting, and redirecting folders and other user interfaceelements I also discuss IntelliMirror, a cool technology forapplication distribution (similar to ZENworks from Novell)

Chapter 7

Helps ensure that you are well versed in locking down yoursystems to protect both your own computers and the

Internet community as a whole I cover security policy,

including ways to manage it using predefined templates andcustomized policy plans, and an overview of the SecurityConfiguration and Analysis Tool, or SCAT Then I provide acomplete procedural guide to locking down both a Windowsnetwork server and a standard Windows client system

(despite the fact that this is a server book, administratorsoften are responsible for the entire network, and client andserver security go hand in hand)

Chapter 8

Covers the details of the major IIS revamp in this release

Trang 15

Chapter 9

Covers the new Server Core editions of Windows Server

2008, including deployment, activation, and using thesenew GUI-less versions of the operating system

Chapter 10

Provides a guide to Terminal Services, including an overviewfrom the server administrator's perspective and a similaroverview from a typical user's point of view Then I cover

how to install both Terminal Services itself and applications

such as Microsoft Office and other tools inside the TerminalServices environment A guide to configuring Terminal

Services follows, including procedures for general

configuration, remote control options, environment settings,logons, sessions, and permission control Concluding thechapter is a guide to daily administration using TerminalServices Manager, the Active Directory user tools, Task

Manager, and command-line utilities

Chapter 11

Covers the standard networking architecture of the

operating system, including addressing and routing issues.Then I move into a discussion of the various network

subsystems: the Domain Name System (DNS), the DynamicHost Configuration Protocol (DHCP), and a discussion ofVPN connectivity, the different phases of VPN, tunneling and

Trang 16

Server, the Internet Authentication Service (IAS) Finishing

up the chapter, I discuss IPSec, its support from within the

OS, and how to install, configure, use, and administer it.Coverage of client quarantining is also included

Chapter 12

Covers Windows clustering services First, a discussion ofthe different types of clustering services is provided, andthen I cover successfully planning a basic cluster and itsdifferent elements: the applications, how to group the

machines, capacity and network planning, user accountmanagement, and the possible points of failure A

treatment of Network Load Balancing clusters follows, and Iround out the chapter with a guide to creating and

managing server clusters, as well as an overview of theadministrative tools bundled with the OS

Chapter 13

Discusses Windows PowerShell, the powerful object-basedscripting and command-line technology now bundled withWindows Server 2008

Chapter 14

Covers the fundamentals of Microsoft's currently prereleasevirtualization solution called Hyper-V, including its structure,operation, and setup on Windows Server 2008 We'll alsolook at creating virtual machines, and we'll wrap up withwhat to expect upon Hyper-V's official release

P2.3 Conventions Used in This Book

Trang 17

Plain text

Indicates menu titles, menu options, menu buttons, andkeyboard accelerators (such as Alt and Ctrl)

Italic

Indicates new terms, URLs, email addresses, filenames, fileextensions, pathnames, directories, and command-line

utilities

Constant width

Indicates commands, options, switches, variables,

attributes, keys, functions, types, classes, namespaces,methods, modules, properties, parameters, values, objects,events, event handlers, XML tags, HTML tags, macros, thecontents of files, or the output from commands

Trang 18

This icon indicates a warning or caution

P2.4 Using Code Examples

This book is here to help you get your job done In general, youcan use the code in this book in your programs and

documentation You do not need to contact O'Reilly for

permission unless you're reproducing a significant portion of thecode For example, writing a program that uses several chunks

of code from this book does not require permission Selling or

distributing a CD-ROM of examples from O'Reilly books does

require permission Answering a question by citing this bookand quoting example code does not require permission

permissions@oreilly.com

P2.5 We'd Like to Hear from You

Please address comments and questions concerning this book to

Trang 19

To comment or ask technical questions about this book, sendemail to:

bookquestions@oreilly.com

For more information about our books, conferences, ResourceCenters, and the O'Reilly Network, see the O'Reilly web site at:http://www.oreilly.com

P2.6 Safari® Books Online

When you see a Safari® Books Online icon on the cover of yourfavorite technology book, that means the book is available

online through the O'Reilly Network Safari Bookshelf

Safari offers a solution that's better than e-books It's a virtuallibrary that lets you easily search thousands of top tech books,cut and paste code samples, download chapters, and find quickanswers when you need the most accurate, current information.Try it for free at http://safari.oreilly.com

P2.7 Acknowledgments

Trang 20

John Osborn at O'Reilly was instrumental in getting this processorganized and off the ground and provided very welcome

guidance and feedback during the initial stages of writing thisbook

Errors and shortcomings were dutifully found by the technicalreview team, which consisted of IT professionals Dan Green,Eric Rezabek, and Debbie Timmons

Edstrom with whom I worked during the development of thebook—their assistance and timely information was quite helpful

Special thanks to the many folks at Microsoft and Waggener-in putting together this project

Of course, my family is also to thank: particularly my wife, Lisa,who patiently accepted the insufficient answer of "not yet"

repeatedly to her reasonable question of "Aren't you done withthat book?"

Trang 21

Chapter 1 Introducing Windows Server 2008

It all started with Windows NT, Microsoft's first serious entryinto the network server market Versions 3.1 and 3.5 of

dominated world because they were sluggish and refused toplay well with others Along came Windows NT 4.0, which usedthe new Windows 95 interface (revolutionary only to those whodidn't recognize Apple's Macintosh OS user interface) to put afriendlier face on some simple yet fundamental architecturalimprovements With version 4.0, larger organizations saw thatMicrosoft was serious about entering the enterprise computingmarket, even if the product currently being offered was still

Windows NT didn't garner very much attention in a NetWare-limited in scalability and availability For one, Microsoft madeconcessions to NetWare users, giving them an easy way to

integrate with a new NT network The company also included arevised security feature set, including finely grained permissionsand domains, which signified that Microsoft considered

enterprise computing an important part of Windows

After a record six and one-half service packs, NT 4.0 is

considered by some to be the most stable operating systemever to come out of Redmond However, despite that, most

administrators with Unix experience required an OS more

credible in an enterprise environment—one that could compare

to the enormous Unix machines that penetrated that marketlong ago and had unquestionably occupied it ever since It

wasn't until February 2000, when Windows 2000 Server wasreleased, that these calls were answered Windows 2000 was acomplete revision of NT 4.0 and was designed with stability andscalability as first priorities

However, something was still lacking Sun and IBM includedapplication server software and developer-centric capabilitieswith their industrial-strength operating systems, Solaris andAIX Windows 2000 lacked this functionality In addition, the

Trang 22

Windows 2000 web server, Internet Information Services (IIS),cast an ominous cloud over the thought that Windows couldever be a viable Internet-facing enterprise OS Given that manysaw Microsoft as "betting the company" on a web services

initiative called NET, it was critical that Microsoft save face and

do it right the next time It wasn't too late, but customers werevery concerned about the numerous security vulnerabilities andthe lack of a convenient patch management system to applycorrections to those vulnerabilities Things had to change

From stage left, enter Windows Server 2003 What

year difference in release dates? Security, primarily WindowsServer 2003 came more secure out of the box and was heavilyinfluenced by the month-long halt of new development in March

distinguished the release other than a longer name and a three-2002, referred to by Microsoft as the beginning of the

Trustworthy Computing Initiative, wherein all developers andproduct managers did nothing but review existing source codefor security flaws and attend training on new best practices forwriting secure code Performance was also improved in the

Windows Server 2003 release, focus was put on making theoperating system scalable, and in general enterprise

administration was made more efficient and easier to automate.Microsoft also updated some bundled software via the WindowsServer 2003 R2 release, making it more straightforward to

manage identities over different directory services and securityboundaries, distribute files and replicate directory structuresamong many servers, and more

But as always, no software is perfect, and there's always roomfor improvement As business requirements have changed,

Microsoft developers worked in tandem on Windows Vista andthe next release of Windows on the server When Windows Vistawas released to manufacturing, the teams split again, and theWindows Server 2008 group added a few new features and thenfocused on performance and reliability until the release

Trang 23

Unlike the transition from Windows 2000 Server to WindowsServer 2003, which was a fairly minor "point"-style update,

Windows Server 2008 is a radical revision to the core code basethat makes up the Windows Server product Windows Server

through an unattended configuration file According to

Microsoft:

Server Core is designed for use in organizations that eitherhave many servers, some of which need only to perform

dedicated tasks but with outstanding stability, or in

environments where high security requirements require aminimal attack surface on the server

Accordingly, there are limited roles that Core servers can

perform They are:

Dynamic Host Configuration Protocol (DHCP) server

Domain Name System (DNS) server

Trang 24

IIS, although only with a portion of its normal abilities—namely only static HTML hosting, and no dynamic web

application support

Windows Media Services (WMS)

Additionally, Server Core machines can participate in Microsoftclusters, use network load balancing, host Unix applications,encrypt their drives with Bitlocker, be remotely managed usingWindows PowerShell on a client machine, and be monitored

through Simple Network Management Protocol, or SNMP

Most administrators will find placing Server Core machines inbranch offices to perform domain controller functions is an

excellent use of slightly older hardware that might otherwise bediscarded The smaller footprint of Server Core allows the OS to

do more with fewer system resources, and the reduced attacksurface and stability make it an excellent choice for an

appliance-like machine Plus, with a branch office, you can

combine Server Core with the ability to deploy a read-only

domain controller and encrypt everything with BitLocker, givingyou a great, lightweight, and secure solution

1.1.2 IIS Improvements

The venerable Microsoft web server has undergone quite a bit of

Trang 25

Newly rearchitected componentized structure

For the first time in IIS history, administrators exercise

complete control over exactly what pieces of IIS are

installed and running at any given time You can run theexact services you require—no more, no less This is of

course more secure, not to mention easier to manage andbetter performing

Flexible extensibility model

IIS 7 allows developers to access a brand-new set of APIsthat can interact with the IIS core directly, making moduledevelopment and customization much easier than it everhas been Developers can even hook into the configuration,scripting, event logging, and administration areas of IIS,which opens a lot of doors for enterprising administratorsand third-party software vendors to extend IIS' capabilitiessooner rather than later

Simplified configuration and application deployment

Configuration can be accomplished entirely through XMLfiles Central IIS configuration can be spread across multiplefiles, allowing many sites and applications hosted by thesame server to have independent but still easily managedconfigurations One of Microsoft's favorite demos of IIS 7 issetting up a web farm with identically configured machines;

as new members of the farm are brought online, the

administrator simply uses XCOPY and moves existing

Trang 26

meaningful, and most welcome, change in IIS 7

Delegated management

Much like Active Directory allows administrators to assignpermissions to perform certain administrative functions toother users, IIS administrators can delegate control of somefunctions to other people, like site owners

Efficient administration

IIS Manager has been completely redesigned and is joined

by a new command-line administration utility, appcmd.exe

Trang 27