The Complete Guide to Windows Server 2008 P1

If you are looking for a guide to help you navigate the rapids on the way to imple-menting, running, and troubleshooting Windows Server 2008, this is an excellent choice.” —Jerry Tibor,

Praise for The Complete Guide to Windows Server 2008

“John Savill’s The Complete Guide to Windows Server 2008 is comprehensive without being

overwhelming At over 1500 pages, the book is not light reading, but Savill does a superbjob of explaining the features and functions of Windows Server 2008 in a way that the read-

er can understand and apply Rather than investing in a library of books, an administratorcan just keep this book handy as a reference resource for all their Windows Server 2008questions and needs.”

—Tony Bradley, CISSP, Microsoft MVP, Director of Security, Evangelyze Communications

“John Savill’s book is the kind of technology bible you don’t mind reading cover to cover.Often I find books with this much information just too deadly dull to actually read, but this

is an exception If you are an old hat, you might end up skipping the starts of chapters, asJohn makes few assumptions about what you already know—a very good thing overall.”

—Patrick Hynds, CTO, CriticalSites Microsoft Regional Director

“Of all the recent books on Windows Server 2008 I’ve read, this one provides the most plete coverage in an easy to digest manner An aptly titled publication that I recommendfor anyone working with Windows Server 2008.”

com-—Alan Le Marquand, Content Architect, Technical Audience Global Marketing Team

“With the number of changes being introduced in Windows Server 2008, a book like The Complete Guide to Windows Server 2008 is essential in any IT professional’s library John

Savill does an excellent job of introducing these changes He also gives clear instructions

on how to implement them I would highly recommend to anyone who’s planning on ing Microsoft’s latest server operating system part of their infrastructure to buy and readthis book from cover to cover.”

mak-—Ed Roberts, Lethos Incorporated

“This book is an invaluable one-stop reference for deploying, configuring, and managingWindows Server 2008 It’s filled with John’s unique and hard-earned nuggets of advice,helpful scripts, and shortcuts that will save you time and money.”

—Mark Russinovich, Technical Fellow, Platform and Services Division, Microsoft

“The Complete Guide to Windows Server 2008 by John Savill is, indeed, just that It begins

with one of the most clear, concise, and understandable explanations of the evolution ofWindows from its earliest days that I have ever read I expected to learn about WindowsServer 2008, but along the way learned a great deal about Windows in general and Vista inparticular If you are looking for a guide to help you navigate the rapids on the way to imple-menting, running, and troubleshooting Windows Server 2008, this is an excellent choice.”

—Jerry Tibor, Microsoft MVP, Windows Server

“If you’ve got questions about Windows Server 2008, John Savill has the answers Written by

one of the industry’s true heavyweights, The Complete Guide to Windows Server 2008 is just

that, your complete guide to planning, deploying, configuring, and administering a ing environment based on the latest and greatest version of Windows Server Highly recom-mended!”

comput-—Paul Thurrott, Windows IT Pro Magazine and SuperSite for Windows

THE COMPLETE GUIDE TO

This page intentionally left blank

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as marks Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals.

trade-The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions No liability is assumed for inciden- tal or consequential damages in connection with or arising out of the use of the information or programs con- tained herein.

The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests For more information, please contact:

U.S Corporate and Government Sales

Visit us on the Web: www.informit.com/aw

Library of Congress Cataloging-in-Publication Data:

All rights reserved Printed in the United States of America This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or like- wise For information regarding permissions, write to:

Pearson Education, Inc

Rights and Contracts Department

501 Boylston Street, Suite 900

Boston, MA 02116

Fax (617) 671 3447

ISBN-13: 978-0-321-50272-8

ISBN-10: 0-321-50272-8

Text printed in the United States on recycled paper at Edwards Brothers in Ann Arbor, Michigan.

First printing September 2008

Dedicated to Julie, for showing me love and support that I never knew existed

This page intentionally left blank

Chapter 1: Windows 101: Its Origins, Present, and the Services It Provides

Chapter 2: Windows Server 2008 Fundamentals: Navigating and Getting Started

Chapter 3: Installing and Upgrading Windows Server 2008

Chapter 4: Securing Your Windows Server 2008 Deployment

Chapter 5: File System and Print Management Features

Chapter 6: TCP/IP

Chapter 7: Advanced Networking Services

Chapter 8: Remote Access and Securing and Optimizing the Network

Chapter 9: Terminal Services

Chapter 10: Active Directory Domain Services Introduction

Chapter 11: Designing and Installing Active Directory

Chapter 12: Managing Active Directory and Advanced Concepts

Chapter 13: Active Directory Federated Services, Lightweight Directory Services, and Rights

Management

Chapter 14: Server Core

Chapter 15: Distributed File System

Chapter 16: Deploying Windows

Chapter 17: Managing and Maintaining Windows Server 2008

Chapter 18: Highly Available Windows Server 2008

Chapter 19: Virtualization and Resource Management

Chapter 20: Troubleshooting Windows Server 2008 and Vista Environments

Chapter 21: Group Policy

Chapter 22: The Command Prompt and PowerShell

Chapter 23: Connecting Windows Server 2008 to Other Environments

Chapter 24: Internet Information Services

How To Quick Reference

Index

C ONTENTS

Acknowledgments xvii

About the Author xviii

Preface xix

Chapter 1: Windows 101: Its Origins, Present, and the Services It Provides 1

Origin of the Windows Operating System 1

Features of the Windows Server 2008 Product Line 21

Licensing 35

Summary 41

Chapter 2: Windows Server 2008 Fundamentals: Navigating and Getting Started 43

Windows Vista at 30,000 Feet 44

The Logon Experience 46

User Access Control 50

Windows Elements 56

The Desktop Windows Manager (DWM) 64

Windows Aero Effects 67

Task Manager 71

Fast User Switching 77

Windows Explorer 78

The Microsoft Management Console 86

The Control Panel 93

Summary 96

Chapter 3: Installing and Upgrading Windows Server 2008 99

Installing Windows Server 2008 99

Upgrading to Windows Server 2008 126

Advanced Installation 130

Viewing Installation Log Files 131

Automating Installation 133

Summary 139

Chapter 4: Securing Your Windows Server 2008 Deployment 141

Authentication and Authorization 142

The Physical Environment 143

BitLocker 145

Active Directory Certificate Services (ADCS) 156

Authentication Protocols 171

Securing Windows Server 2008 179

Summary 224

Chapter 5: File System and Print Management Features 225

File System Types and Management 225

File Management 240

File Server Resource Manager 257

Print Management 290

Summary 333

Chapter 6: TCP/IP 335

Internet Protocol (IP) 335

Transmission Control Protocol (TCP) 355

User Datagram Protocol (UDP) 356

Network Monitoring 357

IPv6 362

Communication Testing 368

Summary 376

Chapter 7: Advanced Networking Services 377

DHCP 377

Domain Name System 406

WINS 447

Summary 450

xii Contents

Chapter 8: Remote Access and Securing and Optimizing

the Network 451

Virtual Private Networks 452

RADIUS and Policy Services 478

Routing 486

Network Access Protection (NAP) 488

Summary 519

Chapter 9: Terminal Services 521

Enabling Remote Desktop 526

Initiating a Remote Desktop Connection 529

Terminal Server Licensing 544

Installing Terminal Services 558

TS Easy Print 559

TS Gateway 566

Remote Applications 583

TS Web Access 594

TS Session Broker 604

Management and Maintenance 612

Summary 621

Chapter 10: Active Directory Domain Services Introduction 623

Workgroups Versus Domains 623

Exclusive Membership 627

Trusts 630

Active Directory 632

Domain and Forest Modes 671

Summary 677

Chapter 11: Designing and Installing Active Directory 679

Adding a Replica Domain Controller 679

Creating a New Domain 698

Verifying Domain Controller Operation 705

Creating a Domain Controller from Media 715

Removing Domain Controllers and Domains 719

Read-Only Domain Controllers (RODCs) 722

Trust Relationships 740

Summary 751

Chapter 12: Managing Active Directory and Advanced Concepts 753

Customizing Site Connectivity 753

Forcing a Demotion 767

Managing AD 777

Backing Up and Restoring AD 811

Auditing AD 829

Advanced Password Policies 834

Prune and Graft 836

Upgrading AD 836

Summary 849

Chapter 13: Active Directory Federated Services, Lightweight Directory Services, and Rights Management 851

Active Directory Lightweight Directory Services 852

Active Directory Rights Management Services 865

Active Directory Federated Services 891

Summary 909

Chapter 14: Server Core 911

Overview of Windows Server Core 911

Installation 915

Server Core Configuration 918

Performing Common Actions Using Server Core 940

Remotely Managing Server Core 942

Summary 952

Chapter 15: Distributed File System 953

Distribution of Other Services 954

Distributed File System Namespace 957

Distributed File System Replication 964

Installing and Configuring DFS 969

Summary 1008

Chapter 16: Deploying Windows 1011

Image Deployment 1011

Installing Windows Deployment Services 1017

Customizing the Windows Vista Deployment Process 1041

Automating the Installation 1049

Summary 1083

Chapter 17: Managing and Maintaining Windows Server 2008 1085 Server Manager 1085

Computer Management Console 1151

Windows Server Backup (WSB) 1152

Patch Management 1178

Registry 1185

Performance and Paging File Tuning 1192

Managing from a Client 1202

Summary 1203

Chapter 18: Highly Available Windows Server 2008 1205

High-Level Overview of NLB and Failover Clustering 1205

Network Load Balancing 1210

Failover Clustering 1229

Summary 1269

Chapter 19: Virtualization and Resource Management 1271

Virtualization 360 Picture 1271

Virtual Applications 1272

Virtual Machines and Hyper-V 1283

Windows System Resource Manager (WSRM) 1319

Advantages of Virtualization and Consolidation 1330

Summary 1330

Chapter 20: Troubleshooting Windows Server 2008 and Vista Environments 1333

Boot Mode Options 1334

Windows Recovery Environment 1338

Reliability and Performance Monitoring 1355

Event Viewer 1381

MSConfig 1400

Windows Error Reporting 1401

System Center 1402

Summary 1407

Chapter 21: Group Policy 1409

Group Policy Structure 1410

Group Policy Management Console (GPMC) 1427

Group Policy Preferences 1491

Troubleshooting 1501

Microsoft Templates 1503

Summary 1505

Chapter 22: The Command Prompt and PowerShell 1507

Command.com 1508

CMD.EXE 1510

Windows Scripting Host 1528

PowerShell 1536

Summary 1563

Chapter 23: Connecting Windows Server 2008 to Other Environments 1565

UNIX Integration 1566

NetWare Integration and Migration 1593

Summary 1608

Chapter 24: Internet Information Services 1611

IIS 7.0 Architecture 1611

Installation 1625

IIS Management 1628

Certificates and Encryption 1645

Server Core Support 1648

IIS and Windows Vista 1648

Windows Web Server 2008 1649

Summary 1650

How To Quick Reference 1651

Index 1657

A CKNOWLEDGMENTS

Many people helped in the creation of this book I want to start by ing Joan Murray, acquisitions editor at Addison-Wesley, who I worked with

thank-on this book She had the faith to support this project

Those who know me know that I think and talk very fast; I quicklyjump from one subject to the next That does not translate well for a book,

so I am extremely lucky that Addison-Wesley gave me an amazing opment editor team to make my manuscript readable—a huge thanks you

devel-to Sheri Cain and Susan Brown Zahn

When the development edit was complete, the technical editors fied that my content was technically accurate and digestible by the readingpublic, so I thank my technical editors Khaki Cohen and John Ruley.There are many other people at Addison-Wesley who I’ll probablynever communicate with—such as copy editors, designers, proofreaders,and the publisher—so here’s a big thank you to all of them

veri-Microsoft provided a great deal of input into this book, which was itated by Emily Ohlsen and Melissa Dingle who handled my interactionwith the Microsoft program managers There are too many people atMicrosoft to thank individually—so I want to make this a big thank-you toeveryone at Microsoft who helped me with my many questions and for pro-viding their insight

facil-Writing this book has taken up a huge amount of my life over the last

24 months I would like to thank my colleagues at EMC for their supportthroughout this process

I feel I should also thank my two best friends, Brad Bartholow andDavid Covich, who are always there with life advice, keep me focused onwhat is important, and put up with me insulting them 24/7

I want to thank my parents for making me the person I am—whichsome people will curse them for Along with Arnold Schwarzenegger, myfather has always been my hero and the person I want to be

Throughout everything, Julie, my fiancée, has always been there withunconditional love, understanding, and full support for this project Myson, Kevin, has always been there to make me smile, highlight what’s mostimportant in the world, and put everything into perspective

xvii

A BOUT THE A UTHOR

John Savill, B.S., MCSE, M.S ITP Server Administrator, M.S ITP

Enterprise Administrator, Clustering MVP, is the Central U.S manager forEMC’s Microsoft technical infrastructure practice and chief Microsoftarchitect John has worked in infrastructure solutions for 15 years in dif-ferent industries At the age of 19, John started a frequently asked ques-tions site for Windows NT that evolved into the www.ntfaq.com site, whichbecame the most used NT FAQ on the Internet John is a frequent writer

for Windows IT Pro magazine and other major publications such as

TechNet Magazine, and this work is John’s fourth solo book project John is

a speaker at many major technology shows, including Tech Ed 2006, 2007,and 2008

Outside of technology, John enjoys fitness activities, such as cycling,running, and weightlifting in addition to practicing martial arts, which hehas done since the age of 7 John has lived in the United States since 2004and received his green card (finally) at the beginning of 2008

With this book, I tried to create a resource that explains the major tures of Windows Server 2008, when to use them, how to design the bestimplementation, and how to manage the deployed environment.

fea-Windows Server 2008 has so many features that I had to leave someout Those features not discussed are ones I felt would not be interesting

to most readers; however, I point out what is not covered and suggest someresources Windows 2008 is trying to put books out of business; however,although the online help is great, it is task focused Therefore, I encourageyou to follow the online help tool I concentrate on items that require moredesign, decision, or are just cool

Windows Server 2008 is very customer-focused and focuses on a keynumber of areas such as virtualization, the Web, and security Usability isalso a major area for Windows 2008 A customer does not point to a serv-

er and say “that’s my windows server”; a customer says “that’s my domaincontroller” or “that’s my file server.” Windows Server 2008 is designedaround how the server is used Only the basic functions are installed; addi-tional components are installed as roles, and features are added to the serv-

er and their management tools accessed through a single server managerinterface

Design of Microsoft-based systems will change in the future I predictthat the process we perform today to design the best practice implemen-tation for our environment will be automated entirely within ten years—

xix