by John Paul Mueller
Windows
Server
®
2008
ALL-IN-ONE DESK REFERENCE
FOR
DUMmIES
‰
01_180440 ffirs.qxp 3/12/08 10:39 PM Page i
Windows Server
®
2008 All-in-One Desk Reference For Dummies
®
Published by
Wiley Publishing, Inc.
111 River Street
Hoboken, NJ 07030-5774
www.wiley.com
Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana
Published by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form
or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as
permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior
written permission of the Publisher, or authorization through payment of the appropriate per-copy fee
to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978)
646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley
Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or
online at />Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the
Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade

dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United
States and other countries, and may not be used without written permission. Microsoft and Windows
Server are registered trademarks of Microsoft Corporation in the United States and/or other countries.
All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated
with any product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS
OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND
SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PAR-
TICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE
ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD
WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR
OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT
PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR
DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK
AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR
OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOM-
MENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS
WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.
For general information on our other products and services, please contact our Customer Care
Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.
For technical support, please visit www.wiley.com/techsupport.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may
not be available in electronic books.
Library of Congress Control Number: 2008924084
ISBN: 978-0-470-18044-0
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
01_180440 ffirs.qxp 3/12/08 10:39 PM Page ii
About the Author
John Mueller is a freelance author and technical editor. He has writing in his

blood, having produced 78 books and over 300 articles to date. The topics
range from networking to artificial intelligence and from database manage-
ment to heads-down programming. Some of his current books include a
Windows power optimization book, a book on .NET security, and books on
Amazon Web Services, Google Web Services, and eBay Web Services. His
technical editing skills have helped over 52 authors refine the content of
their manuscripts. John has provided technical editing services to both Data
Based Advisor and Coast Compute magazines. He has also contributed articles
to a number of magazines, including CIO.com, DevSource, InformIT, Informant,
DevX, SQL Server Professional, Visual C++ Developer, Hard Core Visual Basic,
asp.netPRO, Software Test and Performance, and Visual Basic Developer.
When John isn’t working at the computer, you can find him in his workshop.
He’s an avid woodworker and candlemaker. On any given afternoon, you can
find him working at a lathe or putting the finishing touches on a bookcase. He
also likes making glycerin soap, which comes in handy for gift baskets. You
can reach John on the Internet at John is also setting
up a Web site at feel free to look and
make suggestions on how he can improve it. Check out his weekly blog at
/>01_180440 ffirs.qxp 3/12/08 10:39 PM Page iii
Dedication
This book is dedicated to the beauty of nature around my home and what it
means to me. No, it has nothing to do with computers, but that’s what makes
nature so amazing. Snow falling, crisp winter days, trees in spring, tomatoes
in the garden, falling leaves, deer and quail, and all of the other things that I
might miss if I never left my desk to see them leave me awestruck at the
diversity of our earth and the God who created it.
Author’s Acknowledgments
Thanks to my wife, Rebecca, for working with me to get this book completed.
I really don’t know what I would have done without her help in researching
and compiling some of the information that appears in this book. She also did

a fine job of proofreading my rough draft.
Russ Mullen deserves thanks for his technical edit of this book. He greatly
added to the accuracy and depth of the material that you see here. I really
appreciate the time that he devoted to checking my procedures for accuracy.
I also spent a good deal of time bouncing ideas off Russ as I wrote this book,
which is a valuable aid to any author.
Matt Wagner, my agent, deserves credit for helping me get the contract in the
first place and for taking care of all the details that most authors don’t really
consider. I always appreciate his assistance. It’s good to know that someone
wants to help.
A number of people read all or part of this book to help me refine the
approach, test the procedures, and generally provide input that every reader
wishes they could have. These unpaid volunteers helped in ways too numer-
ous to mention here. I especially appreciate the efforts of Eva Beattie, who
read the entire book and selflessly devoted herself to this project. I’d love to
thank by name each person who wrote me with an idea, but there are simply
too many.
Finally, I would like to thank Katie Feltman, Nicole Sholly, Rebecca Whitney,
and the rest of the editorial and production staff for their assistance in
bringing this book to print. It’s always nice to work with such a great group
of professionals.
01_180440 ffirs.qxp 3/12/08 10:39 PM Page v
Publisher’s Acknowledgments
We’re proud of this book; please send us your comments through our online registration form
located at www.dummies.com/register/.
Some of the people who helped bring this book to market include the following:
Acquisitions, Editorial
Project Editor: Nicole Sholly
Sr. Acquisitions Editor: Katie Feltman
Copy Editor: Rebecca Whitney

Technical Editor: Russ Mullen
Editorial Manager: Kevin Kirschner
Editorial Assistant: Amanda Foxworth
Sr. Editorial Assistant: Cherie Case
Cartoons: Rich Tennant
(www.the5thwave.com)
Composition Services
Project Coordinator: Erin Smith
Layout and Graphics: Claudia Bell,
Stacie Brooks, Melissa K. Jester,
Christine Williams
Proofreader: Catie Kelly, Tricia Liebig
Indexer: WordCo Indexing Services
Publishing and Editorial for Technology Dummies
Richard Swadley, Vice President and Executive Group Publisher
Andy Cummings, Vice President and Publisher
Mary Bednarek, Executive Acquisitions Director
Mary C. Corder, Editorial Director
Publishing for Consumer Dummies
Diane Graves Steele, Vice President and Publisher
Joyce Pepple, Acquisitions Director
Composition Services
Gerry Fahey, Vice President of Production Services
Debbie Stailey, Director of Composition Services
01_180440 ffirs.qxp 3/12/08 10:39 PM Page vi
Table of Contents
Introduction 1
About This Book 2
Conventions Used in This Book 2
What You Should Read 3

What You Don’t Have to Read 4
Foolish Assumptions 4
How This Book Is Organized 5
Book I: Installation and Setup 5
Book II: Configuration 5
Book III: Administration 5
Book IV: Networking 6
Book V: Security 6
Book VI: Windows PowerShell 6
Book VII: IIS 7
Book VIII: Services 7
Icons Used in This Book 7
Where to Go from Here 8
Part I: Installation and Setup 9
Chapter 1: An Overview of Windows Server 2008 . . . . . . . . . . . . . . . . .11
An Overview of Major New Features in Windows Server 2008 12
BitLocker drive encryption 12
Enhanced Windows Firewall 12
Federated rights management 14
Improved failover clustering 14
Internet Information Server (IIS) 7 15
Internet Protocol version 6 (IPv6) 16
.NET Framework 3.0 17
Network access protection (NAP) and enforcement 18
New printer and storage options 19
Read-only domain controller (RODC) 20
Windows Deployment Services 21
Considering the Windows Server 2008 Editions 22
Memory considerations 23
Other hardware considerations 23

Standard 24
Enterprise 24
Datacenter 24
Web 24
02_180440 ftoc.qxp 3/14/08 5:46 PM Page vii
Windows Server 2008 All-In-One Desk Reference For Dummies
viii
Understanding Windows Server 2008 Server Core 25
Creating lightweight servers with specific roles 26
Working with Windows Server Virtualization (WSV) 26
Defining the Benefits of Windows Server Manager 27
Considering Windows PowerShell 28
Communicating with Terminal Services (TS) 29
TS Easy Print 29
TS Gateway 29
TS RemoteApp 29
TS Session Broker 30
TS Web Access 30
Chapter 2: Using the Boot Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . .31
Accessing the Boot Diagnostics 33
Starting diagnostics from the boot CD 34
Starting diagnostics from the boot menu 36
Using a Special Boot Mode 37
Working with the Safe Mode options 37
Enabling boot logging 40
Enabling low-resolution video 42
Using the last known good configuration 42
Using Directory Services Restore mode 43
Using debugging mode 44
Disabling the automatic restart on system failure 45

Disabling driver signature enforcement 45
Performing a Memory Test 49
Performing a Windows Complete PC Restore 50
Using the Command Prompt 52
Chapter 3: Performing the Basic Installation . . . . . . . . . . . . . . . . . . . . .55
An Overview of the Installation Prerequisites 56
Choosing a processor configuration 57
Considering the version and edition requirements 59
Understanding the minimum requirements 60
Deciding between a DVD and Windows installation 62
Considering Pre-Installation Requirements 64
Preparing a forest for installation 66
Preparing a domain for installation 67
Performing a DVD Installation 68
Performing a Windows Installation 72
Considering the Windows Installation Alternatives 78
Performing an Initial Configuration 79
Chapter 4: Performing Initial Configuration Tasks . . . . . . . . . . . . . . . .83
An Overview of the Initial Configuration Tasks Window 84
Understanding the default Windows Server 2008 settings 85
An overview of the configuration process 86
Reopening the Initial Configuration Tasks window 88
02_180440 ftoc.qxp 3/14/08 5:46 PM Page viii
Table of Contents
ix
Providing Computer Information 88
Setting the time zone 88
Providing a computer name and domain 90
Configuring networking 92
Updating Your Server 95

Enabling automatic updating and feedback 95
Downloading and installing updates 101
Customizing Your Server 103
Adding roles 104
Adding features 105
Enabling Remote Desktop 106
Configuring the Windows Firewall 107
Configuring the Startup Options with BCDEdit 108
Part II: Configuration 111
Chapter 1: Configuring Server Roles and Features . . . . . . . . . . . . . . .113
Using the Server Manager Console 113
Working with roles 115
Working with features 125
Performing diagnostics 126
Performing configuration tasks 128
Configuring and managing storage 129
Using the ServerManagerCmd Utility 130
Understanding the Server Roles 134
Considering the Active Directory Certificate Service role 134
Considering the Active Directory Domain Services role 135
An overview of the Active Directory Federation Services role 135
Working with the Active Directory Lightweight
Directory Services role 136
Working with the Active Directory Rights
Management Services role 136
Working with the Application Server role 137
Considering the DHCP Server role 137
Considering the DNS Server role 137
An overview of the Fax Server role 138
An overview of the File Services role 138

Considering the Network Policy and Access Services role 138
Considering the Print Services role 139
Considering the Terminal Services role 139
Considering the UDDI Services role 139
Considering the Web Server (IIS) role 139
Working with the Windows Deployment Services role 139
Working with the Windows SharePoint Services role 140
Understanding the Server Features 140
Considering the .NET Framework 3.0 features 140
Considering the BitLocker Drive Encryption feature 141
02_180440 ftoc.qxp 3/14/08 5:46 PM Page ix
Windows Server 2008 All-In-One Desk Reference For Dummies
x
Considering the BITS Server Extensions feature 141
Working with the Connection Manager
Administration Kit (CMAK) feature 142
Defining the Desktop Experience feature 142
Considering the Failover Clustering feature 142
Considering the Group Policy Management feature 143
Considering the Internet Printing Client feature 143
Considering the Internet Storage Name Server feature 143
Considering the LPR Port Monitor feature 143
Considering the Message Queuing feature 144
Considering the Multipath I/O feature 144
Considering the Network Load Balancing feature 144
Considering the Peer Name Resolution Protocol feature 145
Considering the Quality Windows Audio
Video Experience feature 145
Working with the Remote Assistance feature 145
Working with the Remote Differential Compression feature 146

Considering the Remote Server Administration Tools feature 146
Considering the Removable Storage Manager feature 147
Working with the RPC over HTTP Proxy feature 147
Working with the Simple TCP/IP Services feature 147
Considering the SMTP Server feature 148
Considering the SNMP Services feature 148
Considering the Storage Manager for SANs feature 148
Working with the Subsystem for UNIX-based
Applications feature 149
Considering the Telnet Client feature 149
Considering the Telnet Server feature 149
Considering the TFTP Client feature 149
An overview of the Windows Internal Database feature 150
Considering the Windows PowerShell feature 150
Considering the Windows Process Activation Service feature 150
Considering the Windows Recovery Disc feature 151
Considering the Windows Server Backup features 151
Considering the Windows System Resource Manager feature 151
Considering the WINS Server feature 151
Considering the Wireless LAN Service feature 152
Chapter 2: Configuring Server Hardware . . . . . . . . . . . . . . . . . . . . . . .153
Considering the Windows Scalability Improvements 154
Working with Device Manager 155
Managing the Device Manager display 157
Viewing broken devices 159
Understanding resources 160
Viewing hidden devices 163
Scanning for new devices 166
Working with older devices 166
Viewing individual device settings 167

02_180440 ftoc.qxp 3/14/08 5:46 PM Page x
Table of Contents
xi
Updating drivers 169
Configuring power management 172
Using the Add Hardware Wizard 173
Performing Hard-Drive-Related Tasks 175
Encrypting your hard drive using BitLocker 176
Working with Multipath I/O 180
Working with the Removable Storage Manager 182
Working with SANs 186
Performing Printer-Related Tasks 187
Working with the Printer Installation Wizard 188
Configuring the printer options 194
Configuring an LPR printer 203
Performing Configuration Tasks 204
Working with fonts 204
Configuring the keyboard 205
Configuring the mouse 206
Configuring the phone and modem options 208
Setting the power management options 209
Configuring the sound options 211
Chapter 3: Using the Control Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . .213
Accessing the Control Panel 213
Bypassing the Control Panel to access applets 214
Using CPL files to open applets 214
Using command objects to open applets 216
Configuring the Control Panel 218
Using Category view 218
Understanding the Control Panel groups 220

Using Classic view 221
Understanding the Control Panel Applets 223
Add Hardware 223
Administrative Tools 224
AutoPlay 224
Color Management 225
Date and Time 226
Default Programs 228
Device Manager 230
Ease of Access/Ease of Access Center 230
Folder Options 231
Fonts 231
Indexing Options 231
Internet Options 231
iSCSI Initiator 232
Keyboard 232
Mouse 232
Network and Sharing Center 232
Offline Files 232
Personalization 232
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xi
Windows Server 2008 All-In-One Desk Reference For Dummies
xii
Phone and Modem Options 233
Power Options 233
Printers 233
Problem Reports and Solutions 233
Programs and Features 233
Regional and Language Options 234
Sound 234

System 234
Taskbar and Start Menu 234
Text to Speech 235
User Accounts 235
Windows Firewall 235
Windows Update 235
Chapter 4: Working with Workgroups . . . . . . . . . . . . . . . . . . . . . . . . . .237
Understanding Workgroups 238
Understanding the pros of workgroups 238
Understanding the cons of workgroups 239
Preparing to Create a Workgroup 240
Considering Centralized versus Group Sharing 241
Configuring the Server for a Workgroup 242
Adding groups to the workgroup 243
Adding users to the workgroup 247
Removing users and groups from the workgroup 249
Sharing storage resources in the workgroup 249
Performing User Configuration for a Workgroup 257
Using the User Account window 257
Modifying users with the Computer Management console 259
Working with Peer Name Resolution Protocol 260
Chapter 5: Promoting Your Server to a Domain Controller . . . . . . . .261
Understanding Domains 261
Preparing to Create a Domain 263
Performing the Domain Configuration Prerequisites 264
Checking for unsupported roles and features 265
Installing DNS 266
Installing WINS 273
Installing DHCP 273
Configuring the Server for a Domain 276

Performing the domain controller promotion 276
Configuring the user accounts 279
Sharing resources on the domain 281
Joining clients to the domain 281
Working with the Windows System Resource Manager (WSRM) 282
Understanding how WSRM works and what you gain from it 283
Creating new policies 285
Modifying and deleting policies 290
Assigning system policies 290
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xii
Table of Contents
xiii
Part III: Administration 291
Chapter 1: An Overview of the Administrative Tools Folder . . . . . . .293
Accessing the Administrative Tools Folder 294
Understanding consoles 294
Using MSC files to open consoles 295
Considering the undiscovered MSC file 299
Working with Common Administrative Tools Folder Features 302
Event Viewer 302
Services 312
System Configuration 317
Installing and Using the Remote Server Administration Tools 321
Chapter 2: Setting Group Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323
Understanding How Policies Work 323
Starting the Group Policy Editor 325
Performing Computer Management 326
Modifying computer Software Settings 326
Modifying computer Windows Settings 326
Using computer Administrative Templates 329

Performing User Configuration 332
Modifying user Software Settings 332
Modifying user Windows Settings 332
Using user Administrative Templates 334
Disabling UAC on the Server 334
Viewing the Resultant Set of Policy (RSoP) 335
Chapter 3: Configuring the Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
Starting the Registry Editor 338
Importing and Exporting Registry Elements 339
Performing a registry backup 339
Working with branches 341
Modifying the REG files 342
Using the Registry Editor at the command line 345
Finding Registry Elements 345
Performing the search 346
Setting registry entry favorites 347
Understanding the Registry Data Types 347
Working with strings 347
Working with binary data 349
Working with DWORD and QWORD data 350
Working with special data types 351
Understanding the Hives 351
Locating the registry files 351
Working with HKEY_CLASSES_ROOT 353
Working with HKEY_CURRENT_USER 354
Working with HKEY_LOCAL_MACHINE 355
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xiii
Windows Server 2008 All-In-One Desk Reference For Dummies
xiv
Working with HKEY_USERS 355

Working with HKEY_CURRENT_CONFIG 356
Loading and unloading hives 356
Connecting to network registries 357
Setting Registry Security 357
Chapter 4: Working with Active Directory . . . . . . . . . . . . . . . . . . . . . .359
Understanding How Active Directory Works 360
Configuring Objects in Active Directory 360
Using the Active Directory Domains and Trusts console 360
Using the Active Directory Sites and Services console 364
Using the Active Directory Users and Computers console 365
Working with ADSIEdit 372
Creating a connection 372
Viewing the database hierarchy 374
Managing objects 375
Chapter 5: Performing Standard Maintenance . . . . . . . . . . . . . . . . . .377
Interacting with the System Applet 378
Activating Windows 379
Using the System Properties dialog box links 379
Configuring Your User Interface for Maximum Functionality 380
Defining the Folder Options settings 381
Defining the Internet Options settings 383
Defining the personalization settings 389
Defining the Problem Reports and Solutions settings 391
Defining the Regional and Language Options settings 392
Defining the Taskbar and Start menu settings 393
Configuring the Windows performance options 396
Understanding How UAC Affects Maintenance Tasks 397
Adding and Removing Standard Applications 398
Measuring Reliability and Performance 399
Using the Performance Monitor 400

Using the Reliability Monitor 402
Protecting System Data 403
Performing a system backup 403
Performing a system restore 406
Performing Disk Management Tasks 408
Performing share and storage management 408
Performing disk management 410
Defragmenting the hard drive 411
Automating Diagnostic Tasks with Task Scheduler 412
Discovering the task status 412
Using preconfigured tasks 413
Creating your own tasks 415
Working with Remote Desktop 415
Creating a connection 415
Setting the display 417
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xiv
Table of Contents
xv
Accessing local resources 418
Running a configuration program 419
Optimizing performance 420
Creating a Windows Recovery Disc 421
Chapter 6: Working at the Command Line . . . . . . . . . . . . . . . . . . . . . . .423
Opening an Administrative Command Line 424
Configuring the Command Line 427
Setting the window options 427
Changing the font 429
Choosing a window layout 429
Defining the text colors 430
Setting Environment Variables 431

Using the Environment Variables dialog box 432
Using the Set command 433
Obtaining Help at the Command Line 434
Understanding Command Line Symbols 436
Part IV: Networking 437
Chapter 1: An Overview of Windows Server 2008 Networking . . . .439
Understanding the New Windows Server 2008 Networking Features 440
An Overview of the Network and Sharing Center 441
Understanding How UAC Affects Networking 444
Considering TCP/IP Configuration 445
Understanding DHCP 446
Understanding DNS 446
Understanding WINS 447
Chapter 2: Performing Basic Networking Tasks . . . . . . . . . . . . . . . . .449
Viewing the Network Properties 450
Displaying a Network Map 453
Connecting to Another Network 454
Connect to the Internet 455
Set up a dial-up connection 457
Connect to a workplace 458
Managing Network Connections 462
Working with Client for Microsoft Networks 463
Understanding the Internet protocol settings 463
Installing new networking features 465
Uninstalling network features 467
Chapter 3: Accomplishing Advanced Networking Tasks . . . . . . . . .469
Working with Terminal Server 469
Using the default utilities 470
Configuring user-specific Terminal Services settings 478
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xv

Windows Server 2008 All-In-One Desk Reference For Dummies
xvi
Configuring and using TS Licensing 480
Understanding TS Session Broker 485
Working with Remote Access Services 485
Network Policy Server (NPS) 485
Health Registration Authority (HRA) 490
Host Credential Authorization Protocol (HCAP) 491
Using the NetSH Command Line Utility 492
Chapter 4: Diagnosing and Repairing
Network Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .499
Using the Diagnose and Repair Feature 500
Repairing Individual Connections 502
Overcoming Common Configuration Errors 504
Configuring the User Settings Correctly 506
Setting the Profile tab 507
Setting the Environment tab 508
Setting the Sessions tab 509
Part V: Security 511
Chapter 1: Understanding Windows Server 2008 Security . . . . . . . .513
Working with Basic Windows Security 514
Understanding the concepts of authentication 514
Understanding the concepts of authorization 515
Understanding access tokens 516
Understanding security descriptors 517
Understanding ACLs 518
Working with .NET Security 519
Considering the .NET security features 520
Understanding role-based security 521
Understanding code access security 525

Configuring File and Folder Security 527
Setting file and folder security 527
Managing user encryption file certificates 530
Creating a Local Security Policy 532
Using the Security Configuration Wizard 532
Chapter 2: Configuring Shared Resources . . . . . . . . . . . . . . . . . . . . . .539
Comparing Shares with Security 540
Sharing Resources 541
Working with storage media 542
Working with printers 545
Sharing other resources 546
Performing an ICS Setup 547
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xvi
Table of Contents
xvii
Configuring an Access Solution with Federated Rights Management 549
Working with Active Directory Federated Services (AD FS) 550
Working with Active Directory Rights
Management Services (AD RMS) 552
Chapter 3: Configuring Internal Security . . . . . . . . . . . . . . . . . . . . . . . .555
Working with Network Access Protection (NAP) 556
Understanding and Using the User Account Control (UAC) 559
Using UAC to protect your server 560
Running tasks as an administrator 561
Understanding automatic privilege elevation 562
Overriding the UAC settings 562
Managing User Passwords 566
Creating a password reset disk 566
Managing your network passwords 567
Managing User Certificates 571

Configuring Startup and Recovery Options 573
Chapter 4: Working with the Internet . . . . . . . . . . . . . . . . . . . . . . . . . .575
Configuring the Windows Firewall 576
Turning Windows Firewall on or off 576
Setting standard application and port exceptions 577
Assigning Windows Firewall to connections 579
Configuring Windows Firewall with Advanced Security 579
Working with the profile settings 581
Understanding IPSec 583
Configuring the IPSec settings 585
Working with inbound and outbound rules 589
Part VI: Windows PowerShell 597
Chapter 1: An Introduction to Windows PowerShell . . . . . . . . . . . . .599
An Overview of PowerShell 600
Using PowerShell Effectively 601
Installing the PowerShell Feature 602
Understanding the Security Issues of Using PowerShell 605
Performing Simple Tasks with PowerShell 606
Obtaining Help for PowerShell Commands and Utilities 607
Understanding the Remoting Difference 610
Chapter 2: Understanding the .NET Framework . . . . . . . . . . . . . . . . . .613
Understanding the .NET Framework Versions 614
Locating the .NET Framework on your system 614
Understanding the concept of side-by-side versions 617
Understanding the .NET Framework 3.0 Additions 618
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xvii
Windows Server 2008 All-In-One Desk Reference For Dummies
xviii
Viewing the Global Assembly Cache 619
Understanding assembly privacy 620

An overview of the GAC entries 620
Removing an assembly using Windows Explorer 621
Viewing assembly properties using Windows Explorer 622
Working with Common .NET Framework Utilities 623
Placing assemblies in the GAC 623
Registering assemblies before using them 625
Chapter 3: Working with Scripts and Cmdlets . . . . . . . . . . . . . . . . . . .627
An Overview of the Common Scripts and Cmdlets 627
Executing a Common Script or Cmdlet 629
An overview of command line and PowerShell
comparable activities 629
Working with COM objects in PowerShell 630
Combining multiple steps 633
Working from Another Location 636
Chapter 4: Creating Your Own Scripts and Cmdlets . . . . . . . . . . . . . .637
Creating a New Shell Extension 637
Creating a PowerShell Script 641
Working with scripts and shells 642
Creating a simple script 642
Running the script 645
Defining a Script Policy 646
Creating a PowerShell Cmdlet 647
Compiling the Cmdlet executable 648
Using the Make-Shell utility to create the shell 649
Part VII: IIS 651
Chapter 1: Understanding the New Interface . . . . . . . . . . . . . . . . . . . .653
Working with the Start Page 654
Considering Application Pools 656
Understanding FTP Site Configuration 657
Considering the IIS Icons 657

An overview of the ASP.NET features 659
An overview of the IIS features 667
An overview of the Management features 677
Chapter 2: Performing Basic Configuration Tasks . . . . . . . . . . . . . . .679
Installing and Configuring SMTP Support 680
Understanding the purpose of SMTP in IIS 7 680
Configuring an SMTP server 682
Configuring a pickup directory 682
Redirecting Web Sites 683
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xviii
Table of Contents
xix
Handling HTTP Responses 684
Configuring a standard response header 685
Configuring a custom response header 686
Working with Data 687
Configuring MIME types 687
Configuring handlers 692
Configuring modules 699
Understanding and Using ISAPI 702
Working with ISAPI extensions 702
Managing ISAPI filters 703
Understanding and Performing Feature Delegation 705
Changing the overall level of delegation 706
Changing the custom delegation for a Web site 706
Correcting delegation mistakes 707
Chapter 3: Working with Scripted Applications . . . . . . . . . . . . . . . . .709
Understanding the Scripted Application Support 709
Working with CGI Applications 710
Working with ASP Applications 711

Changing the application behavior 712
Compiling the application 717
Configuring application services 720
Considering Scripted Application Security 725
Securing a CGI application 726
Securing an ASP application 726
Defining ISAPI extension and CGI restrictions 726
Chapter 4: Working with ASP.NET . . . . . . . . . . . . . . . . . . . . . . . . . . . . .731
Understanding ASP.NET 732
Considering ASP.NET and Data Connectivity 732
Managing providers 733
Managing connection strings 739
Installing ASP.NET Applications 742
Determining when to create an application 743
Adding a new application 743
Converting a folder or virtual directory to an application 744
Configuring ASP.NET Applications 745
Changing application behavior with application settings 745
Managing session state 746
Chapter 5: Configuring an FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . .751
Understanding FTP Site Prerequisites 751
Managing FTP Server with the Graphical Interface 753
Accessing the FTP features 753
Modifying the FTP Site tab 754
Modifying the Security Accounts tab 755
Modifying the Messages tab 756
Modifying the Home Directory tab 756
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xix
Windows Server 2008 All-In-One Desk Reference For Dummies
xx

Saving your configuration 757
Restoring your configuration 757
Managing FTP Servers with the FTP Utility 758
Setting Security for Your FTP Site 760
Chapter 6: Configuring IIS Security . . . . . . . . . . . . . . . . . . . . . . . . . . . .763
Obtaining a Certificate 764
Understanding the importance of certificates 764
Importing an existing certificate 765
Creating a certificate request 766
Completing a certificate request 768
Creating a domain certificate 768
Creating a self-signed certificate 772
Configuring SSL on IIS 772
Creating an HTTPS binding 773
Defining the server settings 774
Defining the client settings 775
Configuring ASP.NET Security 776
Defining trust levels 777
Managing roles 778
Managing users 779
Part VIII: Services 781
Chapter 1: An Overview of Windows Server 2008 Services . . . . . . .783
Understanding How Services Work 784
An Overview of the Basic Windows Services 786
Understanding the Windows Management Instrumentation (WMI) 800
Configuring the WMI Control Properties 801
Performing a backup 802
Performing a restoration 802
Setting WMI security 803
Changing the default namespace for scripting 804

Chapter 2: Monitoring and Configuring Services . . . . . . . . . . . . . . . .805
Using the Services Console 805
Starting and stopping services 806
Pausing and continuing services 807
Working with service properties 807
Modifying Service Status Using Task Manager 812
Working with the SC Command Line Utility 814
Chapter 3: Using Application-Specific Services . . . . . . . . . . . . . . . . .823
Defining an Application-Specific Service 824
Locating Application-Specific Services 826
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xx
Table of Contents
xxi
Working with Application-Specific Services As Needed 829
Starting and stopping application-specific services 829
Configuring an application-specific service start-up 831
Changing the application-specific service logon settings 832
Modifying the application-specific service recovery features 833
Understanding security required by
application-specific services 833
Considering special application-specific
service configuration needs 834
Index 835
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xxi
Windows Server 2008 All-In-One Desk Reference For Dummies
xxii
02_180440 ftoc.qxp 3/14/08 5:46 PM Page xxii
Introduction
M
icrosoft is determined to make a better operating system, and the com-

pany accomplished that goal with Windows Server 2008. Reliability,
performance (as long as you have the required hardware), and security are all
improved. In fact, security takes a front seat with Windows Server 2008. In
Windows Server 2008 All-in-One Desk Reference For Dummies, you discover
just how profound these changes are. I found myself impressed by many of
the new features that Microsoft added and feel that the company has done a
good job of putting together this version of Windows.
You come across many things to like in Windows Server 2008. Of course,
you find the usual new features. Anyone who hasn’t seen IIS 7 should look
because Microsoft finally provides a cleaner, easier-to-use interface with lots
of good changes underneath. The new, managed version of IIS provides
better performance because it doesn’t load everything (whether you need it
or not). In addition, you find significant security improvements, better relia-
bility, and full support for ASP.NET. That’s right! You can finally work with
the developer to create a fully configurable managed Web application that
can produce impressive results.
Security is a front-line consideration for Windows Server 2008. Microsoft
attempts to secure everything in this version of Windows. For example,
BitLocker encryption helps ensure that your data remains safe, even when
someone sends an old computer to the dump without erasing the hard drive
first. Reliance on User Account Control (UAC) ensures that even administra-
tors can’t accidentally thwart an organization’s efforts to maintain a secure
environment. Everything is also locked down better. No longer does
Microsoft leave all the security doors open and hope that you lock them
later. Windows Server 2008 All-in-One Desk Reference For Dummies makes a
special effort to describe all the security changes.
Unfortunately, nothing comes free. Spend more than a little time with Windows
Server 2008 and you’ll find that some changes break applications and cause
other problems. This book also helps you overcome any potential obstacles
that can interfere with your Windows Server 2008 computing experience. The

thing that impressed me most, however, was that the number of breaking
changes is quite small, especially when you consider the considerable
number of good changes you receive. Even so, Windows Server 2008 All-in-
One Desk Reference For Dummies won’t leave you in the lurch to figure out
the small number of changes that break applications — this book is all
about finding the solutions you need.
03_180440 intro.qxp 3/12/08 10:40 PM Page 1
About This Book
2
About This Book
Windows Server 2008 All-in-One Desk Reference For Dummies provides every-
thing needed to perform common administration tasks with Windows Server
2008. No, you won’t find arcane material in this book, because I took extra
time to ensure that you have the material you need for everyday tasks.
Everything from installation to figuring out why a user can’t gain access to
resources on the server appears in this book in considerable detail. You also
see procedures for all common tasks — everything from setting up Internet
Connection Sharing (ICS) to promoting your server to a domain controller.
Procedures and topical information are nice, but this book goes much further.
Sometimes it’s hard to know how to proceed with Windows Server 2008. This
product contains so many features that you can easily become lost and install
the wrong features for your needs. This book provides insights into when
you need a feature and how best to use the feature to meet your organization’s
needs. Although I can’t guess about every need you might have, you find
common needs addressed in this book. For example, when you need to
decide between installing a workgroup or a domain controller, you find the
pros and cons of both setups in this book.
My main goal in writing this book is to provide you with useful tools and
information. Windows Server 2008 is an amazing piece of software, despite
what many people may think about it. Navigating the labyrinth of features

requires a good tool, and Windows Server 2008 All-in-One Desk Reference For
Dummies is the tool you need. In reading this book, you discover the good,
the bad, the overlooked, the surprising, and everything else that makes
Windows Server 2008 unique.
Conventions Used in This Book
I always try to show you the fastest way to accomplish any task. In many
cases, this means using a menu command, such as Start➪Programs➪
Accessories➪Windows Explorer. When working with dialog boxes, I tell you
which tab to access first and then which feature to use on that tab.
Whenever possible, I use shortcut keys to help you access a command faster.
In some cases I provide multiple methods for accessing a feature so that you
can use the method that’s most convenient at the time. For example, you can
display the Task Manager by pressing Ctrl+Alt+Delete and clicking Task Manager
on the Windows Security dialog box or by right-clicking the Taskbar and
choosing Task Manager from the context menu.
03_180440 intro.qxp 3/12/08 10:40 PM Page 2
What You Should Read
3
This book also uses special type to emphasize some information. For example,
entries that you need to type appear in bold. All code, Web site URLs, and
on-screen messages appear in monofont type. Whenever I define a new
word, you see that word in italics. Italics are also used to denote placeholders.
Because you use multiple applications when you’re working with Windows
Server 2008, I always point out when to move from one application to the
next. When a chapter begins, I introduce the main topics for that chapter,
which likely includes a combination of theory, usage suggestions, best prac-
tices, and procedures.
What You Should Read
Windows Server 2008 has a considerable array of new features, and Microsoft
has changed the way many features work. Even experienced administrators

will want to begin by reading Book I, Chapter 1 because it contains an overview
of Windows Server 2008 features and tells you where to find details about
these features in the book. You can find features by reviewing the table of
contents and the index, but Book I, Chapter 1 provides a short description
of each feature that helps you determine whether you need to read more
information about that feature.
Anyone who hasn’t performed a number of Windows installations in the past
will definitely want to read the rest of Book I because it’s easy to get lost without
this information. Microsoft provides a number of new tools as part of the boot
manager, so you want to read about these tools in case you experience an error
during installation.
Everyone will want to read Book II, Chapter 1 next because it provides a
description of every role and feature that Windows Server 2008 provides. If
you don’t know the difference between a role and a feature, this chapter
explains it to you. Older versions of Windows don’t include the concept of
roles and features, so this information is exceptionally important even to the
experienced administrator.
Where you go next depends on how you plan to use your server. Before you
spend a lot of time configuring your server, however, you may want to read
Book II, Chapter 4 and Book II, Chapter 5 to determine whether you want to
create a workgroup or a domain. The choice may seem obvious, but Windows
Server 2008 provides enough surprises that you want to make your decision
based on the new functionality that Windows Server 2008 offers. In some
cases, you can use a simpler workgroup configuration where you may have
needed a domain controller in the past.
03_180440 intro.qxp 3/12/08 10:40 PM Page 3
What You Don’t Have to Read
4
The names of many administrator tools are the same as in past versions of
Windows. In some cases, the tools even look like those past versions. Even

so, you want to review Book III, Chapter 1 next to ensure that you understand
how the various administrator tools have changed. Some tools, such as those
provided with IIS 7, are so different that everyone will want to read about
them before installing the associated role or feature.
What You Don’t Have to Read
The best way to approach this book is to read the overview of a topic first.
When you find that you need additional information, proceed next to the sec-
tions that contain best practices and then to the procedures that describe how
to work with the feature. In most cases, you don’t gain anything of value by
reading everything about the topic when you don’t plan to use the target
feature.
Most chapters contain some advanced material that will interest only some
readers. In most cases, this material appears in sidebars or in separate sections.
The introductory text tells you that the section contains advanced material.
When you see an advanced-material warning, you can feel free to skip the
entire section without missing anything valuable for less-skilled readers.
You can also skip any material marked with a Technical Stuff icon. This mate-
rial is helpful, but you don’t have to know it to work with Windows Server
2008. I include this material because I find it helpful in my administration
efforts and hope that you will, too.
Foolish Assumptions
You might find it difficult to believe that I’ve assumed anything about you —
after all, I haven’t even met you! Although most assumptions are, indeed,
foolish, I made these assumptions to provide a starting point for the book.
I’m assuming you’ve worked with Windows long enough to know how the
keyboard and mouse work. You should also know how to use menus and other
basic Windows features. If you haven’t worked with Windows and Windows
applications for a while, you may find some concepts in this book difficult to
understand.
You must also have some level of administrative privileges. Many of the

procedures and configuration tips in this book won’t work without the proper
rights. Windows may not even make the required feature visible to you.
03_180440 intro.qxp 3/12/08 10:40 PM Page 4