This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
•
•
•
•
•
Table of Contents
Index
Reviews
Reader Reviews
Errata
Windows Server 2003 in a Nutshell
By Mitch Tulloch
Publisher: O'Reilly
Pub Date: September 2003
ISBN: 0-596-00404-4
Pages: 662
Microsoft has introduced the right server for a world now dominated by highly distributed systems and web-based
server applications, and O'Reilly Windows Server 2003 in a Nutshell is the most thorough and practical reference to this
important new server. With complete coverage of both the GUI and Command line features, functions and commands,
as well as tips and notes detailing subtle points and potential "gotchas", this book will quickly earn a permanent place
on your desk top.
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
•
•
•
•
•
Table of Contents
Index
Reviews
Reader Reviews
Errata
Windows Server 2003 in a Nutshell
By Mitch Tulloch
Publisher: O'Reilly
Pub Date: September 2003
ISBN: 0-596-00404-4
Pages: 662
Copyright
Preface
Who This Book Is for
How to Use This Book
What's New in This Edition
Conventions Used in This Book
Comments and Questions
Acknowledgments
Disclaimer
I. Transitioning
1. NT
2003
1.1. New Tools, Old Tasks
1.2. Tips for Transitioning
2. 2000
2003
2.1. What Changed?
2.2. New Features and Enhancements
II. Alphabetical Reference
3. Task Map
3.1. Understanding the Entries
3.2. Alphabetical List of Tasks
Account Lockout Policy
Active Directory
Administrative Shares
Administrative Templates
This document is created with a trial version of CHM2PDF Pilot
Administrative Tools
Advanced Options Menu
APIPA
Auditing
Automated System Recovery (ASR)
Automatic Updates
Backups
Boot Logging
Boot Menu
Clock
Command Prompt
Computers
Connections
Convenience Consoles
Delegation
Devices
Device Drivers
DFS
DHCP
Direct Computer Connection
Directory Services Restore Mode
Disks
Disk Quotas
DNS
Domains
Domain Controllers
Domain Controller Security Policy
Domain Security Policy
EFS
Error Reporting
Event Logs
File System
Folder Redirection
Forests
FSMO Roles
Global Catalog
Groups
Group Policy
Hardware Compatibility
Hardware Profiles
Hardware Requirements
Hibernation Mode
Kerberos Policy
Installation
Internet Connection Firewall (ICF)
Internet Connection Sharing (ICS)
Internet Explorer
Last Known Good Configuration
Licensing
Local Security Policy
Logon/Logoff Scripts
Logon
MMC
This document is created with a trial version of CHM2PDF Pilot
MMC
Network Bridge
NTFS
Objects
Offline Files
OUs
Passwords
Power Options
Permissions
Printers
Processes
Program Compatibility Mode
RAID
Recovery Console
Registry
Remote Assistance
Remote Desktop
Remote Desktop Connection
Remote Desktop Web Connection
Rights
Roles
RRAS
Safe Mode
Saved Queries
Secondary Logon
Security Configuration and Analysis
Services
Shadow Copies
Shared Folders
Shutdown
Sites
Software Installation
Special Identities
Standby Mode
Startup
Startup/Shutdown Scripts
System Information
System Restore
Tasks
TCP/IP
Trusts
Upgrading
Users
User Profiles
VPN
Windows Product Activation
WINS
4. GUI Reference
4.1. Read This First!
4.2. Concepts, Tools, Tasks, and Notes
4.3. Everyday Administration
4.4. Help Finding Things
4.5. Gestalt Menus
This document is created with a trial version of CHM2PDF Pilot
4.6. Topics Covered
4.7. Alphabetical List of Topics
Active Directory—Concepts
Active Directory—Tools
Active Directory—Tasks
Active Directory—Notes
Administrative Tools—Concepts
Administrative Tools—Tasks
Administrative Tools—Notes
Advanced Options Menu—Concepts
Advanced Options Menu—Tasks
Auditing—Concepts
Auditing—Tasks
Auditing—Notes
Automatic Updates—Concepts
Automatic Updates—Tasks
Automatic Updates—Notes
Backup—Concepts
Backup—Tasks
Backup—Notes
Connections—Concepts
Connections—Tools
Connections—Tasks
Connections—Notes
Delegation—Concepts
Delegation—Tasks
Delegation—Notes
Devices—Concepts
Devices—Tools
Devices—Tasks
Devices—Notes
DFS—Concepts
DFS—Tasks
DFS—Notes
DHCP—Concepts
DHCP—Tasks
DHCP—Notes
Disks—Concepts
Disks—Tools
Disks—Tasks
Disks—Notes
DNS—Concepts
DNS—Tasks
DNS—Notes
Domain—Concepts
Domain—Tools
Domain—Tasks
Domain—Notes
Domain Controller—Concepts
Domain Controller—Tasks
Domain Controller—Notes
Event Logs—Concepts
Event Logs—Tools
This document is created with a trial version of CHM2PDF Pilot
Event Logs—Tools
Event Logs—Tasks
Event Logs—Notes
Files and Folders—Concepts
Files and Folders—Tools
Files and Folders—Tasks
Files and Folders—Notes
Forest—Concepts
Forest—Tasks
Groups—Concepts
Groups—Tasks
Groups—Notes
Group Policy—Concepts
Group Policy—Tools
Group Policy—Tasks
Group Policy—Notes
Installation—Concepts
Installation—Tasks
Installation—Notes
Logon—Concepts
Logon—Tasks
Logon—Notes
Microsoft Management Console—Concepts
Microsoft Management Console—Tasks
OU—Concepts
OU—Tasks
OU—Notes
Permissions—Concepts
Permissions—Tasks
Permissions—Notes
Printing—Concepts
Printing—Tasks
Printing—Notes
Recovery Console—Concepts
Recovery Console—Tasks
Recovery Console—Notes
Remote Desktop—Concepts
Remote Desktop—Tasks
Remote Desktop—Notes
Routing and Remote Access—Concepts
Routing and Remote Access—Tools
Routing and Remote Access—Tasks
Routing and Remote Access—Notes
Security Templates—Concepts
Security Templates—Tools
Security Templates—Tasks
Security Templates—Notes
Services—Concepts
Services—Tasks
Services—Notes
Shared Folders—Concepts
Shared Folders—Tools
Shared Folders—Tasks
This document is created with a trial version of CHM2PDF Pilot
Shared Folders—Notes
Site—Concepts
Site—Tools
Site—Tasks
Site—Notes
Tasks—Concepts
Tasks—Tools
Tasks—Tasks
Tasks—Notes
TCP/IP—Concepts
TCP/IP—Tasks
TCP/IP—Notes
Trusts—Concepts
Trusts—Tasks
Trusts—Notes
Users—Concepts
Users—Tools
Users—Tasks
Users—Notes
WINS—Concepts
WINS—Tools
WINS—Tasks
WINS—Notes
5. Command Reference
5.1. Read This First!
5.2. If a Command Won't Run
5.3. Alphabetical List of Commands
adprep
arp
assoc
at
attrib
bootcfg
bootcfg /addsw
bootcfg /copy
bootcfg /dbg1394
bootcfg /debug
bootcfg /default
bootcfg /delete
bootcfg /ems
bootcfg /query
bootcfg raw
bootcfg /rmsw
bootcfg /timeout
cacls
chkdsk
chkntfs
cipher
clip
cmd
cmdkey
convert
csvde
This document is created with a trial version of CHM2PDF Pilot
csvde
date
dcgpofix
defrag
dfscmd
diskpart
driverquery
dsadd
dsget
dsmod
dsmove
dsquery
dsrm
eventquery
expand
finger
format
freedisk
ftp
ftype
getmac
gpresult
gpupdate
hostname
ipconfig
label
ldifde
lpq
lpr
mode
mountvol
nbtstat
net
net accounts
net computer
net config
net config server
net config workstation
net continue
net file
net group
net help
net helpmsg
net localgroup
net name
net pause
net print
net send
net session
net share
net start
net statistics
net stop
This document is created with a trial version of CHM2PDF Pilot
net time
net use
net user
net view
netsh
netsh/Global Context
netsh/AAAA context
netsh/DHCP Context
netsh/Interface Context
netsh/RAS Context
netsh/Routing Context
netsh/WINS Context
netstat
nslookup
openfiles
pathping
ping
popd
prncnfg
prndrvr
prnjobs
prnmngr
prnqctl
pushd
rcp
recover
rexec
route
rsh
runas
schtasks
set
setx
shutdown
start
systeminfo
takeown
taskkill
tasklist
telnet
tftp
time
tracert
ver
III. Resources
A. Appendix: Useful Sites
Acronyms
Colophon
Index
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
Copyright
Copyright © 2003 O'Reilly & Associates, Inc.
Portions of this book previously appeared in Windows 2000 Administration in a Nutshell, Copyright © 2001 O'Reilly &
Associates, Inc. All rights reserved.
Printed in the United States of America.
Published by O'Reilly & Associates, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.
O'Reilly & Associates books may be purchased for educational, business, or sales promotional use. Online editions are
also available for most titles (). For more information, contact our corporate/institutional sales
department: (800) 998-9938 or
Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly &
Associates, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as
trademarks. Where those designations appear in this book, and O'Reilly & Associates, Inc. was aware of a trademark
claim, the designations have been printed in caps or initial caps. The association between the image of an American
white pelican and the topic of Windows Server 2003 is a trademark of O'Reilly & Associates, Inc.
While every precaution has been taken in the preparation of this book, the publisher and authors assume no
responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
Preface
This book is a quick desktop reference on administering the Windows Server 2003 (WS2003) operating system. It's not
a tutorial; there are plenty of those around—big fat books full of screenshots and overblown procedures designed for
beginners. Instead, this book is a reference—an A-to-Z compendium of concepts, tools, and tasks for basic
administration of the WS2003 platform, small enough to sit handily on your desktop where you need it and condensed
enough to be quick and easy to use—hence the description quick desktop reference. Let's unpack this a bit more.
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
Who This Book Is for
As I mentioned, tutorials are generally written for beginners, have lots of screenshots, and are generally quite wordy.
This book has no screenshots (probably a first for a book on a Windows platform) and is highly condensed, packing tons
of information into each page. So the individuals most likely to benefit from using this book are intermediate to
advanced admins who are already familiar with either the Windows NT, Windows 2000 platform, or both. Not that
beginners won't find this book useful as well, but it's definitely not a starting point for learning WS2003 administration—
as I said, it's a reference not a tutorial. You don't learn a language by reading the dictionary, but for enhancing your
fluency in a language, a dictionary is certainly essential. And my hope is that experienced NT/W2K admins will find this
book just as essential.
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
How to Use This Book
To see how useful this book can be, check out the next few sections.
Part I: Transitioning
The first part of this book includes two chapters designed to help ease the pain of NT and W2K administrators as you
transition to the new WS2003 platform.
Chapter 1, NT
2003, is aimed mainly at NT admins and highlights important differences between administering NT
and WS2003. The first part of the chapter lists the WS2003 counterparts to NT administrative tools, utilities, and
commands. The rest of the chapter describes new features and provides various tips to help make the transition easier.
Chapter 2, 2000
2003, targets W2K admins and highlights differences between W2K and WS2003. The chapter
begins by describing significant changes to administrative tools, utilities, and the GUI. It concludes by summarizing the
new features and enhancements that make WS2003 a more secure, powerful, and manageable platform than W2K.
Although Chapter 1 and Chapter 2 are intended for different audiences, I highly recommend that both NT and W2K
admins read both chapters to get the most comprehensive view of the changes and enhancements in the new platform.
Part II: Alphabetical Reference
The second part is the meat of the book. It consists of three reference chapters whose topics are arranged in
alphabetical order.
Chapter 3, Task Map, lists more than 600 different administrative tasks organized under more than a hundred different
headings. Most entries provide task-oriented references to topics in Chapter 4 or commands in Chapter 5 where you
can find detailed information. The remaining entries either outline the steps for performing the task or describe a Group
Policy setting relating to its administration. Think of Chapter 3 mainly as a quick entry point for the reference material
in later chapters, with some extra goodies thrown in for good measure.
Chapter 4, GUI Reference, covers the concepts, tools, and tasks for administering WS2003 from the GUI. The chapter is
divided into broad topic areas ranging from Active Directory to WINS and, together with Chapter 5, forms the core of
this book. You can either browse a topic in this chapter to learn more about its administration or look up a specific task
in it using the Task Map in Chapter 3 or the Index.
Chapter 5, Command Reference, lists more than a hundred different commands and scripts that can be used to
administer various aspects of WS2003 from the command line. Almost a third of these commands are new to WS2003.
For each command, the syntax is presented together with examples, notes, and cross-references to topics in Chapter 4.
The enhancements to commands in WS2003 mean that Windows now rivals Unix in the ability to manage the platform
from the command line.
Part III: Resources
An appendix and an acronym list round out the book.
Appendix A, lists some web sites that those administering WS2003 may find useful.
Glossary, helps you navigate the acronym maze for WS2003 from ACL to WPA.
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
What's New in This Edition
If you've been using my previous book, Windows 2000 Administration in a Nutshell, you'll quickly discover that this
book represents a complete overhaul of that title and is not merely a cosmetic revision. The main changes in this new
edition are as follows:
The content has been thoroughly updated to cover the new features and enhancements of the WS2003
platform. This means coverage of new concepts, new tools, new procedures, and new commands has been
added where appropriate. However, since my old book was almost 800 pages long, this means some old
material had to be pruned to make room for the new, but I've tried to maintain all content important to
everyday administration of the WS2003 platform.
The content has also been completely reorganized to make it easier to use. In particular, all the alphabetical
reference material in Chapters 3-6 of my old book, which covered concepts, tasks, consoles, and utilities, has
now been blended into a single chapter (Chapter 4) to make it easier to use. This was done mainly in response
to suggestions by readers of my earlier book. Thank you!
Chapter 3, Task Map, has been added to this edition to help you quickly find useful information in Chapter 4 and
Chapter 5 concerning specific administrative tasks you want to perform.
Part I, called "The Lay of the Land" in my earlier book, has been expanded to help not just NT admins but also
W2K admins transition to WS2003.
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
Conventions Used in This Book
To make things concise, tasks are presented in a condensed form throughout this book. For example:
Start
printer
Settings
Printers
specify share name
right-click on a printer
Properties
Sharing
Share this
is short for:
Click the Start button, select Settings, then Printers. When the Printers folder opens, right-click on the printer
you want to share and select Properties from the shortcut menu. Then click the Sharing tab, select the "Share
this printer" option, and type a name for the share in the text box. Then click OK when you're finished to close
the Properties sheet.
I'm sure you can appreciate my approach. Such "gestalt menus" are easy to follow if you're sitting at the computer and
have even a smattering of experience with the Windows GUI.
Additional typographical conventions used include:
Constant width
Command-line examples, code examples, and commands
Italic
Filenames, directories, example URLs, UNC paths, file extensions, utilities, and cross-references to topics in
other chapters
Constant width italic
Variables or user-defined elements such as username, which would be replaced by the user's logon name in
gestalt menus or command examples
Constant width bold
User input in gestalt menus or command examples
This icon designates a note, which is an important aside to the nearby text.
This icon designates a warning relating to the nearby text.
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
Comments and Questions
Please address comments and questions concerning this book to the publisher:
O'Reilly & Associates, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
(800) 998-9938 (in the United States or Canada)
(707) 829-0515 (international/local)
(707) 829-0104 (fax)
There is a web page for this book, which lists errata, examples, or any additional information. You can access this page
at:
/>To comment or ask technical questions about this book, send email to:
For more information about books, conferences, Resource Centers, and the O'Reilly Network, see the O'Reilly web site
at:
You can email the author directly at:
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
Acknowledgments
Thanks first of all to Ingrid, my wife, for her support and encouragement while I worked on this project.
Thanks to Deb Cameron and Robert Denn, my editors on this project, for their support, encouragement, and friendly
nagging.
Thanks to Robbie Allen, author of O'Reilly's Active Directory, who was my technical reviewer and provided many helpful
suggestions and corrections.
Thanks to my agent, Neil Salkind, of Studio B Literary Agency () for his friendship and support.
Thanks to MTS Communications Inc. () for providing Internet services and web hosting for my web
site ().
Thanks to Orlando, owner of Ciao Caffe on Corydon Avenue (our Little Italy here in Winnipeg), whose espressos—the
best in the city—kept me awake and inspired while writing this book.
And thanks finally to my readers for their helpful criticism and suggestions regarding my previous book.
Enjoy!
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
Disclaimer
Oh yeah, I almost forgot:
Information contained in this work has been obtained from sources believed to be reliable. Although the author
has made every effort to be accurate, neither the author nor the publisher assumes any liability or responsibility
for any inaccuracy or omissions in this book or for any loss or damage arising from the information presented.
In other words, the information provided in this book is presented on an "as is" basis.
So there. Have fun!
—Mitch Tulloch, MCSE, Cert. Ed.Trainer, Consultant, Author, Nerd
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
Part I: Transitioning
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
Chapter 1. NT
2003
This brief chapter is designed to help Windows NT administrators quickly transition to Windows Server 2003 (WS2003)
by highlighting some important differences between administering the two platforms. If you are a Windows 2000 (W2K)
administrator looking for help transitioning, see Chapter 2. NT administrators are also encouraged to read through
Chapter 2 because that chapter goes into greater depth regarding some features of WS2003.
[ Team LiB ]
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
1.1 New Tools, Old Tasks
If you are familiar with the Windows NT administrative tools and desktop, you may initially be thrown by WS2003 and
its new Microsoft Management Console tools and enhanced desktop. Tables 1-1 through 1-3 help you bridge the gap
between the two platforms, with the base Windows NT platform being Service Pack 4 or later.
To begin with, Table 1-1 lists the various Windows NT administrative tools and their counterparts in WS2003. Note that
there is frequently no one-to-one correspondence between the old tools and the new. The steps for accessing
administrative tools from the Start menu also differ slightly between the two platforms, namely:
Windows NT
Start
Programs
Administrative Tools
WS2003
Start
Administrative Tools
The above steps are implicit in Table 1-1.
There are often several ways of doing things in WS2003, but for simplicity and efficiency I
usually describe only the most obvious method or the one involving the fewest number of
steps.
Table 1-1. Administrative tools for Windows NT versus Windows Server 2003
NT tool
WS2003 counterpart
Administrative
Wizards
Manage Your Server
Backup
Accessories System
DHCP Manager
DHCP[1]
Disk
Administrator
Computer Management
DNS Manager
DNS[1]
Event Viewer
Event Viewer[1]
Internet
Service
Manager
Internet Information Services (IIS) Manager[1]
License
Manager
Licensing
Migration Tool
for NetWare
No counterpart
Network Client
Administrator
Use \I386\Adminpak.msi to install WS2003 administrative tools on workstations
Network
Monitor
Network Monitor
Performance
Monitor
Performance
Remote Access
Admin
Routing and Remote Access
Tools
Backup
Storage
Disk Management
Use Remote Installation Services (RIS) for network installation of workstations
Computer Management
System Tools
send console messages to connected users)
Shared Folders (to manage shared folders and
Server Manager Active Directory Users and Computers (to add a computer to a domain)
Active Directory Sites and Services (to manually force directory replication between domain
controllers)
This document is created with a trial version of CHM2PDF Pilot
System Policy
Editor
Group Policy snap-in (can also be accessed from Active Directory Users and Computers and other
consoles)
Computer Management
System Tools
on standalone servers in a workgroup)
User Manager
Local Users and Groups (to manage local accounts
Local Security Policy (to configure password restrictions, account lockout, audit policy, and user
rights on standalone servers in a workgroup)
Active Directory Users and Computers (to manage domain accounts and to configure password
restrictions, account lockout, audit policy, and user rights through Group Policy)
User Manager
for Domains
Active Directory Domains and Trusts (to manage trusts)
Windows NT
Diagnostics
All Programs
WINS Manager
WINS[1]
Accessories
System Tools
[1] Can also be accessed under Computer Management
System Information
Services.
Table 1-2 compares special folders and utilities in Windows NT with their Windows Server 2003 counterparts.
Table 1-2. Special folders and utilities in Windows NT versus Windows Server
2003
NT folder or utility
WS2003 counterpart
My Computer
My Computer
Network Neighborhood
My Network Places
C:\Winnt (system folder)
C:\Windows
C:\Winnt\Profiles (location where local
user profiles are stored)
C:\Documents and Settings (unless an upgrade from NT was performed, in
which case it remains in its original location)
Default location where applications
save their files varies in Windows NT
My Documents folder for compliant applications (unless an upgrade from NT
was performed, in which case it remains in its original location)
Start
Find
Start
Search
Start
Help
Start
Help and Support
Start
Prompt
Programs
Start
Command Prompt
Start
Windows Explorer
Start
Command
Programs
Accessories
Windows NT Explorer
Start
Desktop
Settings
Active
Right-click on desktop
Start
Options
Settings
Folder
Control Panel
Folder Options
Network Connections
Accessories
Dial-up Networking
Control Panel
Accessories
Telnet
telnet command
Active Desktop
Finally, Table 1-3 compares Control Panel utilities in Windows NT with their Windows Server 2003 counterparts.
Table 1-3. Control Panel utilities in Windows NT versus Windows Server 2003
NT Control Panel utility
WS2003 counterpart
Console
Command Prompt
Devices
Computer Management
Internet
Internet Options
Modems
Phone and Modem Options
Network
Network
Identification
System
Network
Network Connections
{Services |
right-click on Control Menu
System Tools
Defaults
Device Manager
Computer Name
Local Area Connection
Properties
This document is created with a trial version of CHM2PDF Pilot
Network
{Services |
Protocols | Adapters}
Network Connections
Network
All Programs
Advanced
Bindings
Local Area Connection
Properties
Accessories
Communications
Advanced Settings
Network Connections
ODBC
Administrative Tools
Ports
Computer Management
Regional Settings
Regional and Language Options
SCSI Adapters
Computer Management
System Tools
Device Manager
Server
Computer Management
System Tools
Shared Folders
Services
Administrative Tools
Data Sources (ODBC)
System Tools
Device Manager
Services
System
General
System
General
System
User Profiles
System
Advanced
User Profiles
Settings
System
Performance
System
Advanced
Performance
Settings
System
Environment
System
Advanced
Environment Variables
System
Startup/Shutdown
System
Advanced
Startup and Recovery
System
Hardware Profiles
System
Hardware
Hardware Profiles
Tape Devices
Computer Management
Telephony
Phone and Modem Options
UPS
Power Options
[ Team LiB ]
UPS
System Tools
Dialing Rules
Device Manager
This document is created with a trial version of CHM2PDF Pilot
[ Team LiB ]
1.2 Tips for Transitioning
The remainder of this chapter provides some quick tips for NT admins transitioning to WS2003. These are listed in
alphabetical order rather than order of importance. This list is by no means exhaustive in coverage; for detailed
information about common WS2003 administrative tasks, see the Task Map in Chapter 3 and the cross references listed
here to various topics in Chapter 4 and Chapter 5.
1.2.1 Account Policy
Configuring account policy—password and account lockout restrictions—was relatively easy in Windows NT using User
Manager for Domains. In WS2003, you have to use Group Policy if you are in a domain environment, and you need a
good understanding of Group Policy before attempting this. In a simple workgroup environment with standalone
servers, you can edit the local security policy directly instead, which is simpler. Either way, see Group Policy in Chapter
4 before you try experimenting with configuring account policy. If you want to dive in right away, you can find the
account policy settings in either:
Local Security Policy
Security Settings
Account Policies
Group Policy
Computer Configuration
Windows Settings
Security Settings
Account Policies
1.2.2 Activation
If you've tried installing WS2003, you've already been prompted to activate your product, unless you're an enterprise
client with a bulk volume licensing agreement with Microsoft. Activation is an antipiracy measure implemented by
Microsoft on Windows XP and later; see Installation in Chapter 4 for more information.
1.2.3 Active Directory
Implementing Active Directory (AD) for an enterprise is not a trivial task. You can find information about administering
various aspects of Active Directory in the topics Active Directory, Domain, Domain Controller, Forest, OU, Site, and
Trusts in Chapter 4. You'll also find some tips on planning AD implementation scattered among these topics, but for a
more thorough and systematic treatment of planning AD implementation, see Active Directory by Robbie Allen
(O'Reilly).
1.2.4 Administration Tools Pack
Instead of walking over to a domain controller to run Active Directory Users and Computers from the local console, you
can install a complete set of WS2003 administration tools on a Windows XP Professional workstation and then use that
as your main administrator workstation. Note that you must have Windows XP Service Pack 1 or later installed before
installing these tools on your workstation. To install the Windows Server 2003 Administration Tools Pack, double-click
on Adminpak.msi in the \i386 folder on your WS2003 product CD.
In order to use a Windows XP Professional machine to administer Internet Information
Services 6 (IIS 6) remotely, you need Windows XP Service Pack 2 or later.
1.2.5 Administrative Tools
If you're just starting out with WS2003, the two most important administrative tools you need to become familiar with
here are:
Computer Management
Manages disks, shares, event logs, performance logs, services, and devices on a computer. You can use
Computer Management to administer these things on either the local computer or on a remote computer—
except that you can't update device drivers or uninstall devices on remote computers. (Device Manager
operates in read-only mode when connected to a remote computer.)
This document is created with a trial version of CHM2PDF Pilot
operates in read-only mode when connected to a remote computer.)
Active Directory Users and Computers
Creates and manages domain user accounts and domain local, global, and universal groups. You can also use
this tool to manage Group Policy settings.
For more information on these two tools, see Administrative Tools in Chapter 4. These two tools, and most
administrative tools in WS2003, are implemented with the Microsoft Management Console (MMC), a management
framework that uses snap-ins to create administrative tools with a common look and feel. The MMC can also build your
own customized administrative tools, which can then be distributed to administrators by email or shared over the
network; see Microsoft Management Console in Chapter 4 for more information.
1.2.6 Audit Policy
Configuring an audit policy was relatively easy in Windows NT using User Manager for Domains. In WS2003, you have
to use Group Policy if you are in a domain environment, and you need a good understanding of Group Policy before you
attempt this. In a simple workgroup environment with standalone servers, you can edit the Local Security Policy directly
instead, which is simpler. Either way, see Group Policy in Chapter 4 before you try experimenting with configuring audit
policy. If you want to dive in right away, you can find the audit policy settings in either:
Local Security Policy
Security Settings
Local Policies
Audit Policy
Group Policy
Computer Configuration
Windows Settings
Security Settings
Local Policies
Audit Policy
1.2.7 Browsing the Web
The first time you open Windows Explorer on WS2003 to browse the Web, you'll see a dialog box saying:
Microsoft Internet Explorer's Enhanced Security Configuration is currently configured on your server.
This enhanced level of security reduces the risk of attack from Web-based content that is not secure,
but may also prevent web sites from displaying correctly and restrict access to network resources.
This feature is one of the "secure out-of-the-box" enhancements of WS2003, which installs in a more-or-less lockeddown state as opposed to NT which installs in a more-or-less wide-open state. In effect, this means that the security
setting for the Internet zone is set to High, so if you want to browse a relatively benign site such as Google, you have a
few choices:
Add google.com to your Trusted Sites zone by entering the URL and then:
File
Add this site to
Trusted Sites Zone
Change the setting for the Internet zone to Medium so you can browse any Internet site:
Internet Explorer
Tools
Internet Options
Security
Internet
Medium
Disable the Internet Explorer Enhanced Security Configuration feature entirely:
Control Panel
Add or Remove Programs
Add/Remove Windows Components
checkbox for Internet Explorer Enhanced Security Configuration
clear
The best solution is the first one. In general, you shouldn't be browsing the Web on a server anyway; use a workstation
instead to download drivers and perform similar tasks.
1.2.8 Computer Names
If you expect to have both Windows NT and WS2003 coexist for a while on your network, select NetBIOS computer
names that will be compatible with both platforms (maximum 15 characters). Also, since WS2003 uses DNS as its
name-resolution service when Active Directory is deployed, make sure your computer names are DNS-compatible as
well (this means no underscores, periods, or spaces—only letters, numbers, and dashes).
Speaking of computer names, there is also the issue of share names to consider. When naming a shared folder or
printer, it's a good idea to avoid using spaces or special characters if your network contains a mix of WS2003 and other
computers (such as Windows NT, Unix, and so on). Otherwise, some clients might have difficulty connecting to your
WS2003 shares.
By the way, if you change the name of a domain or domain controller using the rendom utility on the WS2003 product