OReilly windows server 2008 the definitive guide mar 2008 ISBN 0596514115
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (12.68 MB, 933 trang )
WindowsServer2008:TheDefinitiveGuide
byJonathanHassell
Publisher:O'Reilly
PubDate:March15,2008
PrintISBN-13:978-0-59-651411-2
Pages:492
TableofContents|Index
Overview
Thispracticalguidehasexactlywhatyouneedtoworkwith
WindowsServer2008.Inside,you'llfindstep-by-step
proceduresforusingallofthemajorcomponents,alongwith
discussionsoncomplexconceptssuchasActiveDirectory
replication,DFSnamespacesandreplication,networkaccess
protection,theServerCoreedition,WindowsPowerShell,server
clustering,andmore.Allofthiswithamorecompact
presentationandatighterfocusontasksthanyou'llfindin
bulkierreferences.WindowsServer2008:TheDefinitiveGuide
takesarefreshingapproach.Youwon'tfindthehistoryof
WindowsNT,ordiscussionsonthewaythingsusedtowork.
Instead,yougetonlytheinformationyouneedtousethis
server.Ifyou'reabeginningorintermediatesystem
administrator,youlearnhowthesystemworks,andhowto
administermachinesrunningit.Theexpertadministrators
amongyoudiscovernewconceptsandcomponentsoutsideof
yourrealmofexpertise.Simplyput,thisisthemostthorough
referenceavailableforWindowsServer2008,withcomplete
guidesto:
Installingtheserverinavarietyofdifferentenvironments
FileservicesandtheWindowspermissionstructure
Howthedomainnamesystem(DNS)works
ActiveDirectory,includingitslogicalandphysicalstructure,
hierarchicalcomponents,scalability,andreplication
GroupPolicy'sstructureandoperation
Managingsecuritypolicywithpredefinedtemplatesand
customizedpolicyplans
Architecturalimprovements,newfeatures,anddaily
administrationofIIS7
TerminalServicesfromboththeadministrator'suser'spoint
ofview
NetworkingarchitectureincludingDNS,DHCP,VPN,RADIUS
server,IAS,andIPSec
Windowsclusteringservices---applications,grouping
machines,capacityandnetworkplanning,useraccount
management
WindowsPowerShellscriptingandcommand-linetechnology
WithWindowsServer2008:TheDefinitiveGuide,youtocome
awaywithafirmunderstandingofwhat'shappeningunderthe
hood,butwithoutthesensethatyou'retakingagraduate
courseinOStheory.Ifyouintendtoworkwiththisserver,this
istheonlybookyouneed.
WindowsServer2008:TheDefinitiveGuide
byJonathanHassell
Publisher:O'Reilly
PubDate:March15,2008
PrintISBN-13:978-0-59-651411-2
Pages:492
TableofContents|Index
Preface
Chapter1.IntroducingWindowsServer2008
Section1.1.TheBiggestChanges
Section1.2.NetworkingImprovements
Section1.3.SecurityImprovements
Section1.4.ManageabilityImprovements
Section1.5.PerformanceandReliabilityUpgrades
Section1.6.WindowsServer2008Editions
Section1.7.HardwareRequirements
Section1.8.TheLastWord
Chapter2.InstallationandDeployment
Section2.1.InstallingWindowsServer2008
Section2.2.InitialConfigurationTasks
Section2.3.Deployment
Section2.4.TheLastWord
Chapter3.FileServices
Section3.1.FileandPrintServerFeatures
Section3.2.SettingUpFileSharingServices
Section3.3.NTFSFileandFolderPermissions
Section3.4.TheFileServerResourceManager
Section3.5.Disk-BasedQuotas
Section3.6.UsingOfflineFilesandFolders
Section3.7.UsingPreviousVersions
Section3.8.TheDistributedFileSystem
Section3.9.Command-LineUtilities
Section3.10.TheLastWord
Chapter4.DomainNameSystem
Section4.1.NutsandBolts
Section4.2.ZonesVersusDomains
Section4.3.ResourceRecords
Section4.4.UsingPrimaryandSecondaryNameservers
Section4.5.BuildingaNameserver
Section4.6.SubdomainsandDelegation
Section4.7.DynamicDNS
Section4.8.ActiveDirectory-IntegratedZones
Section4.9.Forwarding
Section4.10.TheSplitDNSArchitecture
Section4.11.BackupandRecovery
Section4.12.Command-LineUtilities
Section4.13.TheLastWord
Chapter5.ActiveDirectory
Section5.1.ActiveDirectoryDomainServicesObjectsand
Concepts
Section5.2.BuildinganADDSStructure
Section5.3.UnderstandingOperationsMasterRoles
Section5.4.UnderstandingDirectoryReplication
Section5.5.ActiveDirectoryTroubleshootingand
Maintenance
Section5.6.TheLastWord
Chapter6.GroupPolicyandIntelliMirror
Section6.1.AnIntroductiontoGroupPolicy
Section6.2.GroupPolicyImplementation
Section6.3.LocalGroupPolicy
Section6.4.DomainGroupPolicy
Section6.5.DeploymentConsiderations
Section6.6.TroubleshootingGroupPolicy
Section6.7.OtherGroupPolicyManagementTools
Section6.8.Command-LineUtilities
Section6.9.TheLastWord
Chapter7.WindowsSecurityandPatchManagement
Section7.1.UnderstandingSecurityConsiderations
Section7.2.LockingDownWindows
Section7.3.UsingAuditingandtheEventLog
Section7.4.TheLastWord
Chapter8.InternetInformationServices7
Section8.1.MajorImprovements
Section8.2.TheNewArchitecture
Section8.3.Roles
Section8.4.ManagingIISGraphically
Section8.5.ManagingIISfromtheCommandLine
Section8.6.TheLastWord
Chapter9.WindowsServer2008ServerCore
Section9.1.TheLackofaShell
Section9.2.RealisticDeploymentScenarios
Section9.3.NoManagedCode
Section9.4.FewThird-PartySoftwareApplications
Section9.5.Installation
Section9.6.InitialConfiguration
Section9.7.AdministeringWindowsServer2008Server
CoreMachines
Section9.8.TheLastWord
Chapter10.TerminalServices
Section10.1.TheRemoteDesktopProtocol
Section10.2.AddingtheTerminalServerRole
Section10.3.EnablingRemoteDesktop
Section10.4.OntheUser'sSide
Section10.5.TerminalServicesAdministration
Section10.6.TerminalServicesRemoteApp
Section10.7.TerminalServicesWebAccess
Section10.8.TerminalServicesGateway
Section10.9.Command-LineUtilities
Section10.10.TheLastWord
Chapter11.DHCPandNetworkAccessProtection
Section11.1.DynamicHostConfigurationProtocol
Section11.2.NetworkAccessProtection
Section11.3.TheLastWord
Chapter12.AnIntroductiontoClusteringTechnologies
Section12.1.NetworkLoad-BalancingClusters
Section12.2.ServerClustering
Section12.3.Command-LineUtilities
Section12.4.TheLastWord
Chapter13.PowerShell
Section13.1.WhyPowerShell?
Section13.2.InstallingPowerShell
Section13.3.PowerShellandSecurity
Section13.4.StartingUpPowerShell
Section13.5.Cmdlets:TheHeartofPowerShell
Section13.6.GettingHelpwithPowerShell
Section13.7.UsingDataStoresandPowerShellProviders
Section13.8.ThePipeline
Section13.9.FormattingBasics
Section13.10.Variables
Section13.11.WritingScripts
Section13.12.Objects:.NET,WMI,andCOM
Section13.13.AdvancedPowerShell
Section13.14.LearningMoreAboutPowerShell
Section13.15.TheLastWord
Chapter14.Hyper-V
Section14.1.HowItWorks
Section14.2.GettingStartedwithHyper-V
Section14.3.VirtualizationStrategy
Section14.4.TheLastWord
Colophon
Index
WindowsServer2008:TheDefinitiveGuide
byJonathanHassell
Copyright©2008JonathanHassell.Allrightsreserved.
PrintedintheUnitedStatesofAmerica.
PublishedbyO'ReillyMedia,Inc.,1005GravensteinHighway
North,Sebastopol,CA95472.
O'Reillybooksmaybepurchasedforeducational,business,or
salespromotionaluse.Onlineeditionsarealsoavailablefor
mosttitles(safari.oreilly.com).Formoreinformation,contact
ourcorporate/institutionalsalesdepartment:(800)998-9938or
Editor:
JohnOsborn
ProductionEditor:
RachelMonaghan
Copyeditor:
ColleenGorman
Proofreader:
RachelMonaghan
Indexer:
LucieHaskins
CoverDesigner:
KarenMontgomery
InteriorDesigner:
DavidFutato
Illustrator:
JessamynRead
PrintingHistory:
March2008:
FirstEdition.
NutshellHandbook,theNutshellHandbooklogo,andthe
O'ReillylogoareregisteredtrademarksofO'ReillyMedia,Inc.
WindowsServer2008:TheDefinitiveGuide,theimageofan
albatross,andrelatedtradedressaretrademarksofO'Reilly
Media,Inc.
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andO'ReillyMedia,Inc.
wasawareofatrademarkclaim,thedesignationshavebeen
printedincapsorinitialcaps.
Whileeveryprecautionhasbeentakeninthepreparationofthis
book,thepublisherandauthorassumenoresponsibilityfor
errorsoromissions,orfordamagesresultingfromtheuseof
theinformationcontainedherein.
ThisbookusesRepKover™,adurableandflexiblelay-flat
binding.
ISBN:978-0-596-51411-2
[M]
Preface
Microsoft'sserver-orientedWindowsoperatingsystemshave
grownbyleapsandboundsincapabilities,complexities,and
sheernumberoffeaturessincethereleaseofWindowsNT
Serverintheearly1990s.Witheachrelease,system
administratorshavefoundthemselvesgrapplingwithnew
concepts,fromdomains,directoryservices,andvirtualprivate
networks,toclientquarantining,diskquota,anduniversal
groups.Justwhenyou'vemasteredonesetofchanges,another
comesalongandsuddenlyyou'rescramblingonceagaintoget
uptospeed.AviciouscyclethisITbusinessis.
Onesourceofhelpforthebeleagueredadministratorhas
alwaysbeenthetechnicalbookmarketanditscommunitiesof
authors,publishers,andusergroups.Majorreleasesofpopular
operatingsystemshavealwaysbeenaccompaniedbythe
publicationofbookswrittentosupportthem,oftenencouraged
bythesoftwaremanufacturers.Sometoutthemselvesas
completeguidestotheirsoftwarecompadres,whileothers
approachtheirsubjectgingerly,asthoughtheirreaderswereof
aquestionableintellectualcapacity.Butovertheyears,manyof
thesebookshavebecomeascomplex,andhaveaccumulated
asmuchdetritus,astheoperatingsystemstheyexplain.You
nowseeontheshelvesofyourfriendlylocalbookstores1,200plus-pagemonstrositiesthatyoumightfinduseful,butonlyif
youenjoydealingwith30poundsofpaperinyourlaporon
yourdesk,andonlyifyoufinditproductivetowadethrough
referencesto"howthingsworked"fourversionsofWindowsNT
ago.Afterall,there'salimittohowmanytimesyoucanrevise
somethingbeforeit'sbesttosimplystartfromscratch.Doyou
needallofthatobsoleteinformationtodoyourjobefficiently?
I'mwageringthatyoudon't(myluckinLasVegas
notwithstanding),anditwasinthatspiritthatIsetouttowrite
WindowsServer2008:TheDefinitiveGuide.Ihavetrimmedthe
contentofthisvolumetoincludejustenoughbackgroundona
subjectforyoutounderstandhowdifferentfeaturesand
systemsworkinthisversionofWindows.Iwantyoutocome
awayfromreadingsectionswithafirmunderstandingofwhat's
happeningunderthehoodofthesystem,butwithoutthesense
thatyou'retakingagraduatecourseinOStheory.Mostofall,I
wantthisbooktobeapracticalguidethathelpsyougetyour
workdone—"here'showitworks;here'showtodoit."
Thebookyou'reeitherholdinginyourhandsrightnowor
readingonlineprovidesamorecompactpresentation,alower
price,andatighterfocusontasksthanotherbooksonthe
market.
Ihopethatthisworkmeetsyourexpectations,andIhopeyou
turntoitagainandagainwhenyouneedtounderstandthe
massiveproductthatisWindowsServer2008.
P2.1.Audience
Beginning-to-intermediatesystemadministratorswillfindthis
bookaveryhelpfulreferencetolearninghowWindowsServer
2008worksandthedifferentwaystoadministermachines
runningthatoperatingsystem.Thisbookhasstep-by-step
procedures,discussionsofcomplexconceptssuchasActive
Directoryreplication,DFSnamespacesandreplication,network
accessprotection,theServerCoreedition,Windows
PowerShell,andserverclustering.AlthoughI'veeliminated
materialthatisn'trelevanttoday-to-dayadministration,you
willstillfindthechaptersfullofusefulinformation.
Advancedsystemadministratorswillalsofindthisbookuseful
fordiscoveringnewconceptsandcomponentsoutsideoftheir
realmofexpertise.I'vefoundthatseniorsystemadministrators
oftenfocusononeortwospecificareasofaproductandare
lessfamiliarwithotherareasoftheOS.Thisbookprovidesa
stepping-stoneforfurtherexplorationandstudyofsecondary
partsoftheoperatingsystem.
Oneotheritemtomention:throughoutthebookI'vetriedto
highlighttheuseofthecommandlineinadditionto(orinsome
cases,asopposedto)graphicalwaystoaccomplishtasks.
Commandlines,inmyopinion,arefabulousforquicklyand
efficientlygettingthingsdone,andtheyprovideagreatbasis
forlaunchingintoscriptingrepetitivetasks.Microsofthasdone
anexcellentjobofintegratingcommand-linefunctionsintothis
revisionofWindows,andI'veattemptedtodotheeffortjustice
withinthetext.Butnoneofthisshouldmakeyoushyaway
fromthisbookifyouareaGUIaficionado:you'llstillfind
everythingyou'reaccustomedtowithinthisvolume.
P2.2.OrganizationandStructure
InstructuringthecontentsofthisbookIhavetriedtomakea
logicalprogressionthroughtheproduct,fromahigh-level
overviewthroughcompletediscussionsandtreatmentsofallits
majorcomponents.Here'showthisbookisorganized:
Chapter1
Coverstheproductonaverygeneralbasis,fromMicrosoft's
philosophybehindtheproductitselfandthedifferent
versionsoftheproductthatareavailable,toanoverviewof
thefeaturesinthisreleasethatareneworotherwise
improvedandacompleteoverviewofthesystemdesign.
Thischapterisdesignedtogivetheadministratora
completeandsystematicoverviewoftheproduct.
Chapter2
Providesadetailedguidetoinstallingtheproductina
varietyofenvironments.Ialsoincludeinformationonmass
deploymentsusingWindowsDeploymentServices,avast
improvementoverpreviousimageinstallationoptions
offeredinthebox.
Chapter3
DiscussesthefileservicesbuiltintoWindowsServer2008.
Thechapterbeginswithanoverviewofsharingandaguide
tocreatingshares,publishingthemtoActiveDirectory,
mappingdrives,usingtheMyNetworkPlacesapplet,and
accessingsharesfromtheStart Runcommandandfrom
withinInternetExplorer.ThenIdiveintoadetailed
discussionoftheWindowspermissionstructure,including
permissionlevels,"special"permissions,inheritance,and
ownership.Here,you'llalsofindaguidetosettings
permissions.Alsocoveredinthischapterisanoverviewof
theDistributedFileSystem(DFS),andhowtosetitupand
manageit.
Chapter4
Coversthedomainnamesystem,orDNS.BecauseDNSis
suchafundamentalcomponentofActiveDirectory,I
wantedtoincludeaseparatetreatmentofhowitworks,
includingadiscussionofthedifferenttypesofresource
recordsandzonefilessupported,integrationwithActive
Directory,thesplitDNSarchitecture,andbackupand
recoveryofDNSdata.
Chapter5
MostinstallationsofWindowsServer2008willinclude
installationoftheActiveDirectorytechnologybecauseso
manyproductsthatrequiretheserverOSaretightly
integratedwithActiveDirectory.Chapter5providesa
completeguidetothetechnicalportionofActiveDirectory,
includingitslogicalandphysicalstructure,hierarchical
components(domains,trees,forests,andorganizational
units),scalability,andreplication.CoverageoftheLDAP
standardsisincluded,aswellasadiscussionofmigration
andsecurityconsiderations.ThenImoveintoplanning
strategies,installingActiveDirectoryontoWindowsServer,
andtheday-to-dayadministrativetools.
Chapter6
DiscussesGroupPolicy(GP),oneofthemost
underappreciatedmanagementtechnologiesinanyserver
product.Chapter6isdedicatedtointroducingGPandits
structureandoperation.IbeginwithasurveyofGPand
ActiveDirectoryinteraction,objects,andinheritance.ThenI
provideapracticalguidetoimplementingGPthroughuser
andcomputerpoliciesandadministrativetemplates,
installingsoftwarethroughGP,administrationthrough
scripting,andredirectingfoldersandotheruserinterface
elements.IalsodiscussIntelliMirror,acooltechnologyfor
applicationdistribution(similartoZENworksfromNovell).
Chapter7
Helpsensurethatyouarewellversedinlockingdownyour
systemstoprotectbothyourowncomputersandthe
Internetcommunityasawhole.Icoversecuritypolicy,
includingwaystomanageitusingpredefinedtemplatesand
customizedpolicyplans,andanoverviewoftheSecurity
ConfigurationandAnalysisTool,orSCAT.ThenIprovidea
completeproceduralguidetolockingdownbothaWindows
networkserverandastandardWindowsclientsystem
(despitethefactthatthisisaserverbook,administrators
oftenareresponsiblefortheentirenetwork,andclientand
serversecuritygohandinhand).
Chapter8
CoversthedetailsofthemajorIISrevampinthisrelease.
Inversion7,IISisarguablythebestwebserversoftware
available.Icoverthearchitecturalimprovementsandnew
featuresinthisrelease,andthenmoveontoapractical
discussionofdailyIISadministration.
Chapter9
CoversthenewServerCoreeditionsofWindowsServer
2008,includingdeployment,activation,andusingthese
newGUI-lessversionsoftheoperatingsystem.
Chapter10
ProvidesaguidetoTerminalServices,includinganoverview
fromtheserveradministrator'sperspectiveandasimilar
overviewfromatypicaluser'spointofview.ThenIcover
howtoinstallbothTerminalServicesitselfandapplications
suchasMicrosoftOfficeandothertoolsinsidetheTerminal
Servicesenvironment.AguidetoconfiguringTerminal
Servicesfollows,includingproceduresforgeneral
configuration,remotecontroloptions,environmentsettings,
logons,sessions,andpermissioncontrol.Concludingthe
chapterisaguidetodailyadministrationusingTerminal
ServicesManager,theActiveDirectoryusertools,Task
Manager,andcommand-lineutilities.
Chapter11
Coversthestandardnetworkingarchitectureofthe
operatingsystem,includingaddressingandroutingissues.
ThenImoveintoadiscussionofthevariousnetwork
subsystems:theDomainNameSystem(DNS),theDynamic
HostConfigurationProtocol(DHCP),andadiscussionof
VPNconnectivity,thedifferentphasesofVPN,tunnelingand
encryption,andtheRADIUSserverbundledwith.NET
Server,theInternetAuthenticationService(IAS).Finishing
upthechapter,IdiscussIPSec,itssupportfromwithinthe
OS,andhowtoinstall,configure,use,andadministerit.
Coverageofclientquarantiningisalsoincluded.
Chapter12
CoversWindowsclusteringservices.First,adiscussionof
thedifferenttypesofclusteringservicesisprovided,and
thenIcoversuccessfullyplanningabasicclusterandits
differentelements:theapplications,howtogroupthe
machines,capacityandnetworkplanning,useraccount
management,andthepossiblepointsoffailure.A
treatmentofNetworkLoadBalancingclustersfollows,andI
roundoutthechapterwithaguidetocreatingand
managingserverclusters,aswellasanoverviewofthe
administrativetoolsbundledwiththeOS.
Chapter13
DiscussesWindowsPowerShell,thepowerfulobject-based
scriptingandcommand-linetechnologynowbundledwith
WindowsServer2008.
Chapter14
CoversthefundamentalsofMicrosoft'scurrentlyprerelease
virtualizationsolutioncalledHyper-V,includingitsstructure,
operation,andsetuponWindowsServer2008.We'llalso
lookatcreatingvirtualmachines,andwe'llwrapupwith
whattoexpectuponHyper-V'sofficialrelease.
P2.3.ConventionsUsedinThisBook
Thefollowingtypographicalconventionsareusedinthisbook.
Plaintext
Indicatesmenutitles,menuoptions,menubuttons,and
keyboardaccelerators(suchasAltandCtrl).
Italic
Indicatesnewterms,URLs,emailaddresses,filenames,file
extensions,pathnames,directories,andcommand-line
utilities.
Constantwidth
Indicatescommands,options,switches,variables,
attributes,keys,functions,types,classes,namespaces,
methods,modules,properties,parameters,values,objects,
events,eventhandlers,XMLtags,HTMLtags,macros,the
contentsoffiles,ortheoutputfromcommands.
Constantwidthbold
Showscommandsorothertextthatshouldbetyped
literallybytheuser.
Constantwidthitalic
Showstextthatshouldbereplacedwithuser-supplied
values.
Thisiconsignifiesatip,suggestion,orgeneral
note.
Thisiconindicatesawarningorcaution.
P2.4.UsingCodeExamples
Thisbookisheretohelpyougetyourjobdone.Ingeneral,you
canusethecodeinthisbookinyourprogramsand
documentation.YoudonotneedtocontactO'Reillyfor
permissionunlessyou'rereproducingasignificantportionofthe
code.Forexample,writingaprogramthatusesseveralchunks
ofcodefromthisbookdoesnotrequirepermission.Sellingor
distributingaCD-ROMofexamplesfromO'Reillybooksdoes
requirepermission.Answeringaquestionbycitingthisbook
andquotingexamplecodedoesnotrequirepermission.
Incorporatingasignificantamountofexamplecodefromthis
bookintoyourproduct'sdocumentationdoesrequire
permission.
O'Reillyappreciates,butdoesnotrequire,attribution.An
attributionusuallyincludesthetitle,author,publisher,and
ISBN.Forexample:"WindowsServer2008:TheDefinitive
GuidebyJonathanHassell.Copyright2008JonathanHassell,
978-0-596-51411-2."
Ifyoufeelyouruseofcodeexamplesfallsoutsidefairuseor
thepermissiongivenabove,feelfreetocontactO'Reillyat
P2.5.We'dLiketoHearfromYou
Pleaseaddresscommentsandquestionsconcerningthisbookto
thepublisher:
O'ReillyMedia,Inc.
1005GravensteinHighwayNorth
Sebastopol,CA95472
800-998-9938(intheUnitedStatesorCanada)
707-829-0515(internationalorlocal)
707-829-0104(fax)
O'Reillyhasawebpageforthisbook,whereitlistserrata,
examples,andanyadditionalinformation.Youcanaccessthis
pageat:
/>Tocommentorasktechnicalquestionsaboutthisbook,send
emailto:
Formoreinformationaboutourbooks,conferences,Resource
Centers,andtheO'ReillyNetwork,seetheO'Reillywebsiteat:
P2.6.Safari®BooksOnline
WhenyouseeaSafari®BooksOnlineicononthecoverofyour
favoritetechnologybook,thatmeansthebookisavailable
onlinethroughtheO'ReillyNetworkSafariBookshelf.
Safarioffersasolutionthat'sbetterthane-books.It'savirtual
librarythatletsyoueasilysearchthousandsoftoptechbooks,
cutandpastecodesamples,downloadchapters,andfindquick
answerswhenyouneedthemostaccurate,currentinformation.
Tryitforfreeat.
P2.7.Acknowledgments
I'vealwayslikedthefactthattheacknowledgmentsintechnical
booksaretypicallyinthefront.Thatway,whenyoureadthe
remainderofthebook,youalreadyknowwhotothankforit,
unlikeinamovie.So,withoutfurtherado:
JohnOsbornatO'Reillywasinstrumentalingettingthisprocess
organizedandoffthegroundandprovidedverywelcome
guidanceandfeedbackduringtheinitialstagesofwritingthis
book.
Errorsandshortcomingsweredutifullyfoundbythetechnical
reviewteam,whichconsistedofITprofessionalsDanGreen,
EricRezabek,andDebbieTimmons.
SpecialthankstothemanyfolksatMicrosoftandWaggenerEdstromwithwhomIworkedduringthedevelopmentofthe
book—theirassistanceandtimelyinformationwasquitehelpful
inputtingtogetherthisproject.
Ofcourse,myfamilyisalsotothank:particularlymywife,Lisa,
whopatientlyacceptedtheinsufficientanswerof"notyet"
repeatedlytoherreasonablequestionof"Aren'tyoudonewith
thatbook?"
Chapter1.IntroducingWindowsServer
2008
ItallstartedwithWindowsNT,Microsoft'sfirstseriousentry
intothenetworkservermarket.Versions3.1and3.5of
WindowsNTdidn'tgarnerverymuchattentioninaNetWaredominatedworldbecausetheyweresluggishandrefusedto
playwellwithothers.AlongcameWindowsNT4.0,whichused
thenewWindows95interface(revolutionaryonlytothosewho
didn'trecognizeApple'sMacintoshOSuserinterface)toputa
friendlierfaceonsomesimpleyetfundamentalarchitectural
improvements.Withversion4.0,largerorganizationssawthat
Microsoftwasseriousaboutenteringtheenterprisecomputing
market,eveniftheproductcurrentlybeingofferedwasstill
limitedinscalabilityandavailability.Forone,Microsoftmade
concessionstoNetWareusers,givingthemaneasywayto
integratewithanewNTnetwork.Thecompanyalsoincludeda
revisedsecurityfeatureset,includingfinelygrainedpermissions
anddomains,whichsignifiedthatMicrosoftconsidered
enterprisecomputinganimportantpartofWindows.
Afterarecordsixandone-halfservicepacks,NT4.0is
consideredbysometobethemoststableoperatingsystem
evertocomeoutofRedmond.However,despitethat,most
administratorswithUnixexperiencerequiredanOSmore
credibleinanenterpriseenvironment—onethatcouldcompare
totheenormousUnixmachinesthatpenetratedthatmarket
longagoandhadunquestionablyoccupiediteversince.It
wasn'tuntilFebruary2000,whenWindows2000Serverwas
released,thatthesecallswereanswered.Windows2000wasa
completerevisionofNT4.0andwasdesignedwithstabilityand
scalabilityasfirstpriorities.
However,somethingwasstilllacking.SunandIBMincluded
applicationserversoftwareanddeveloper-centriccapabilities
withtheirindustrial-strengthoperatingsystems,Solarisand
AIX.Windows2000lackedthisfunctionality.Inaddition,the
infamoussecurityproblemsassociatedwiththebundled
Windows2000webserver,InternetInformationServices(IIS),
castanominouscloudoverthethoughtthatWindowscould
everbeaviableInternet-facingenterpriseOS.Giventhatmany
sawMicrosoftas"bettingthecompany"onawebservices
initiativecalled.NET,itwascriticalthatMicrosoftsavefaceand
doitrightthenexttime.Itwasn'ttoolate,butcustomerswere
veryconcernedaboutthenumeroussecurityvulnerabilitiesand
thelackofaconvenientpatchmanagementsystemtoapply
correctionstothosevulnerabilities.Thingshadtochange.
Fromstageleft,enterWindowsServer2003.What
distinguishedthereleaseotherthanalongernameandathreeyeardifferenceinreleasedates?Security,primarily.Windows
Server2003camemoresecureoutoftheboxandwasheavily
influencedbythemonth-longhaltofnewdevelopmentinMarch
2002,referredtobyMicrosoftasthebeginningofthe
TrustworthyComputingInitiative,whereinalldevelopersand
productmanagersdidnothingbutreviewexistingsourcecode
forsecurityflawsandattendtrainingonnewbestpracticesfor
writingsecurecode.Performancewasalsoimprovedinthe
WindowsServer2003release,focuswasputonmakingthe
operatingsystemscalable,andingeneralenterprise
administrationwasmademoreefficientandeasiertoautomate.
MicrosoftalsoupdatedsomebundledsoftwareviatheWindows
Server2003R2release,makingitmorestraightforwardto
manageidentitiesoverdifferentdirectoryservicesandsecurity
boundaries,distributefilesandreplicatedirectorystructures
amongmanyservers,andmore.
Butasalways,nosoftwareisperfect,andthere'salwaysroom
forimprovement.Asbusinessrequirementshavechanged,
MicrosoftdevelopersworkedintandemonWindowsVistaand
thenextreleaseofWindowsontheserver.WhenWindowsVista
wasreleasedtomanufacturing,theteamssplitagain,andthe
WindowsServer2008groupaddedafewnewfeaturesandthen
focusedonperformanceandreliabilityuntiltherelease.
1.1.TheBiggestChanges
UnlikethetransitionfromWindows2000ServertoWindows
Server2003,whichwasafairlyminor"point"-styleupdate,
WindowsServer2008isaradicalrevisiontothecorecodebase
thatmakesuptheWindowsServerproduct.WindowsServer
2008sharesquiteabitoffundamentalcodewithWindows
Vista,whichwasaproductderiveddirectlyfromthetechniques
ofthesecuredevelopmentmodel(SDM)—seachangein
programmingmethodologiesatMicrosoftthatputssecurecode
attheforefrontofallactivity.Thus,alotofnewfeaturesand
enhancementsyouwillseeintheproductarearesultofamore
securecodebaseandanincreasedfocusonsystemintegrity
andreliability.
ThemostradicalchangestoWindowsServer2008include
ServerCoreandthenewInternetInformationServices7.0.
1.1.1.ServerCore
ServerCoreisaminimalinstallationoptionforWindowsServer
2008thatcontainsonlyasubsetofexecutablefilesandserver
roles.Managementisdonethroughthecommandlineor
throughanunattendedconfigurationfile.Accordingto
Microsoft:
ServerCoreisdesignedforuseinorganizationsthateither
havemanyservers,someofwhichneedonlytoperform
dedicatedtasksbutwithoutstandingstability,orin
environmentswherehighsecurityrequirementsrequirea
minimalattacksurfaceontheserver.
Accordingly,therearelimitedrolesthatCoreserverscan
perform.Theyare:
DynamicHostConfigurationProtocol(DHCP)server
DomainNameSystem(DNS)server
Fileserver,includingthefilereplicationservice,the
DistributedFileSystem(DFS),DistributedFileSystem
Replication(DFSR),thenetworkfilesystem,andsingle
instancestorage(SIS)
Printservices
Domaincontroller,includingaread-onlydomaincontroller
ActiveDirectoryLightweightDirectoryServices(ADLDS)
server
WindowsServerVirtualization
IIS,althoughonlywithaportionofitsnormalabilities—
namelyonlystaticHTMLhosting,andnodynamicweb
applicationsupport
WindowsMediaServices(WMS)
Additionally,ServerCoremachinescanparticipateinMicrosoft
clusters,usenetworkloadbalancing,hostUnixapplications,
encrypttheirdriveswithBitlocker,beremotelymanagedusing
WindowsPowerShellonaclientmachine,andbemonitored
throughSimpleNetworkManagementProtocol,orSNMP.
MostadministratorswillfindplacingServerCoremachinesin
branchofficestoperformdomaincontrollerfunctionsisan
excellentuseofslightlyolderhardwarethatmightotherwisebe
discarded.ThesmallerfootprintofServerCoreallowstheOSto
domorewithfewersystemresources,andthereducedattack
surfaceandstabilitymakeitanexcellentchoiceforan
appliance-likemachine.Plus,withabranchoffice,youcan
combineServerCorewiththeabilitytodeployaread-only
domaincontrollerandencrypteverythingwithBitLocker,giving
youagreat,lightweight,andsecuresolution.
1.1.2.IISImprovements
ThevenerableMicrosoftwebserverhasundergonequiteabitof
revisioninWindowsServer2008.IIS7is,forthefirsttime,
fullyextensibleandfullycomponentized—youonlyinstallwhat
youwant,sotheserviceislighter,moreresponsive,andless
vulnerabletoattack.TheadministrativeinterfaceforIIShas
alsobeencompletelyredesigned.Keyimprovementsinclude:
Newlyrearchitectedcomponentizedstructure
ForthefirsttimeinIIShistory,administratorsexercise
completecontroloverexactlywhatpiecesofIISare
installedandrunningatanygiventime.Youcanrunthe
exactservicesyourequire—nomore,noless.Thisisof
coursemoresecure,nottomentioneasiertomanageand
betterperforming.
Flexibleextensibilitymodel
IIS7allowsdeveloperstoaccessabrand-newsetofAPIs
thatcaninteractwiththeIIScoredirectly,makingmodule
developmentandcustomizationmucheasierthanitever
hasbeen.Developerscanevenhookintotheconfiguration,
scripting,eventlogging,andadministrationareasofIIS,
whichopensalotofdoorsforenterprisingadministrators
andthird-partysoftwarevendorstoextendIIS'capabilities
soonerratherthanlater.
Simplifiedconfigurationandapplicationdeployment
ConfigurationcanbeaccomplishedentirelythroughXML
files.CentralIISconfigurationcanbespreadacrossmultiple
files,allowingmanysitesandapplicationshostedbythe
sameservertohaveindependentbutstilleasilymanaged
configurations.OneofMicrosoft'sfavoritedemosofIIS7is
settingupawebfarmwithidenticallyconfiguredmachines;
asnewmembersofthefarmarebroughtonline,the
administratorsimplyusesXCOPYandmovesexisting
