WindowsServer2008:TheDefinitiveGuide
byJonathanHassell
Publisher:O'Reilly
PubDate:March15,2008
PrintISBN-13:978-0-59-651411-2
Pages:492
TableofContents|Index
Overview
Thispracticalguidehasexactlywhatyouneedtoworkwith
WindowsServer2008.Inside,you'llfindstep-by-step
proceduresforusingallofthemajorcomponents,alongwith
discussionsoncomplexconceptssuchasActiveDirectory
replication,DFSnamespacesandreplication,networkaccess
protection,theServerCoreedition,WindowsPowerShell,server
clustering,andmore.Allofthiswithamorecompact
presentationandatighterfocusontasksthanyou'llfindin
bulkierreferences.WindowsServer2008:TheDefinitiveGuide
takesarefreshingapproach.Youwon'tfindthehistoryof
WindowsNT,ordiscussionsonthewaythingsusedtowork.
Instead,yougetonlytheinformationyouneedtousethis
server.Ifyou'reabeginningorintermediatesystem
administrator,youlearnhowthesystemworks,andhowto
administermachinesrunningit.Theexpertadministrators
amongyoudiscovernewconceptsandcomponentsoutsideof
yourrealmofexpertise.Simplyput,thisisthemostthorough
referenceavailableforWindowsServer2008,withcomplete
guidesto:
Installingtheserverinavarietyofdifferentenvironments
FileservicesandtheWindowspermissionstructure
Howthedomainnamesystem(DNS)works
ActiveDirectory,includingitslogicalandphysicalstructure,
hierarchicalcomponents,scalability,andreplication
GroupPolicy'sstructureandoperation
Managingsecuritypolicywithpredefinedtemplatesand
customizedpolicyplans
Architecturalimprovements,newfeatures,anddaily
administrationofIIS7
TerminalServicesfromboththeadministrator'suser'spoint
ofview
NetworkingarchitectureincludingDNS,DHCP,VPN,RADIUS
server,IAS,andIPSec
Windowsclusteringservices---applications,grouping
machines,capacityandnetworkplanning,useraccount
management
WindowsPowerShellscriptingandcommand-linetechnology
WithWindowsServer2008:TheDefinitiveGuide,youtocome
awaywithafirmunderstandingofwhat'shappeningunderthe
hood,butwithoutthesensethatyou'retakingagraduate
courseinOStheory.Ifyouintendtoworkwiththisserver,this
istheonlybookyouneed.
WindowsServer2008:TheDefinitiveGuide
byJonathanHassell
Publisher:O'Reilly
PubDate:March15,2008
PrintISBN-13:978-0-59-651411-2
Pages:492
TableofContents|Index
Preface
Chapter1.IntroducingWindowsServer2008
Section1.1.TheBiggestChanges
Section1.2.NetworkingImprovements
Section1.3.SecurityImprovements
Section1.4.ManageabilityImprovements
Section1.5.PerformanceandReliabilityUpgrades
Section1.6.WindowsServer2008Editions
Section1.7.HardwareRequirements
Section1.8.TheLastWord
Chapter2.InstallationandDeployment
Section2.1.InstallingWindowsServer2008
Section2.2.InitialConfigurationTasks
Section2.3.Deployment
Section2.4.TheLastWord
Chapter3.FileServices
Section3.1.FileandPrintServerFeatures
Section3.2.SettingUpFileSharingServices
Section3.3.NTFSFileandFolderPermissions
Section3.4.TheFileServerResourceManager
Section3.5.Disk-BasedQuotas
Section3.6.UsingOfflineFilesandFolders
Section3.7.UsingPreviousVersions
Section3.8.TheDistributedFileSystem
Section3.9.Command-LineUtilities
Section3.10.TheLastWord
Chapter4.DomainNameSystem
Section4.1.NutsandBolts
Section4.2.ZonesVersusDomains
Section4.3.ResourceRecords
Section4.4.UsingPrimaryandSecondaryNameservers
Section4.5.BuildingaNameserver
Section4.6.SubdomainsandDelegation
Section4.7.DynamicDNS
Section4.8.ActiveDirectory-IntegratedZones
Section4.9.Forwarding
Section4.10.TheSplitDNSArchitecture
Section4.11.BackupandRecovery
Section4.12.Command-LineUtilities
Section4.13.TheLastWord
Chapter5.ActiveDirectory
Section5.1.ActiveDirectoryDomainServicesObjectsand
Concepts
Section5.2.BuildinganADDSStructure
Section5.3.UnderstandingOperationsMasterRoles
Section5.4.UnderstandingDirectoryReplication
Section5.5.ActiveDirectoryTroubleshootingand
Maintenance
Section5.6.TheLastWord
Chapter6.GroupPolicyandIntelliMirror
Section6.1.AnIntroductiontoGroupPolicy
Section6.2.GroupPolicyImplementation
Section6.3.LocalGroupPolicy
Section6.4.DomainGroupPolicy
Section6.5.DeploymentConsiderations
Section6.6.TroubleshootingGroupPolicy
Section6.7.OtherGroupPolicyManagementTools
Section6.8.Command-LineUtilities
Section6.9.TheLastWord
Chapter7.WindowsSecurityandPatchManagement
Section7.1.UnderstandingSecurityConsiderations
Section7.2.LockingDownWindows
Section7.3.UsingAuditingandtheEventLog
Section7.4.TheLastWord
Chapter8.InternetInformationServices7
Section8.1.MajorImprovements
Section8.2.TheNewArchitecture
Section8.3.Roles
Section8.4.ManagingIISGraphically
Section8.5.ManagingIISfromtheCommandLine
Section8.6.TheLastWord
Chapter9.WindowsServer2008ServerCore
Section9.1.TheLackofaShell
Section9.2.RealisticDeploymentScenarios
Section9.3.NoManagedCode
Section9.4.FewThird-PartySoftwareApplications
Section9.5.Installation
Section9.6.InitialConfiguration
Section9.7.AdministeringWindowsServer2008Server
CoreMachines
Section9.8.TheLastWord
Chapter10.TerminalServices
Section10.1.TheRemoteDesktopProtocol
Section10.2.AddingtheTerminalServerRole
Section10.3.EnablingRemoteDesktop
Section10.4.OntheUser'sSide
Section10.5.TerminalServicesAdministration
Section10.6.TerminalServicesRemoteApp
Section10.7.TerminalServicesWebAccess
Section10.8.TerminalServicesGateway
Section10.9.Command-LineUtilities
Section10.10.TheLastWord
Chapter11.DHCPandNetworkAccessProtection
Section11.1.DynamicHostConfigurationProtocol
Section11.2.NetworkAccessProtection
Section11.3.TheLastWord
Chapter12.AnIntroductiontoClusteringTechnologies
Section12.1.NetworkLoad-BalancingClusters
Section12.2.ServerClustering
Section12.3.Command-LineUtilities
Section12.4.TheLastWord
Chapter13.PowerShell
Section13.1.WhyPowerShell?
Section13.2.InstallingPowerShell
Section13.3.PowerShellandSecurity
Section13.4.StartingUpPowerShell
Section13.5.Cmdlets:TheHeartofPowerShell
Section13.6.GettingHelpwithPowerShell
Section13.7.UsingDataStoresandPowerShellProviders
Section13.8.ThePipeline
Section13.9.FormattingBasics
Section13.10.Variables
Section13.11.WritingScripts
Section13.12.Objects:.NET,WMI,andCOM
Section13.13.AdvancedPowerShell
Section13.14.LearningMoreAboutPowerShell
Section13.15.TheLastWord
Chapter14.Hyper-V
Section14.1.HowItWorks
Section14.2.GettingStartedwithHyper-V
Section14.3.VirtualizationStrategy
Section14.4.TheLastWord
Colophon
Index
WindowsServer2008:TheDefinitiveGuide
byJonathanHassell
Copyright©2008JonathanHassell.Allrightsreserved.
PrintedintheUnitedStatesofAmerica.
PublishedbyO'ReillyMedia,Inc.,1005GravensteinHighway
North,Sebastopol,CA95472.
O'Reillybooksmaybepurchasedforeducational,business,or
salespromotionaluse.Onlineeditionsarealsoavailablefor
mosttitles(safari.oreilly.com).Formoreinformation,contact
ourcorporate/institutionalsalesdepartment:(800)998-9938or
Editor:
JohnOsborn
ProductionEditor:
RachelMonaghan
Copyeditor:
ColleenGorman
Proofreader:
RachelMonaghan
Indexer:
LucieHaskins
CoverDesigner:
KarenMontgomery
InteriorDesigner:
DavidFutato
Illustrator:
JessamynRead
PrintingHistory:
March2008:
FirstEdition.
NutshellHandbook,theNutshellHandbooklogo,andthe
O'ReillylogoareregisteredtrademarksofO'ReillyMedia,Inc.
WindowsServer2008:TheDefinitiveGuide,theimageofan
albatross,andrelatedtradedressaretrademarksofO'Reilly
Media,Inc.
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andO'ReillyMedia,Inc.
wasawareofatrademarkclaim,thedesignationshavebeen
printedincapsorinitialcaps.
Whileeveryprecautionhasbeentakeninthepreparationofthis
book,thepublisherandauthorassumenoresponsibilityfor
errorsoromissions,orfordamagesresultingfromtheuseof
theinformationcontainedherein.
ThisbookusesRepKover™,adurableandflexiblelay-flat
binding.
ISBN:978-0-596-51411-2
[M]
Preface
Microsoft'sserver-orientedWindowsoperatingsystemshave
grownbyleapsandboundsincapabilities,complexities,and
sheernumberoffeaturessincethereleaseofWindowsNT
Serverintheearly1990s.Witheachrelease,system
administratorshavefoundthemselvesgrapplingwithnew
concepts,fromdomains,directoryservices,andvirtualprivate
networks,toclientquarantining,diskquota,anduniversal
groups.Justwhenyou'vemasteredonesetofchanges,another
comesalongandsuddenlyyou'rescramblingonceagaintoget
uptospeed.AviciouscyclethisITbusinessis.
Onesourceofhelpforthebeleagueredadministratorhas
alwaysbeenthetechnicalbookmarketanditscommunitiesof
authors,publishers,andusergroups.Majorreleasesofpopular
operatingsystemshavealwaysbeenaccompaniedbythe
publicationofbookswrittentosupportthem,oftenencouraged
bythesoftwaremanufacturers.Sometoutthemselvesas
completeguidestotheirsoftwarecompadres,whileothers
approachtheirsubjectgingerly,asthoughtheirreaderswereof
aquestionableintellectualcapacity.Butovertheyears,manyof
thesebookshavebecomeascomplex,andhaveaccumulated
asmuchdetritus,astheoperatingsystemstheyexplain.You
nowseeontheshelvesofyourfriendlylocalbookstores1,200plus-pagemonstrositiesthatyoumightfinduseful,butonlyif
youenjoydealingwith30poundsofpaperinyourlaporon
yourdesk,andonlyifyoufinditproductivetowadethrough
referencesto"howthingsworked"fourversionsofWindowsNT
ago.Afterall,there'salimittohowmanytimesyoucanrevise
somethingbeforeit'sbesttosimplystartfromscratch.Doyou
needallofthatobsoleteinformationtodoyourjobefficiently?
I'mwageringthatyoudon't(myluckinLasVegas
notwithstanding),anditwasinthatspiritthatIsetouttowrite
WindowsServer2008:TheDefinitiveGuide.Ihavetrimmedthe
contentofthisvolumetoincludejustenoughbackgroundona
subjectforyoutounderstandhowdifferentfeaturesand
systemsworkinthisversionofWindows.Iwantyoutocome
awayfromreadingsectionswithafirmunderstandingofwhat's
happeningunderthehoodofthesystem,butwithoutthesense
thatyou'retakingagraduatecourseinOStheory.Mostofall,I
wantthisbooktobeapracticalguidethathelpsyougetyour
workdone—"here'showitworks;here'showtodoit."
Thebookyou'reeitherholdinginyourhandsrightnowor
readingonlineprovidesamorecompactpresentation,alower
price,andatighterfocusontasksthanotherbooksonthe
market.
Ihopethatthisworkmeetsyourexpectations,andIhopeyou
turntoitagainandagainwhenyouneedtounderstandthe
massiveproductthatisWindowsServer2008.
P2.1.Audience
Beginning-to-intermediatesystemadministratorswillfindthis
bookaveryhelpfulreferencetolearninghowWindowsServer
2008worksandthedifferentwaystoadministermachines
runningthatoperatingsystem.Thisbookhasstep-by-step
procedures,discussionsofcomplexconceptssuchasActive
Directoryreplication,DFSnamespacesandreplication,network
accessprotection,theServerCoreedition,Windows
PowerShell,andserverclustering.AlthoughI'veeliminated
materialthatisn'trelevanttoday-to-dayadministration,you
willstillfindthechaptersfullofusefulinformation.
Advancedsystemadministratorswillalsofindthisbookuseful
fordiscoveringnewconceptsandcomponentsoutsideoftheir
realmofexpertise.I'vefoundthatseniorsystemadministrators
oftenfocusononeortwospecificareasofaproductandare
lessfamiliarwithotherareasoftheOS.Thisbookprovidesa
stepping-stoneforfurtherexplorationandstudyofsecondary
partsoftheoperatingsystem.
Oneotheritemtomention:throughoutthebookI'vetriedto
highlighttheuseofthecommandlineinadditionto(orinsome
cases,asopposedto)graphicalwaystoaccomplishtasks.
Commandlines,inmyopinion,arefabulousforquicklyand
efficientlygettingthingsdone,andtheyprovideagreatbasis
forlaunchingintoscriptingrepetitivetasks.Microsofthasdone
anexcellentjobofintegratingcommand-linefunctionsintothis
revisionofWindows,andI'veattemptedtodotheeffortjustice
withinthetext.Butnoneofthisshouldmakeyoushyaway
fromthisbookifyouareaGUIaficionado:you'llstillfind
everythingyou'reaccustomedtowithinthisvolume.
P2.2.OrganizationandStructure
InstructuringthecontentsofthisbookIhavetriedtomakea
logicalprogressionthroughtheproduct,fromahigh-level
overviewthroughcompletediscussionsandtreatmentsofallits
majorcomponents.Here'showthisbookisorganized:
Chapter1
Coverstheproductonaverygeneralbasis,fromMicrosoft's
philosophybehindtheproductitselfandthedifferent
versionsoftheproductthatareavailable,toanoverviewof
thefeaturesinthisreleasethatareneworotherwise
improvedandacompleteoverviewofthesystemdesign.
Thischapterisdesignedtogivetheadministratora
completeandsystematicoverviewoftheproduct.
Chapter2
Providesadetailedguidetoinstallingtheproductina
varietyofenvironments.Ialsoincludeinformationonmass
deploymentsusingWindowsDeploymentServices,avast
improvementoverpreviousimageinstallationoptions
offeredinthebox.
Chapter3
DiscussesthefileservicesbuiltintoWindowsServer2008.
Thechapterbeginswithanoverviewofsharingandaguide
tocreatingshares,publishingthemtoActiveDirectory,
mappingdrives,usingtheMyNetworkPlacesapplet,and
accessingsharesfromtheStart Runcommandandfrom
withinInternetExplorer.ThenIdiveintoadetailed
discussionoftheWindowspermissionstructure,including
permissionlevels,"special"permissions,inheritance,and
ownership.Here,you'llalsofindaguidetosettings
permissions.Alsocoveredinthischapterisanoverviewof
theDistributedFileSystem(DFS),andhowtosetitupand
manageit.
Chapter4
Coversthedomainnamesystem,orDNS.BecauseDNSis
suchafundamentalcomponentofActiveDirectory,I
wantedtoincludeaseparatetreatmentofhowitworks,
includingadiscussionofthedifferenttypesofresource
recordsandzonefilessupported,integrationwithActive
Directory,thesplitDNSarchitecture,andbackupand
recoveryofDNSdata.
Chapter5
MostinstallationsofWindowsServer2008willinclude
installationoftheActiveDirectorytechnologybecauseso
manyproductsthatrequiretheserverOSaretightly
integratedwithActiveDirectory.Chapter5providesa
completeguidetothetechnicalportionofActiveDirectory,
includingitslogicalandphysicalstructure,hierarchical
components(domains,trees,forests,andorganizational
units),scalability,andreplication.CoverageoftheLDAP
standardsisincluded,aswellasadiscussionofmigration
andsecurityconsiderations.ThenImoveintoplanning
strategies,installingActiveDirectoryontoWindowsServer,
andtheday-to-dayadministrativetools.
Chapter6
DiscussesGroupPolicy(GP),oneofthemost
underappreciatedmanagementtechnologiesinanyserver
product.Chapter6isdedicatedtointroducingGPandits
structureandoperation.IbeginwithasurveyofGPand
ActiveDirectoryinteraction,objects,andinheritance.ThenI
provideapracticalguidetoimplementingGPthroughuser
andcomputerpoliciesandadministrativetemplates,
installingsoftwarethroughGP,administrationthrough
scripting,andredirectingfoldersandotheruserinterface
elements.IalsodiscussIntelliMirror,acooltechnologyfor
applicationdistribution(similartoZENworksfromNovell).
Chapter7
Helpsensurethatyouarewellversedinlockingdownyour
systemstoprotectbothyourowncomputersandthe
Internetcommunityasawhole.Icoversecuritypolicy,
includingwaystomanageitusingpredefinedtemplatesand
customizedpolicyplans,andanoverviewoftheSecurity
ConfigurationandAnalysisTool,orSCAT.ThenIprovidea
completeproceduralguidetolockingdownbothaWindows
networkserverandastandardWindowsclientsystem
(despitethefactthatthisisaserverbook,administrators
oftenareresponsiblefortheentirenetwork,andclientand
serversecuritygohandinhand).
Chapter8
CoversthedetailsofthemajorIISrevampinthisrelease.
Inversion7,IISisarguablythebestwebserversoftware
available.Icoverthearchitecturalimprovementsandnew
featuresinthisrelease,andthenmoveontoapractical
discussionofdailyIISadministration.
Chapter9
CoversthenewServerCoreeditionsofWindowsServer
2008,includingdeployment,activation,andusingthese
newGUI-lessversionsoftheoperatingsystem.
Chapter10
ProvidesaguidetoTerminalServices,includinganoverview
fromtheserveradministrator'sperspectiveandasimilar
overviewfromatypicaluser'spointofview.ThenIcover
howtoinstallbothTerminalServicesitselfandapplications
suchasMicrosoftOfficeandothertoolsinsidetheTerminal
Servicesenvironment.AguidetoconfiguringTerminal
Servicesfollows,includingproceduresforgeneral
configuration,remotecontroloptions,environmentsettings,
logons,sessions,andpermissioncontrol.Concludingthe
chapterisaguidetodailyadministrationusingTerminal
ServicesManager,theActiveDirectoryusertools,Task
Manager,andcommand-lineutilities.
Chapter11
Coversthestandardnetworkingarchitectureofthe
operatingsystem,includingaddressingandroutingissues.
ThenImoveintoadiscussionofthevariousnetwork
subsystems:theDomainNameSystem(DNS),theDynamic
HostConfigurationProtocol(DHCP),andadiscussionof
VPNconnectivity,thedifferentphasesofVPN,tunnelingand
encryption,andtheRADIUSserverbundledwith.NET
Server,theInternetAuthenticationService(IAS).Finishing
upthechapter,IdiscussIPSec,itssupportfromwithinthe
OS,andhowtoinstall,configure,use,andadministerit.
Coverageofclientquarantiningisalsoincluded.
Chapter12
CoversWindowsclusteringservices.First,adiscussionof
thedifferenttypesofclusteringservicesisprovided,and
thenIcoversuccessfullyplanningabasicclusterandits
differentelements:theapplications,howtogroupthe
machines,capacityandnetworkplanning,useraccount
management,andthepossiblepointsoffailure.A
treatmentofNetworkLoadBalancingclustersfollows,andI
roundoutthechapterwithaguidetocreatingand
managingserverclusters,aswellasanoverviewofthe
administrativetoolsbundledwiththeOS.
Chapter13
DiscussesWindowsPowerShell,thepowerfulobject-based
scriptingandcommand-linetechnologynowbundledwith
WindowsServer2008.
Chapter14
CoversthefundamentalsofMicrosoft'scurrentlyprerelease
virtualizationsolutioncalledHyper-V,includingitsstructure,
operation,andsetuponWindowsServer2008.We'llalso
lookatcreatingvirtualmachines,andwe'llwrapupwith
whattoexpectuponHyper-V'sofficialrelease.
P2.3.ConventionsUsedinThisBook
Thefollowingtypographicalconventionsareusedinthisbook.
Plaintext
Indicatesmenutitles,menuoptions,menubuttons,and
keyboardaccelerators(suchasAltandCtrl).
Italic
Indicatesnewterms,URLs,emailaddresses,filenames,file
extensions,pathnames,directories,andcommand-line
utilities.
Constantwidth
Indicatescommands,options,switches,variables,
attributes,keys,functions,types,classes,namespaces,
methods,modules,properties,parameters,values,objects,
events,eventhandlers,XMLtags,HTMLtags,macros,the
contentsoffiles,ortheoutputfromcommands.
Constantwidthbold
Showscommandsorothertextthatshouldbetyped
literallybytheuser.
Constantwidthitalic
Showstextthatshouldbereplacedwithuser-supplied
values.
Thisiconsignifiesatip,suggestion,orgeneral
note.
Thisiconindicatesawarningorcaution.
P2.4.UsingCodeExamples
Thisbookisheretohelpyougetyourjobdone.Ingeneral,you
canusethecodeinthisbookinyourprogramsand
documentation.YoudonotneedtocontactO'Reillyfor
permissionunlessyou'rereproducingasignificantportionofthe
code.Forexample,writingaprogramthatusesseveralchunks
ofcodefromthisbookdoesnotrequirepermission.Sellingor
distributingaCD-ROMofexamplesfromO'Reillybooksdoes
requirepermission.Answeringaquestionbycitingthisbook
andquotingexamplecodedoesnotrequirepermission.
Incorporatingasignificantamountofexamplecodefromthis
bookintoyourproduct'sdocumentationdoesrequire
permission.
O'Reillyappreciates,butdoesnotrequire,attribution.An
attributionusuallyincludesthetitle,author,publisher,and
ISBN.Forexample:"WindowsServer2008:TheDefinitive
GuidebyJonathanHassell.Copyright2008JonathanHassell,
978-0-596-51411-2."
Ifyoufeelyouruseofcodeexamplesfallsoutsidefairuseor
thepermissiongivenabove,feelfreetocontactO'Reillyat
P2.5.We'dLiketoHearfromYou
Pleaseaddresscommentsandquestionsconcerningthisbookto
thepublisher:
O'ReillyMedia,Inc.
1005GravensteinHighwayNorth
Sebastopol,CA95472
800-998-9938(intheUnitedStatesorCanada)
707-829-0515(internationalorlocal)
707-829-0104(fax)
O'Reillyhasawebpageforthisbook,whereitlistserrata,
examples,andanyadditionalinformation.Youcanaccessthis
pageat:
/>Tocommentorasktechnicalquestionsaboutthisbook,send
emailto:
Formoreinformationaboutourbooks,conferences,Resource
Centers,andtheO'ReillyNetwork,seetheO'Reillywebsiteat:
P2.6.Safari®BooksOnline
WhenyouseeaSafari®BooksOnlineicononthecoverofyour
favoritetechnologybook,thatmeansthebookisavailable
onlinethroughtheO'ReillyNetworkSafariBookshelf.
Safarioffersasolutionthat'sbetterthane-books.It'savirtual
librarythatletsyoueasilysearchthousandsoftoptechbooks,
cutandpastecodesamples,downloadchapters,andfindquick
answerswhenyouneedthemostaccurate,currentinformation.
Tryitforfreeat.
P2.7.Acknowledgments
I'vealwayslikedthefactthattheacknowledgmentsintechnical
booksaretypicallyinthefront.Thatway,whenyoureadthe
remainderofthebook,youalreadyknowwhotothankforit,
unlikeinamovie.So,withoutfurtherado:
JohnOsbornatO'Reillywasinstrumentalingettingthisprocess
organizedandoffthegroundandprovidedverywelcome
guidanceandfeedbackduringtheinitialstagesofwritingthis
book.
Errorsandshortcomingsweredutifullyfoundbythetechnical
reviewteam,whichconsistedofITprofessionalsDanGreen,
EricRezabek,andDebbieTimmons.
SpecialthankstothemanyfolksatMicrosoftandWaggenerEdstromwithwhomIworkedduringthedevelopmentofthe
book—theirassistanceandtimelyinformationwasquitehelpful
inputtingtogetherthisproject.
Ofcourse,myfamilyisalsotothank:particularlymywife,Lisa,
whopatientlyacceptedtheinsufficientanswerof"notyet"
repeatedlytoherreasonablequestionof"Aren'tyoudonewith
thatbook?"
Chapter1.IntroducingWindowsServer
2008
ItallstartedwithWindowsNT,Microsoft'sfirstseriousentry
intothenetworkservermarket.Versions3.1and3.5of
WindowsNTdidn'tgarnerverymuchattentioninaNetWaredominatedworldbecausetheyweresluggishandrefusedto
playwellwithothers.AlongcameWindowsNT4.0,whichused
thenewWindows95interface(revolutionaryonlytothosewho
didn'trecognizeApple'sMacintoshOSuserinterface)toputa
friendlierfaceonsomesimpleyetfundamentalarchitectural
improvements.Withversion4.0,largerorganizationssawthat
Microsoftwasseriousaboutenteringtheenterprisecomputing
market,eveniftheproductcurrentlybeingofferedwasstill
limitedinscalabilityandavailability.Forone,Microsoftmade
concessionstoNetWareusers,givingthemaneasywayto
integratewithanewNTnetwork.Thecompanyalsoincludeda
revisedsecurityfeatureset,includingfinelygrainedpermissions
anddomains,whichsignifiedthatMicrosoftconsidered
enterprisecomputinganimportantpartofWindows.
Afterarecordsixandone-halfservicepacks,NT4.0is
consideredbysometobethemoststableoperatingsystem
evertocomeoutofRedmond.However,despitethat,most
administratorswithUnixexperiencerequiredanOSmore
credibleinanenterpriseenvironment—onethatcouldcompare
totheenormousUnixmachinesthatpenetratedthatmarket
longagoandhadunquestionablyoccupiediteversince.It
wasn'tuntilFebruary2000,whenWindows2000Serverwas
released,thatthesecallswereanswered.Windows2000wasa
completerevisionofNT4.0andwasdesignedwithstabilityand
scalabilityasfirstpriorities.
However,somethingwasstilllacking.SunandIBMincluded
applicationserversoftwareanddeveloper-centriccapabilities
withtheirindustrial-strengthoperatingsystems,Solarisand
AIX.Windows2000lackedthisfunctionality.Inaddition,the
infamoussecurityproblemsassociatedwiththebundled
Windows2000webserver,InternetInformationServices(IIS),
castanominouscloudoverthethoughtthatWindowscould
everbeaviableInternet-facingenterpriseOS.Giventhatmany
sawMicrosoftas"bettingthecompany"onawebservices
initiativecalled.NET,itwascriticalthatMicrosoftsavefaceand
doitrightthenexttime.Itwasn'ttoolate,butcustomerswere
veryconcernedaboutthenumeroussecurityvulnerabilitiesand
thelackofaconvenientpatchmanagementsystemtoapply
correctionstothosevulnerabilities.Thingshadtochange.
Fromstageleft,enterWindowsServer2003.What
distinguishedthereleaseotherthanalongernameandathreeyeardifferenceinreleasedates?Security,primarily.Windows
Server2003camemoresecureoutoftheboxandwasheavily
influencedbythemonth-longhaltofnewdevelopmentinMarch
2002,referredtobyMicrosoftasthebeginningofthe
TrustworthyComputingInitiative,whereinalldevelopersand
productmanagersdidnothingbutreviewexistingsourcecode
forsecurityflawsandattendtrainingonnewbestpracticesfor
writingsecurecode.Performancewasalsoimprovedinthe
WindowsServer2003release,focuswasputonmakingthe
operatingsystemscalable,andingeneralenterprise
administrationwasmademoreefficientandeasiertoautomate.
MicrosoftalsoupdatedsomebundledsoftwareviatheWindows
Server2003R2release,makingitmorestraightforwardto
manageidentitiesoverdifferentdirectoryservicesandsecurity
boundaries,distributefilesandreplicatedirectorystructures
amongmanyservers,andmore.
Butasalways,nosoftwareisperfect,andthere'salwaysroom
forimprovement.Asbusinessrequirementshavechanged,
MicrosoftdevelopersworkedintandemonWindowsVistaand
thenextreleaseofWindowsontheserver.WhenWindowsVista
wasreleasedtomanufacturing,theteamssplitagain,andthe
WindowsServer2008groupaddedafewnewfeaturesandthen
focusedonperformanceandreliabilityuntiltherelease.
1.1.TheBiggestChanges
UnlikethetransitionfromWindows2000ServertoWindows
Server2003,whichwasafairlyminor"point"-styleupdate,
WindowsServer2008isaradicalrevisiontothecorecodebase
thatmakesuptheWindowsServerproduct.WindowsServer
2008sharesquiteabitoffundamentalcodewithWindows
Vista,whichwasaproductderiveddirectlyfromthetechniques
ofthesecuredevelopmentmodel(SDM)—seachangein
programmingmethodologiesatMicrosoftthatputssecurecode
attheforefrontofallactivity.Thus,alotofnewfeaturesand
enhancementsyouwillseeintheproductarearesultofamore
securecodebaseandanincreasedfocusonsystemintegrity
andreliability.
ThemostradicalchangestoWindowsServer2008include
ServerCoreandthenewInternetInformationServices7.0.
1.1.1.ServerCore
ServerCoreisaminimalinstallationoptionforWindowsServer
2008thatcontainsonlyasubsetofexecutablefilesandserver
roles.Managementisdonethroughthecommandlineor
throughanunattendedconfigurationfile.Accordingto
Microsoft:
ServerCoreisdesignedforuseinorganizationsthateither
havemanyservers,someofwhichneedonlytoperform
dedicatedtasksbutwithoutstandingstability,orin
environmentswherehighsecurityrequirementsrequirea
minimalattacksurfaceontheserver.
Accordingly,therearelimitedrolesthatCoreserverscan
perform.Theyare:
DynamicHostConfigurationProtocol(DHCP)server
DomainNameSystem(DNS)server
Fileserver,includingthefilereplicationservice,the
DistributedFileSystem(DFS),DistributedFileSystem
Replication(DFSR),thenetworkfilesystem,andsingle
instancestorage(SIS)
Printservices
Domaincontroller,includingaread-onlydomaincontroller
ActiveDirectoryLightweightDirectoryServices(ADLDS)
server
WindowsServerVirtualization
IIS,althoughonlywithaportionofitsnormalabilities—
namelyonlystaticHTMLhosting,andnodynamicweb
applicationsupport
WindowsMediaServices(WMS)
Additionally,ServerCoremachinescanparticipateinMicrosoft
clusters,usenetworkloadbalancing,hostUnixapplications,
encrypttheirdriveswithBitlocker,beremotelymanagedusing
WindowsPowerShellonaclientmachine,andbemonitored
throughSimpleNetworkManagementProtocol,orSNMP.
MostadministratorswillfindplacingServerCoremachinesin
branchofficestoperformdomaincontrollerfunctionsisan
excellentuseofslightlyolderhardwarethatmightotherwisebe
discarded.ThesmallerfootprintofServerCoreallowstheOSto
domorewithfewersystemresources,andthereducedattack
surfaceandstabilitymakeitanexcellentchoiceforan
appliance-likemachine.Plus,withabranchoffice,youcan
combineServerCorewiththeabilitytodeployaread-only
domaincontrollerandencrypteverythingwithBitLocker,giving
youagreat,lightweight,andsecuresolution.
1.1.2.IISImprovements
ThevenerableMicrosoftwebserverhasundergonequiteabitof
revisioninWindowsServer2008.IIS7is,forthefirsttime,
fullyextensibleandfullycomponentized—youonlyinstallwhat
youwant,sotheserviceislighter,moreresponsive,andless
vulnerabletoattack.TheadministrativeinterfaceforIIShas
alsobeencompletelyredesigned.Keyimprovementsinclude:
Newlyrearchitectedcomponentizedstructure
ForthefirsttimeinIIShistory,administratorsexercise
completecontroloverexactlywhatpiecesofIISare
installedandrunningatanygiventime.Youcanrunthe
exactservicesyourequire—nomore,noless.Thisisof
coursemoresecure,nottomentioneasiertomanageand
betterperforming.
Flexibleextensibilitymodel
IIS7allowsdeveloperstoaccessabrand-newsetofAPIs
thatcaninteractwiththeIIScoredirectly,makingmodule
developmentandcustomizationmucheasierthanitever
hasbeen.Developerscanevenhookintotheconfiguration,
scripting,eventlogging,andadministrationareasofIIS,
whichopensalotofdoorsforenterprisingadministrators
andthird-partysoftwarevendorstoextendIIS'capabilities
soonerratherthanlater.
Simplifiedconfigurationandapplicationdeployment
ConfigurationcanbeaccomplishedentirelythroughXML
files.CentralIISconfigurationcanbespreadacrossmultiple
files,allowingmanysitesandapplicationshostedbythe
sameservertohaveindependentbutstilleasilymanaged
configurations.OneofMicrosoft'sfavoritedemosofIIS7is
settingupawebfarmwithidenticallyconfiguredmachines;
asnewmembersofthefarmarebroughtonline,the
administratorsimplyusesXCOPYandmovesexisting