Index
Numbers | A | B | C | E | F | G | H | I | K | L | M | N | O | P | R | S | T | U | V | W | Z
Numbers
32-bit systems, 6
64-bit systems, 6
A
access control entries (ACEs), 253
access permissions
defined, 263
for network printers, 540-541
account policies
applying security-related Group Policy definitions, 170
changing template settings by using Security Templates snap-in, 173-174
configuring account lockout policies, 281-282, 325
configuring in Default Domain Policy GPO, 277-278
configuring kerberos policies, 283-284
configuring password policies, 279-281
configuring user rights policies, 284-287
accounts, used with services, 82
ACEs (access control entries), 253
Active Directory. See also domains
administration tools, 215-216
auditing objects, 445-446
command-line tools, 216-217
data store, 9, 11, 208-209
delegating privileges for Group Policy management, 132-133
directory structure overview, 208
and DNS forwarding, 615
and Domain Name System (DNS), 193-194
domains vs. DNS domains, 202
Group Policy overview, 123-124
integrating with Domain Name System (DNS), 14, 585-586
and Lightweight Directory Access Protocol (LDAP), 212
list of built-in capabilities for groups, 266-268
listing printers in, 536
logical structures, 196
maintaining, 245-248
management tools overview, 215-218
managing organizational units, 236-237
managing sites, 238-244
managing user contact information, 296-299
overview, 10, 193-195
physical structures, 196
relationship of Group Policy Management Console (GPMC) to, 126
replication issues, 211-212, 234
restoring, 12
searching for users and groups, 298-299
setting and viewing permissions for objects, 327-328
Sites And Services tool, 215
starting and stopping, 12
support tools, 217-218
troubleshooting, 248-250
user, group, and computer accounts as objects, 327
using with Windows 2000, Windows XP, and Windows Vista, 202-203
Windows Server 2008 changes, 10-11
and Windows Web Server 2008, 6
working with domains, 202-207
Active Directory Animation Tool, 218
Active Directory Certificate Services (AD CS), 10, 23
Active Directory Domain Services (AD DS)
Default Domain Controllers Policy GPO, 123, 124
Default Domain Policy GPO, 124
defined, 23, 193
fixing default Group Policy, 151
Group Policy, 123-124
installing and demoting domain controllers, 229-230
overview, 10
restartable, 11, 12-13
role services, 23
Active Directory Domains And Trusts
defined, 215
viewing or changing location of domain naming master role, 232
Active Directory Federation Services (AD FS)
and authentication protocols, 252
defined, 10, 23
Active Directory Lightweight Directory Services (AD LDS), 10, 23
Active Directory Rights Management Services (AD RMS), 11, 23
Active Directory Schema
schema master, defined, 213
viewing or changing location of schema master roles, 232-233
Active Directory Sites And Services tool, 201-202, 215
Active Directory Users And Computers tool
adding folders for organizational units, 219
advanced features, 219
Builtin folder, 219
Computers folder, 219
connecting to domain controllers, 220
connecting to domains, 221
creating computer accounts, 223-224
defined, 215
Domain Controllers folder, 219
ForeignSecurityPrincipals folder, 219
illustrated, 219
managing computer accounts, 223
managing multiple user accounts, 322-325
organizational units in, 200
overview, 218-219
Saved Queries folder, 219
searching for accounts, 221-222
searching for directory objects, 221-222
searching for shared resources, 221-222
starting, 218
troubleshooting logon problems, 325-327
updating domain user and group accounts, 316-322
Users folder, 219
viewing or changing location of domain-wide roles, 230-232
AD CS. See Active Directory Certificate Services (AD CS)
AD DS. See Active Directory Domain Services (AD DS)
AD FS. See Active Directory Federation Services (AD FS)
AD LDS. See Active Directory Lightweight Directory Services (AD LDS)
AD RMS. See Active Directory Rights Management Services (AD RMS)
Add Counters dialog box, 98-100
Add Features Wizard, 50, 54
Add New Printer Filter Wizard, 534-535
Add Printer Wizard, 528
Add Roles Wizard
adding File Services role, 333-336
adding Print Services role, 517
defined, 50, 54
installing and configuring DNS, 590-592
installing DHCP server components, 553-555
administrative templates, 127-129
Administrative Templates node, Group Policy Management Editor, 127-129
administrative wizards, defined, 19
Administrator account, 260-261
Administrators and Non-Administrators Local Group Policy layer, LGPOs, 120, 122-123
Administrators group, 271, 272
ADMX files, 118-119
ADPREP Active Directory command-line tool, 216
ADSI Edit tool, 218, 245-246
Advanced Boot menu, 488
Aero enhancements, 4
alternative IP addresses, configuring, 511
Anonymous Logon identity, 272
application log, defined, 85
Application Server, 23
applications
Go To Process option, 70
managing in Task Manager, 69-70
restoring data by using Recovery Wizard, 491-493
right-clicking listings in Task Manager, 70
starting in Task Manager, 69
stopping in Task Manager, 69
switching between in Task Manager, 69
applications and services logs
defined, 85
DFS Replication log, 86
Directory Service log, 86
DNS Server log, 86
File Replication Service log, 86
Hardware Events log, 86
list, 86
Microsoft\Windows log, 86
Windows PowerShell log, 86
archiving event logs, 92-94
audio and video files
file screen template, 397
as screen group file types, 397
auditing
Active Directory objects, 445-446
DHCP processes, 559-560
files and folders, 443-445
print jobs, 541-542
registry, 445
setting policies, 441-443
system resources, 441-446
troubleshooting logon failure, 326
authentication protocols, 251-252
Authentication Users identity, 272
autoloader tape systems, as backup solution, 465
automatic feedback, enabling, 50
automatic reboots, 66
Automatic Updates, as Group Policy
configuring, 166-167
defined, 166
optimizing, 167
overview, 111
specifying intranet update service locations, 168-169
and Windows Update feature, 167-168
automatic updating, enabling on Initial Configuration Tasks console, 50
B
Background Intelligent Transfer Service (BITS) Server Extensions, 25
background processes, defined, 68
backup files, as screen group file type, 397
Backup Once Wizard, 483-484
Backup Schedule Wizard, 477-478
backups. See also Wbadmin backup utility; Windows Server Backup
backing up DHCP database, 581
basic types of backup plans, 462-463
common solutions, 465-466
copy-type, 463
daily-type, 463
differential-type, 463-464
incremental-type, 463-464
manual, using Wbadmin utility, 481-482
manual, using Windows Server Backup, 483-484
questions to ask, 461-462
recovering servers from failure, 484-486
scheduled, using Wbadmin utility, 478-479, 480
scheduled, using Windows Server Backup, 475-480
selecting backup utility, 466-468
selecting devices, 464-466
selecting media, 466
Batch identity, 272
BitLocker Drive Encryption, 25, 112
BITS (Background Intelligent Transfer Service) Server Extensions, 25
bootable startup, 4
Bootstrap Protocol (BOOTP), 576
built-in groups, 262
built-in local groups, 256
built-in user accounts, 260
C
canceling print jobs, 545
CAPI2 (CryptoAPI Version 2), 506
CAs (certificate authorities), 165
catalogs, global
configuring, 235-236
overview, 209-210
central store, 129-130
certificate authorities, 165
certificate revocation lists (CRLs), 165
Certificate Services. See Active Directory Certificate Services (AD CS)
certificates. See digital certificates, automatically enrolling; encryption certificates
Check Disk utility, 364-366
Classic Start Menu, 6
CMAK (Connection Manager Administration Kit), 25
CNAME-type DNS records, 602, 604-605
command-line utilities. See also Ntdsutil tool
accessing during Windows Server 2008 installation, 34-38
Active Directory, 216-217
defined, 19
NET commands, 19
Server Manager counterpart, 42
Windows Server Backup alternative, 471-475
common code bases, 4
compressed files, as screen group file type, 397
computer accounts
creating in Active Directory Users And Computers, 223-224
creating on workstations or servers, 223
deleting, 225
disabling, 225
enabling, 225
joining computers to domains or workgroups, 56-57, 227-228
managing, 223-226
managing computers, 227
moving, 226-227
as objects, 327
resetting when locked, 225-226
viewing and editing properties, 224-225
Computer Configuration node, Group Policy Management Editor, 126-127, 145, 170
Computer Management console
Disk Management snap-in, 339-341, 344
tracking shared folders, 425-426
viewing existing file shares, 414-415
computer name, 50, 56-57
computer security. See security
computer shutdown scripts
assigning as part of group policy, 157-158
defined, 156
deleting, 158
editing, 158
computer startup scripts
assigning as part of group policy, 157-158
defined, 156
deleting, 158
editing, 158
Connection Manager Administration Kit (CMAK), 25
contact information, managing in Active Directory, 296-299
Control Panel
Classic view, 50
defined, 19
Windows Server 2008 vs. Windows Vista, 4
Windows Update utility, 50
core-server Windows Server 2008 installation
defined, 21
list of commands and utilities, 29-30
overview, 28-29
counters, performance
choosing for monitoring, 98-100
collecting data, 102-104
configuring alerts, 105-106
creating and managing data collector sets, 101-102
data collector set overview, 100
CPU usage
graphs, 74, 75
monitoring and tuning, 108
statistics, 75
viewing statistics in Reliability And Performance console, 95
Create A Shared Folder Wizard, 416-419
Creator Group identity, 272
Creator Owner identity, 273
CryptoAPI Version 2 (CAPI2), 506
D
data backup. See backups
data collector sets
collecting configuration data, 104
collecting performance counter data, 102-103
collecting performance trace data, 103-104
configuring alerts, 105-106
creating and managing, 101-102
illustrated, 101
overview, 100
viewing reports, 104-105
Data Execution Prevention (DEP)
application compatibility, 62-63
configuring, 62
overview, 61
using, 62-63
data store
defined, 9
overview, 208-209
read only Active Directory replica, 11
DCGPOFIX file, 151
Default Domain Controllers Policy GPO
defined, 123
fixing problems with, 151
overview, 124
Default Domain Policy GPO
configuring account policies in, 277-278
defined, 124
fixing problems with, 151
overview, 124
default group accounts, 271-273
defragmenting hard disk drives, 366-368
DEP (Data Execution Prevention)
application compatibility, 62-63
configuring, 62
overview, 61
using, 62-63
Desktop Experience, 25, 112
device drivers. See also printer drivers
configuring driver-signing settings, 57
loading during Windows Server 2008 installation, 39-40
and Windows Update Driver Settings button, 57
Device Manager, accessing via System Properties dialog box, 57
DFS Namespaces
adding to servers, 333-336
defined, 332
installing on servers, 334-335
as role service for file servers, 332
DFS Replication
adding to servers, 333-336
defined, 332
as role service for file servers, 332
DFS Replication log, 86
DHCP (Dynamic Host Configuration Protocol)
auditing, 559-560
authorizing servers in Active Directory, 558
backing up database, 581
configuring multiple gateways, 511
configuring servers, 558-566
connecting to remote servers, 557
defined, 23
and Domain Name System, 14, 15
installing server components, 553-555
integrating with Domain Name System, 560-562
integrating with Network Access Protection, 562-565
IPv4 addressing and configuration, 547-548, 552
IPv6 addressing and configuration, 548-551, 552, 554-555
managing scopes, 566-577
name-resolution method, 17
overview, 547
reconciling leases and reservations against database, 583
regenerating database, 582-583
reserving addresses, 578-579
restoring database from backup, 581-582
saving and restoring configuration, 565-566
scope overview, 552
starting and stopping servers, 557
starting and using console, 556-558
troubleshooting, 559-560
updating statistics, 559
DHCPv4 addressing and configuration, 547-548, 552
DHCPv6 addressing and configuration, 548-551, 552, 554-555
diagnostics, accessing tools in Server Manager, 51
Dial-Up identity, 273
digital audio tape (DAT) drives, as backup solution, 465
digital certificates, automatically enrolling, 165
directories. See also Active Directory; shared folders
auditing, 443-445
compressing and uncompressing, 368-370
decrypting, 374
encrypting, 372-373
as objects, 434
restoring by using Recovery Wizard, 491-493
Directory Service log, 86
Directory Services Access Control Lists utility, 218
disabled user accounts, troubleshooting, 325-327
disk-based backup systems, as backup solution, 465
disk drives. See hard disk drives
Disk Management snap-in, 339-341, 344
disk mirroring, RAID
breaking mirrored sets, 388
creating mirror sets, 386
defined, 383
implementing, 385-387
mirroring existing volumes, 386-387
removing mirrored sets, 390
repairing mirrored sets, 388-389
repairing mirrored system volume to enable boot, 389-390
resynchronizing mirrored sets, 388-389
disk partitions
changing, 352-355
creating during Windows Server 2008 installation, 40
deleting during Windows Server 2008 installation, 40, 41
deleting to change configuration, 359
extending during Windows Server 2008 installation, 40, 41-42
formatting during Windows Server 2008 installation, 40-41
formatting existing disks, 355-356
overview, 351-352
removing during Windows Server 2008 installation, 38-39
disk quotas
NTFS, 446-456
Resource Manager, 446, 456-460
disk striping, RAID
defined, 383
implementing, 384-385
with parity, 383, 387-388
regenerating striped sets, 390-391
repairing striped sets, 390
display names, 274-275
Distributed File System (DFS)
adding to servers, 333-336
defined, 332
as role service for file servers, 332
distribution groups, 256
Distributed File System Utility, 218
DNS. See Domain Name System (DNS)
DNS records
A-type, 602-603
AAAA-type, 602-603
CNAME-type, 602, 604-605
creating address records, 602-604
creating pointer records, 602-604
managing, 602-607
MX-type, 602, 605-606
NS-type, 602, 606-607
PTR-type, 602, 603-604
types, 602
updating, 607
viewing, 607
DNS Server Troubleshooting Tool, 218
DNS servers, defined, 23. See also Domain Name System (DNS)
domain accounts. See also user accounts
creating, 287-289
defined, 254
logon issues, 326-327
passwords for, 276-277
rules for display names, 275
Domain Admins group, 271, 272
domain controllers
associating sites with, 240-241
central store, 129-130
configuring refresh interval, 139-140
configuring site link bridges, 243-244
configuring Windows Server 2008 as, 9
and data store, 208-209
demoting, 229, 230
and Group Policy Management Console (GPMC), 126
installing, 212, 229, 230
multimaster replication model, 9
read-only, 11, 194-195
recovery policies, 373-374
replication issues, 211-212
and restartable Active Directory Domain Services, 11, 12-13
Windows version support, 199
domain forests. See forests
domain functional levels
available enhancements, 206
upgrading, 207
Windows 2000 mixed mode, 203
Windows 2000 native mode, 204
Windows Server 2003 mode, 204-205
Windows Server 2008 mode, 204, 205-206
domain local groups, 256, 258
Domain Name System (DNS)
and Active Directory, 193-194
adding remote servers to DNS console, 599
computer name issues, 56-57
configuration overview, 15
configuring name resolution on DNS clients, 588-590
configuring primary servers, 592-594
configuring reverse lookups, 595-597
configuring secondary servers, 595
controlling outside access, 613-615
creating child domains, 600-601
defined, 193
deleting domains and subnets, 601-602
domains vs. Active Directory domains, 202
dynamic DNS client updates, 612
enabling on networks, 586-588
and event logging, 615-616
full integration with Active Directory, 14, 585
hierarchy, 13-14
installing, 14-15
installing DNS servers, 590-598
integrating Active Directory with, 585-586
integrating DHCP with, 560-562
log file, 86
managing configuration and security, 613-617
managing DNS records, 602-607
managing DNS servers, 598-602
monitoring DNS servers, 616-617
overview, 13-15, 584-585
partial integration with Active Directory, 14, 585
removing remote servers to DNS console, 599
server role in DNS client name resolution, 588-590
setting up forwarding, 613-615
starting and stopping DNS servers, 599-600
domain naming master, 213, 232
domain networks, defined, 8, 502
Domain Services. See Active Directory Domain Services (AD DS)
domain trees, 196, 198-199
DomainDNSZones, 15
domains. See also Domain Name System (DNS)
Active Directory, 10, 193
changing information in System Properties dialog box, 50
defined, 196, 584
DNS vs. Active Directory, 202
and global catalogs, 209-210
joining computers to, 56-57, 227-228
logical Active Directory structures, 196
overview, 196-197
physical Active Directory structures, 196
replication issues, 211
role in configuring Windows Server 2008, 6
Domains node, Group Policy Management Console (GPMC), 125
drivers, device. See also printer drivers
configuring driver-signing settings, 57
loading during Windows Server 2008 installation, 39-40
and Windows Update Driver Settings button, 57
DSADD Active Directory command-line tool, 217
DSGET Active Directory command-line tool, 217
DSMOD Active Directory command-line tool, 217
DSMOVE Active Directory command-line tool, 217
DSQUERY Active Directory command-line tool, 217
DSRM Active Directory command-line tool, 217
dual booting, 375, 377, 384
dump files, writing debugging information to, 66-67
dynamic disks
vs. basic disks, 346-347
changing back to basic disks, 349
changing basic disks to, 348-349
changing drive types, 348-349
configuration, 340
defined, 346
moving to new systems, 350-351
overview, 346-347
reactivating, 349
volume advantages, 377
dynamic DNS updates, 612
Dynamic Host Configuration Protocol. See DHCP (Dynamic Host Configuration Protocol)
dynamic-link libraries (DLLs), 67
dynamic IP addresses, configuring, 510-511
E
e-mail files
file screen template, 397
as screen group file type, 397
editors, policy. See GPOE (Group Policy Object Editor); Group Policy Management Editor
EFS (Encrypting File System)
configuring recovery policy, 495-496
data recovery agents, 494-495
encryption certificate overview, 493-494
overview, 371-372
recovery system overview, 494-496
Encrypting File System. See EFS (Encrypting File System)
encryption, 309
encryption certificates
backing up, 496-497
overview, 493-494 recovering, 497
Enhanced Security Configuration (Internet Explorer), 53
Enterprise Admins group, 271, 272
enterprise CAs (certificate authorities), 165
Enterprise Domain Controllers identity, 273
environment settings, user, 299-303
environment variables
creating, 64
deleting, 64
editing, 64
overview, 63
system, 300-301
error reports, 50
event logs
accessing, 86
applications and services logs, 85, 86
applying security-related Group Policy definitions, 170
archival formats, 92
archiving, 92-94
changing template settings by using Security Templates snap-in, 173-174
clearing, 92
DNS, 615-616
entry details, 88
event levels, 87
filtering, 88-90
role in server monitoring, 95
setting options, 90-92
ways to use, 86-87
Windows logs, 85
writing events to system log, 66
Event Viewer
accessing, 86
clearing event logs, 92
filtering event logs, 88-90
setting event log options, 90-92
viewing event logs, 86-88
writing events to system log, 66
Everyone identity, 273
executable files
file screen template, 397
as screen group file type, 397
exFAT file system, 340-341
F
Failover Clustering, 25
Fax Server, 23
features. See server features
Features Summary, Server Manager, 54
Federation Services. See Active Directory Federation Services (AD FS)
feedback, enabling, 50
Fibre Channel SANs, 392-393
file handles, 71
File Replication Service (FRS)
adding to servers, 333-336
defined, 333
log file, 86
as role service for file servers, 333
file screening
active, 396
auditing, 403
creating screens, 407
defining exceptions, 407-408
exception paths, 398
list of templates, 396-397
managing file groups, 403-404
managing templates, 404-407
overview, 396-398
passive, 396
standard file groups, 397-398
File Server Resource Manager (FSRM). See also file screening; storage reports
adding to servers, 333-336
defined, 332
File Screening Management node, 399
global file resource options, 399, 400-403
illustrated, 399
installing, 335-336
managing file screening and storage reporting, 399-409
Quota Management node, 399
as role service for file servers, 332, 399
Storage Reports Management node, 399
File Services role
adding to servers, 333-336
defined, 24
list of services for file servers, 332-333
managing, 331-336
overview, 331-332
file sharing
creating shared folders, 417-419
Public folder sharing, 411-414
standard, 411, 414-419
standard vs. Public folder sharing, 411
viewing existing shares, 414-416
file system policies
applying security-related Group Policy definitions, 170
defining path security settings by using Security Templates snap-in, 178-179
viewing and changing path security settings by using Security Templates snap-in, 176-177
files. See also file sharing
auditing, 443-445
compressing and uncompressing, 368-370
decrypting, 374
encrypting, 372-373
as objects, 434
restoring by using Recovery Wizard, 491-493
filtering event logs, 88-90
filters, printer, 534-535
firewalls. See Windows Firewall
FireWire, 342-343
fixed disk drives. See hard disk drives
folder redirection
overview, 152
redirecting special folders based on group membership, 154-155
redirecting special folders to single location, 152-154
removing redirection from special folder, 155-156
updating, 116
folders. See also shared folders
auditing, 443-445
compressing and uncompressing, 368-370
decrypting, 374
encrypting, 372-373
as objects, 434
restoring by using Recovery Wizard, 491-493
foreground processes, defined, 68
ForeignSecurityPrincipals folder, 219
Forest node, Group Policy Management Console (GPMC), 125-126
ForestDNSZones, 15
forests
defined, 196
functional levels, 206, 207
operations master roles, 213-214
overview, 198-199
forward lookups, DNS, 595, 597-598, 599
forwarded events log, 85
forwarding, DNS, 613-615
FQDNs (fully qualified domain names), 14, 194, 254, 255
FSRM. See File Server Resource Manager (FSRM)
full-server Windows Server 2008 installation, defined, 21, 28
fully qualified domain names (FQDNs), 14, 194, 254, 255
G
gateways, configuring, 511-512
global catalogs
configuring, 235-236
overview, 209-210
global groups
configuring group membership, 293-295
creating accounts, 291-292
defined, 256, 258
Domain Admins, 271, 272
Enterprise Admins, 271, 272
Globally Unique Identifiers (GUIDs), 124
GlobalNames zone, 597-598
Go To Process option, 70
GPMC. See Group Policy Management Console (GPMC)
GPOE (Group Policy Object Editor), 118, 121-122
graphical administrative tools, defined, 19
graphics enhancements, Windows Server 2008, 58
graphs, performance, 74-75
group accounts
adding, 291-295
built-in capabilities, 263
built-in groups, 262
default, 271-273
differences with user accounts, 253, 255
global vs. local, 291
impact of scope on capabilities, 257
implicit groups, 262, 272-273
list of capabilities that can be delegated, 270
list of logon rights, 266
list of privileges, 263-265
managing individual membership, 294
managing multiple memberships collectively, 295
as objects, 327
overview, 251, 255-259
predefined groups, 262
scope of groups, 256-257
and security identifiers, 257-258
security model, 251-253
setting primary groups, 295
special identities, 262
types of groups, 256, 291
when to use, 258-259
Group Policy
Active Directory-based, 123-124
applying multiple policies, 115
applying security related definitions by using security templates, 170
automatically enrolling computer and user certificates, 165
changing policy processing preferences, 145-146
configuring account policies in Default Domain Policy GPO, 277-278
configuring Automatic Updates, 166-167
configuring slow-link detection, 146-149
creating objects, 130-131
defined, 114
deploying printer connections to computers and users, 528-532
deploying security policies to multiple computers, 190
deploying security templates to multiple computers, 182-184
deploying software through, 159-165
disabling, 144-145
and inheritance, 133-136
linking objects to Active Directory containers, 130-131
managing local group policies, 120-123
managing operating system automatic updates, 166-169
managing users and computers, 152-169
modeling for planning purposes, 140-142
navigating changes, 117-119
need for mastering, 113
network management policies, 505-506
overview, 114-115
Point And Print Restrictions, 530-532
refreshing, 137-140
requirements and version compatibility, 116-117
troubleshooting, 150-151
when to apply policies, 115-116
Group Policy Management console (GPMC)
backing up and restoring policy objects, 143-145
copying and pasting policy objects, 142-143
creating and using starter GPOs, 131
defined, 25, 216
delegating privileges, 132-133
deleting GPOs, 149
deploying printer connections to computers and users, 528-532
Domains node, 125
editing policy objects, 126-127
Forest node, 125-126
Group Policy Modeling node, 126, 140-142, 144
illustrated, 125
importing policy objects, 142-143
overview, 125-126
relationship to Active Directory, 126
removing links, 149
Sites node, 125
Group Policy Management Editor
Administrative Templates node, 127, 127-129
Computer Configuration node, 126-127, 145, 170
overview, 126-127
User Configuration node, 126-127, 145
Group Policy Modeling node, Group Policy Management Console (GPMC), 126, 140-142, 144
Group Policy Object Editor (GPOE), 118, 121-122
Group Policy Results Wizard, 126
groups
Administrators group, 271, 272
built-in, 262
distribution, 256
Domain Admins group, 271, 272
Enterprise Admins group, 271, 272
implicit, 262, 272-273
predefined, 262
security, 256
universal, 256-257, 258
used by Administrators, 271-272
Guest account, 261-262, 305
GUIDs (Globally Unique Identifiers), 124
H
hard disk drives. See also RAID (redundant array of independent disks)
adding, 337-345
assigning drive letters and paths, 357-358
as backup solution, 465
basic configuration, 340, 346, 347-349
changing volume labels, 358
comparing, 337-338
compressing, 368-371
converting FAT volumes to NTFS, 359-361
creating partitions, 352-355
creating simple volumes, 352-355
decrypting, 374
defragmenting, 366-368
deleting partitions, 359
deleting volume labels, 358
dynamic configuration, 340, 346-351
encrypting, 370-373
formatting partitions, 355-356
hot swapping, 343
loading drivers during Windows Server 2008 installation, 39-40
logical, deleting, 359
monitoring and tuning I/O, 109
moving dynamic disks to new systems, 350-351
new, installing, 343-344
partitioning overview, 351-352
physical, feature comparison, 337-338
physical, overview, 337-338
physical, preparing for use, 338-339
removable configuration, 340, 341-343
repairing disk errors and inconsistencies, 363-366
rescanning, 350
resizing volumes, 361-363
status options, 344-345
using volumes and volume sets, 375-385
viewing usage statistics in Reliability And Performance console, 96
hard disk partitions
changing, 352-355
creating during Windows Server 2008 installation, 40
deleting during Windows Server 2008 installation, 40, 41
deleting to change configuration, 359
extending during Windows Server 2008 installation, 40, 41-42
formatting during Windows Server 2008 installation, 40-41
formatting existing disks, 355-356
overview, 351-352
removing during Windows Server 2008 installation, 38-39
Hardware Events log, 86
hardware profiles, in Windows Server 2008, 57, 80
high-volume printing, 543
history graphs, 74-75
home directories, 299, 302-303
home folders, 299, 302-303
HOSTS file, 17
hot swapping hard disk drives, 343
HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer), 506
Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS), 506
I
IA-64 computers, 6
identities, assigning permissions to, 272-273
image files, as screen group file type, 397
implicit groups, 262, 272-273
incident storage reports, 398
Indexing Service
adding to servers, 333-336
defined, 333
as role service for file servers, 333
when to install, 336
infrastructure master, 213
inheritance
and Group Policy, 133-136
by objects, 436
Initial Configuration Tasks console
illustrated, 49
overview, 49-51
vs. Server Manager console, 52
starting, 49
Initialize And Convert Disk Wizard, 344
installing new hard disk drives, 343-344
installing Windows Server 2008
clean installations, 31-33
core-server installations, 21, 28-30
creating disk partitions during installation, 40
deleting disk partitions during installation, 40, 41
extending disk partitions during installation, 40, 41-42
formatting disk partitions during installation, 40-41
full-server installations, 21, 28
installation types, 21
loading disk device drivers during installation, 39-40
performing administrative tasks during installation, 34-42
performing disk partition removal during installation, 38-39
upgrade installations, 33-34
using command line during installation, 34-38
Interactive identity, 273
interactive processes, defined, 68
Internet Explorer, configuring Enhanced Security Configuration, 53
Internet Printing Client, 26, 517
Internet Printing role service, 517
Internet SCSI SANs, 392, 393-394
Internet Storage Naming Server (ISNS), 26
intranet, specifying for Automatic Updates, 168-169
IP addresses
alternative, configuring, 511
avoiding conflicts, 565
checking assignments, 551
configuring multiple gateways, 511-512
dynamic, configuring, 510-511
enabling and disabling for DNS servers, 613
releasing after reserving, 579
reserving for clients, 578-579
and scopes, 552
static, checking addresses by using PING, 509
static, configuring manually, 508, 508-510
IP protocol. See IPv4 (Internet Protocol version 4); IPv6 (Internet Protocol version 6)
IPCONFIG command, 551
IPv4 (Internet Protocol version 4)
A-type DNS records, 602-603
avoiding address conflicts, 565
and Bootstrap Protocol, 576
checking address by using PING, 509
coexistence with IPv6, 506
configuring static address, 509-510
creating and managing superscopes, 566-567
creating normal scopes for addresses, 567-570
deleting exclusion range, 578
DHCPv4 addressing and configuration, 547-548, 552
overview, 8, 9
reserving addresses for clients, 578-579
and scopes, 552
setting exclusion range, 577-578
IPv6 (Internet Protocol version 6)
AAAA-type DNS records, 602-603
checking address by using PING, 509
coexistence with IPv4, 506
configuring static address, 509-510
creating normal scopes for addresses, 570-571
deleting exclusion range, 578
DHCPv6 addressing and configuration, 548-551, 552, 554-555
overview, 8, 9
reserving addresses for clients, 579
and scopes, 552
setting exclusion range, 577-578
iSCSI SANs, 392, 393-394
ISNS (Internet Storage Naming Server), 26
Itanium-based computers, 6
K
kerberos
configuring policies, 283-284
user account security options, 309
kernel
graph display, 75
memory dumps, 66-67
statistics, 75
L
Layer Two Tunneling Protocol/Internet Protocol Security (L2TP/IPSec), 506
LDAP (Lightweight Directory Access Protocol), 212. See also Active Directory Lightweight Directory Services (AD LDS)
leases, DHCP. See also reserving DHCP addresses
defined, 547
deleting, 580
and DHCP scopes, 552
planning duration, 568-569, 571
reconciling against DHCP database, 583
and reserved addresses, 579
Lightweight Directory Access Protocol (LDAP), 212. See also Active Directory Lightweight Directory Services (AD LDS)
Line Printer Daemon (LPD) service, 517
Line Printer Remote (LPR) service, 26, 517
Link-Local Multicast Name Resolution (LLMNR)
enabling and disabling, 18
how it works, 18
overview, 17-18
vs. WINS functionality, 553
LLMNR (Link-Local Multicast Name Resolution)
enabling and disabling, 18
how it works, 18
overview, 17-18
vs. WINS functionality, 553
LMHOSTS file, 17
local area connections
availability, 508
checking status, 513
enabling and disabling, 513
managing, 512-513
renaming, 513
Local Group Policy Objects (LGPOs)
accessing top-level local policy settings, 121
Administrators and Non-Administrators Local Group Policy layer, 120, 122-123
Local Group Policy layer, 120, 121-122
managing local group policies, 120-123
overview, 120-121
storing local group policies, 122
User-Specific Local Group Policy layer, 120, 122-123
local groups
Administrators group, 271, 272
assigning members to accounts, 293
built-in, 256
creating accounts, 292-293
defined, 256
domain, 256, 258
list of default user rights on member servers, 268-269
local policies
applying security-related Group Policy definitions, 170
changing template settings by using Security Templates snap-in, 173-174
local print devices, defined, 514
local print spoolers, 515
local profiles
assigning anew, 315
changing roaming profiles to, 315
changing to roaming profiles, 316
changing type, 315-316
copying or restoring, 314
copying to new accounts, 313-314
creating, 311-312
creating manually, 313
default location, 311
defined, 310
deleting, 315
managing by using System Utility, 312-316
setting for multiple user accounts, 323-324
local user accounts
creating, 289-291
defined, 254
LocalService user account, 260
LocalSystem user account, 260
lockout policies
configuring, 281-282
troubleshooting user accounts, 325
log files
accessing, 86
applications and services logs, 85, 86
archival formats, 92
archiving, 92-94
clearing, 92
for DHCP processes, 559-560
entry details, 88
event levels, 87
filtering, 88-90
printer events, 543
role in server monitoring, 95
setting options, 90-92
ways to use, 86-87
Windows logs, 85
writing events to system log, 66
logical Active Directory structures, 196
logical unit numbers. See LUNs (logical unit numbers)
logon failure auditing, 326
logon hours
configuring, 304-305
enforcing, 305
managing for multiple user accounts, 324
overview, 303-304
setting time window, 305
logon names
rules for, 275
schemes for, 276
logon rights
defined, 262
list for local groups on member servers, 268-269
list for users and groups, 266
list of built-in capabilities for groups in Active Directory, 266-268
list of default user rights for local groups on member servers, 268-269
overview, 266
logon scripts
creating, 302
defined, 299
overview, 301-302
lookups, DNS
forward, 595, 597-598, 599
reverse, 595-597, 599
LPD (Line Printer Daemon) service, 517
LGPOs. See Local Group Policy Objects (LGPOs)
LPR (Line Printer Remote) service, 26, 517
LUNs (logical unit numbers)
assigning, 395
configuring iSCSI SAN connections, 393-394
creating, 394-395
defined, 391
enabling Fibre Channel ports for, 393
extending, 395
mirrored, 391
simple, 391
spanned, 391
striped, 391
striped with parity, 392
M
mandatory profiles
creating, 312
overview, 310-311
as temporary, 311
master replication model, 9
member server, configuring Windows Server 2008 as, 9
memory. See also virtual memory
as common source of performance problems, 106
current process usage, 70
history graphs, 74-75
monitoring and tuning usage, 106-108
paged pool, 72
peak process usage, 72
statistics, 75
uncovering bottlenecks, 107-153
viewing system performance in Task Manager, 74
viewing usage statistics in Reliability And Performance console, 96
memory dumps, 66-67
Message Queuing, 26
Microsoft Management Console (MMC)
Active Directory administration tools, 215-216
Disk Management snap-in, 339-341, 344
Server Manager, 22
and Windows Firewall, 216
Microsoft\Windows log, 86
mirroring. See disk mirroring, RAID
MMC. See Microsoft Management Console (MMC)
modularization, 4
monitoring servers, 94-106
multicast scopes, 572-573
multimaster replication model, 9
Multipath I/O (MPIO), 26
multiple gateways, configuring, 511-512
multiple user accounts, managing, 322-325
MX-type DNS records, 602, 605-606
N
name registration, WINS, 16
name release, WINS, 16
name renewal, WINS, 16
name resolution
configuring on DNS clients, 588-590
Domain Name System (DNS), 13-15
Link-Local Multicast Name Resolution (LLMNR), 17-18
overview, 13
Windows Internet Name Service (WINS), 15-17
names
display names, 274-275
logon names, 275
schemes for logon names, 276
NAP (Network Access Protection), integrating DHCP and, 562-565
NAT (Network Address Translation), 506
NET command-line tools, 19
.NET Framework 3.0, 25
NETDOM tool, 233, 234-235
Network Access Protection (NAP), integrating DHCP and, 562-565
network adapters, viewing usage, 76-77
Network Address Translation (NAT), 506
Network And Sharing Center
accessing, 503
defined, 501
illustrated, 7, 504
installing and configuring TCP/IP networking, 507-512
network types, 8
overview, 7-8, 503-505
saving settings, 8
sharing and discovery configuration, 7
network-attached print devices
automatically detecting, 520
configuring printer properties, 536-542
defined, 515
deploying connections by using Group Policy, 528-532
and high-volume printing, 543
installing, 525-527
installing network-attached printers, 525-527
setting access permissions, 540-541
setting up user connections, 527-528
when to use, 543
Network Awareness, 502
Network Connection console
configuring via Initial Configuration Tasks console, 49
displaying in Server Manager, 52
Network Diagnostics, 502
Network Discovery feature
defined, 502
On and Off states, 503
network drives
connecting to, 432-433
disconnecting, 433-434
mapping, 433
Network Explorer
defined, 501
and discovery settings, 503
Network And Sharing Center, 7-8
Network File System. See Services for Network File System (NFS)
Network identity, 273
network interface cards (NICs), binding DHCP servers to specific IP addresses, 558-559
Network Load Balancing (NLB), 26
Network Map tool, 501, 504
Network Policy and Access Services (NPAS), 24
Network Printer Installation Wizard
automatically installing printers, 520
installing network-attached print devices, 525-527
installing physically attached print devices, 522-525
network usage
monitoring and tuning bandwidth and connectivity, 109-110
viewing statistics in Reliability And Performance console, 96
NetworkService user account, 260
New Multicast Scope Wizard, 572-573
New Object - Computer Wizard, 223-224
New Scope Wizard
creating normal scopes for IPv4 addresses, 567-570
creating normal scopes for IPv6 addresses, 570-571
New Simple Volume Wizard, 352-355
New Superscope Wizard, 566
NFS. See Services for Network File System (NFS)
NICs (network interface cards), binding DHCP servers to specific IP addresses, 558-559
NS-type DNS records, 602, 606-607
Ntdsutil tool
defined, 217
seizing operations master roles, 235
transferring operations master roles, 233
NTFS disk quotas
creating entries, 453-454
deleting entries, 454-455
disabling, 456
enabling, 451-452
exporting and importing settings, 455-456
list of policies, 449
overview, 447-448
setting policies, 449-451
viewing entries, 452-453
NTFS volumes
converting from FAT, 359-361
enabling printing, 542-543
saving disk quotas, 451-452
O
objects. See also Local Group Policy Objects (LGPOs)
auditing in Active Directory, 445-446
files and folders as, 434
inheritance, 436
list of objects, 434
overview, 434
ownership and trust, 434-435
printers as, 434
registry keys as, 434
services as, 434
shares as, 434
OCSP (Online Certificate Status Protocol) extensions, 506
office files, as screen group file type, 397
on-demand storage reports, 398
Online Certificate Status Protocol (OCSP) extensions, 506
operating systems. See also Windows Server 2008
automatic reboots, 66
bootable startup, 4
modularization, 4
multiple bootable, 65-66
restoring Windows Server 2008, 489-491
setting recovery options, 66
setting startup options, 65-66
operations master roles
configuring, 214
defined, 213
domain naming master, 213, 232
infrastructure master, 213
PDC master, 213
relative ID master, 213
schema master, 213, 232-233
seizing by using command line, 233-235
transferring by using command line, 233
viewing or changing location, 230-232
organizational units (OUs)
creating, 237
defined, 196
deleting, 237
moving, 237
overview, 200
renaming, 237
viewing and editing properties, 237
P
page faults, 71, 107
paged pool, 72, 108
paging file, 60-61
partitions, disk
changing, 352-355
creating during Windows Server 2008 installation, 40
deleting during Windows Server 2008 installation, 40, 41
deleting to change configuration, 359
extending during Windows Server 2008 installation, 40, 41-42
formatting during Windows Server 2008 installation, 40-41
formatting existing disks, 355-356
overview, 351-352
removing during Windows Server 2008 installation, 38-39
passwords
configuring policies, 279-281
for domain accounts, 276-277
overview, 276-277
for predefined user accounts, 261
vs. public certificates, 254
secure, 276-277
setting options for multiple user accounts, 325
setting user account security options, 308
pausing print jobs, 544-545
PDC emulator master, 213
PDCs (primary domain controllers), 230
PE 2.0. See Windows Preinstallation Environment
Peer Name Resolution Protocol (PNRP), 26
performance counters
choosing for monitoring, 98-100
collecting data, 102-104
configuring alerts, 105-106
creating and managing data collector sets, 101-102
data collector set overview, 100
Performance Monitor
choosing counters to monitor, 98-100
defined, 95
illustrated, 97
overview, 97
permissions
assigning to identities, 272-273
creating for files and folders, 437-439
overview, 437-439
setting and viewing for Active Directory objects, 327-328
setting for files and folders, 439-441
viewing in Windows Explorer, 436
physical Active Directory structures, 196
physical drives, 337-338
PING command, checking IP addresses, 509
PNRP (Peer Name Resolution Protocol), 26
Point And Print Restrictions, Group Policy, 530-532
Point-to-Point Tunneling Protocol (PPTP), 506
policy editors. See GPOE (Group Policy Object Editor); Group Policy Management Editor
port preservation for Teredo, 506
power options, 4
PowerShell. See Windows PowerShell
PPTP (Point-to-Point Tunneling Protocol), 506
pre-boot environment, 4
predefined groups, 262
predefined user accounts, 260-262
Preinstallation Environment, 4
primary domain controllers (PDCs), 230
primary groups, 295
print devices. See also network-attached print devices
creating multiple printer installations, 527
defined, 516
local, defined, 514
monitoring by using printer filters, 534-535
moving to new print server, 532-534
network-attached, installing, 525-527
network, defined, 515
overview, 514-515
pausing, 544-545
physically attached, installing and configuring, 521-525
role in printing process, 516
setting separator pages, 537-538
print jobs
auditing, 541-542
canceling, 545
defined, 516
error notification, 543
high-volume printing, 543
managing on local printers, 543-546
managing on remote printers, 543-546
pausing, 544-545
prioritizing, 538-540, 546
scheduling, 538-540, 546
viewing in print management window, 544
Print Management console
adding print servers to, 519-520
Autoinstall feature, 520
configuring printer properties, 536-542
illustrated, 518
installing and configuring physically attached print devices, 521-525
installing network-attached print devices, 525-527
managing print jobs on local and remote printers, 543-546
overview, 518-520
Printer Web Page tab, 519
removing print servers from, 519-520
print monitor, 516
print processors, 515
print queues
defined, 516
emptying, 545
monitoring by using printer filters, 534-535
viewing in print management window, 544
print routers, 516
print servers
adding to Print Management console, 519-520
configuring, 517
configuring properties, 542-543
managing print jobs, 543-546
moving printers to, 532-534
overview, 502
removing from Print Management console, 519-520
Print Services, 24, 517
Print Spooler service, 535
print spoolers
configuring spooling, 539-540
enabling spooling, 539
local, 515
locating Spool folder, 542
on print server, 516
troubleshooting, 535
print stack, 516
printer drivers
configuring for network clients, 537
and Group Policy Point And Print Restrictions, 530-532
managing, 536-537
overview, 515
updating, 516, 536-537
printer filters, 534-535
Printer Migration Wizard, 532-534
printer ports, changing, 538
printer sharing. See also network-attached print devices
enabling and disabling, 518
starting and stopping, 540
printers. See also print devices
installing, 520-532
as objects, 434
printing
from non-Windows applications, 542
overview, 515-516
prioritizing print jobs, 538-540, 546
private networks, defined, 8, 502
privileges
defined, 262
list for users and groups, 263-265
list of built-in capabilities for groups in Active Directory, 266-268
list of default user rights for local groups on member servers, 268-269
overview, 263
processes
administering in Task Manager, 70-72
background, 68
foreground, 68
Go To Process option, 70
interactive, 68
memory usage, 70, 72
multiple, 72
setting priorities, 71
System Idle Process, 72
thread usage, 72
product key, Windows Server 2008, 56
profile paths, 299
profiles. See local profiles
Proxy identity, 273
PTR-type DNS records, 602, 603-604
public certificates vs. passwords, 254
Public folder sharing, 411-414
public networks, defined, 8, 502
R
RAID (redundant array of independent disks)
breaking mirrored sets, 388
implementing on Windows Server 2008, 384-388
implementing RAID 0: disk striping, 384-385
implementing RAID 1: disk mirroring, 385-387
implementing RAID 5: disk striping with parity, 387-388
overview, 382-384
removing mirrored sets, 390
repairing mirrored sets, 388-389
repairing mirrored system volume to enable boot, 389-390
repairing striped sets with and without parity, 390-391
resynchronizing mirrored sets, 388-389
RDP. See Remote Desktop
read-only domain controllers (RODCs)
best use, 11
deploying, 194-195
installing DNS Server service on, 15
overview, 11
reboots, automatic, 66
recovery policies, 373-374
Recovery Wizard, 491
redirection. See folder redirection
redundant array of independent disks. See RAID (redundant array of independent disks)
registry
applying security-related Group Policy definitions, 170
auditing, 445
keys as objects, 434
viewing and changing policy template settings by using Security Templates snap-in, 176-178
relative ID master (RID), 213, 230
Reliability And Performance console
categories of resource usage statistics, 95-96
Data Collector Sets node, 101-104, 106
overview, 95
Performance Monitor, 95, 97, 98-100
Reliability Monitor, 95, 97-98
Reports node, 104-105
Reliability Monitor, 95, 97, 98
Remote Assistance, 26, 112
Remote Desktop
configuring via System Properties dialog box, 52
defined, 77
overview, 112
RDP file signing, 506
viewing and managing in Task Manager, 77-78
Remote Procedure Call (RPC) over HTTP Proxy, 26
Remote Server Administration Tools (RSAT), 26
removable storage devices, 340, 341-343
Removable Storage Manager (RSM), 26
Remove Features Wizard, 54
Remove Roles Wizard, 54
replication
and Active Directory, 211-212, 234
common tasks and commands, 249-250
troubleshooting Active Directory, 248-250
Replication Diagnostics Tool, 218
replication model, 9
reserving DHCP addresses, 578-579
Resource Manager disk quotas
creating, 460
defined, 446
list of templates, 457
managing templates, 458-460
overview, 456-458
resources
managing in shared folders, 426-427
monitoring and tuning CPU usage, 108
monitoring and tuning disk I/O, 109
monitoring and tuning memory usage, 106-108
monitoring and tuning network bandwidth and connectivity, 109-110
shared, searching for, 221-222
viewing usage statistics, 95-96
restartable Active Directory Domain Services, 11, 12-13
restarting printing, 545
restricted groups policies
applying security-related Group Policy definitions, 170
configuring policy settings by using Security Template snap-in, 174-175
Restricted identity, 273
Resultant Set of Policy (RSoP), 144
resuming printing, 545
reverse lookups, DNS, 595-597, 599
RID (relative ID master), 213, 230
Rights Management Services. See Active Directory Rights Management Services (ADRMS)
roaming profiles
changing type, 315-316
overview, 310
reasons to use, 310
RODCs. See read-only domain controllers (RODCs)
role services
adding by using Add Roles Wizard, 333-336
adding via Server Manager, 46
defined, 22
list of File Service roles for file servers, 332-333
list of primary roles, 23-25
removing in Server Manager, 46
viewing in Server Manager, 43, 46
Roles Summary, Server Manager, 54
rollback templates, 181-182
root domains, defined, 584
S
Safe mode, starting servers in, 486-488
SANs (storage area networks)
configuring iSCSI SAN connections, 393-394
Fibre Channel, 392-393
iSCSI, 392, 393-394
managing LUNs on, 391-395
scheduled storage reports, 398
scheduling print jobs, 538-540, 546
schema master, 213, 232-233
scopes, DHCP
activating, 576
creating and managing, 567-577
deactivating, 576
deleting exclusion ranges, 578
deleting reservations, 580
and IP addresses, 552
managing, 566-577
modifying, 575
modifying reservation properties, 580
multicast, 572-573
overview, 552
releasing reserved addresses, 579
removing, 576-577
reserving addresses, 578-579
setting exclusion ranges, 577-578
setting options, 573-574
superscopes, 566-567
viewing statistics, 577
script management
assigning scripts, 157-159
computer shutdown scripts, 156, 157-158
computer startup scripts, 156, 157-158
user logoff scripts, 156, 158-159
user logon scripts, 156, 158-159
SCSI. See iSCSI SANs
Secure Remote Access (SRA), 506
Secure Socket Tunneling Protocol (SSTP), 506
security
IE Enhanced Security Configuration, 53
running Security Configuration Wizard, 53, 184-190
setting and viewing Active Directory object permissions, 327-328
setting options for user accounts, 308-309
User Account Control (UAC), 4
Security Configuration And Analysis snap-in
applying security templates, 171-172
comparing template settings and current computer settings, 180
configuring, analyzing, and applying security templates, 179-182
limitations, 179
opening, 172
overview, 179
role of rollback templates, 181-182
Security Configuration Wizard
applying existing security policies, 189
creating security policies, 184-188
defined, 53
editing existing security policies, 188-189
overview, 184
rolling back last applied security policy, 189-190
security descriptors, 253
security groups, 256
security log, 85, 441
security permissions. See permissions
security policies
applying by using Security Configuration Wizard, 189
creating by using Security Configuration Wizard, 184-188
deploying to multiple computers, 190
editing by using Security Configuration Wizard, 188-189
rolling back last applied policy by using Security Configuration Wizard, 189-190
Security Configuration Wizard overview, 184
security templates
applying with Security Configuration And Analysis snap-in, 171-172
configuring, analyzing, and applying by using Security Configuration And Analysis snap-in, 179-182
creating with Security Templates snap-in, 171, 172
default, 171
deploying to multiple computers, 182-184
overview, 170-172
Security Templates snap-in
Account Policies node, 173-174
changing template policy settings, 173-174
configuring policy settings for restricted groups, 174-175
creating new templates, 171, 172
default templates, 171
enabling, disabling, and configuring system services, 175-176
File System node, 176-177
Local Policies node, 173-174
opening, 172
overview, 171
Registry node, 176-178
Restricted Groups node, 174-175
searching for templates, 172
System Services node, 175-176
seizing server roles, 233-235
Self-Healing NTFS, 363, 364
Self identity, 273
separator pages, 537-538
server clusters, defining in Storage Manager for SANs, 395
server features
adding by using Add Features Wizard, 50, 54
adding in Server Manager, 47
defined, 22
Features Summary, Server Manager, 54
list, 25-27
removing by using Remove Features Wizard, 54
removing in Server Manager, 47
viewing in Server Manager, 51
Server Manager
adding role services, 46
adding server features, 47
adding server roles, 43-45
command-line counterpart, 42
Disk Management snap-in, 339-341, 344
Features Summary, 54
illustrated, 43, 51, 52
vs. Initial Configuration Tasks console, 52
left pane nodes, 51
overview, 22, 42, 48
removing role services, 46
removing server features, 47
removing server roles, 45
right pane nodes, 52-54
Roles Summary, 54
Server Summary, 53
Services pane, 78-83
starting console, 51
vs. System utility, 48-49
viewing configured server roles, 42-43
viewing role services, 43, 46
server roles
adding by using Add Roles Wizard, 50, 54
adding File Services role to servers, 333-336
adding in Server Manager, 43-45, 50, 54
checking for new roles, 53
defined, 22
list, 23-25
removing by using Remove Roles Wizard, 54
removing in Server Manager, 45
Roles Summary, Server Manager, 54
viewing in Server Manager, 42-43, 51
Server Summary, Server Manager, 53
servers
member vs. domain controller vs. stand-alone, 9
monitoring, 94-106
role in configuring Windows Server 2008, 6
starting in Safe mode, 486-488
service accounts, 82
Service identity, 273
services, as objects, 434. See also Services pane, Server Manager
Services for Network File System (NFS)
adding to servers, 333-336, 416
configuring NFS sharing, 428-429
defined, 333
as role service for file servers, 333
Services pane, Server Manager
accessing, 78
configuring service logon, 81-82
configuring service recovery, 82-84
configuring service startup, 80
defined, 78
disabling unnecessary services, 84
illustrated, 79
key fields, 78-79
pausing services, 79-80
standard and extended views, 79
starting services, 79-80
stopping services, 79-80
setup log, 85
shadow copies
creating, 430-431
deleting, 432
disabling, 432
overview, 430
restoring, 431
reverting to previous, 431
Share And Storage Management console
adding to servers, 333-336
defined, 332
as role service for file servers, 332
viewing existing file shares, 415-416
shared folders
configuring shared permissions, 421-422
connecting to special shares, 424-425
creating, 417-419
creating shadow copies, 430-431
deleting shadow copies, 432
disabling shadow copies, 432
managing open resources, 426-427
managing sessions, 426
modifying shared permissions, 422-423
removing shared permissions, 423
restoring shadow copies, 431
reverting to previous shadow copies, 431
shadow copies overview, 430
shared permissions overview, 420
special shares overview, 423-424
stopping file and folder sharing, 427
tracking in Computer Management console, 425-426
viewing in Windows Explorer, 419
viewing shared permissions, 420-421
shares, as objects, 434
Simple Mail Transfer Protocol (SMTP) Services, 26
Simple Network Management Protocol (SNMP) Services, 27
Simple Start Menu, 7
Simple TCP/IP Services, 26
Single Sign-on feature, 252
sites
accessing, 201-202
advantages, 201
associating domain controllers with, 240-241
configuring links, 241-243
configuring site link bridges, 243-244
creating, 238-239
creating subnets, 239-240
defined, 196
examining inter-site topology, 246-248
overview, 201
renaming, 239
Sites And Services tool, Active Directory, 201-202, 215
Sites node, Group Policy Management Console (GPMC), 125
slow-link detection, 146-149
smart cards, 308
SOA (Start of Authority) records, modifying, 608-609
Software Installation policy
configuring, 160-161
configuring software deployment options, 162-163
deploying software throughout organization, 161-163
overview, 159-161
updating deployed software, 163-164
upgrading deployed software, 164-165
ways to deploy software, 160-161
spooler. See print spooler
SSTP. See Secure Socket Tunneling Protocol (SSTP)
stand-alone server, configuring Windows Server 2008 as, 9
Start Menu
Classic, 6
Simple, 7
Windows Server 2008 options, 6-7
Start of Authority (SOA) records, modifying, 608-609
starter GPOs, 131
Startup And Recovery dialog box, 65-67
static IP addresses
configuring manually, 508-510
defined, 508
IPv4 vs. IPv6 addresses, 508-509
on private networks, 509
statistics, performance, 75
storage, accessing drive management tools in Server Manager, 51. See also Share And Storage Management console
storage area networks. See SANs (storage area networks)
Storage Manager for SANs. See also SANs (storage area networks)
adding to server, 392
defined, 27
defining server clusters, 395
illustrated, 392
storage reports
configuring parameters, 402
generating on-demand, 409
incident, 398
list of standard reports, 398-399
on-demand, 398
overview, 398-399
scheduled, 398
scheduling, 408-409
striping. See disk striping, RAID
subnets
accessing, 201-202
creating, 239-240
defined, 196
overview, 201
Subsystem for UNIX-based Applications (SUA), 27
superscopes, 566-567
system environment variables, 300-301
system files, as screen group file type, 397
System identity, 273
System Idle Process, 72
system log, 66, 85
System Properties dialog box
Advanced tab, 58-67
- configuring application performance, 58-59
- configuring Data Execution Prevention, 61-63
- configuring environment variables, 63-64
- configuring graphic effects performance, 58
- configuring system startup and recovery, 65-67
configuring virtual memory, 59-61
Computer Name tab, 56-57
configuration options, 56-67
displaying in Server Manager, 52
Hardware tab, 57
Remote tab, 52, 67
System Resource Manager, 113
system services
applying security-related Group Policy definitions to policies, 170
enabling, disabling, and configuring by using Security Templates snap-in, 175-176
viewing in Task Manager, 73
system state, backing up and restoring, 488-489
System utility
managing local profiles, 312-316
managing system properties, 55-56
overview, 48-49
T
tape drives, as backup solution, 465
Task Manager
Applications tab, 69-70
Networking tab, 76-77
Performance tab, 74-75
Processes tab, 70-72
Services tab, 73
Users tab, 77-78
ways to access, 69
Task Scheduler, 112
TCP/IP networking
configuring, 508-512
as default WAN protocol, 8
installing, 506-508
TCP protocol, 8
templates. See also administrative templates; security templates
file screening, 396-397
rollback, 181-182
temporary files, as screen group file type, 397
Teredo technology, 506
Terminal Server User identity, 273
Terminal Services, 24, 77, 113
text files, as screen group file type, 397
thread count, 72
thread queuing, 108
time zones, setting, 49
TLS (Transport Layer Security), 506
Transaction NTFS, 363
Transport Layer Security (TLS), 506
trees, domain, 196, 198-199
troubleshooting
Active Directory, 248-250
DHCP processes, 559-560
disabled user accounts, 325-327
DNS server, 218
Group Policy, 150-151
logon problems, 325-327
print spoolers, 535
server performance, 94-106
U
UAC (User Account Control), 4
Universal Description Discovery Integration, 24
universal group membership caching, 210-211, 236
universal groups, 256-257, 258
universal serial bus (USB), 341-342, 343
Update Sequence Numbers (USNs), 234, 249
updating, enabling Windows automatic updating and feedback, 50
USB (universal serial bus), 341-342, 343
User Account Control (UAC), 4
user accounts
adding, 287-291
built-in accounts, 260
built-in capabilities, 263
capabilities, 262-265
configuring environment settings, 299-303
creating domain-type, 287-289
creating local-type, 289-291
default, 259-262
differences with group accounts, 253
domain vs. local, 254
list of capabilities that can be delegated, 270
list of logon rights, 266
list of privileges, 263-265
lockout problems, 325-327
managing logon hours, 303-305
multiple, configuring properties, 322-325
multiple, disabling, 322
multiple, enabling, 322
multiple, managing, 322-325
multiple, moving, 322
naming policies, 274-276
as objects, 327
overview, 251, 254-255
predefined, 260-262
and security identifiers, 254-255
security model, 251-253
setting contact information, 296-298
setting dial-in and VPN privileges, 306-308
setting options and restrictions, 303-309
setting permitted logon workstations, 305-306
setting security options, 308-309
setup and organization, 274-278
troubleshooting logon problems, 325-327
user domain or workgroup, 254
user name, 254
User Configuration node, Group Policy Management Editor, 126-127, 145
user logoff scripts
adding, 159
defined, 156
deleting, 159
editing, 159
repositioning, 159
ways to assign, 158
user logon scripts
adding, 159
defined, 156
deleting, 159
editing, 159
repositioning, 159
ways to assign, 158
user profiles
local, 310, 311, 312-316
managing, 309-316
mandatory, 310-311
overview, 309
roaming, 310
user rights
administering account policies, 284-287
configuring globally, 285-286
configuring locally, 286-287
list of defaults on member servers, 268-269
User-Specific Local Group Policy layer, LGPOs, 120, 122-123
Users And Computers tool, Active Directory
adding folders for organizational units, 219
advanced features, 219
Builtin folder, 219
Computers folder, 219
connecting to domain controllers, 220
connecting to domains, 221
creating computer accounts in, 223-224
defined, 215, 218
Domain Controllers folder, 219
ForeignSecurityPrincipals folder, 219
illustrated, 200, 219
managing computer accounts, 223-226
managing multiple user accounts, 322-325
organizational units in, 200
overview, 218-219
Saved Queries folder, 219
searching for accounts, 221-222
searching for directory objects, 221-222
searching for shared resources, 221-222
starting, 218
troubleshooting logon problems, 325-327
updating domain user and group accounts, 316-322
Users folder, 219
viewing or changing location of domain-wide roles, 230-232
USNs (Update Sequence Numbers), 234, 249
V
VDS (Virtual Disk Service), 392
video and audio files
file screen template, 397
as screen group file types, 397
Virtual Disk Service (VDS), 392
virtual memory, configuring, 59-61
Virtual Memory dialog box, 60-61
virtual private networks (VPNs), 306-308
Vista. See Windows Vista
volume sets
creating, 379-382
deleting, 382
overview, 377-379
volume status, 376, 377-379
volumes
changing labels, 358
converting from FAT to NTFS, 359-361
creating, 379-382
deleting, 382
deleting labels, 358
NTFS, saving disk quotas on, 451-452
overview, 376-377
resizing, 361-363
simple, 352-355
VPNs (virtual private networks), 306-308
W
Wbadmin backup utility
commands, 471-475
creating manual backups, 481-482
defined, 467
overview, 471
scheduling backups, 478-479, 480
WDS (Windows Deployment Services), 24, 113
Web page files, as screen group file type, 397
Web Server (IIS), 24
Windows 2000
and Active Directory, 202-203
and domain controllers, 199
domain functional levels, mixed mode, 203
domain functional levels, native mode, 204
Windows Aero enhancements, 4
Windows Defender, 112
Windows Deployment Services (WDS), 24, 113
Windows Domain Manager, 218
Windows Error Recovery mode, 488
Windows Error Reporting, 50
Windows Explorer, viewing shared folders in, 419
Windows Firewall
advanced security settings, 53
configuring, 7
overview, 113
and remote MMC administration, 216
Windows Internal Database, defined, 27
Windows Internet Name Service (WINS)
defined, 27
name registration, 16
name release, 16
name renewal, 16
name-resolution methods, 16-17
needed vs. not needed, 553, 554
overview, 15-16
session parts, 16
Windows logs
application log, 85
defined, 85
forwarded events log, 85
list, 85
security log, 85, 441
setup log, 85
system log, 85
Windows Network Diagnostics, opening from Network And Sharing Center, 505
Windows NT, 9, 195-196
Windows PowerShell
aliases for, 20
defined, 27
entering cmdlets, 20
installing, 19
log file, 86
obtaining latest version, 19
obtaining list of cmdlets, 20
Windows Preinstallation Environment, 4
Windows Process Activation Service, 27
Windows Recovery Environment, 27, 467, 489-491
Windows Script Host (WSH), 156
Windows Search Service
adding to servers, 333-336
defined, 333
installing, 336
as role service for file servers, 333
Windows Server 2003
and domain controllers, 199
domain functional levels, 204-205
File Services, 333-336
Windows Server 2008
activating, 56
backing up and restoring system state, 488-489
changes to Active Directory, 10-11
changing product key, 56
Control Panel utilities, 4
Datacenter Edition, 5, 6
deploying, 21-47
and domain controllers, 199
domain functional levels, 204, 205-206
Enterprise Edition, 5, 6
family of operating systems, 5-7
feature installation, 22
features in common with Windows Vista, 4-5
installation types, 21
installing, 30-42
list of primary features, 25-27
list of primary roles and role services, 23-25
networking tools, 7-9
performing full system recovery, 489-491
power options, 4
restartable Active Directory Domain Services, 11, 12-13
role of domains, 6
role of servers, 6
role of workgroups, 6
role services, 22
security model, 251-253
server roles, 22
servers vs. workgroups vs. domains, 6
Standard Edition, 5, 6
Start menu options, 6-7
utilities, 19-20
and Windows NT 4.0, 195-196
and Windows Vista, 4-5
Windows Server Backup
command-line alternative, 471-475
defined, 27
first-time use, 468-471
installing, 468
modifying or stopping scheduled backups, 479-480
performing server backups, 475-481
Recovery Wizard, 491-493
running manual backups, 483-484
Windows SharePoint Services, 25
Windows System Resource Manager (WSRM), 27
Windows Time, 113
Windows Update utility
accessing Driver Settings button, 57
displaying via Server Manager, 53
on Initial Configuration Tasks console, 50
Windows Vista
and Active Directory, 202-203
Control Panel utilities, 4
features in common with Windows Server 2008, 4-5
and Group Policy, 118, 173
and Windows Server 2008, 4-5
Windows Web Server 2008
and Active Server, 6
as member of Windows Server 2008 family of operating systems, 5, 6
overview, 5
Windows XP, and Active Directory, 202-203
WINS. See Windows Internet Name Service (WINS)
Wireless Networking, defined, 27
wizards. See also Add Roles Wizard; Network Printer Installation Wizard
Add Features Wizard, 50, 54
Add New Printer Filter Wizard, 534-535
Add Printer Wizard, 528
Backup Once Wizard, 483-484
Backup Schedule Wizard, 477-478
Create A Shared Folder Wizard, 416-419
defined, 19
Group Policy Results Wizard, 126
Initialize And Convert Disk Wizard, 344
New Multicast Scope Wizard, 572-573
New Scope Wizard, 567-571
New Simple Volume Wizard, 352-355
New Superscope Wizard, 566
Printer Migration Wizard, 532-534
Recovery Wizard, 491-493
Remove Features Wizard, 54
Remove Roles Wizard, 54
Security Configuration Wizard, 53, 184-190
workgroups
default assignment, 50
joining computers to, 56-57, 227-228
role in configuring Windows Server 2008, 6
workstations
permitted logon, 305-306, 324-325
recovery policies, 373-374
WSH (Windows Script Host), 156
Z
zone transfers, 609-611
zones
allowing and restricting transfers, 609-610
GlobalNames zone, 597-598
notifying secondary name servers of changes, 611-612
setting zone type, 612
updating properties, 608
© Microsoft. All Rights Reserved.