Index

Numbers | A | B | C | E | F | G | H | I | K | L | M | N | O | P | R | S | T | U | V | W | Z

Numbers

32-bit systems, 6

64-bit systems, 6

A

access control entries (ACEs), 253

access permissions

defined, 263

for network printers, 540-541

account policies

applying security-related Group Policy definitions, 170

changing template settings by using Security Templates snap-in, 173-174

configuring account lockout policies, 281-282, 325

configuring in Default Domain Policy GPO, 277-278

configuring kerberos policies, 283-284

configuring password policies, 279-281

configuring user rights policies, 284-287

accounts, used with services, 82

ACEs (access control entries), 253

Active Directory. See also domains

administration tools, 215-216

auditing objects, 445-446

command-line tools, 216-217

data store, 9, 11, 208-209

delegating privileges for Group Policy management, 132-133

directory structure overview, 208

and DNS forwarding, 615

and Domain Name System (DNS), 193-194

domains vs. DNS domains, 202

Group Policy overview, 123-124

integrating with Domain Name System (DNS), 14, 585-586

and Lightweight Directory Access Protocol (LDAP), 212

list of built-in capabilities for groups, 266-268

listing printers in, 536

logical structures, 196

maintaining, 245-248

management tools overview, 215-218

managing organizational units, 236-237

managing sites, 238-244

managing user contact information, 296-299

overview, 10, 193-195

physical structures, 196

relationship of Group Policy Management Console (GPMC) to, 126

replication issues, 211-212, 234

restoring, 12

searching for users and groups, 298-299

setting and viewing permissions for objects, 327-328

Sites And Services tool, 215

starting and stopping, 12

support tools, 217-218

troubleshooting, 248-250

user, group, and computer accounts as objects, 327

using with Windows 2000, Windows XP, and Windows Vista, 202-203

Windows Server 2008 changes, 10-11

and Windows Web Server 2008, 6

working with domains, 202-207

Active Directory Animation Tool, 218

Active Directory Certificate Services (AD CS), 10, 23

Active Directory Domain Services (AD DS)

Default Domain Controllers Policy GPO, 123, 124

Default Domain Policy GPO, 124

defined, 23, 193

fixing default Group Policy, 151

Group Policy, 123-124

installing and demoting domain controllers, 229-230

overview, 10

restartable, 11, 12-13

role services, 23

Active Directory Domains And Trusts

defined, 215

viewing or changing location of domain naming master role, 232

Active Directory Federation Services (AD FS)

and authentication protocols, 252

defined, 10, 23

Active Directory Lightweight Directory Services (AD LDS), 10, 23

Active Directory Rights Management Services (AD RMS), 11, 23

Active Directory Schema

schema master, defined, 213

viewing or changing location of schema master roles, 232-233

Active Directory Sites And Services tool, 201-202, 215

Active Directory Users And Computers tool

adding folders for organizational units, 219

advanced features, 219

Builtin folder, 219

Computers folder, 219

connecting to domain controllers, 220

connecting to domains, 221

creating computer accounts, 223-224

defined, 215

Domain Controllers folder, 219

ForeignSecurityPrincipals folder, 219

illustrated, 219

managing computer accounts, 223

managing multiple user accounts, 322-325

organizational units in, 200

overview, 218-219

Saved Queries folder, 219

searching for accounts, 221-222

searching for directory objects, 221-222

searching for shared resources, 221-222

starting, 218

troubleshooting logon problems, 325-327

updating domain user and group accounts, 316-322

Users folder, 219

viewing or changing location of domain-wide roles, 230-232

AD CS. See Active Directory Certificate Services (AD CS)

AD DS. See Active Directory Domain Services (AD DS)

AD FS. See Active Directory Federation Services (AD FS)

AD LDS. See Active Directory Lightweight Directory Services (AD LDS)

AD RMS. See Active Directory Rights Management Services (AD RMS)

Add Counters dialog box, 98-100

Add Features Wizard, 50, 54

Add New Printer Filter Wizard, 534-535

Add Printer Wizard, 528

Add Roles Wizard

adding File Services role, 333-336

adding Print Services role, 517

defined, 50, 54

installing and configuring DNS, 590-592

installing DHCP server components, 553-555

administrative templates, 127-129

Administrative Templates node, Group Policy Management Editor, 127-129

administrative wizards, defined, 19

Administrator account, 260-261

Administrators and Non-Administrators Local Group Policy layer, LGPOs, 120, 122-123

Administrators group, 271, 272

ADMX files, 118-119

ADPREP Active Directory command-line tool, 216

ADSI Edit tool, 218, 245-246

Advanced Boot menu, 488

Aero enhancements, 4

alternative IP addresses, configuring, 511

Anonymous Logon identity, 272

application log, defined, 85

Application Server, 23

applications

Go To Process option, 70

managing in Task Manager, 69-70

restoring data by using Recovery Wizard, 491-493

right-clicking listings in Task Manager, 70

starting in Task Manager, 69

stopping in Task Manager, 69

switching between in Task Manager, 69

applications and services logs

defined, 85

DFS Replication log, 86

Directory Service log, 86

DNS Server log, 86

File Replication Service log, 86

Hardware Events log, 86

list, 86

Microsoft\Windows log, 86

Windows PowerShell log, 86

archiving event logs, 92-94

audio and video files

file screen template, 397

as screen group file types, 397

auditing

Active Directory objects, 445-446

DHCP processes, 559-560

files and folders, 443-445

print jobs, 541-542

registry, 445

setting policies, 441-443

system resources, 441-446

troubleshooting logon failure, 326

authentication protocols, 251-252

Authentication Users identity, 272

autoloader tape systems, as backup solution, 465

automatic feedback, enabling, 50

automatic reboots, 66

Automatic Updates, as Group Policy

configuring, 166-167

defined, 166

optimizing, 167

overview, 111

specifying intranet update service locations, 168-169

and Windows Update feature, 167-168

automatic updating, enabling on Initial Configuration Tasks console, 50

B

Background Intelligent Transfer Service (BITS) Server Extensions, 25

background processes, defined, 68

backup files, as screen group file type, 397

Backup Once Wizard, 483-484

Backup Schedule Wizard, 477-478

backups. See also Wbadmin backup utility; Windows Server Backup

backing up DHCP database, 581

basic types of backup plans, 462-463

common solutions, 465-466

copy-type, 463

daily-type, 463

differential-type, 463-464

incremental-type, 463-464

manual, using Wbadmin utility, 481-482

manual, using Windows Server Backup, 483-484

questions to ask, 461-462

recovering servers from failure, 484-486

scheduled, using Wbadmin utility, 478-479, 480

scheduled, using Windows Server Backup, 475-480

selecting backup utility, 466-468

selecting devices, 464-466

selecting media, 466

Batch identity, 272

BitLocker Drive Encryption, 25, 112

BITS (Background Intelligent Transfer Service) Server Extensions, 25

bootable startup, 4

Bootstrap Protocol (BOOTP), 576

built-in groups, 262

built-in local groups, 256

built-in user accounts, 260

C

canceling print jobs, 545

CAPI2 (CryptoAPI Version 2), 506

CAs (certificate authorities), 165

catalogs, global

configuring, 235-236

overview, 209-210

central store, 129-130

certificate authorities, 165

certificate revocation lists (CRLs), 165

Certificate Services. See Active Directory Certificate Services (AD CS)

certificates. See digital certificates, automatically enrolling; encryption certificates

Check Disk utility, 364-366

Classic Start Menu, 6

CMAK (Connection Manager Administration Kit), 25

CNAME-type DNS records, 602, 604-605

command-line utilities. See also Ntdsutil tool

accessing during Windows Server 2008 installation, 34-38

Active Directory, 216-217

defined, 19

NET commands, 19

Server Manager counterpart, 42

Windows Server Backup alternative, 471-475

common code bases, 4

compressed files, as screen group file type, 397

computer accounts

creating in Active Directory Users And Computers, 223-224

creating on workstations or servers, 223

deleting, 225

disabling, 225

enabling, 225

joining computers to domains or workgroups, 56-57, 227-228

managing, 223-226

managing computers, 227

moving, 226-227

as objects, 327

resetting when locked, 225-226

viewing and editing properties, 224-225

Computer Configuration node, Group Policy Management Editor, 126-127, 145, 170

Computer Management console

Disk Management snap-in, 339-341, 344

tracking shared folders, 425-426

viewing existing file shares, 414-415

computer name, 50, 56-57

computer security. See security

computer shutdown scripts

assigning as part of group policy, 157-158

defined, 156

deleting, 158

editing, 158

computer startup scripts

assigning as part of group policy, 157-158

defined, 156

deleting, 158

editing, 158

Connection Manager Administration Kit (CMAK), 25

contact information, managing in Active Directory, 296-299

Control Panel

Classic view, 50

defined, 19

Windows Server 2008 vs. Windows Vista, 4

Windows Update utility, 50

core-server Windows Server 2008 installation

defined, 21

list of commands and utilities, 29-30

overview, 28-29

counters, performance

choosing for monitoring, 98-100

collecting data, 102-104

configuring alerts, 105-106

creating and managing data collector sets, 101-102

data collector set overview, 100

CPU usage

graphs, 74, 75

monitoring and tuning, 108

statistics, 75

viewing statistics in Reliability And Performance console, 95

Create A Shared Folder Wizard, 416-419

Creator Group identity, 272

Creator Owner identity, 273

CryptoAPI Version 2 (CAPI2), 506

D

data backup. See backups

data collector sets

collecting configuration data, 104

collecting performance counter data, 102-103

collecting performance trace data, 103-104

configuring alerts, 105-106

creating and managing, 101-102

illustrated, 101

overview, 100

viewing reports, 104-105

Data Execution Prevention (DEP)

application compatibility, 62-63

configuring, 62

overview, 61

using, 62-63

data store

defined, 9

overview, 208-209

read only Active Directory replica, 11

DCGPOFIX file, 151

Default Domain Controllers Policy GPO

defined, 123

fixing problems with, 151

overview, 124

Default Domain Policy GPO

configuring account policies in, 277-278

defined, 124

fixing problems with, 151

overview, 124

default group accounts, 271-273

defragmenting hard disk drives, 366-368

DEP (Data Execution Prevention)

application compatibility, 62-63

configuring, 62

overview, 61

using, 62-63

Desktop Experience, 25, 112

device drivers. See also printer drivers

configuring driver-signing settings, 57

loading during Windows Server 2008 installation, 39-40

and Windows Update Driver Settings button, 57

Device Manager, accessing via System Properties dialog box, 57

DFS Namespaces

adding to servers, 333-336

defined, 332

installing on servers, 334-335

as role service for file servers, 332

DFS Replication

adding to servers, 333-336

defined, 332

as role service for file servers, 332

DFS Replication log, 86

DHCP (Dynamic Host Configuration Protocol)

auditing, 559-560

authorizing servers in Active Directory, 558

backing up database, 581

configuring multiple gateways, 511

configuring servers, 558-566

connecting to remote servers, 557

defined, 23

and Domain Name System, 14, 15

installing server components, 553-555

integrating with Domain Name System, 560-562

integrating with Network Access Protection, 562-565

IPv4 addressing and configuration, 547-548, 552

IPv6 addressing and configuration, 548-551, 552, 554-555

managing scopes, 566-577

name-resolution method, 17

overview, 547

reconciling leases and reservations against database, 583

regenerating database, 582-583

reserving addresses, 578-579

restoring database from backup, 581-582

saving and restoring configuration, 565-566

scope overview, 552

starting and stopping servers, 557

starting and using console, 556-558

troubleshooting, 559-560

updating statistics, 559

DHCPv4 addressing and configuration, 547-548, 552

DHCPv6 addressing and configuration, 548-551, 552, 554-555

diagnostics, accessing tools in Server Manager, 51

Dial-Up identity, 273

digital audio tape (DAT) drives, as backup solution, 465

digital certificates, automatically enrolling, 165

directories. See also Active Directory; shared folders

auditing, 443-445

compressing and uncompressing, 368-370

decrypting, 374

encrypting, 372-373

as objects, 434

restoring by using Recovery Wizard, 491-493

Directory Service log, 86

Directory Services Access Control Lists utility, 218

disabled user accounts, troubleshooting, 325-327

disk-based backup systems, as backup solution, 465

disk drives. See hard disk drives

Disk Management snap-in, 339-341, 344

disk mirroring, RAID

breaking mirrored sets, 388

creating mirror sets, 386

defined, 383

implementing, 385-387

mirroring existing volumes, 386-387

removing mirrored sets, 390

repairing mirrored sets, 388-389

repairing mirrored system volume to enable boot, 389-390

resynchronizing mirrored sets, 388-389

disk partitions

changing, 352-355

creating during Windows Server 2008 installation, 40

deleting during Windows Server 2008 installation, 40, 41

deleting to change configuration, 359

extending during Windows Server 2008 installation, 40, 41-42

formatting during Windows Server 2008 installation, 40-41

formatting existing disks, 355-356

overview, 351-352

removing during Windows Server 2008 installation, 38-39

disk quotas

NTFS, 446-456

Resource Manager, 446, 456-460

disk striping, RAID

defined, 383

implementing, 384-385

with parity, 383, 387-388

regenerating striped sets, 390-391

repairing striped sets, 390

display names, 274-275

Distributed File System (DFS)

adding to servers, 333-336

defined, 332

as role service for file servers, 332

distribution groups, 256

Distributed File System Utility, 218

DNS. See Domain Name System (DNS)

DNS records

A-type, 602-603

AAAA-type, 602-603

CNAME-type, 602, 604-605

creating address records, 602-604

creating pointer records, 602-604

managing, 602-607

MX-type, 602, 605-606

NS-type, 602, 606-607

PTR-type, 602, 603-604

types, 602

updating, 607

viewing, 607

DNS Server Troubleshooting Tool, 218

DNS servers, defined, 23. See also Domain Name System (DNS)

domain accounts. See also user accounts

creating, 287-289

defined, 254

logon issues, 326-327

passwords for, 276-277

rules for display names, 275

Domain Admins group, 271, 272

domain controllers

associating sites with, 240-241

central store, 129-130

configuring refresh interval, 139-140

configuring site link bridges, 243-244

configuring Windows Server 2008 as, 9

and data store, 208-209

demoting, 229, 230

and Group Policy Management Console (GPMC), 126

installing, 212, 229, 230

multimaster replication model, 9

read-only, 11, 194-195

recovery policies, 373-374

replication issues, 211-212

and restartable Active Directory Domain Services, 11, 12-13

Windows version support, 199

domain forests. See forests

domain functional levels

available enhancements, 206

upgrading, 207

Windows 2000 mixed mode, 203

Windows 2000 native mode, 204

Windows Server 2003 mode, 204-205

Windows Server 2008 mode, 204, 205-206

domain local groups, 256, 258

Domain Name System (DNS)

and Active Directory, 193-194

adding remote servers to DNS console, 599

computer name issues, 56-57

configuration overview, 15

configuring name resolution on DNS clients, 588-590

configuring primary servers, 592-594

configuring reverse lookups, 595-597

configuring secondary servers, 595

controlling outside access, 613-615

creating child domains, 600-601

defined, 193

deleting domains and subnets, 601-602

domains vs. Active Directory domains, 202

dynamic DNS client updates, 612

enabling on networks, 586-588

and event logging, 615-616

full integration with Active Directory, 14, 585

hierarchy, 13-14

installing, 14-15

installing DNS servers, 590-598

integrating Active Directory with, 585-586

integrating DHCP with, 560-562

log file, 86

managing configuration and security, 613-617

managing DNS records, 602-607

managing DNS servers, 598-602

monitoring DNS servers, 616-617

overview, 13-15, 584-585

partial integration with Active Directory, 14, 585

removing remote servers to DNS console, 599

server role in DNS client name resolution, 588-590

setting up forwarding, 613-615

starting and stopping DNS servers, 599-600

domain naming master, 213, 232

domain networks, defined, 8, 502

Domain Services. See Active Directory Domain Services (AD DS)

domain trees, 196, 198-199

DomainDNSZones, 15

domains. See also Domain Name System (DNS)

Active Directory, 10, 193

changing information in System Properties dialog box, 50

defined, 196, 584

DNS vs. Active Directory, 202

and global catalogs, 209-210

joining computers to, 56-57, 227-228

logical Active Directory structures, 196

overview, 196-197

physical Active Directory structures, 196

replication issues, 211

role in configuring Windows Server 2008, 6

Domains node, Group Policy Management Console (GPMC), 125

drivers, device. See also printer drivers

configuring driver-signing settings, 57

loading during Windows Server 2008 installation, 39-40

and Windows Update Driver Settings button, 57

DSADD Active Directory command-line tool, 217

DSGET Active Directory command-line tool, 217

DSMOD Active Directory command-line tool, 217

DSMOVE Active Directory command-line tool, 217

DSQUERY Active Directory command-line tool, 217

DSRM Active Directory command-line tool, 217

dual booting, 375, 377, 384

dump files, writing debugging information to, 66-67

dynamic disks

vs. basic disks, 346-347

changing back to basic disks, 349

changing basic disks to, 348-349

changing drive types, 348-349

configuration, 340

defined, 346

moving to new systems, 350-351

overview, 346-347

reactivating, 349

volume advantages, 377

dynamic DNS updates, 612

Dynamic Host Configuration Protocol. See DHCP (Dynamic Host Configuration Protocol)

dynamic-link libraries (DLLs), 67

dynamic IP addresses, configuring, 510-511

E

e-mail files

file screen template, 397

as screen group file type, 397

editors, policy. See GPOE (Group Policy Object Editor); Group Policy Management Editor

EFS (Encrypting File System)

configuring recovery policy, 495-496

data recovery agents, 494-495

encryption certificate overview, 493-494

overview, 371-372

recovery system overview, 494-496

Encrypting File System. See EFS (Encrypting File System)

encryption, 309

encryption certificates

backing up, 496-497

overview, 493-494 recovering, 497

Enhanced Security Configuration (Internet Explorer), 53

Enterprise Admins group, 271, 272

enterprise CAs (certificate authorities), 165

Enterprise Domain Controllers identity, 273

environment settings, user, 299-303

environment variables

creating, 64

deleting, 64

editing, 64

overview, 63

system, 300-301

error reports, 50

event logs

accessing, 86

applications and services logs, 85, 86

applying security-related Group Policy definitions, 170

archival formats, 92

archiving, 92-94

changing template settings by using Security Templates snap-in, 173-174

clearing, 92

DNS, 615-616

entry details, 88

event levels, 87

filtering, 88-90

role in server monitoring, 95

setting options, 90-92

ways to use, 86-87

Windows logs, 85

writing events to system log, 66

Event Viewer

accessing, 86

clearing event logs, 92

filtering event logs, 88-90

setting event log options, 90-92

viewing event logs, 86-88

writing events to system log, 66

Everyone identity, 273

executable files

file screen template, 397

as screen group file type, 397

exFAT file system, 340-341

F

Failover Clustering, 25

Fax Server, 23

features. See server features

Features Summary, Server Manager, 54

Federation Services. See Active Directory Federation Services (AD FS)

feedback, enabling, 50

Fibre Channel SANs, 392-393

file handles, 71

File Replication Service (FRS)

adding to servers, 333-336

defined, 333

log file, 86

as role service for file servers, 333

file screening

active, 396

auditing, 403

creating screens, 407

defining exceptions, 407-408

exception paths, 398

list of templates, 396-397

managing file groups, 403-404

managing templates, 404-407

overview, 396-398

passive, 396

standard file groups, 397-398

File Server Resource Manager (FSRM). See also file screening; storage reports

adding to servers, 333-336

defined, 332

File Screening Management node, 399

global file resource options, 399, 400-403

illustrated, 399

installing, 335-336

managing file screening and storage reporting, 399-409

Quota Management node, 399

as role service for file servers, 332, 399

Storage Reports Management node, 399

File Services role

adding to servers, 333-336

defined, 24

list of services for file servers, 332-333

managing, 331-336

overview, 331-332

file sharing

creating shared folders, 417-419

Public folder sharing, 411-414

standard, 411, 414-419

standard vs. Public folder sharing, 411

viewing existing shares, 414-416

file system policies

applying security-related Group Policy definitions, 170

defining path security settings by using Security Templates snap-in, 178-179

viewing and changing path security settings by using Security Templates snap-in, 176-177

files. See also file sharing

auditing, 443-445

compressing and uncompressing, 368-370

decrypting, 374

encrypting, 372-373

as objects, 434

restoring by using Recovery Wizard, 491-493

filtering event logs, 88-90

filters, printer, 534-535

firewalls. See Windows Firewall

FireWire, 342-343

fixed disk drives. See hard disk drives

folder redirection

overview, 152

redirecting special folders based on group membership, 154-155

redirecting special folders to single location, 152-154

removing redirection from special folder, 155-156

updating, 116

folders. See also shared folders

auditing, 443-445

compressing and uncompressing, 368-370

decrypting, 374

encrypting, 372-373

as objects, 434

restoring by using Recovery Wizard, 491-493

foreground processes, defined, 68

ForeignSecurityPrincipals folder, 219

Forest node, Group Policy Management Console (GPMC), 125-126

ForestDNSZones, 15

forests

defined, 196

functional levels, 206, 207

operations master roles, 213-214

overview, 198-199

forward lookups, DNS, 595, 597-598, 599

forwarded events log, 85

forwarding, DNS, 613-615

FQDNs (fully qualified domain names), 14, 194, 254, 255

FSRM. See File Server Resource Manager (FSRM)

full-server Windows Server 2008 installation, defined, 21, 28

fully qualified domain names (FQDNs), 14, 194, 254, 255

G

gateways, configuring, 511-512

global catalogs

configuring, 235-236

overview, 209-210

global groups

configuring group membership, 293-295

creating accounts, 291-292

defined, 256, 258

Domain Admins, 271, 272

Enterprise Admins, 271, 272

Globally Unique Identifiers (GUIDs), 124

GlobalNames zone, 597-598

Go To Process option, 70

GPMC. See Group Policy Management Console (GPMC)

GPOE (Group Policy Object Editor), 118, 121-122

graphical administrative tools, defined, 19

graphics enhancements, Windows Server 2008, 58

graphs, performance, 74-75

group accounts

adding, 291-295

built-in capabilities, 263

built-in groups, 262

default, 271-273

differences with user accounts, 253, 255

global vs. local, 291

impact of scope on capabilities, 257

implicit groups, 262, 272-273

list of capabilities that can be delegated, 270

list of logon rights, 266

list of privileges, 263-265

managing individual membership, 294

managing multiple memberships collectively, 295

as objects, 327

overview, 251, 255-259

predefined groups, 262

scope of groups, 256-257

and security identifiers, 257-258

security model, 251-253

setting primary groups, 295

special identities, 262

types of groups, 256, 291

when to use, 258-259

Group Policy

Active Directory-based, 123-124

applying multiple policies, 115

applying security related definitions by using security templates, 170

automatically enrolling computer and user certificates, 165

changing policy processing preferences, 145-146

configuring account policies in Default Domain Policy GPO, 277-278

configuring Automatic Updates, 166-167

configuring slow-link detection, 146-149

creating objects, 130-131

defined, 114

deploying printer connections to computers and users, 528-532

deploying security policies to multiple computers, 190

deploying security templates to multiple computers, 182-184

deploying software through, 159-165

disabling, 144-145

and inheritance, 133-136

linking objects to Active Directory containers, 130-131

managing local group policies, 120-123

managing operating system automatic updates, 166-169

managing users and computers, 152-169

modeling for planning purposes, 140-142

navigating changes, 117-119

need for mastering, 113

network management policies, 505-506

overview, 114-115

Point And Print Restrictions, 530-532

refreshing, 137-140

requirements and version compatibility, 116-117

troubleshooting, 150-151

when to apply policies, 115-116

Group Policy Management console (GPMC)

backing up and restoring policy objects, 143-145

copying and pasting policy objects, 142-143

creating and using starter GPOs, 131

defined, 25, 216

delegating privileges, 132-133

deleting GPOs, 149

deploying printer connections to computers and users, 528-532

Domains node, 125

editing policy objects, 126-127

Forest node, 125-126

Group Policy Modeling node, 126, 140-142, 144

illustrated, 125

importing policy objects, 142-143

overview, 125-126

relationship to Active Directory, 126

removing links, 149

Sites node, 125

Group Policy Management Editor

Administrative Templates node, 127, 127-129

Computer Configuration node, 126-127, 145, 170

overview, 126-127

User Configuration node, 126-127, 145

Group Policy Modeling node, Group Policy Management Console (GPMC), 126, 140-142, 144

Group Policy Object Editor (GPOE), 118, 121-122

Group Policy Results Wizard, 126

groups

Administrators group, 271, 272

built-in, 262

distribution, 256

Domain Admins group, 271, 272

Enterprise Admins group, 271, 272

implicit, 262, 272-273

predefined, 262

security, 256

universal, 256-257, 258

used by Administrators, 271-272

Guest account, 261-262, 305

GUIDs (Globally Unique Identifiers), 124

H

hard disk drives. See also RAID (redundant array of independent disks)

adding, 337-345

assigning drive letters and paths, 357-358

as backup solution, 465

basic configuration, 340, 346, 347-349

changing volume labels, 358

comparing, 337-338

compressing, 368-371

converting FAT volumes to NTFS, 359-361

creating partitions, 352-355

creating simple volumes, 352-355

decrypting, 374

defragmenting, 366-368

deleting partitions, 359

deleting volume labels, 358

dynamic configuration, 340, 346-351

encrypting, 370-373

formatting partitions, 355-356

hot swapping, 343

loading drivers during Windows Server 2008 installation, 39-40

logical, deleting, 359

monitoring and tuning I/O, 109

moving dynamic disks to new systems, 350-351

new, installing, 343-344

partitioning overview, 351-352

physical, feature comparison, 337-338

physical, overview, 337-338

physical, preparing for use, 338-339

removable configuration, 340, 341-343

repairing disk errors and inconsistencies, 363-366

rescanning, 350

resizing volumes, 361-363

status options, 344-345

using volumes and volume sets, 375-385

viewing usage statistics in Reliability And Performance console, 96

hard disk partitions

changing, 352-355

creating during Windows Server 2008 installation, 40

deleting during Windows Server 2008 installation, 40, 41

deleting to change configuration, 359

extending during Windows Server 2008 installation, 40, 41-42

formatting during Windows Server 2008 installation, 40-41

formatting existing disks, 355-356

overview, 351-352

removing during Windows Server 2008 installation, 38-39

Hardware Events log, 86

hardware profiles, in Windows Server 2008, 57, 80

high-volume printing, 543

history graphs, 74-75

home directories, 299, 302-303

home folders, 299, 302-303

HOSTS file, 17

hot swapping hard disk drives, 343

HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer), 506

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS), 506

I

IA-64 computers, 6

identities, assigning permissions to, 272-273

image files, as screen group file type, 397

implicit groups, 262, 272-273

incident storage reports, 398

Indexing Service

adding to servers, 333-336

defined, 333

as role service for file servers, 333

when to install, 336

infrastructure master, 213

inheritance

and Group Policy, 133-136

by objects, 436

Initial Configuration Tasks console

illustrated, 49

overview, 49-51

vs. Server Manager console, 52

starting, 49

Initialize And Convert Disk Wizard, 344

installing new hard disk drives, 343-344

installing Windows Server 2008

clean installations, 31-33

core-server installations, 21, 28-30

creating disk partitions during installation, 40

deleting disk partitions during installation, 40, 41

extending disk partitions during installation, 40, 41-42

formatting disk partitions during installation, 40-41

full-server installations, 21, 28

installation types, 21

loading disk device drivers during installation, 39-40

performing administrative tasks during installation, 34-42

performing disk partition removal during installation, 38-39

upgrade installations, 33-34

using command line during installation, 34-38

Interactive identity, 273

interactive processes, defined, 68

Internet Explorer, configuring Enhanced Security Configuration, 53

Internet Printing Client, 26, 517

Internet Printing role service, 517

Internet SCSI SANs, 392, 393-394

Internet Storage Naming Server (ISNS), 26

intranet, specifying for Automatic Updates, 168-169

IP addresses

alternative, configuring, 511

avoiding conflicts, 565

checking assignments, 551

configuring multiple gateways, 511-512

dynamic, configuring, 510-511

enabling and disabling for DNS servers, 613

releasing after reserving, 579

reserving for clients, 578-579

and scopes, 552

static, checking addresses by using PING, 509

static, configuring manually, 508, 508-510

IP protocol. See IPv4 (Internet Protocol version 4); IPv6 (Internet Protocol version 6)

IPCONFIG command, 551

IPv4 (Internet Protocol version 4)

A-type DNS records, 602-603

avoiding address conflicts, 565

and Bootstrap Protocol, 576

checking address by using PING, 509

coexistence with IPv6, 506

configuring static address, 509-510

creating and managing superscopes, 566-567

creating normal scopes for addresses, 567-570

deleting exclusion range, 578

DHCPv4 addressing and configuration, 547-548, 552

overview, 8, 9

reserving addresses for clients, 578-579

and scopes, 552

setting exclusion range, 577-578

IPv6 (Internet Protocol version 6)

AAAA-type DNS records, 602-603

checking address by using PING, 509

coexistence with IPv4, 506

configuring static address, 509-510

creating normal scopes for addresses, 570-571

deleting exclusion range, 578

DHCPv6 addressing and configuration, 548-551, 552, 554-555

overview, 8, 9

reserving addresses for clients, 579

and scopes, 552

setting exclusion range, 577-578

iSCSI SANs, 392, 393-394

ISNS (Internet Storage Naming Server), 26

Itanium-based computers, 6

K

kerberos

configuring policies, 283-284

user account security options, 309

kernel

graph display, 75

memory dumps, 66-67

statistics, 75

L

Layer Two Tunneling Protocol/Internet Protocol Security (L2TP/IPSec), 506

LDAP (Lightweight Directory Access Protocol), 212. See also Active Directory Lightweight Directory Services (AD LDS)

leases, DHCP. See also reserving DHCP addresses

defined, 547

deleting, 580

and DHCP scopes, 552

planning duration, 568-569, 571

reconciling against DHCP database, 583

and reserved addresses, 579

Lightweight Directory Access Protocol (LDAP), 212. See also Active Directory Lightweight Directory Services (AD LDS)

Line Printer Daemon (LPD) service, 517

Line Printer Remote (LPR) service, 26, 517

Link-Local Multicast Name Resolution (LLMNR)

enabling and disabling, 18

how it works, 18

overview, 17-18

vs. WINS functionality, 553

LLMNR (Link-Local Multicast Name Resolution)

enabling and disabling, 18

how it works, 18

overview, 17-18

vs. WINS functionality, 553

LMHOSTS file, 17

local area connections

availability, 508

checking status, 513

enabling and disabling, 513

managing, 512-513

renaming, 513

Local Group Policy Objects (LGPOs)

accessing top-level local policy settings, 121

Administrators and Non-Administrators Local Group Policy layer, 120, 122-123

Local Group Policy layer, 120, 121-122

managing local group policies, 120-123

overview, 120-121

storing local group policies, 122

User-Specific Local Group Policy layer, 120, 122-123

local groups

Administrators group, 271, 272

assigning members to accounts, 293

built-in, 256

creating accounts, 292-293

defined, 256

domain, 256, 258

list of default user rights on member servers, 268-269

local policies

applying security-related Group Policy definitions, 170

changing template settings by using Security Templates snap-in, 173-174

local print devices, defined, 514

local print spoolers, 515

local profiles

assigning anew, 315

changing roaming profiles to, 315

changing to roaming profiles, 316

changing type, 315-316

copying or restoring, 314

copying to new accounts, 313-314

creating, 311-312

creating manually, 313

default location, 311

defined, 310

deleting, 315

managing by using System Utility, 312-316

setting for multiple user accounts, 323-324

local user accounts

creating, 289-291

defined, 254

LocalService user account, 260

LocalSystem user account, 260

lockout policies

configuring, 281-282

troubleshooting user accounts, 325

log files

accessing, 86

applications and services logs, 85, 86

archival formats, 92

archiving, 92-94

clearing, 92

for DHCP processes, 559-560

entry details, 88

event levels, 87

filtering, 88-90

printer events, 543

role in server monitoring, 95

setting options, 90-92

ways to use, 86-87

Windows logs, 85

writing events to system log, 66

logical Active Directory structures, 196

logical unit numbers. See LUNs (logical unit numbers)

logon failure auditing, 326

logon hours

configuring, 304-305

enforcing, 305

managing for multiple user accounts, 324

overview, 303-304

setting time window, 305

logon names

rules for, 275

schemes for, 276

logon rights

defined, 262

list for local groups on member servers, 268-269

list for users and groups, 266

list of built-in capabilities for groups in Active Directory, 266-268

list of default user rights for local groups on member servers, 268-269

overview, 266

logon scripts

creating, 302

defined, 299

overview, 301-302

lookups, DNS

forward, 595, 597-598, 599

reverse, 595-597, 599

LPD (Line Printer Daemon) service, 517

LGPOs. See Local Group Policy Objects (LGPOs)

LPR (Line Printer Remote) service, 26, 517

LUNs (logical unit numbers)

assigning, 395

configuring iSCSI SAN connections, 393-394

creating, 394-395

defined, 391

enabling Fibre Channel ports for, 393

extending, 395

mirrored, 391

simple, 391

spanned, 391

striped, 391

striped with parity, 392

M

mandatory profiles

creating, 312

overview, 310-311

as temporary, 311

master replication model, 9

member server, configuring Windows Server 2008 as, 9

memory. See also virtual memory

as common source of performance problems, 106

current process usage, 70

history graphs, 74-75

monitoring and tuning usage, 106-108

paged pool, 72

peak process usage, 72

statistics, 75

uncovering bottlenecks, 107-153

viewing system performance in Task Manager, 74

viewing usage statistics in Reliability And Performance console, 96

memory dumps, 66-67

Message Queuing, 26

Microsoft Management Console (MMC)

Active Directory administration tools, 215-216

Disk Management snap-in, 339-341, 344

Server Manager, 22

and Windows Firewall, 216

Microsoft\Windows log, 86

mirroring. See disk mirroring, RAID

MMC. See Microsoft Management Console (MMC)

modularization, 4

monitoring servers, 94-106

multicast scopes, 572-573

multimaster replication model, 9

Multipath I/O (MPIO), 26

multiple gateways, configuring, 511-512

multiple user accounts, managing, 322-325

MX-type DNS records, 602, 605-606

N

name registration, WINS, 16

name release, WINS, 16

name renewal, WINS, 16

name resolution

configuring on DNS clients, 588-590

Domain Name System (DNS), 13-15

Link-Local Multicast Name Resolution (LLMNR), 17-18

overview, 13

Windows Internet Name Service (WINS), 15-17

names

display names, 274-275

logon names, 275

schemes for logon names, 276

NAP (Network Access Protection), integrating DHCP and, 562-565

NAT (Network Address Translation), 506

NET command-line tools, 19

.NET Framework 3.0, 25

NETDOM tool, 233, 234-235

Network Access Protection (NAP), integrating DHCP and, 562-565

network adapters, viewing usage, 76-77

Network Address Translation (NAT), 506

Network And Sharing Center

accessing, 503

defined, 501

illustrated, 7, 504

installing and configuring TCP/IP networking, 507-512

network types, 8

overview, 7-8, 503-505

saving settings, 8

sharing and discovery configuration, 7

network-attached print devices

automatically detecting, 520

configuring printer properties, 536-542

defined, 515

deploying connections by using Group Policy, 528-532

and high-volume printing, 543

installing, 525-527

installing network-attached printers, 525-527

setting access permissions, 540-541

setting up user connections, 527-528

when to use, 543

Network Awareness, 502

Network Connection console

configuring via Initial Configuration Tasks console, 49

displaying in Server Manager, 52

Network Diagnostics, 502

Network Discovery feature

defined, 502

On and Off states, 503

network drives

connecting to, 432-433

disconnecting, 433-434

mapping, 433

Network Explorer

defined, 501

and discovery settings, 503

Network And Sharing Center, 7-8

Network File System. See Services for Network File System (NFS)

Network identity, 273

network interface cards (NICs), binding DHCP servers to specific IP addresses, 558-559

Network Load Balancing (NLB), 26

Network Map tool, 501, 504

Network Policy and Access Services (NPAS), 24

Network Printer Installation Wizard

automatically installing printers, 520

installing network-attached print devices, 525-527

installing physically attached print devices, 522-525

network usage

monitoring and tuning bandwidth and connectivity, 109-110

viewing statistics in Reliability And Performance console, 96

NetworkService user account, 260

New Multicast Scope Wizard, 572-573

New Object - Computer Wizard, 223-224

New Scope Wizard

creating normal scopes for IPv4 addresses, 567-570

creating normal scopes for IPv6 addresses, 570-571

New Simple Volume Wizard, 352-355

New Superscope Wizard, 566

NFS. See Services for Network File System (NFS)

NICs (network interface cards), binding DHCP servers to specific IP addresses, 558-559

NS-type DNS records, 602, 606-607

Ntdsutil tool

defined, 217

seizing operations master roles, 235

transferring operations master roles, 233

NTFS disk quotas

creating entries, 453-454

deleting entries, 454-455

disabling, 456

enabling, 451-452

exporting and importing settings, 455-456

list of policies, 449

overview, 447-448

setting policies, 449-451

viewing entries, 452-453

NTFS volumes

converting from FAT, 359-361

enabling printing, 542-543

saving disk quotas, 451-452

O

objects. See also Local Group Policy Objects (LGPOs)

auditing in Active Directory, 445-446

files and folders as, 434

inheritance, 436

list of objects, 434

overview, 434

ownership and trust, 434-435

printers as, 434

registry keys as, 434

services as, 434

shares as, 434

OCSP (Online Certificate Status Protocol) extensions, 506

office files, as screen group file type, 397

on-demand storage reports, 398

Online Certificate Status Protocol (OCSP) extensions, 506

operating systems. See also Windows Server 2008

automatic reboots, 66

bootable startup, 4

modularization, 4

multiple bootable, 65-66

restoring Windows Server 2008, 489-491

setting recovery options, 66

setting startup options, 65-66

operations master roles

configuring, 214

defined, 213

domain naming master, 213, 232

infrastructure master, 213

PDC master, 213

relative ID master, 213

schema master, 213, 232-233

seizing by using command line, 233-235

transferring by using command line, 233

viewing or changing location, 230-232

organizational units (OUs)

creating, 237

defined, 196

deleting, 237

moving, 237

overview, 200

renaming, 237

viewing and editing properties, 237

P

page faults, 71, 107

paged pool, 72, 108

paging file, 60-61

partitions, disk

changing, 352-355

creating during Windows Server 2008 installation, 40

deleting during Windows Server 2008 installation, 40, 41

deleting to change configuration, 359

extending during Windows Server 2008 installation, 40, 41-42

formatting during Windows Server 2008 installation, 40-41

formatting existing disks, 355-356

overview, 351-352

removing during Windows Server 2008 installation, 38-39

passwords

configuring policies, 279-281

for domain accounts, 276-277

overview, 276-277

for predefined user accounts, 261

vs. public certificates, 254

secure, 276-277

setting options for multiple user accounts, 325

setting user account security options, 308

pausing print jobs, 544-545

PDC emulator master, 213

PDCs (primary domain controllers), 230

PE 2.0. See Windows Preinstallation Environment

Peer Name Resolution Protocol (PNRP), 26

performance counters

choosing for monitoring, 98-100

collecting data, 102-104

configuring alerts, 105-106

creating and managing data collector sets, 101-102

data collector set overview, 100

Performance Monitor

choosing counters to monitor, 98-100

defined, 95

illustrated, 97

overview, 97

permissions

assigning to identities, 272-273

creating for files and folders, 437-439

overview, 437-439

setting and viewing for Active Directory objects, 327-328

setting for files and folders, 439-441

viewing in Windows Explorer, 436

physical Active Directory structures, 196

physical drives, 337-338

PING command, checking IP addresses, 509

PNRP (Peer Name Resolution Protocol), 26

Point And Print Restrictions, Group Policy, 530-532

Point-to-Point Tunneling Protocol (PPTP), 506

policy editors. See GPOE (Group Policy Object Editor); Group Policy Management Editor

port preservation for Teredo, 506

power options, 4

PowerShell. See Windows PowerShell

PPTP (Point-to-Point Tunneling Protocol), 506

pre-boot environment, 4

predefined groups, 262

predefined user accounts, 260-262

Preinstallation Environment, 4

primary domain controllers (PDCs), 230

primary groups, 295

print devices. See also network-attached print devices

creating multiple printer installations, 527

defined, 516

local, defined, 514

monitoring by using printer filters, 534-535

moving to new print server, 532-534

network-attached, installing, 525-527

network, defined, 515

overview, 514-515

pausing, 544-545

physically attached, installing and configuring, 521-525

role in printing process, 516

setting separator pages, 537-538

print jobs

auditing, 541-542

canceling, 545

defined, 516

error notification, 543

high-volume printing, 543

managing on local printers, 543-546

managing on remote printers, 543-546

pausing, 544-545

prioritizing, 538-540, 546

scheduling, 538-540, 546

viewing in print management window, 544

Print Management console

adding print servers to, 519-520

Autoinstall feature, 520

configuring printer properties, 536-542

illustrated, 518

installing and configuring physically attached print devices, 521-525

installing network-attached print devices, 525-527

managing print jobs on local and remote printers, 543-546

overview, 518-520

Printer Web Page tab, 519

removing print servers from, 519-520

print monitor, 516

print processors, 515

print queues

defined, 516

emptying, 545

monitoring by using printer filters, 534-535

viewing in print management window, 544

print routers, 516

print servers

adding to Print Management console, 519-520

configuring, 517

configuring properties, 542-543

managing print jobs, 543-546

moving printers to, 532-534

overview, 502

removing from Print Management console, 519-520

Print Services, 24, 517

Print Spooler service, 535

print spoolers

configuring spooling, 539-540

enabling spooling, 539

local, 515

locating Spool folder, 542

on print server, 516

troubleshooting, 535

print stack, 516

printer drivers

configuring for network clients, 537

and Group Policy Point And Print Restrictions, 530-532

managing, 536-537

overview, 515

updating, 516, 536-537

printer filters, 534-535

Printer Migration Wizard, 532-534

printer ports, changing, 538

printer sharing. See also network-attached print devices

enabling and disabling, 518

starting and stopping, 540

printers. See also print devices

installing, 520-532

as objects, 434

printing

from non-Windows applications, 542

overview, 515-516

prioritizing print jobs, 538-540, 546

private networks, defined, 8, 502

privileges

defined, 262

list for users and groups, 263-265

list of built-in capabilities for groups in Active Directory, 266-268

list of default user rights for local groups on member servers, 268-269

overview, 263

processes

administering in Task Manager, 70-72

background, 68

foreground, 68

Go To Process option, 70

interactive, 68

memory usage, 70, 72

multiple, 72

setting priorities, 71

System Idle Process, 72

thread usage, 72

product key, Windows Server 2008, 56

profile paths, 299

profiles. See local profiles

Proxy identity, 273

PTR-type DNS records, 602, 603-604

public certificates vs. passwords, 254

Public folder sharing, 411-414

public networks, defined, 8, 502

R

RAID (redundant array of independent disks)

breaking mirrored sets, 388

implementing on Windows Server 2008, 384-388

implementing RAID 0: disk striping, 384-385

implementing RAID 1: disk mirroring, 385-387

implementing RAID 5: disk striping with parity, 387-388

overview, 382-384

removing mirrored sets, 390

repairing mirrored sets, 388-389

repairing mirrored system volume to enable boot, 389-390

repairing striped sets with and without parity, 390-391

resynchronizing mirrored sets, 388-389

RDP. See Remote Desktop

read-only domain controllers (RODCs)

best use, 11

deploying, 194-195

installing DNS Server service on, 15

overview, 11

reboots, automatic, 66

recovery policies, 373-374

Recovery Wizard, 491

redirection. See folder redirection

redundant array of independent disks. See RAID (redundant array of independent disks)

registry

applying security-related Group Policy definitions, 170

auditing, 445

keys as objects, 434

viewing and changing policy template settings by using Security Templates snap-in, 176-178

relative ID master (RID), 213, 230

Reliability And Performance console

categories of resource usage statistics, 95-96

Data Collector Sets node, 101-104, 106

overview, 95

Performance Monitor, 95, 97, 98-100

Reliability Monitor, 95, 97-98

Reports node, 104-105

Reliability Monitor, 95, 97, 98

Remote Assistance, 26, 112

Remote Desktop

configuring via System Properties dialog box, 52

defined, 77

overview, 112

RDP file signing, 506

viewing and managing in Task Manager, 77-78

Remote Procedure Call (RPC) over HTTP Proxy, 26

Remote Server Administration Tools (RSAT), 26

removable storage devices, 340, 341-343

Removable Storage Manager (RSM), 26

Remove Features Wizard, 54

Remove Roles Wizard, 54

replication

and Active Directory, 211-212, 234

common tasks and commands, 249-250

troubleshooting Active Directory, 248-250

Replication Diagnostics Tool, 218

replication model, 9

reserving DHCP addresses, 578-579

Resource Manager disk quotas

creating, 460

defined, 446

list of templates, 457

managing templates, 458-460

overview, 456-458

resources

managing in shared folders, 426-427

monitoring and tuning CPU usage, 108

monitoring and tuning disk I/O, 109

monitoring and tuning memory usage, 106-108

monitoring and tuning network bandwidth and connectivity, 109-110

shared, searching for, 221-222

viewing usage statistics, 95-96

restartable Active Directory Domain Services, 11, 12-13

restarting printing, 545

restricted groups policies

applying security-related Group Policy definitions, 170

configuring policy settings by using Security Template snap-in, 174-175

Restricted identity, 273

Resultant Set of Policy (RSoP), 144

resuming printing, 545

reverse lookups, DNS, 595-597, 599

RID (relative ID master), 213, 230

Rights Management Services. See Active Directory Rights Management Services (ADRMS)

roaming profiles

changing type, 315-316

overview, 310

reasons to use, 310

RODCs. See read-only domain controllers (RODCs)

role services

adding by using Add Roles Wizard, 333-336

adding via Server Manager, 46

defined, 22

list of File Service roles for file servers, 332-333

list of primary roles, 23-25

removing in Server Manager, 46

viewing in Server Manager, 43, 46

Roles Summary, Server Manager, 54

rollback templates, 181-182

root domains, defined, 584

S

Safe mode, starting servers in, 486-488

SANs (storage area networks)

configuring iSCSI SAN connections, 393-394

Fibre Channel, 392-393

iSCSI, 392, 393-394

managing LUNs on, 391-395

scheduled storage reports, 398

scheduling print jobs, 538-540, 546

schema master, 213, 232-233

scopes, DHCP

activating, 576

creating and managing, 567-577

deactivating, 576

deleting exclusion ranges, 578

deleting reservations, 580

and IP addresses, 552

managing, 566-577

modifying, 575

modifying reservation properties, 580

multicast, 572-573

overview, 552

releasing reserved addresses, 579

removing, 576-577

reserving addresses, 578-579

setting exclusion ranges, 577-578

setting options, 573-574

superscopes, 566-567

viewing statistics, 577

script management

assigning scripts, 157-159

computer shutdown scripts, 156, 157-158

computer startup scripts, 156, 157-158

user logoff scripts, 156, 158-159

user logon scripts, 156, 158-159

SCSI. See iSCSI SANs

Secure Remote Access (SRA), 506

Secure Socket Tunneling Protocol (SSTP), 506

security

IE Enhanced Security Configuration, 53

running Security Configuration Wizard, 53, 184-190

setting and viewing Active Directory object permissions, 327-328

setting options for user accounts, 308-309

User Account Control (UAC), 4

Security Configuration And Analysis snap-in

applying security templates, 171-172

comparing template settings and current computer settings, 180

configuring, analyzing, and applying security templates, 179-182

limitations, 179

opening, 172

overview, 179

role of rollback templates, 181-182

Security Configuration Wizard

applying existing security policies, 189

creating security policies, 184-188

defined, 53

editing existing security policies, 188-189

overview, 184

rolling back last applied security policy, 189-190

security descriptors, 253

security groups, 256

security log, 85, 441

security permissions. See permissions

security policies

applying by using Security Configuration Wizard, 189

creating by using Security Configuration Wizard, 184-188

deploying to multiple computers, 190

editing by using Security Configuration Wizard, 188-189

rolling back last applied policy by using Security Configuration Wizard, 189-190

Security Configuration Wizard overview, 184

security templates

applying with Security Configuration And Analysis snap-in, 171-172

configuring, analyzing, and applying by using Security Configuration And Analysis snap-in, 179-182

creating with Security Templates snap-in, 171, 172

default, 171

deploying to multiple computers, 182-184

overview, 170-172

Security Templates snap-in

Account Policies node, 173-174

changing template policy settings, 173-174

configuring policy settings for restricted groups, 174-175

creating new templates, 171, 172

default templates, 171

enabling, disabling, and configuring system services, 175-176

File System node, 176-177

Local Policies node, 173-174

opening, 172

overview, 171

Registry node, 176-178

Restricted Groups node, 174-175

searching for templates, 172

System Services node, 175-176

seizing server roles, 233-235

Self-Healing NTFS, 363, 364

Self identity, 273

separator pages, 537-538

server clusters, defining in Storage Manager for SANs, 395

server features

adding by using Add Features Wizard, 50, 54

adding in Server Manager, 47

defined, 22

Features Summary, Server Manager, 54

list, 25-27

removing by using Remove Features Wizard, 54

removing in Server Manager, 47

viewing in Server Manager, 51

Server Manager

adding role services, 46

adding server features, 47

adding server roles, 43-45

command-line counterpart, 42

Disk Management snap-in, 339-341, 344

Features Summary, 54

illustrated, 43, 51, 52

vs. Initial Configuration Tasks console, 52

left pane nodes, 51

overview, 22, 42, 48

removing role services, 46

removing server features, 47

removing server roles, 45

right pane nodes, 52-54

Roles Summary, 54

Server Summary, 53

Services pane, 78-83

starting console, 51

vs. System utility, 48-49

viewing configured server roles, 42-43

viewing role services, 43, 46

server roles

adding by using Add Roles Wizard, 50, 54

adding File Services role to servers, 333-336

adding in Server Manager, 43-45, 50, 54

checking for new roles, 53

defined, 22

list, 23-25

removing by using Remove Roles Wizard, 54

removing in Server Manager, 45

Roles Summary, Server Manager, 54

viewing in Server Manager, 42-43, 51

Server Summary, Server Manager, 53

servers

member vs. domain controller vs. stand-alone, 9

monitoring, 94-106

role in configuring Windows Server 2008, 6

starting in Safe mode, 486-488

service accounts, 82

Service identity, 273

services, as objects, 434. See also Services pane, Server Manager

Services for Network File System (NFS)

adding to servers, 333-336, 416

configuring NFS sharing, 428-429

defined, 333

as role service for file servers, 333

Services pane, Server Manager

accessing, 78

configuring service logon, 81-82

configuring service recovery, 82-84

configuring service startup, 80

defined, 78

disabling unnecessary services, 84

illustrated, 79

key fields, 78-79

pausing services, 79-80

standard and extended views, 79

starting services, 79-80

stopping services, 79-80

setup log, 85

shadow copies

creating, 430-431

deleting, 432

disabling, 432

overview, 430

restoring, 431

reverting to previous, 431

Share And Storage Management console

adding to servers, 333-336

defined, 332

as role service for file servers, 332

viewing existing file shares, 415-416

shared folders

configuring shared permissions, 421-422

connecting to special shares, 424-425

creating, 417-419

creating shadow copies, 430-431

deleting shadow copies, 432

disabling shadow copies, 432

managing open resources, 426-427

managing sessions, 426

modifying shared permissions, 422-423

removing shared permissions, 423

restoring shadow copies, 431

reverting to previous shadow copies, 431

shadow copies overview, 430

shared permissions overview, 420

special shares overview, 423-424

stopping file and folder sharing, 427

tracking in Computer Management console, 425-426

viewing in Windows Explorer, 419

viewing shared permissions, 420-421

shares, as objects, 434

Simple Mail Transfer Protocol (SMTP) Services, 26

Simple Network Management Protocol (SNMP) Services, 27

Simple Start Menu, 7

Simple TCP/IP Services, 26

Single Sign-on feature, 252

sites

accessing, 201-202

advantages, 201

associating domain controllers with, 240-241

configuring links, 241-243

configuring site link bridges, 243-244

creating, 238-239

creating subnets, 239-240

defined, 196

examining inter-site topology, 246-248

overview, 201

renaming, 239

Sites And Services tool, Active Directory, 201-202, 215

Sites node, Group Policy Management Console (GPMC), 125

slow-link detection, 146-149

smart cards, 308

SOA (Start of Authority) records, modifying, 608-609

Software Installation policy

configuring, 160-161

configuring software deployment options, 162-163

deploying software throughout organization, 161-163

overview, 159-161

updating deployed software, 163-164

upgrading deployed software, 164-165

ways to deploy software, 160-161

spooler. See print spooler

SSTP. See Secure Socket Tunneling Protocol (SSTP)

stand-alone server, configuring Windows Server 2008 as, 9

Start Menu

Classic, 6

Simple, 7

Windows Server 2008 options, 6-7

Start of Authority (SOA) records, modifying, 608-609

starter GPOs, 131

Startup And Recovery dialog box, 65-67

static IP addresses

configuring manually, 508-510

defined, 508

IPv4 vs. IPv6 addresses, 508-509

on private networks, 509

statistics, performance, 75

storage, accessing drive management tools in Server Manager, 51. See also Share And Storage Management console

storage area networks. See SANs (storage area networks)

Storage Manager for SANs. See also SANs (storage area networks)

adding to server, 392

defined, 27

defining server clusters, 395

illustrated, 392

storage reports

configuring parameters, 402

generating on-demand, 409

incident, 398

list of standard reports, 398-399

on-demand, 398

overview, 398-399

scheduled, 398

scheduling, 408-409

striping. See disk striping, RAID

subnets

accessing, 201-202

creating, 239-240

defined, 196

overview, 201

Subsystem for UNIX-based Applications (SUA), 27

superscopes, 566-567

system environment variables, 300-301

system files, as screen group file type, 397

System identity, 273

System Idle Process, 72

system log, 66, 85

System Properties dialog box

Advanced tab, 58-67

- configuring application performance, 58-59

- configuring Data Execution Prevention, 61-63

- configuring environment variables, 63-64

- configuring graphic effects performance, 58

- configuring system startup and recovery, 65-67

configuring virtual memory, 59-61

Computer Name tab, 56-57

configuration options, 56-67

displaying in Server Manager, 52

Hardware tab, 57

Remote tab, 52, 67

System Resource Manager, 113

system services

applying security-related Group Policy definitions to policies, 170

enabling, disabling, and configuring by using Security Templates snap-in, 175-176

viewing in Task Manager, 73

system state, backing up and restoring, 488-489

System utility

managing local profiles, 312-316

managing system properties, 55-56

overview, 48-49

T

tape drives, as backup solution, 465

Task Manager

Applications tab, 69-70

Networking tab, 76-77

Performance tab, 74-75

Processes tab, 70-72

Services tab, 73

Users tab, 77-78

ways to access, 69

Task Scheduler, 112

TCP/IP networking

configuring, 508-512

as default WAN protocol, 8

installing, 506-508

TCP protocol, 8

templates. See also administrative templates; security templates

file screening, 396-397

rollback, 181-182

temporary files, as screen group file type, 397

Teredo technology, 506

Terminal Server User identity, 273

Terminal Services, 24, 77, 113

text files, as screen group file type, 397

thread count, 72

thread queuing, 108

time zones, setting, 49

TLS (Transport Layer Security), 506

Transaction NTFS, 363

Transport Layer Security (TLS), 506

trees, domain, 196, 198-199

troubleshooting

Active Directory, 248-250

DHCP processes, 559-560

disabled user accounts, 325-327

DNS server, 218

Group Policy, 150-151

logon problems, 325-327

print spoolers, 535

server performance, 94-106

U

UAC (User Account Control), 4

Universal Description Discovery Integration, 24

universal group membership caching, 210-211, 236

universal groups, 256-257, 258

universal serial bus (USB), 341-342, 343

Update Sequence Numbers (USNs), 234, 249

updating, enabling Windows automatic updating and feedback, 50

USB (universal serial bus), 341-342, 343

User Account Control (UAC), 4

user accounts

adding, 287-291

built-in accounts, 260

built-in capabilities, 263

capabilities, 262-265

configuring environment settings, 299-303

creating domain-type, 287-289

creating local-type, 289-291

default, 259-262

differences with group accounts, 253

domain vs. local, 254

list of capabilities that can be delegated, 270

list of logon rights, 266

list of privileges, 263-265

lockout problems, 325-327

managing logon hours, 303-305

multiple, configuring properties, 322-325

multiple, disabling, 322

multiple, enabling, 322

multiple, managing, 322-325

multiple, moving, 322

naming policies, 274-276

as objects, 327

overview, 251, 254-255

predefined, 260-262

and security identifiers, 254-255

security model, 251-253

setting contact information, 296-298

setting dial-in and VPN privileges, 306-308

setting options and restrictions, 303-309

setting permitted logon workstations, 305-306

setting security options, 308-309

setup and organization, 274-278

troubleshooting logon problems, 325-327

user domain or workgroup, 254

user name, 254

User Configuration node, Group Policy Management Editor, 126-127, 145

user logoff scripts

adding, 159

defined, 156

deleting, 159

editing, 159

repositioning, 159

ways to assign, 158

user logon scripts

adding, 159

defined, 156

deleting, 159

editing, 159

repositioning, 159

ways to assign, 158

user profiles

local, 310, 311, 312-316

managing, 309-316

mandatory, 310-311

overview, 309

roaming, 310

user rights

administering account policies, 284-287

configuring globally, 285-286

configuring locally, 286-287

list of defaults on member servers, 268-269

User-Specific Local Group Policy layer, LGPOs, 120, 122-123

Users And Computers tool, Active Directory

adding folders for organizational units, 219

advanced features, 219

Builtin folder, 219

Computers folder, 219

connecting to domain controllers, 220

connecting to domains, 221

creating computer accounts in, 223-224

defined, 215, 218

Domain Controllers folder, 219

ForeignSecurityPrincipals folder, 219

illustrated, 200, 219

managing computer accounts, 223-226

managing multiple user accounts, 322-325

organizational units in, 200

overview, 218-219

Saved Queries folder, 219

searching for accounts, 221-222

searching for directory objects, 221-222

searching for shared resources, 221-222

starting, 218

troubleshooting logon problems, 325-327

updating domain user and group accounts, 316-322

Users folder, 219

viewing or changing location of domain-wide roles, 230-232

USNs (Update Sequence Numbers), 234, 249

V

VDS (Virtual Disk Service), 392

video and audio files

file screen template, 397

as screen group file types, 397

Virtual Disk Service (VDS), 392

virtual memory, configuring, 59-61

Virtual Memory dialog box, 60-61

virtual private networks (VPNs), 306-308

Vista. See Windows Vista

volume sets

creating, 379-382

deleting, 382

overview, 377-379

volume status, 376, 377-379

volumes

changing labels, 358

converting from FAT to NTFS, 359-361

creating, 379-382

deleting, 382

deleting labels, 358

NTFS, saving disk quotas on, 451-452

overview, 376-377

resizing, 361-363

simple, 352-355

VPNs (virtual private networks), 306-308

W

Wbadmin backup utility

commands, 471-475

creating manual backups, 481-482

defined, 467

overview, 471

scheduling backups, 478-479, 480

WDS (Windows Deployment Services), 24, 113

Web page files, as screen group file type, 397

Web Server (IIS), 24

Windows 2000

and Active Directory, 202-203

and domain controllers, 199

domain functional levels, mixed mode, 203

domain functional levels, native mode, 204

Windows Aero enhancements, 4

Windows Defender, 112

Windows Deployment Services (WDS), 24, 113

Windows Domain Manager, 218

Windows Error Recovery mode, 488

Windows Error Reporting, 50

Windows Explorer, viewing shared folders in, 419

Windows Firewall

advanced security settings, 53

configuring, 7

overview, 113

and remote MMC administration, 216

Windows Internal Database, defined, 27

Windows Internet Name Service (WINS)

defined, 27

name registration, 16

name release, 16

name renewal, 16

name-resolution methods, 16-17

needed vs. not needed, 553, 554

overview, 15-16

session parts, 16

Windows logs

application log, 85

defined, 85

forwarded events log, 85

list, 85

security log, 85, 441

setup log, 85

system log, 85

Windows Network Diagnostics, opening from Network And Sharing Center, 505

Windows NT, 9, 195-196

Windows PowerShell

aliases for, 20

defined, 27

entering cmdlets, 20

installing, 19

log file, 86

obtaining latest version, 19

obtaining list of cmdlets, 20

Windows Preinstallation Environment, 4

Windows Process Activation Service, 27

Windows Recovery Environment, 27, 467, 489-491

Windows Script Host (WSH), 156

Windows Search Service

adding to servers, 333-336

defined, 333

installing, 336

as role service for file servers, 333

Windows Server 2003

and domain controllers, 199

domain functional levels, 204-205

File Services, 333-336

Windows Server 2008

activating, 56

backing up and restoring system state, 488-489

changes to Active Directory, 10-11

changing product key, 56

Control Panel utilities, 4

Datacenter Edition, 5, 6

deploying, 21-47

and domain controllers, 199

domain functional levels, 204, 205-206

Enterprise Edition, 5, 6

family of operating systems, 5-7

feature installation, 22

features in common with Windows Vista, 4-5

installation types, 21

installing, 30-42

list of primary features, 25-27

list of primary roles and role services, 23-25

networking tools, 7-9

performing full system recovery, 489-491

power options, 4

restartable Active Directory Domain Services, 11, 12-13

role of domains, 6

role of servers, 6

role of workgroups, 6

role services, 22

security model, 251-253

server roles, 22

servers vs. workgroups vs. domains, 6

Standard Edition, 5, 6

Start menu options, 6-7

utilities, 19-20

and Windows NT 4.0, 195-196

and Windows Vista, 4-5

Windows Server Backup

command-line alternative, 471-475

defined, 27

first-time use, 468-471

installing, 468

modifying or stopping scheduled backups, 479-480

performing server backups, 475-481

Recovery Wizard, 491-493

running manual backups, 483-484

Windows SharePoint Services, 25

Windows System Resource Manager (WSRM), 27

Windows Time, 113

Windows Update utility

accessing Driver Settings button, 57

displaying via Server Manager, 53

on Initial Configuration Tasks console, 50

Windows Vista

and Active Directory, 202-203

Control Panel utilities, 4

features in common with Windows Server 2008, 4-5

and Group Policy, 118, 173

and Windows Server 2008, 4-5

Windows Web Server 2008

and Active Server, 6

as member of Windows Server 2008 family of operating systems, 5, 6

overview, 5

Windows XP, and Active Directory, 202-203

WINS. See Windows Internet Name Service (WINS)

Wireless Networking, defined, 27

wizards. See also Add Roles Wizard; Network Printer Installation Wizard

Add Features Wizard, 50, 54

Add New Printer Filter Wizard, 534-535

Add Printer Wizard, 528

Backup Once Wizard, 483-484

Backup Schedule Wizard, 477-478

Create A Shared Folder Wizard, 416-419

defined, 19

Group Policy Results Wizard, 126

Initialize And Convert Disk Wizard, 344

New Multicast Scope Wizard, 572-573

New Scope Wizard, 567-571

New Simple Volume Wizard, 352-355

New Superscope Wizard, 566

Printer Migration Wizard, 532-534

Recovery Wizard, 491-493

Remove Features Wizard, 54

Remove Roles Wizard, 54

Security Configuration Wizard, 53, 184-190

workgroups

default assignment, 50

joining computers to, 56-57, 227-228

role in configuring Windows Server 2008, 6

workstations

permitted logon, 305-306, 324-325

recovery policies, 373-374

WSH (Windows Script Host), 156

Z

zone transfers, 609-611

zones

allowing and restricting transfers, 609-610

GlobalNames zone, 597-598

notifying secondary name servers of changes, 611-612

setting zone type, 612

updating properties, 608

 

 

© Microsoft. All Rights Reserved.