Table of Contents

Acknowledgments xxvii

About the CD xxix

What's on the CD xxix

System Requirements xxix

Support Information xxx

Conventions and Features Used in This Book xxxiii

Text Conventions xxxiii

Design Conventions xxxiii

Part 1: Windows Server 2008 Overview and Planning

Chapter 1: Introducing Windows Server 2008 3

What's New in Windows Server 2008 4

Windows Server 2008 Standard 5

Windows Server 2008 Enterprise 6

Windows Server 2008 Datacenter 6

Windows Web Server 2008 6

64-Bit Computing 7

Virtualized Computing 9

Windows Vista and Windows Server 2008 10

Windows Vista Editions 10

Windows Vista and Active Directory 10

Architecture Improvements 11

Kernel Architecture 11

Boot Environment 13

Support Architecture 14

Chapter 2: Planning for Windows Server 2008 27

Overview of Planning 27

The Microsoft Solutions Framework Process Model 28

Your Plan: The Big Picture 29

Identifying Your Organizational Teams 31

Microsoft Solutions Framework Team Model 31

Your Project Team 32

Assessing Project Goals 33

The Business Perspective 34

Identifying IT Goals 35

Examining IT-Business Interaction 36

Predicting Network Change 36

Analyzing the Existing Network 37

Evaluating the Network Infrastructure 38

Assessing Systems 39

Identify Network Services and Applications 40

Identifying Security Infrastructure 41

Reviewing Network Administration 42

Defining Objectives and Scope 45

Specifying Organizational Objectives 45

Setting the Schedule 46

Shaping the Budget 47

Allowing for Contingencies 48

Finalizing Project Scope 49

Defining the New Network Environment 50

Defining Domain and Security Architecture 50

Changing the Administrative Approach 51

Thinking About Active Directory 54

Planning for Server Usage 58

Determining Which Windows Edition to Use 61

Selecting a Software Licensing Program 63

Retail Product Licenses 64

Volume-Licensing Programs 64

Final Considerations for Planning and Deployment 67

Chapter 3: Installing Windows Server 2008 69

Getting a Quick Start 69

Product Licensing 71

Preparing for Windows Server 2008 Installation 72

System Hardware Requirements 72

How a Clean Installation and an Upgrade Differ 73

Supported Upgrade Paths 74

Using Windows Update 74

Preinstallation Tasks 76

Installing Windows Server 2008 77

Installation on x86-Based Systems 77

Installation on 64-Bit Systems 78

Planning Partitions 79

Installation Type 80

Naming Computers 81

Network and Domain Membership Options 82

Performing a Clean Installation 84

Performing an Upgrade Installation 88

Activation Sequence 88

Performing Additional Administration Tasks During Installation 90

Accessing a Command Prompt During Installation 90

Forcing Disk Partition Removal During Installation 94

Creating, Deleting, and Extending Disk Partitions During Installation 95

Troubleshooting Installation 96

Start with the Potential Points of Failure 96

Continue Past Lockups and Freezes 98

Postinstallation 100

Part 2: Managing Windows Server 2008 Systems

Chapter 4: Managing Windows Server 2008 105

Working with the Administration Tools 105

Using Control Panel Utilities 106

Using Graphical Administrative Tools 106

Using Command-Line Utilities 110

Using the Initial Configuration Tasks Console 113

Working with Computer Management 115

Computer Management System Tools 115

Computer Management Storage Tools 116

Computer Management Services And Applications Tools 116

Working with Server Manager 116

Using Control Panel 119

Using the Appearance And Personalization Console 120

Using the Date And Time Utility 122

Using the Folder Options Utility 123

Using the Regional and Language Options Utility 125

Using the System Console 126

Chapter 5: Configuring Windows Server 2008 129

Optimizing the Menu System 129

Navigating the Start Menu Options 130

Modifying the Start Menu Content 133

Customizing the Desktop and the Taskbar 141

Configuring Desktop Items 142

Configuring the Taskbar 143

Optimizing Toolbars 148

Customizing the Quick Launch Toolbar 148

Displaying Other Custom Toolbars 149

Creating Personal Toolbars 150

Chapter 6: Windows Server 2008 MMC Administration 153

Introducing the MMC 153

Using the MMC 154

MMC Snap-Ins 155

MMC Modes 156

MMC Windows and Startup 158

MMC Tool Availability 160

MMC and Remote Computers 162

Building Custom MMCs 163

Step 1: Creating the Console 164

Step 2: Adding Snap-Ins to the Console 165

Step 3: Saving the Finished Console 169

Designing Custom Taskpads for the MMC 173

Getting Started with Taskpads 173

Understanding Taskpad View Styles 174

Creating and Managing Taskpads 176

Creating and Managing Tasks 179

Publishing and Distributing Your Custom Tools 184

Chapter 7: Configuring Roles, Role Services, and Features 185

Using Roles, Role Services, and Features 185

Making Supplemental Components Available 190

Installing Components with Server Manager 191

Viewing Configured Roles and Role Services 191

Managing Server Roles 192

Managing Role Services 197

Managing Windows Features 198

Installing Components at the Command Line 200

Getting Started with ServerManagerCmd 201

Understanding Component Names 202

Determining the Installed Roles, Role Services, and Features 207

Installing Components Using ServerManagerCmd 208

Removing Components Using ServerManagerCmd 209

Chapter 8: Managing and Troubleshooting Hardware 211

Understanding Hardware Installation Changes 211

Choosing Internal Devices 211

Choosing External Devices 212

Installing Devices 215

Understanding Device Installation 215

Installing New Devices 216

Viewing Device and Driver Details 219

Working with Device Drivers 222

Device Driver Essentials 222

Using Signed and Unsigned Device Drivers 223

Viewing Driver Information 224

Viewing Advanced, Resources, and Other Settings 227

Installing and Updating Device Drivers 228

Restricting Device Installation Using Group Policy 232

Rolling Back Drivers 233

Removing Device Drivers for Removed Devices 234

Uninstalling, Reinstalling, and Disabling Device Drivers 234

Managing Hardware 235

Adding Non-Plug and Play Hardware 235

Enabling and Disabling Hardware 236

Troubleshooting Hardware 237

Resolving Resource Conflicts 240

Chapter 9: Managing the Registry 245

Introducing the Registry 246

Understanding the Registry Structure 248

Registry Root Keys 251

HKEY_LOCAL_MACHINE 253

HKEY_USERS 258

HKEY_CLASSES_ROOT 258

HKEY_CURRENT_CONFIG 259

HKEY_CURRENT_USER 259

Registry Data: How It Is Stored and Used 260

Where Registry Data Comes From 260

Types of Registry Data Available 261

Working with the Registry 262

Searching the Registry 263

Modifying the Registry 264

Modifying the Registry of a Remote Machine 267

Importing and Exporting Registry Data 267

Loading and Unloading Hive Files 270

Working with the Registry from the Command Line 271

Backing Up and Restoring the Registry 272

Maintaining the Registry 273

Using the Windows Installer Clean Up Utility 274

Using the Windows Installer Zapper 275

Securing the Registry 276

Preventing Access to the Registry Utilities 277

Applying Permissions to Registry Keys 278

Controlling Remote Registry Access 281

Auditing Registry Access 283

Chapter 10: Software and User Account Control Administration 285

Understanding Software Installation Changes 285

Mastering User Account Control 288

Elevation, Prompts, and the Secure Desktop 289

Configuring UAC and Admin Approval Mode 290

Maintaining Application Integrity 294

Application Access Tokens 294

Application Run Levels 296

Configuring Run Levels 298

Controlling Application Installation and Run Behavior 299

Chapter 11: Performance Monitoring and Tuning 303

Tuning Performance, Memory Usage, and Data Throughput 303

Tuning Windows Operating System Performance 303

Tuning Processor Scheduling 304

Tuning Virtual Memory 305

Tracking a System's General Health 308

Monitoring Essentials 308

Getting Processor and Memory Usage for Troubleshooting 311

Getting Information on Running Applications 314

Monitoring and Troubleshooting Processes 314

Monitoring and Troubleshooting Services 321

Getting Network Usage Information 323

Getting Information on User and Remote User Sessions 324

Tracking Events and Troubleshooting by Using Event Viewer 326

Understanding the Event Logs 327

Accessing the Event Logs and Viewing Events 329

Viewing Event Logs on Remote Systems 333

Sorting, Finding, and Filtering Events 333

Archiving Event Logs 337

Tracking Events Using PowerShell 338

Using Subscriptions and Forwarded Events 341

Chapter 12: Comprehensive Performance Analysis and Logging 343

Establishing Performance Baselines 344

Monitoring Reliability and Performance 344

Comprehensive Performance Monitoring 347

Using Performance Monitor 347

Selecting Performance Objects and Counters to Monitor 349

Choosing Views and Controlling the Display 351

Monitoring Performance Remotely 354

Resolving Performance Bottlenecks 356

Resolving Memory Bottlenecks 356

Resolving Processor Bottlenecks 359

Resolving Disk I/O Bottlenecks 360

Resolving Network Bottlenecks 362

Performance Logging 363

Viewing Data Collector Reports 368

Configuring Performance Counter Alerts 369

Monitoring Performance from the Command Line 370

Analyzing Trace Logs at the Command Line 372

Part 3: Managing Windows Server 2008 Storage and File Systems

Chapter 13: Boot Configuration 377

Boot from Hardware and Firmware 377

Hardware and Firmware Power States 378

Diagnosing Hardware and Firmware Startup Problems 379

Resolving Hardware and Firmware Startup Problems 380

Boot Environment Essentials 382

Managing Startup and Boot Configuration 383

Managing Startup and Recovery Options 384

Managing System Boot Configuration 385

Working with the BCD Editor 388

Managing the Boot Configuration Data Store and Its Entries 390

Viewing BCD Entries 390

Creating and Identifying the BCD Store 393

Importing and Exporting the BCD Store 394

Creating, Copying, and Deleting BCD Entries 394

Setting BCD Entry Values 395

Changing Data Execution Prevention and Physical Address Extension Options 402

Changing the Operating System Display Order 402

Changing the Default Operating System Entry 403

Changing the Default Timeout 404

Changing the Boot Sequence Temporarily 404

Chapter 14: Storage Management 405

Essential Storage Technologies 405

Using Internal and External Storage Devices 405

Improving Storage Management 407

Booting from SANs and Using SANs with Clusters 409

Configuring Multipath I/O 411

Meeting Performance, Capacity, and Availability Requirements 413

Installing and Configuring File Services 414

Optimizing the File Services Role 415

Configuring the File Services Role 416

Configuring Storage 419

Using the Disk Management Tools 419

Adding New Disks 423

Using the MBR and GPT Partition Styles 425

Using the Disk Storage Types 428

Converting FAT or FAT32 to NTFS 432

Managing MBR Disk Partitions on Basic Disks 434

Creating Partitions and Simple Volumes 435

Formatting a Partition, Logical Drive, or Volume 439

Configuring Drive Letters 440

Configuring Mount Points 442

Extending Partitions 443

Shrinking Partitions 446

Deleting a Partition, Logical Drive, or Volume 448

Managing GPT Disk Partitions on Basic Disks 449

ESP 449

MSR Partitions 450

Primary Partitions 451

LDM Metadata and LDM Data Partitions 451

OEM or Unknown Partitions 452

Managing Volumes on Dynamic Disks 452

Creating a Simple or Spanned Volume 453

Configuring RAID 0: Striping 454

Recovering a Failed Simple, Spanned, or Striped Disk 455

Moving Dynamic Disks 456

Configuring RAID 1: Disk Mirroring 457

Mirroring Boot and System Volumes 459

Configuring RAID 5: Disk Striping with Parity 462

Breaking or Removing a Mirrored Set 463

Resolving Problems with Mirrored Sets 464

Repairing a Mirrored System Volume 465

Resolving Problems with RAID-5 Sets 466

Chapter 15: TPM and BitLocker Drive Encryption 467

Working with Trusted Platforms 467

Managing TPM 469

Understanding TPM States and Tools 469

Initializing a TPM for First Use 471

Turning an Initialized TPM On or Off 473

Clearing the TPM 475

Changing the TPM Owner Password 476

Introducing BitLocker Drive Encryption 477

Deploying BitLocker Drive Encryption 478

Setting Up and Managing BitLocker Drive Encryption 481

Creating the BitLocker Drive Encryption Partition for a Computer with No Operating System 482

Creating the BitLocker Drive Encryption Partition for a Computer with an Operating System 483

Configuring and Enabling BitLocker Drive Encryption 485

Determining Whether a Computer Has BitLocker Encrypted Volumes 492

Managing BitLocker Passwords and PINs 492

Encrypting Server Data Volumes 493

Recovering Data Protected by BitLocker Drive Encryption 494

Disabling or Turning Off BitLocker Drive Encryption 495

Chapter 16: Managing Windows Server 2008 File?Systems 497

Understanding Disk and File System Structure 497

Using FAT 499

File Allocation Table Structure 499

FAT Features 500

Using NTFS 503

NTFS Structures 503

NTFS Features 507

Analyzing NTFS Structure 508

Advanced NTFS Features 511

Hard Links 511

Data Streams 512

Change Journals 514

Object Identifiers 516

Reparse Points 517

Sparse Files 518

Transactional NTFS 520

Using File-Based Compression 521

NTFS Compression 521

Compressed (Zipped) Folders 524

Managing Disk Quotas 525

How Quota Management Works 525

Configuring Disk Quotas 527

Customizing Quota Entries for Individual Users 529

Managing Disk Quotas After Configuration 532

Exporting and Importing Quota Entries 534

Maintaining File System Integrity 535

How File System Errors Occur 535

Fixing File System Errors by Using Check Disk 535

Analyzing FAT Volumes by Using ChkDsk 538

Analyzing NTFS Volumes by Using ChkDsk 539

Repairing Volumes and Marking Bad Sectors by Using ChkDsk 540

Defragmenting Disks 541

Configuring Automated Defragmentation 541

Fixing Fragmentation by Using Disk Defragmenter 543

Understanding the Fragmentation Analysis 545

Chapter 17: File Sharing and Security 547

File Sharing Essentials 547

Understanding File-Sharing Models 547

Using and Finding Shares 550

Hiding and Controlling Share Access 553

Special and Administrative Shares 553

Accessing Shares for Administration 555

Creating and Publishing Shared Folders 556

Creating Shares by Using Windows Explorer 556

Creating Shares by Using Computer Management 559

Publishing Shares in Active Directory 563

Managing Share Permissions 563

Understanding Share Permissions 564

Configuring Share Permissions 565

Managing File and Folder Permissions 567

File and Folder Ownership 567

Permission Inheritance for Files and Folders 569

Configuring File and Folder Permissions 571

Determining Effective Permissions 578

Managing File Shares After Configuration 579

Auditing File and Folder Access 581

Enabling Auditing for Files and Folders 581

Specifying Files and Folders to Audit 582

Monitoring the Security Logs 585

Chapter 18: Using Volume Shadow Copy 587

Shadow Copy Essentials 587

Using Shadow Copies of Shared Folders 588

How Shadow Copies Works 589

Implementing Shadow Copies for Shared Folders 590

Managing Shadow Copies in Computer Management 592

Configuring Shadow Copies in Computer Management 593

Maintaining Shadow Copies After Configuration 596

Reverting an Entire Volume 597

Configuring Shadow Copies at the Command Line 598

Enabling Shadow Copying from the Command Line 598

Create Manual Snapshots from the Command Line 599

Viewing Shadow Copy Information 600

Deleting Snapshot Images from the Command Line 601

Disabling Shadow Copies from the Command Line 602

Reverting Volumes from the Command Line 602

Using Shadow Copies on Clients 603

Chapter 19: Using Remote Desktop for Administration 607

Remote Desktop for Administration Essentials 607

Configuring Remote Desktop for Administration 609

Enabling Remote Desktop for Administration on Servers 609

Permitting and Restricting Remote Logon 610

Configuring Remote Desktop for Administration Through Group Policy 612

Supporting Remote Desktop Connection Clients 613

Remote Desktop Connection Client 613

Running the Remote Desktop Connection Client 615

Running Remote Desktops 620

Tracking Who's Logged On 623

Part 4: Managing Windows Server 2008 Networking and Print Services

Chapter 20: Networking with TCP/IP 627

Navigating Networking in Windows Server 2008 627

Using TCP/IP 631

Understanding IPv4 Addressing 633

Unicast IPv4 Addresses 633

Multicast IPv4 Addresses 636

Broadcast IPv4 Addresses 636

Special IPv4 Addressing Rules 638

Using Subnets and Subnet Masks 639

Subnet Masks 639

Network Prefix Notation 640

Subnetting 641

Understanding IP Data Packets 647

Getting and Using IPv4 Addresses 647

Understanding IPv6 649

Understanding Name Resolution 652

Domain Name System 652

Windows Internet Naming Service (WINS) 654

Link-Local Multicast Name Resolution (LLMNR) 655

Chapter 21: Managing TCP/IP Networking 657

Installing TCP/IP Networking 657

Preparing for Installation of TCP/IP Networking 657

Installing Network Adapters 658

Installing Networking Services (TCP/IP) 659

Configuring TCP/IP Networking 660

Configuring Static IP Addresses 661

Configuring Dynamic IP Addresses and Alternate IP Addressing 663

Configuring Multiple IP Addresses and Gateways 665

Configuring DNS Resolution 667

Configuring WINS Resolution 669

Managing Network Connections 671

Checking the Status, Speed, and Activity for Local Area Connections 671

Viewing Network Configuration Information 672

Enabling and Disabling Local Area Connections 673

Renaming Local Area Connections 674

Troubleshooting and Testing Network Settings 674

Diagnosing and Resolving Local Area Connection Problems 674

Diagnosing and Resolving Internet Connection Problems 675

Performing Basic Network Tests 675

Diagnosing and Resolving IP Addressing Problems 676

Diagnosing and Resolving Routing Problems 678

Releasing and Renewing DHCP Settings 679

Diagnosing and Resolving Name Resolution Issues 680

Chapter 22: Managing DHCP 685

DHCP Essentials 685

DHCPv4 and Autoconfiguration 687

DHCPv6 and Autoconfiguration 687

DHCP Security Considerations 688

Planning DHCPv4 and DHCPv6 Implementations 689

DHCPv4 Messages and Relay Agents 689

DHCPv6 Messages and Relay Agents 691

DHCP Availability and Fault Tolerance for IPv4 and IPv6 693

Setting Up DHCP Servers 696

Installing the DHCP Server Service 697

Authorizing DHCP Servers in Active Directory 701

Creating and Configuring Scopes 701

Using Exclusions 712

Using Reservations 713

Activating Scopes 716

Configuring TCP/IP Options 717

Levels of Options and Their Uses 717

Options Used by Windows Clients 718

Using User-Specific and Vendor-Specific TCP/IP Options 719

Settings Options for All Clients 721

Settings Options for RRAS and NAP Clients 722

Setting Add-On Options for Directly Connected Clients 723

Defining Classes to Get Different Option Sets 724

Advanced DHCP Configuration and Maintenance 727

Configuring DHCP Audit Logging 727

Binding the DHCP Server Service to a Network Interface 729

Integrating DHCP and DNS 730

Integrating DHCP and NAP 731

Enabling Conflict Detection on DHCP Servers 734

Saving and Restoring the DHCP Configuration 734

Managing and Maintaining the DHCP Database 735

Setting Up DHCP Relay Agents 737

Configuring and Enabling Routing and Remote Access 738

Adding and Configuring the DHCP Relay Agent 739

Chapter 23: Architecting DNS Infrastructure 743

DNS Essentials 743

Planning DNS Implementations 744

Public and Private Namespaces 744

Name Resolution Using DNS 746

DNS Resource Records 748

DNS Zones and Zone Transfers 749

Secondary Zones, Stub Zones, and Conditional Forwarding 755

Integration with Other Technologies 756

Security Considerations 757

DNS Queries and Security 757

DNS Dynamic Updates and Security 759

External DNS Name Resolution and Security 760

Architecting a DNS Design 762

Split-Brain Design: Same Internal and External Names 762

Separate-Name Design: Different Internal and External Names 763

Chapter 24: Implementing and Managing DNS 767

Installing the DNS Server Service 767

Using DNS with Active Directory 767

Using DNS Without Active Directory 771

DNS Setup 771

Configuring DNS Using the Wizard 773

Configuring a Small Network Using the Configure A DNS Server Wizard 774

Configuring a Large Network Using the Configure A DNS Server Wizard 778

Configuring DNS Zones, Subdomains, Forwarders, and Zone Transfers 783

Creating Forward Lookup Zones 783

Creating Reverse Lookup Zones 785

Configuring Forwarders and Conditional Forwarding 786

Configuring Subdomains and Delegating Authority 788

Configuring Zone Transfers 791

Configuring Secondary Notification 793

Adding Resource Records 794

Host Address (A and AAAA) and Pointer (PTR) Records 795

Canonical Name (CNAME) Records 797

Mail Exchanger (MX) Records 798

Name Server (NS) Records 799

Start of Authority (SOA) Records 800

Service Location (SRV) Records 801

Deploying Global Names 803

Maintaining and Monitoring DNS 804

Configuring Default Application Directory Partitions and Replication Scope 804

Setting Aging and Scavenging 807

Configuring Logging and Checking DNS Server Logs 808

Troubleshooting the DNS Client Service 809

Try Reregistering the Client 809

Check the Client's TCP/IP Configuration 810

Check the Client's Resolver Cache 811

Perform Lookups for Troubleshooting 812

Troubleshooting the DNS Server Service 812

Check the Server's TCP/IP Configuration 812

Check the Server's Cache 813

Check Replication to Other Name Servers 813

Examine the Configuration of the DNS Server 813

Examine Zones and Zone Records 819

Chapter 25: Implementing and Maintaining WINS 823

WINS Essentials 823

NetBIOS Namespace and Scope 823

NetBIOS Node Types 824

WINS Name Registration and Cache 824

WINS Implementation Details 825

Setting Up WINS Servers 826

Configuring Replication Partners 828

Replication Essentials 828

Configuring Automatic Replication Partners 829

Using Designated Replication Partners 830

Configuring and Maintaining WINS 832

Configuring Burst Handling 832

Checking Server Status and Configuration 833

Checking Active Registrations and Scavenging Records 835

Maintaining the WINS Database 836

Enabling WINS Lookups Through DNS 839

Chapter 26: Deploying Print Services 841

Understanding Windows Server 2008 Print Services 841

Planning for Printer Deployments and Consolidation 847

Sizing Print Server Hardware and Optimizing Configuration 847

Sizing Printer Hardware and Optimizing Configuration 849

Setting Up Print Servers 852

Installing a Print Server 853

Installing Network Printers Automatically 855

Adding Local Printers 855

Adding Network-Attached Printers 860

Changing Standard TCP/IP Port Monitor Settings 863

Connecting Users to Shared Printers 865

Deploying Printer Connections 868

Configuring Point and Print Restrictions 870

Managing Printers Throughout the Organization 872

Managing Your Printers 872

Migrating Printers and Print Queues 873

Monitoring Printers and Printer Queues Automatically 876

Chapter 27: Managing and Maintaining Print?Services 879

Managing Printer Permissions 879

Understanding Printer Permissions 879

Configuring Printer Permissions 881

Assigning Printer Ownership 883

Auditing Printer Access 884

Managing Print Server Properties 885

Viewing and Creating Printer Forms 885

Viewing and Configuring Printer Ports 886

Viewing and Configuring Print Drivers 887

Configuring Print Spool, Logging, and Notification Settings 889

Managing Printer Properties 890

Setting General Properties, Printing Preferences, and Document Defaults 891

Setting Overlays and Watermarks for Documents 893

Installing and Updating Print Drivers on Clients 894

Configuring Printer Sharing and Publishing 895

Optimizing Printing Through Queues and Pooling 896

Configuring Print Spooling 900

Viewing the Print Processor and Default Data Type 901

Configuring Separator Pages 902

Configuring Color Profiles 906

Managing Print Jobs 907

Pausing, Starting, and Canceling All Printing 907

Viewing Print Jobs 907

Managing a Print Job and Its Properties 908

Printer Maintenance and Troubleshooting 909

Monitoring Print Server Performance 909

Preparing for Print Server Failure 912

Solving Printing Problems 913

Chapter 28: Deploying Terminal Services 919

Using Terminal Services 919

Terminal Services Clients 919

Terminal Services Servers 921

Terminal Services Licensing 925

Designing the Terminal Services Infrastructure 927

Capacity Planning for Terminal Services 927

Planning Organizational Structure for Terminal Services 931

Deploying Single-Server Environments 932

Deploying Multi-Server Environments 933

Setting Up Terminal Services 936

Installing a Terminal Server 936

Installing Applications for Clients to Use 939

Enabling and Joining the Terminal Services Session Broker Service 944

Setting Up a Terminal Services License Server 951

Using the Terminal Services Configuration Tool 957

Configuring Global Connection Settings 958

Configuring Server Settings 960

Configuring Terminal Services Security 961

Auditing Terminal Services Access 964

Configuring RemoteApps 966

Making Programs Available as RemoteApps 966

Deploying RemoteApps 968

Configuring Deployment Settings for All RemoteApps 973

Modifying or Removing a RemoteApp Program 975

Using Terminal Services Manager 975

Connecting to Terminal Servers 976

Getting Terminal Services Information 976

Managing User Sessions in Terminal Services Manager 977

Managing Terminal Services from the Command Line 978

Gathering Terminal Services Information 978

Managing User Sessions from the Command Line 979

Other Useful Terminal Services Commands 980

Configuring Terminal Services Per-User Settings 981

Getting Remote Control of a User's Session 981

Setting Up the Terminal Services Profile for Users 982

Part 5: Managing Active Directory and Security

Chapter 29: Active Directory Architecture 987

Active Directory Physical Architecture 987

Active Directory Physical Architecture: A Top-Level View 987

Active Directory Within the Local Security Authority 988

Directory Service Architecture 991

Data Store Architecture 995

Active Directory Logical Architecture 997

Active Directory Objects 998

Active Directory Domains, Trees, and Forests 999

Active Directory Trusts 1001

Active Directory Namespaces and Partitions 1003

Active Directory Data Distribution 1005

Chapter 30: Designing and Managing the Domain Environment 1007

Design Considerations for Active Directory Replication 1008

Design Considerations for Active Directory Search and Global Catalogs 1010

Searching the Tree 1010

Accessing the Global Catalog 1011

Designating Global Catalog Servers 1012

Designating Replication Attributes 1014

Design Considerations for Compatibility 1016

Understanding Domain Functional Level 1017

Understanding Forest Functional Level 1018

Raising the Domain or Forest Functional Level 1019

Design Considerations for Active Directory Authentication and Trusts 1020

Universal Groups and Authentication 1020

NTLM and Kerberos Authentication 1023

Authentication and Trusts Across Domain Boundaries 1026

Authentication and Trusts Across Forest Boundaries 1030

Examining Domain and Forest Trusts 1033

Establishing External, Shortcut, Realm, and Cross-Forest Trusts 1035

Verifying and Troubleshooting Trusts 1039

Delegating Authentication 1040

Delegated Authentication Essentials 1040

Configuring Delegated Authentication 1041

Design Considerations for Active Directory Operations Masters 1044

Operations Master Roles 1044

Using, Locating, and Transferring the Schema Master Role 1047

Using, Locating, and Transferring the Domain Naming Master Role 1048

Using, Locating, and Transferring the Relative ID Master Role 1048

Using, Locating, and Transferring the PDC Emulator Role 1050

Using, Locating, and Transferring the Infrastructure Master Role 1050

Seizing Operations Master Roles 1051

Chapter 31: Organizing Active Directory 1053

Creating an Active Directory Implementation or Update Plan 1053

Developing a Forest Plan 1054

Forest Namespace 1054

Single vs. Multiple Forests 1056

Forest Administration 1057

Developing a Domain Plan 1058

Domain Design Considerations 1059

Single vs. Multiple Domains 1060

Forest Root Domain Design Configurations 1061

Changing Domain Design 1061

Developing an Organizational Unit Plan 1063

Using Organizational Units (OUs) 1063

Using OUs for Delegation 1064

Using OUs for Group Policy 1065

Creating an OU Design 1065

Chapter 32: Configuring Active Directory Sites and Replication 1071

Working with Active Directory Sites 1071

Single Site vs. Multiple Sites 1072

Replication Within and Between Sites 1074

Determining Site Boundaries 1075

Understanding Active Directory Replication 1075

Replication Enhancements for Active Directory 1076

Replication Enhancements for the Active Directory System?Volume 1077

Replication Architecture: An Overview 1082

Intersite Replication Essentials 1089

Replication Rings and Directory Partitions 1091

Developing or Revising a Site Design 1096

Mapping Network Infrastructure 1096

Creating a Site Design 1098

Chapter 33: Implementing Active Directory Domain Services 1107

Preinstallation Considerations for Active Directory 1107

Hardware and Configuration Considerations for Domain Controllers 1108

Configuring Active Directory for Fast Recovery with Storage Area Networks 1110

Connecting Clients to Active Directory 1111

Installing Active Directory Domain Services 1112

Active Directory Installation Options and Issues 1112

Using the Active Directory Domain Services Installation Wizard 1114

Performing an Active Directory Installation from Media 1126

Uninstalling Active Directory 1129

Creating and Managing Organizational Units (OUs) 1133

Creating an OU 1133

Setting OU Properties 1135

Creating or Moving Accounts and Resources for Use with an OU 1136

Delegating Administration of Domains and OUs 1136

Understanding Delegation of Administration 1136

Delegating Administration 1137

Chapter 34: Deploying Read-Only Domain Controllers 1141

Introducing Read-Only Domain Controllers 1141

Design Considerations for Read-Only Replication 1145

Installing RODCs 1148

Preparing for an RODC Installation 1148

Installing an RODC 1150

Installing an RODC from Media 1156

Managing Password Replication Policy 1158

Working with Password Replication Policy 1158

Allowing or Denying Accounts in Password Replication Policy 1160

Viewing and Managing Credentials on an RODC 1162

Determining Whether an Account Is Allowed or Denied Access 1163

Resetting Credentials 1164

Delegating Administrative Permissions 1165

Chapter 35: Managing Users, Groups, and Computers 1167

Managing Domain User Accounts 1167

Types of Users 1167

Configuring User Account Policies 1169

Creating Password Settings Objects and Applying Secondary Settings 1173

Understanding User Account Capabilities, Privileges, and Rights 1177

Assigning User Rights 1182

Creating and Configuring Domain User Accounts 1184

Configuring Account Options 1189

Configuring Profile Options 1193

Troubleshooting User Accounts 1195

Managing User Profiles 1195

Profile Essentials 1196

Implementing and Creating Preconfigured Profiles 1198

Configuring Local User Profiles 1199

Configuring Roaming User Profiles 1200

Implementing Mandatory User Profiles 1201

Switching Between a Local and a Roaming User Profile 1202

Managing User Data 1203

Using Folder Redirection 1203

Using Offline Files 1207

Managing File Synchronization 1209

Maintaining User Accounts 1210

Deleting User Accounts 1210

Disabling and Enabling User Accounts 1211

Moving User Accounts 1211

Renaming User Accounts 1211

Resetting a User's Domain Password 1212

Unlocking User Accounts 1213

Creating a User Account Password Backup 1214

Managing Groups 1215

Understanding Groups 1215

Creating a Group 1220

Adding Members to Groups 1222

Deleting a Group 1222

Modifying Groups 1223

Managing Computer Accounts 1225

Creating a Computer Account in Active Directory 1225

Joining Computers to a Domain 1226

Moving a Computer Account 1227

Disabling a Computer Account 1228

Deleting a Computer Account 1228

Managing a Computer Account 1228

Resetting a Computer Account 1228

Configuring Properties of Computer Accounts 1229

Troubleshooting Computer Accounts 1230

Chapter 36: Managing Group Policy 1233

Understanding Group Policy 1234

Local and Active Directory Group Policy 1234

Group Policy Settings 1235

Group Policy Architecture 1236

Administrative Templates 1237

Implementing Group Policy 1238

Working with Local Group Policy 1239

Working with the Group Policy Management Console 1242

Working with the Default Group Policy Objects 1247

Managing Group Policy Through Delegation 1249

Managing GPO Creation Rights 1249

Reviewing Group Policy Management Privileges 1250

Delegating Group Policy Management Privileges 1252

Delegating Privileges for Links and RSoP 1253

Managing Group Policy Inheritance and Processing 1254

Group Policy Inheritance 1254

Changing Link Order and Precedence 1255

Overriding Inheritance 1256

Blocking Inheritance 1257

Enforcing Inheritance 1258

Filtering Group Policy Application 1259

Group Policy Processing 1261

Modifying Group Policy Processing 1262

Modifying User Policy Preference Using Loopback Processing 1263

Using Scripts in Group Policy 1264

Configuring Computer Startup and Shutdown Scripts 1264

Configuring User Logon and Logoff Scripts 1265

Applying Group Policy Through Security Templates 1266

Working with Security Templates 1266

Applying Security Templates 1267

Maintaining and Troubleshooting Group Policy 1268

Group Policy Refresh 1268

Modifying Group Policy Refresh 1269

Viewing Applicable GPOs and Last Refresh 1271

Modeling GPOs for Planning 1274

Refreshing Group Policy Manually 1278

Backing Up GPOs 1278

Restoring GPOs 1280

Fixing Default Group Policy 1282

Chapter 37: Active Directory Site Administration 1283

Managing Sites and Subnets 1283

Creating an Active Directory Site 1283

Creating a Subnet and Associating It with a Site 1285

Associating Domain Controllers with a Site 1286

Managing Site Links and Intersite Replication 1287

Understanding IP and SMTP Replication Transports 1288

Creating a Site Link 1289

Configuring Replication Schedules for Site Links 1293

Configuring Site Link Bridges 1295

Determining the ISTG 1297

Configuring Site Bridgehead Servers 1298

Configuring Advanced Site Link Options 1301

Monitoring and Troubleshooting Replication 1302

Using the Replication Administrator 1302

Monitoring Replication 1303

Modifying Intersite Replication for Testing 1305

Part 6: Windows Server 2008 Disaster Planning and Recovery

Chapter 38: Planning for High Availability 1309

Planning for Software Needs 1309

Planning for Hardware Needs 1311

Planning for Support Structures and Facilities 1313

Planning for Day-to-Day Operations 1316

Planning for Deploying Highly Available Servers 1321

Chapter 39: Preparing and Deploying Server Clusters 1323

Introducing Server Clustering 1324

Benefits and Limitations of Clustering 1324

Cluster Organization 1325

Cluster Operating Modes 1327

Multisite Options for Clusters 1329

Using Network Load Balancing 1331

Using Network Load Balancing Clusters 1331

Network Load Balancing Configuration 1332

Network Load Balancing Port and Client Affinity Configurations 1335

Planning Network Load Balancing Clusters 1336

Managing Network Load Balancing Clusters 1337

Creating a New Network Load Balancing Cluster 1337

Adding Nodes to a Network Load Balancing Cluster 1342

Removing Nodes from a Network Load Balancing Cluster 1343

Configuring Event Logging for Network Load Balancing Clusters 1344

Controlling Cluster and Host Traffic 1344

Using Failover Clustering 1345

Failover Cluster Configurations 1345

Understanding Failover Cluster Resources 1347

Optimizing Hardware for Failover Clusters 1349

Optimizing Networking for Failover Clusters 1351

Running Failover Clusters 1352

The Cluster Service and Cluster Objects 1352

The Cluster Heartbeat 1353

The Cluster Database 1354

The Cluster Quorum Resource 1354

The Cluster Interface and Network States 1355

Creating Failover Clusters 1356

Validating a Configuration 1357

Creating a Failover Cluster 1358

Add Nodes to a Cluster 1360

Managing Failover Clusters and Their Resources 1361

Adding Storage to a Cluster 1361

Modifying Cluster Network Settings 1361

Configuring Cluster Quorum Settings 1362

Creating Clustered Resources 1363

Controlling the Cluster Service 1365

Configuring Resource Failover and Failback 1365

Creating a Shared Folder on a Clustered File Server 1366

Configuring Print Settings for a Clustered Print Server 1367

Chapter 40: Disaster Planning 1369

Preparing for a Disaster 1369

Developing Contingency Procedures 1369

Implementing Problem Escalation and Response Procedures 1370

Creating a Problem Resolution Policy Document 1371

Disaster Preparedness Procedures 1373

Performing Backups 1373

Using Startup Repair 1374

Getting Outside Help 1375

Other Windows Recovery Environment Features 1377

Setting Startup and Recovery Options 1378

Chapter 41: Backup and Recovery 1381

Developing Backup Strategies 1381

Creating Your Backup Strategy 1381

Backup Strategy Considerations 1382

Selecting the Optimal Backup Techniques 1383

Understanding Backup Types 1385

Using Media Rotation and Maintaining Additional Media Sets 1386

Backing Up and Recovering Your Data 1387

Using the Backup Utility 1388

Backing Up Your Data 1390

Scheduling Backups 1391

Performing a One-Time Backup 1396

Tracking Scheduled and Manual Backups 1400

Recovering Your Data 1402

Recovering the System State 1407

Restoring the Operating System and the Full System 1408

Backing Up and Restoring Active Directory 1409

Backup and Recovery Strategies for Active Directory 1409

Performing a Nonauthoritative Restore of Active Directory 1411

Performing an Authoritative Restore of Active Directory 1412

Restoring Sysvol Data 1414

Restoring a Failed Domain Controller by Installing a New Domain Controller 1415

Troubleshooting Startup and Shutdown 1416

Resolving Startup Issues 1416

Repairing Missing or Corrupted System Files 1418

Resolving Restart or Shutdown Issues 1419

Index to Troubleshooting Topics 1420

Index 1421

 

 

© Microsoft. All Rights Reserved.