Index
Symbols and Numbers | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | Z
Symbols and Numbers
.NET Framework 3.0, 188
64-bit computing, 7-8. See also Itanium-based servers
A
access control
access permissions for files and folders, 571-578
Active Directory related features, list of, 989-990
entries. See ACEs (access control entries)
lists. See ACLs (access control lists)
systems, physical, 1315
user account control. See UAC (User Account Control)
account policies. See also Group Policy
Account Policies, editing with default GPOs, 1247-1249
configuring user policies, 1169-1170
Group Policy objects. See GPOs (Group Policy objects)
Kerberos policy settings, 1169, 1173
local user accounts, 1169
location of, 1169
lockout policy, 1172, 1247
password policy enforcement, 1170-1171
password settings object creation, 1173-1176
accounts
Accounts: Rename Administrator Account policy, 1248
Accounts: Rename Guest Account policy, 1248
Administrator. See Administrator account
authentication of. See authentication
built-in capabilities of, 1178
contact accounts, 1168
creating user accounts, 1184-1187
default user accounts, 1168
domain. See domain user accounts
expiration options for, 1192
Guest account, 1168
InetOrgPerson. See InetOrgPerson accounts
local. See local user accounts
membership in groups, 1178
naming accounts, 1168
OUs, placing in, 1136
permissions of. See permissions
policies for. See account policies
RODC password replication policies, 1148, 1158-1159
user. See user accounts
user account control. See UAC (User Account Control)
ACEs (access control entries), 1188
ACLs (access control lists)
Active Directory, role in, 988
RODCs, for, 1158
ACPI (Advanced Configuration and Power Interface), 379-382
ACPI BIOS, 240-241
Act As Part Of The Operating System privilege, 1178
activation of Windows Server 2008
process for, 88-90
viewing status of, 126-127
Active Directory
administering. See Active Directory Users And Computers snap-in
architecture of. See Active Directory architecture
attribute management, 1014-1016, 1076
authoritative restores of, 1412-1414
backup strategies for, 1409-1410
backups for installation media creation, 1127-1128
bridgehead servers role, 58. See also bridgehead servers
building blocks, logical, 1053
business requirements for, 1053-1054
changing structure of, 1061-1062
classes of objects, 1014
client connection requirements, 1111
compatibility issues, 1016-1020
Computer objects, 1014
configuration containers in a forest, 1055
Contact objects, 1014
counters for, 1303-1304
CPUs, requirements for, 1108
creating domain controllers for existing domains, 1114-1122
data store architecture, 995-997
delegation of administrative rights, 1064-1065, 1136-1139
designing systems of. See Active Directory system design
DHCP authorization, 689
DHCP set up with, 696, 698, 701
Active Directory, continued
Directory Services log, 328
DNs (distinguished names), 1003-1004
DNS zones, Active Directory-integrated type, 752-755
domain architecture design for, 50
Domain objects, 1014
Domain Rename utility, 1061-1062
domain trees. See trees, Active Directory
domain trust design, 55
domains. See domains, Active Directory
failed domain controllers, removing references to, 1415-1416
failover clustering, configuration for, 1351
forests. See forests, Active Directory
functional levels, 1016-1020
global catalog server role, 58. See also global catalog servers
Group objects, 1014
group policy. See Group Policy
InetOrgPerson objects, 1014, 1063
infrastructure masters, 57
inheritance of permissions, 1137
installing. See installing Active Directory
installing DNS Server service with, 767-771
KCCs. See KCC (knowledge consistency checker)
links. See site links
LSA (Local Security Authority), 988-989
managing. See Active Directory Users And Computers snap-in
media, installing from, 1126-1129
memory requirements, 1108
namespace design, 54-55
nonauthoritative restores of, 1411-1412
operations master role, 57. See also operations masters
OS support issues, 1016-1018
OUs. See OUs (organizational units)
PDC emulators, 57
Performance Monitor counters for, 1303-1304
planning deployments, 54-58
PrintQueue objects, 1014
read-only domain controllers. See RODCs (read-only domain controllers)
recovery on SANs, 1110-1111
RID masters, 57
RODCs. See RODCs (read-only domain controllers)
Schema snap-in, 1047
Server objects, 1014
server roles, planning for, 57-58
share information, publishing, 552
site concept, 58. See also sites, Active Directory
Site objects, 1014
snap-ins, 163
Subnet objects, 1014
System State files, 1110-1111, 1129
system volume. See Sysvol
Sysvol replication, 1077-1082. See also Sysvol
SYSVOL$ shares, 555
task delegation, 1138-1139
tools for administering, table of, 107
transactional processing, 993-995, 1076
trees. See trees, Active Directory
troubleshooting trust relationships, 1039-1040
trust relationships. See trusts
uninstalling, 1129-1133
User objects, 1014
Windows Vista with, 10-11
Active Directory architecture
ACLs, 988
administrator types, 1002
attributes of objects, 998
authentication mechanisms, list of, 989
authentication procedure, 990
Checkpoint file, 995
common names of objects, 1003
Configuration containers, 1004
containers, 998
data file types, 995-996
data store architecture, 995-997
Database Layer, 992-993
directory service component, 990-993
directory trees, 999-1000
DNs (distinguished names), 1003-1004
domains, 999, 1004. See also domains, Active Directory
ESE (Extensible Storage Engine), 993-995, 997
external trusts, 1003
Forest Root Domain containers, 1004
forests, 1000-1001. See also forests, Active Directory
global catalog servers, 1006
group policy, role of, 988
GUIDs, 992
indexed tables, 996
LDAP, 991, 998-999
log files, 995-997
logical architecture overview, 997-998
logon/access features used with, 989-990
MAPI, 992
multimaster approach to replication, 991-992, 1085
names of objects in data store, 992
NET LOGON, 989
object class types, 998
objects, 988, 998-999
operations masters. See operations masters
OUs. See OUs (organizational units)
partitions, 1005-1006
physical layer overview, 987-988
primary data files, 995-997
purpose of Active Directory, 987
RDNs, 1003
replication support, 991-993
RODC design considerations, 1145-1148
root domains, 1000, 1003-1004
rootDSE objects, 1003-1004
SAM with, 990, 992
Schema containers, 1004
schemas, 993, 998-999, 1055
security descriptor tables, 996
security subsystem key areas, 989-990
security subsystem, relation to, 987
shortcut trusts, 1003
SIDs (security identifiers), 993
sites. See sites, Active Directory
Temporary data files, 995
tombstoned objects, 994-995
top-level view of, 987-988
transaction logs, 994
trust paths, 1002-1003
trust relationships, 988, 1001-1003
user mode, 987
Windows NT 4 with, 992
Active Directory Domain Services Installation Wizard. See installing Active Directory
Active Directory Domains And Trusts tool
creating trusts with, 1035-1038
raising functional levels, 1019-1020
Trust Type property, 1034
UPN suffixes, adding, 1021
validating trust relationships, 1039-1040
viewing existing trusts, 1033-1035
Active Directory Migration Tool. See ADMT (Active Directory Migration Tool)
Active Directory Schema snap-in, 1047
Active Directory Sites And Services
bridgehead servers, configuring as preferred, 1300-1301
changing forest connected to, 1284
creating sites, 1283-1285
domain controllers, associating with sites, 1286-1287
global catalog server designation, 1012-1013
site link bridges, configuring, 1295-1297
site link creation, 1289-1292
starting, 1012
subnet creation, 1285
subnets, associating with, 1285-1286
universal group membership caching, 1021-1022
Active Directory system design
attribute management, 1014-1016
authentication design overview, 1020
building blocks for, 1053
business requirements for, 1053-1054
compatibility issues, 1016-1020
cross-forest transitive trusts, 1030-1032
delegating authentication, 1040-1043
domain functional level, 1016-1018
domain planning overview, 1058-1059
elements of, 1007
Exchange Server 2007 with, 1014
federated forest design, 1030-1032
forest function level, 1018-1020
forests. See forests, Active Directory
global catalog access, 1011-1013
Kerberos for authentication, 1023-1026
LDAP, 1010
multimaster replication model, 1008
NTLM (NT LAN Manager), 1023-1024
operations masters. See operations masters
OS support issues, 1016-1018
OUs. See OUs (organizational units)
planning overview, 1007-1008, 1053-1054
read-only domain controllers, 1008
relative names of objects, 1010-1011
replication attribute designation, 1014-1016
replication design, 1008-1009. See also replication
resource access process, 1025-1026
RODC design considerations, 1145-1148
security tokens, 1020-1022
session tickets, 1025-1026
shortcut trusts, 1028-1029
single vs. multiple domains, 1060-1061
single vs. multiple forests, 1056-1057
sites. See sites, Active Directory
trees, searching, 1010-1011. See also trees, Active Directory
trusts. See trusts
two-way transitive trusts, 1027-1028
universal groups, 1020-1022
UPNs (user principal names), 1021
Windows Server 2008 domain functional level features, 1018
writable domain controllers, 1008
Active Directory Users And Computers snap-in
account options, managing, 1189-1192
adding members to groups, 1222
administration, delegation of, 1137-1139
computer account management, 1225-1231
computer account property configuration, 1229-1230
creating computer accounts, 1225-1226
Active Directory Users And Computers snap-in, continued
creating domain user accounts, 1184-1187
creating groups, 1220
default accounts, listing, 1168
delegated authentication, 1041-1043
deleting computer accounts, 1228
disabling computer accounts, 1228
finding shared folders, 552
group properties, editing, 1223-1224
infrastructure master role, managing, 1050-1051
joining computers to domains, 1226-1227
managing computer accounts remotely, 1228
Member Of tab, 1188
moving computer accounts, 1227
moving groups, 1224
OU creation with, 1133-1134
Password Settings group creation, 1173-1176
PDC emulator role, managing, 1050
purpose of, 153
queries, saving, 1223
renaming groups, 1224
renaming user accounts, 1211-1212
resetting passwords for computer accounts, 1228-1229
resetting user account passwords, 1212-1213
RID (relative ID) role, managing, 1048-1050
RODC Password Application Policy, editing, 1160-1162
sending mail to groups, 1224
taskpad example, 174
unlocking user accounts, 1213-1214
user account properties, viewing and setting, 1187-1188
active partitions, 77, 429
Active/Active controller model, 411
AD CS (Active Directory Certificate Services), 186
AD DS (Active Directory Domain Services)
described, 186
installing, 1114. See also installing Active Directory
AD FS (Active Directory Federation Services), 186
AD LDS (Active Directory Lightweight Directory Services), 186
AD RMS (Active Directory Rights Management Services), 186
Add Features Wizard
starting, 114
Windows Server Backup, installing, 1388
Add Hardware Wizard, 235-236
Add Roles Wizard
RODC installations with, 1150
starting, 114
Terminal Services installation, 936-938
Add Workstations To Domain privilege, 1178
Add/Remote Programs utility, 285-286
address classes. See classes of networks
Address toolbar, 149-150
addresses, IP. See IP addresses
Adjust Memory Quotas For A Process privilege, 1178
Admin Approval Mode, 290-293
ADMIN$ shares, 554
administration
Active Directory, of. See Active Directory Users And Computers snap-in
delegation of administrative rights using OUs, 1064-1065
delegation of, for Active Directory objects, 1136-1139
planning deployments, 51-54
planning, reviewing for, 42-43
remote. See Remote Desktop for Administration
tools for. See administration tools
tools, legacy compatibility issues, 52
administration tools
Active Directory tools, 107
Administrative Tools menu, 106-110
availability of, 109
Certification Authority tool, 107
command-line utilities, 110-111
Computer Management console, 115-116
computer specification for, 109
Control Panel utilities. See Control Panel
Data Sources (ODBC) tool, 107
DFS Management tool, 107
Event Viewer tool, 107
Failover Cluster Management tool, 107
File Server Resource Manager tool, 107
Initial Configuration Tasks console, 113-114
installing, 109-110
installing full tool set, 160-161
Net tools, 111-112
Network Policy Server tool, 108
overview of, 105-106
PowerShell, 112-113
Registry, effect of tools on, 248
Reliability And Performance Monitor, 108
Server Manager. See Server Manager console
Services tool, 108
Storage Explorer, 108
System console, 126-128
administrative shares, 553-555
Administrative Templates, Group Policy, 1235
Administrative Tools menu, 385-388
Administrator account
Accounts: Rename Administrator Account policy, 1248
defined, 1168
renaming, 1168
strong passwords recommended, 88
administrator applications, 295
administrator tokens
application integrity, assuring
defined, 247
administrators
domain, 1002
enterprise, 1002
forests, roles in, 1055
Administrators group
default logon rights assigned to, table of, 1181-1182
default privileges assigned to, table of, 1178-1181
roaming user profiles, adding to, 1197
ADMT (Active Directory Migration Tool), 1061
ADMX files, 1237-1238
Advanced Boot Options menu, 383
advantages of Windows Server 2008, 3-4
aliases, DNS, 797-798
Allowed RODC Password Replication group, 1159-1160
alternate IP addressing, 660, 663-665
AMD-V, 10
analysis of preexisting system for deployment planning
assessing servers and services, 39
disaster recovery, 43-44
hardware inventories, 39-40
licenses, 39
localization issues, 39
network administration review, 42-43
network infrastructure evaluation, 38
network management tools, assessing, 44
network map creation, 38
network services and applications identification, 40-41
project worksheets, 37
purpose of, 37
remote locations, 38
security infrastructure, 41-42
storage, 39
task in planning sequence, 29
answer files
purpose of, 70
specifying in Setup, 70
APIPA (Automatic Private IP Addressing)
troubleshooting, 676-677
use with DHCP, 665
Appearance And Personalization console, 120-122
application integrity
administrator applications, 295
administrator user tokens
Application Information service, 294
compliant applications, 294
integrity levels, 297
legacy applications, 294
overview, 294
run levels, 296-299
security settings related to, 299-301
standard user tokens, 294
UAC role in, 294
user applications, 295
Application log, 327
application servers
Application Server, 186
defined, 60
applications
high-availability guidelines for, 1309-1311
installing. See software installation
monitoring with Task Manager, 314
RemoteApps, making programs available as. See RemoteApps
run levels, security tokens for, 247
running on remote servers. See Terminal Services
settings, storage of, 247
startup problems from, 388
Terminal Services compatibility scripts, 942
Terminal Services, installing, 939-943
virtualization, security tokens for, 247
Applications and Services logs, 327-328
Apply Group Policy permission, 1259-1261
architecture of Windows Server 2008
boot environment, 13-14
DNS design, 762-765
kernel architecture, 11-13
Network Diagnostics Framework, 15-18
support architecture, 14-25
architecture, Active Directory. See Active Directory architecture
architecture, network
domain architecture, 50
team for planning, 31
archives
archive attribute, 1385
media rotation, 1386-1387
media types supported, 1387
atomic permissions, 575
attributes
Active Directory architecture object attributes, 998
file and folder, 567
multi-valued directory attributes, 1159
nonresident NTFS attributes, 504
OUs attributes, editing, 1135
Read Attributes special permission, 573
Read Extended Attributes special permission, 574
resident NTFS attributes, 503
Write Attributes special permission, file sharing, 574
auditing
file and folder access, 581-585
logging, DHCP, 727-729
printer access, 884
Registry access, 283-284
Security log, 327
systemic procedures for, 1319-1320
Terminal Services access, 964-966
Authenticated Users group
default logon rights assigned to, table of, 1181
default privileges assigned to, table of, 1178
authentication
Active Directory related mechanisms, list of, 989
computer accounts, troubleshooting, 1230-1231
cross-forest transitive trusts, 1030-1032
delegation overview, 1040-1041. See also delegating authentication
design overview, 1020
forwarded tickets, 1040
Kerberos for, 1023-1026
NTLM (NT LAN Manager), 1023-1024
outgoing trust authentication levels, 1038
proxy tickets, 1040
RODC process for, 1144-1145
security token generation, 1020-1022
session tickets, KDC server, 1025-1026
session tickets, Kerberos policy settings, 1173
Terminal Services, for, 937
trust paths, 1002-1003
trusts. See trusts
universal group membership caching, 1020-1022
authoritative restores of Active Directory, 1412-1414
Automatic Black Hole Router Detection, 631
Automatic Dead Gateway Retry, 631
Automatic Updates, 11
availability
99.9 percent uptime goal, 1309
application requirements for, 1310
checklist for application deployments, 1311
clustering servers to improve. See clusters, server
facilities design. See structures and facilities
failover capabilities. See failover clustering
fault tolerance for, 1312. See also fault tolerance
hardware deployment process, 1312
hardware planning checklists, 1313
hardware standardization for high availability, 1311-1312
hardware strategy for, 1311-1313
high, defined, 1309
highly available server deployment, 1321-1322
integrated testing of applications for, 1310
noncritical system goals, 1309
operational plan for. See operations management
power supply redundancy, 1314
predeployment planning checklist, 1322
redundancy, components for improving, 1312
server types, standardization by, 1312
spare parts, 1312
standardized components for system services, 1310
standardized deployment process, 1310
standby systems, 1312
B
backups
Active Directory backup procedure, 1409-1410
Active Directory requirements, 1110-1111
archive attribute, 1385
Back Up Files And Directories privilege, 1178
command-line tools for, 1387
configuring backup type, 1389
copy backups, 1385
daily backups, 1385
data considerations, 1382-1383
destination selection, 1398
DHCP backups, 1384
differential backups, 1385-1386
disaster preparedness procedures, 1373-1374
disaster preparedness, relation to, 1384. See also disaster planning
DNS backups, 1384
DVDs for, 1390
event logs for, 1400-1401
file server backups, 1384
group membership required for, 1388
Group Policy backups, 1278-1280, 1384
importance of, 1381
incremental backups, 1385-1386
installing Windows Server Backup, 1388
manual backups, 1396-1400
media rotation, 1386-1387
normal backups, 1385-1386
one-time backups, 1396-1400
optimal technique selection, 1383-1385
plans for, 1318-1319
print server, 912-913, 1384
programs for, 1384, 1388
recommended strategy for, 1383
recovering data. See recovery
Registries, 272
scheduling, 1391-1395
services, backup functions of, 1383-1384
Shadow Copy API advantages for, 1383
starting Windows Server Backup, 1388
storage location selection, 1390
strategy considerations, 1382-1383
strategy creation questions, 1381-1382
system file considerations, 1382-1383
volume specification for, 1390-1391
VSS for file servers, 1384. See also VSS (Volume Shadow Copy Service)
Wbadmin command, 1387, 1390
Windows Firewall settings for, 1390
Windows Server Backup feature, 190
Windows Server Backup overview, 1387
WINS backups, 1384
baselines for performance, establishing, 344
basic disks
compared with dynamic type, 428-430
conversions to and from dynamic type, 430-432
ESP partition type, 449-450
LDM partitions, 451-452
managing GPT partitions on, 449-452
managing MBR partitions, 434-448
MSR partitions, 450-451
OEM partitions, 452
primary partitions, 451
basic folder permissions, table of, 572
BCD (Boot Configuration Data) stores
boot sequence, temporarily changing, 404
commands, table of, 389-390
creating entries, 394-395
creating new, 393-394
Debugger Settings entries, 397
default operating system entry selection, 403
deleting entries, 395
deleting options, 395-396
DEP (Data Execution Prevention) options, 402
Editor, 388-390
EMS Settings entries, 396-397
entries in, 388
exporting, 394
guidelines for modifying, 390
GUIDs with, 392
Hypervisor Settings entries, 397
importing, 394
multiple operating systems with, 393
operating system display order, 402-403
options for boot application entries, 399
options for Windows OS Loader applications, 400-401
PAE mode options, 402
properties, table of, 391
purpose of, 382-383
registry for, 382
Resume from Hibernate entries, 396
sample listing, 390-391
setting entry values, 395
system BCD stores, 390
timeout default, setting, 404
viewing entries, 390-393, 396-397
well-known identifiers, 392
Windows Legacy OS Loader entries, 396
Windows Memory Tester entries, 396
BIOS (basic input/output system)
ACPI requirement, 379
entering during boots, 380
legacy boots, 382
BirthObjectIDs, 516
BirthVolumeIDs, 516
BitLocker Drive Encryption
boot file validation, 477
boot issues, 382
data volume encryption, 493-494
decrypting data volumes, 495
defined, 188
deploying, 478-480
disabling, 495
Drive Preparation Tool, 484-485
enabling encryption with PINs, 491
enabling encryption with startup keys, 488-491
FIPS, 481
installing, 485
keys for volumes, 481
listing encrypted volumes, 492
non-TPM operation of, 477-478
partitions for, 479-480, 482-485
password management, 492-493
performance issues, 477
PIN management, 492-493
PINs, role of, 491-492
planning for, 479
policy settings for, 480-481, 486-487
purpose of, 11, 477
readiness test, 485-486
recovering data, 494-495
Recovery mode, 477-478
recovery passwords, 487-488
remote administration issues, 478
setup steps, overview, 481-482
Startup Key Only mode, 478
startup keys, 488-491
system vs. data volume encryption, 481
TPM and PIN mode, 478
TPM and Startup Key mode, 478
TPM with, 468, 477-478
TPM-Only mode, 478
USB flash startup keys, 478
Windows Vista vs. Windows Server 2008 versions, 479
BITS (Background Intelligent Transfer Service) Server Extensions, 188
boot configuration
ACPI requirement, 379
Advanced Boot Options menu, 383
applications problems, 388
BCD stores. See BCD (Boot Configuration Data) stores
BIOS legacy boots, 382
BitLocker boots, 382
boot environment layer, 382-383
boot loader applications, list of, 388
boot sequence, temporarily changing, 404
CPUs, specifying number to use, 386
DEP (Data Execution Prevention) options, 402
desktop class system issues, 377
EFI legacy boots, 382
firmware boot settings, 381-382
firmware types, 379
firmware, entering during boots, 380
hardware capabilities, 379-382
memory, specifying amount to use, 386
msconfig.exe command, 385-388
No GUI boots, 386
overview, 13-14, 377
partition styles, 382
power settings in firmware, 380-381
power state management capabilities, 379-382
power state options, 379-380
Safe Boot modes, 386
SANs, booting from, 409-411
services problems, 387
Startup And Recovery dialog box, 384-385
startup control within boot environment, 382-383
startup issues compounded in 2008, 377
Startup Repair Tool, 1408-1409
System Configuration, 385-388
timeout default, setting, 404
TPM for boot file validation, 468
Windows Boot Loader, 383
Windows Boot Manager, 383
Windows Vista power state management, 378
boot partitions
defined, 77
mirrored boot volumes, 459-462
system partition allowed with, 429
BOOTP (Bootstrap Protocol), 685
bottlenecks
disk I/O, 360-362
memory, 356-358
network-based, 362-363
overview of, 356
bridgehead servers
configuring, 1298-1301
defined, 58
intersite replication with, 1089-1091
listing for sites, 1298
multiple, 1094-1095
preferred servers, 1299-1301
replication attribute options, 1305-1306
RODCs not allowed as, 1145
site links, relationship to, 1287
sites, role in, 1072
testing replication, 1305-1306
bridges, 639
broadcast IP addresses, 636-637
budget issues, 47-48
building phase of MSF (Microsoft Solutions Framework), 28
business requirements
Active Directory planning for, 1053-1054
goal assessment task for planning deployments, 34-35
organizational objectives, specifying, 45-46
system availability. See availability
business units as OUs (organizational units), 1066
Bypass Traverse Checking privilege, 1178
C
C$ type drive shares, 554
cabling, 1314
CALs (client access licenses)
CAL Installation Wizard, Terminal Services, 954-957
defined, 63
per-server vs. per-user options, 71
Terminal Services with, 925-927
CAPI2 (CryptoAPI version 2), 18
certificates
Certification Authority tool, 107
OCSP (Online Certificate Status Protocol), 18
change control procedures, 1317-1318
change journals, 514-515
change logs, 1317
change management planning process, 54
Change Permissions
file sharing, 564
file special permission, 575
printer permission, 880
Change The System Time privilege, 1179
Change The Time Zone privilege, 1179
Check Disk tool
bad sectors, marking, 540
command-line parameters, table of, 537-538
dirty, marking disks as, 537
FAT volumes, analyzing, 538-539
fixing errors with, 535-537
NTFS volumes, analyzing, 539-540
repairing volumes, 540
Self Healing NTFS alternative to, 520-521
syntax for, command line, 537
child domains, 653
child folders, 569
CIDR (classless interdomain routing)
nonclassful network nature of, 637
notation, 640-641
classes of networks
class A network subnets, 642-644
class B network subnets, 644-645
class C network subnets, 645-646
IDs for, 638-639
purpose of, 633-635
clean installations
Initial Configuration Tasks console, 87
installation step, 87
language selection, 86
product keys, 85-86
rolling back installations, 84
starting, 84
steps for, 84-88
updates during, 85
where to install to, choosing, 86-87
client access licenses. See CALs (client access licenses)
cluster-aware applications
failover clustering of, 1348
high-availability goals for, 1309-1310
redundancy role of clustered systems, 1312
service compatibility requirements, 1325
clusters, file system
FAT, 500
file system overview, 498-499
NTFS, 508
clusters, server
active nodes, 1327-1328
application software compatibility with. See cluster-aware applications
availability goal of, 1324
benefits of, 1324-1325
Cluster Administrator renamed, 1352
Cluster service, 1352-1353
failover function. See failover clustering
failures, causes of, 1324
farms, 1325
fault tolerance not provided by, 1324
high availability, 1323-1324
load balancing. See NLB (Network Load Balancing)
maximum number of nodes supported, 1326
multisite options, 1329-1330
nodes defined, 1323
operating modes, 1327-1328
operating system version differences for, 1326
organization of servers in, 1325-1326
packs, 1325-1326
passive nodes, 1327-1328
print drivers with, 846
purpose of, 1324
quorums, 1330
redundancy role of, 1312
reliability goals, 1324-1325
SANs using, 409-411
scalability goals, 1325
scalability limits, 1326
server clusters defined, 1323-1324
shadow copy issues, 595
three-tier structure for, 1326
CMAK (Connection Manager Administration Kit), 188
color printers
basics of, 851
profiles, configuring, 906-907
color scheme selection, 120-121
command-line utilities, list of, 110-111
Compact command, 523
compliant applications, 294
Compound TCP, 631
compressed (zipped) folders, 524-525
computer accounts
authentication issues, 1230-1231
Computer container, 1225
computer name, viewing, 1229
creating, 1225-1226
delegated authentication, 1042-1043, 1229
deleting, 1228
dial-in settings, 1230
disabling, 1228
Effective Permissions tool, 1188-1189
group membership configuration, 1229
group policies for. See Group Policy
joining computers to domains, 1226-1227
Managed By property, 1229
managing remotely, 1228
moving, 1227
properties, configuring, 1229-1230
remote install option, 1230
resetting passwords, 1228-1229
security options, advanced, 1230
troubleshooting, 1230-1231
user object canonical name, 1229
Computer Management console
components of, 115
Computer Management Services And Applications tools, 116
Computer Management Storage tools, 116
Computer Management System Tools, 115-116
creating shares with, 559-562
file sharing, 556
MMC nature of, 155
offline files configuration, 1207-1208
Computer Management console, continued
publishing shares, 563
remote device management, 221
shadow copy configuration, 593-596
share permission configuration, 565-566
TS Session Broker authorization, 946-947
computer names
Append Suffixes settings, 667-668
changing, 127
viewing, 117, 126
WINS for resolving, 654-655
conditional forwarding, DNS
benefits of, 754
configuring, 786-788
drawbacks of, 756
purpose of, 748
configuration tools. See administration tools
Configure A DNS Server Wizard, 773-783
configuring TCP/IP networking
alternate IP addressing, 660, 663-665
DNS configuration, 667-669
dynamic IP addressing, 660, 663-665
IP address configuration methods, 660-661
IP address information needed, 657-658
multiple gateway configuration, 665-666
overview of, 660
static IP address assignment, 660-663
WINS configuration, 669-671
configuring Windows Server 2008. See also specific configuration topics
desktop configuration, 142-143
menu customization. See menu system
overview of, 129
Quick Launch, 148-149
taskbar configuration, 143-148
toolbar optimization, 148-151
conflict detection of IP addresses, 734
consoles. See MMCs (Microsoft Management Consoles)
contact accounts, 1168
contingency allowances in planning projects, 48-49
Control Panel
Appearance And Personalization console, 120-122
color scheme selection, 120-121
Date and Time utility, 122-123
desktop background selection, 121
display settings for monitors, 122
Folder Options utility, 123-124
mouse pointer selection, 121
overview of utilities in, 106
Programs And Features page, 287-288
Regional and Language Options utility, 125
Registry, effect of tools on, 248
screen savers, 121
sound schemes, 121
themes, 121-122
Uninstall Or Change A Program utility, 273
views available, 119-120
copy backups, 1385
copying items, 135-136
core-server installation type, 80
counters
Active Directory counters, 1303-1304
adding to Performance Monitor, 349-350
alert configuration, 369-370
counter list, 352
data collector sets of. See data collector sets
default, 349
defined, 346-347
deleting, 350
disk I/O, 360-362
display of, 350
graphing of statistics for, 351
Histogram Bar view, 353
memory, 357-358
Memory\Available Bytes, 357
Memory\Commit Limit, 357
Memory\Committed Bytes, 357
Memory\Page Faults/Sec, 357
Memory\Pages Input/Sec, 357
Memory\Pages Output/Sec, 357
Memory\Pages/Sec, 357
Memory\Pool Nonpaged Bytes, 358
Memory\Pool Paged Bytes, 358
network, 362-363
Paging File\% Usage, 358
Paging File\% Usage Peak, 358
Paste Counter List button, Performance Monitor, 352
performance objects, table of common, 348-349
Physical Disk\% Disk Time, 358
Physical Disk\Avg Disk Queue Length, 358
Physical Disk\Avg Disk Sec/Transfer, 358
PhysicalDisk\ counters, 361-362
print server, 909-912
Processor\% Privileged Time, 360
Processor\% Processor Time, 360
Processor\% User Time, 360
Processor\Interrupts/Sec, 360
remote monitoring of, 354-355
Report view, 353
sample rates, 351
System\Processor Queue Length, 360
CPUs (central processing units)
Active Directory requirements for, 1108
bottlenecks, resolving, 359-360
counters for, 360
installation errors caused by, 98-99
Itanium. See Itanium-based servers
listing types of, 126
multiprocessor affinity issues, 359
performance statistics in Reliability And Performance Monitor, 345
performance statistics in Task Manager, 311-313
process usage of, 315
processor scheduling options, 304-305
requirements by edition, 72-73
specifying number to use, 386
WSRM (Windows System Resource Manager), 190
crash dump partitions, 77, 429
Create A Pagefile privilege, 1179
Create A Shared Folder Wizard, 560-562
Create Files/Write Data special permission, 574
Create Folders/Append Data special permission, 574
Create privileges, 1179
credentials, logon, 1195
cross-forest transitive trusts, 1030-1032, 1035
D
daily backups, 1385
DAS (direct-attached storage), 405-406
data collector sets
alert configuration, 369-370
capabilities of, 363
configuration sets, 364, 368
creating, 365-367
deleting, 365
performance counter sets, 364-367
purpose of, 343, 363
Reliability And Performance Monitor console for, 363-364
reports, viewing, 368-369
saving as templates, 364
startup event traces, 364
trace data sets, 364, 367-368
types of, 364
Data Execution Prevention (DEP) options, 402
data packets. See packets
Data Sources (ODBC) tool, 107
data streams, 512-513
database server failover clustering, 1349-1351
Datacenter edition, Windows Server 2008
features of, 6
hardware requirements for installations, 72-73
selection criteria, 62-63
Date And Time utility, 122-123
day-to-day operations. See operations management
Dcgpofix utility, 1282
Dcpromo command, 1112, 1114, 1129
Debug Programs privilege, 1179
Default Domain Controllers Policy GPO
purpose of, 1235
restoring defaults, 1282
Default Domain Policy GPO
purpose of, 1235
restoring defaults, 1282
defragmenting drives
configuring automated, 541-542
Disk Defragmenter for, 543-544
fragmentation analysis, 545-546
fragmentation process, 541
shadow copy issues
delegating authentication
account option for, 1192
configuring, 1041-1043
purpose of, 1040
ticket models for, 1040
delegating management tasks
defined, 1249
delegating Group Policy management privileges, 1252-1253
delegating privileges for links and RSoP, 1253
GPO creation rights, 1249-1250
reviewing Group Policy management privileges, 1250-1252
Delete special permission, 574
Delete Subfolders And Files special permission, 574
deleting user accounts, 1210-1211
Denied RODC Password Replication group, 1159-1160
DEP (Data Execution Prevention) options, 402
department based groups, 1217
deployments of applications
checklist for, 1311
standardized deployment process for high availability, 1310
deployments of hardware
highly available server deployment, 1321-1322
standard process checklist, 1312
deployments of Windows Server 2008
MSF deployment phase, 28
planning. See planning deployments
designing new networks
domain architecture, 50
network operations issues, 50-51
overall objectives for, 50
place in overall design plan, 30
security requirements, 51
Desktop Experience
defined, 12-13
purpose of, 188
recommended, 129
Software Explorer, 288
Desktop toolbar, 150
desktops, configuring, 142-143
development teams, 32
Device Manager
conflicting devices, 240-243
driver installation steps, 230-232
drivers, viewing information about, 224
Enable Device command, 225
removing drivers, 234
Resources tabs for drivers, 227-228
rolling back drivers, 233
shortcut menu options, 220
troubleshooting with, 237-243
types of devices displayed, options for, 221
viewing devices with, 219-220
warning symbols, 220
devices. See also hardware
drivers for. See drivers
installing, 215-221
DFS (Distributed File System)
architecture of, 1081-1082
clustering with, 1363
DFS command-line tools, 409
DFS management tool, 107
Dfscmd tool, 409
Dfsdiag tool, 409
metatdata of, 1080
Namespaces, 415, 417-418
optimizing File Services with, 415
purpose of, 408
Replication, 415
Replication log, 328
sites, Active Directory, effects on, 1073-1074
Sysvol replication, 1077-1082
DHCP (Dynamic Host Configuration Protocol). See also DHCP console
Active Directory authorization for, 689, 701
Active Directory, setting up with, 696, 698
APIPA, 665, 676-677
audit logging, 727-729
autoconfiguration routine, 687-688
availability, 693-695
backups of, 1384
client broadcasts, 689-690
clients per server guideline, 686
clustering with, 1363
configuring network addresses, 663-665
conflict detection with, 734
conflicting addresses, troubleshooting, 677
console. See DHCP console
database management, 735-737
defined, 685
DHCP Server, 186
DHCPv6 capable clients, 632, 687-688
DHCPv6 stateless mode, 698
Discover messages, 689-690
DNS configuration with, 667, 686, 697, 730, 757
domain controller collocation issue, 689
dynamic addressing, 660
dynamic clients, 685
dynamic DNS with, 759-760
exclusions, 686, 709, 712-713
failover, 693-695
fault tolerance, 693-695
installing DHCP Server service, 697-700
IPCONFIG command for lease control, 680
IPv4 autoconfiguration, 687
IPv4 messages and relay agents, 689-691
IPv6 autoconfiguration, 687-688
IPv6 messages and relay agents, 691-693
lease audits, 728
lease broadcast process, 689-693
lease databases, 685
lease date stamps, viewing, 673
lease duration specification, 705-706
lease renewal process, 679-680
leases defined, 660
limited broadcasts, 637
M and O flags, 691-693
management console. See DHCP console
message mechanics, 689-693
multiple gateway configuration, 665
NAP integration, 731-733
Netsh DHCP command, 700
NICs, binding to server's, 729
normal scope creation, 702-710
number of clients per server, 696
Offer messages, 689-690
planning issues, 60, 689-695
relay agents, 691-693, 737-742
renewing leases, 690-691
Request messages, 689-690
reservations, 686, 713-716, 718
restoring data, 737
Routing and Remote Access Services setup, 737-739
RRAS integration, 686-687
saving configurations of, 734-735
saving data, 737
scopes. See scopes for IP addresses
security issues, 688-689
server selection guidelines, 689, 696
servers, reservations recommended for, 686
setting up servers, overview of, 696-697
sites, requirements for, 1073
standby servers, 696
startup sequence for clients, 687
TCP/IP option configuration. See TCP/IP options under DHCP
troubleshooting, 679-680
user-defined classes, 724-726
WINS settings, 697
wireless network security issues, 689
workgroup setup with, 697
DHCP console
activation of scopes, 716
domain name specification, 706
exclusions, 712-713
lease duration specification, 705-706
normal IPv6 scope configuration, 708-710
reservation management, 713-716
router address specification, 706
scope creation, 702-705
starting, 699
WINS server specification, 707
DHCPv6. See also DHCP (Dynamic Host Configuration Protocol)
clients, 632, 687-688
stateless mode, 698
diagnostics
key areas, table of, 20-21
Network Diagnostics Framework, 15-18
overview of, 14-15
startups, diagnostic, 385-388
WDI (Windows Diagnostics Infrastructure), 19-25
dial-in settings for computer accounts, 1230
differential backups, 1385-1386
direct-attached storage. See DAS (direct-attached storage)
directory. See Active Directory
directory partitions. See partitions, directory
Directory Replicator remote access to Registry requirement, 282
directory service (Ntdsa.dll)
Active Directory with, 992-993
defined, 990
names of objects, 992
replication, role in, 993
schemas, 993
SIDs, reading, 993
Directory Services log, 328
Directory Systems Agent. See DSA (Directory Systems Agent)
directory trees. See trees, Active Directory
disabling user accounts, 1193, 1195, 1211
disaster planning
availability issues. See availability
backup plans for data, 1370
backup procedures, 1373-1374
backups, coordinating with, 1384
emergency response teams, 1371
escalation procedures, 1372-1373
fault tolerance, 1370
identification of essential systems, 1369-1370
incident response teams, 1371
Microsoft Product Support, 1375-1376
notification procedures, 1372
On Screen Keyboard, 1377
overview of, 1369
physical security, 1370
post-action reporting, 1373
power protection plan, 1370-1371
preparedness procedures list, 1373
priorities systems, 1373
problem resolution policy documents, 1371-1373
recovery issues, 43-44, 1370
Rollback wizard, 1378
servers, types of essential, 1369
staff key data, 1372
Startup Repair, 1374-1375
UPS (uninterruptible power supplies), 1370-1371
vendor key data, 1372
Disk Defragmenter, 541-546. See also defragmenting drives
disk drives. See hard disk drives; storage
disk I/O subsystem, 497
Disk Management snap-in
adding new disks, 423-424
bad sectors, marking, 438
Check Disk, starting, 536
command-line counterpart. See DiskPart tool
converting basic to dynamic disks, 431-432
converting dynamic to basic disks, 432
encrypted BitLocker volumes, 492
extending volumes, 443-446
moving dynamic disks, 456-457
purpose of, 419-420
quotas, setting, 529-532
rescanning disks, 455-456
shrinking partitions with, 446-447
spanned volume creation, 453-454
views available, 421
volume creation, 435-439
disk mirroring. See mirrored volumes
disk quotas. See quota management
disk striping. See striped volumes
DiskPart tool
converting disk types, 432
defined, 409, 421
extending volumes, 445-446
DiskPart tool, continued
invoking, 421
listing devices with, 422
sample session, 422
selecting devices, 422
shrinking partitions with, 447
Distributed File System. See DFS (Distributed File System)
distribution groups, 1216
DLT (Distributed Link Tracking) Client, 516-517
DNs (distinguished names)
defined, 1003-1004
searching, 1010-1011
DNS (Domain Name System)
A records, 794-797
AAAA records, 794-797
Active Directory requirements, 1109-1110
Add Roles Wizard for installing services, 771
aging configuration, 807-808, 818
aliases, 797-798
appending computer names settings, 667-668
application directory partitions, configuring, 804-806
architecture for, 762-765
automatic record creation, 794
backups of, 1384
cache management, 813
canonical names, 748
client TCP/IP configuration checks, 810-811
client/server nature of, 743
CNAME records, 797-798
conditional forwarding, 748, 754, 756, 786-788
configuration flags, table of, 816-818
Configure A DNS Server Wizard, 773-783
configuring settings, 667-669
database for, 746
defined, 743
destination caches, 683
DHCP-based configuration, 667, 686, 697, 730, 757
DNS console, 771-772
DNS names for domains, setting, 768
Dnscmd /Info command, 813-814
Dnscmd /Statistics command, 818-819
Dnscmd command, 772
DNSSEC (DNS Security), 757-758
domain names, 653-654
dynamic updates, 668, 759-760, 776, 781-782, 819
event logging, 808-809
external name resolution security, 760-761
external resource requests, 747-748
forward lookup queries, 743
forward lookup zone creation, 774-781, 783-785
forwarders, 777-778, 782-783, 786-788, 818
global name deployment, 803-804
host addresses, 748
host names, 653
inappropriate associations, 757
installing DNS Server service with Active Directory, 767-771
installing DNS Server service without Active Directory, 771-773
IPv6 addresses for servers, 681, 756-757
ISP zone maintenance, 776
LLMNR with, 655-656
log configuration, 808-809
lookups, troubleshooting with, 812
mail exchange addresses, 749
main components of, 746
MX (Mail Exchanger) records, 798-799
name resolution in, 654, 746-748
name server resource records, 749
namespace, Active Directory planning, 54-55
namespaces, 744-746
NS records, 794, 799-800
parameters, server configuration, table of, 815-818
planning deployments of, 40, 59
planning overview, 744
pointer resource records, 749
preferred DNS server IP addresses, 773
primary DNS servers, 750-751, 771
primary zone creation, 775
private namespace, 746
PTR records, 794-797
purpose of, 652
query and reply, basic, 746-747
query security issues, 757-758
query statistics, 818-819
query types, 743
record change propagation, 795
recursion, 778, 786-788
registering clients, 809
replication scope, 780, 782
replication, troubleshooting, 813
resolver caches, 681-683, 811
resource records, 748-749, 794-802
restart issues, 754-755
reverse lookup queries, 743-744
reverse lookup zone creation, 781-782, 785-786
reverse lookup zones, 774
RODCs with, 1143, 1149
root hints files, 760-761, 778
roots name servers, 760-761
roots, namespace, 745
round-robin load balancing, 797, 1331
scavenging, 807-808
secondary DNS servers, 750
secondary notification configuration, 793-794
secondary zone creation, 775
secondary zone setup, 770-771
secure dynamic updates, 759-760
separate-name design, 763-765
server order, setting, 667
server TCP/IP configuration checks, 812-813
service location resource records, 749
sites, requirements for, 1073
small network configuration, 774-778
SOA records, 794, 800
split-brain design, 762-763
SRV records, 794, 801-802
start-of-authority resource records, 749
static, single label name configuration, 803-804
subdomain configuration, 788-791
testing, 682
top-level domains, 745-746
troubleshooting, 680-683
troubleshooting client services, 809-812
troubleshooting server services, 800-821
TTL values, 682
viewing server configuration, 813-819
WINS lookups using, 839
zone transfers, 791-793
zones, 749-757
DNS Server. See also DNS (Domain Name System)
defined, 186
log, 328
documentation, importance of, 1317
domain administrators, 1002
domain controllers
authoritative restores of Active Directory, 1412-1414
backup media, creating from, 1127-1128
backup requirements, 1110-1111
change journals, 514
configuration containers in a forest, 1055
creating domain controllers for existing domains, 1114-1122
Default Domain Controllers Policy GPO, 1235, 1247-1249
delegation of administrative rights, 1136-1139
deleting, 1129-1133
designing systems of. See Active Directory system design
DHCP server collocation issue, 689
domain architecture design, 50
failed, removing references to, 1415-1416
global catalog access, 1011-1013
global catalog servers, 1006
hardware guidelines, 1108-1109
IP addresses, 1109
local account issues, 1113-1114
moving out of Domain Controllers OU, danger of, 1249
NETLOGON share, 555
nonauthoritative restores of Active Directory, 1411-1412
operations master. See operations masters
OS support issues, 1016-1018
OUs created within, 1133
partitions, 1005
planning issues, 58-59
privileges required for creating, 1112-1113
read-only. See RODCs (read-only domain controllers)
recovery strategies for, 1409-1410
replication issues. See replication
replication scope, 1008
replication topology based on number of, 1092
restoring failed with new, 1415-1416
restoring Sysvol data, 1414-1415
sites, associating with, 1286-1287
sites, locating in separate, advantages of, 1075
subdomain, DNS configuration for, 788-791
SYSVOL$ shares, 555
trust paths, 1002-1003
domain functional levels
operations masters, 57
planning for, 55-57
purpose of, 1016
RODC level requirements, 1148
Sysvol replication, 1077-1082
table of, 1017
Windows 2000 native mode, 1017
Windows 2008 mode, 1018
Windows Server 2003 mode, 1017-1018
domain local groups
defined, 1217
local domain processing requirement, 1218
member inclusion rules, 1218
nesting limitations, 1218
permissions rules, 1218
reasons for using, 1218-1219
domain names
child domains, 653
defined, 653
fully qualified, 654
obtaining, 653
parent domains, 653
resolving. See name resolution services
top-level domains, 653
domain naming master role, 1044-1046, 1048
Domain Rename utility, 1061-1062
domain trees, 1053. See also trees, Active Directory
domain trusts
configuring, 1035
planning for, 55
domain user accounts
Administrator. See Administrator account
backing up passwords, 1214-1215
built-in capabilities of, 1178
cached credentials, 1195
consistency requirement, 1169
creating, 1184-1187
default user accounts, 1168
defined, 1167
deleting, 1210-1211
disabling, 1191, 1193, 1195, 1211
Effective Permissions tool, 1188-1189
enabling, 1211
enabling disabled, 1195
expiration options for, 1192
folder redirection, 1203-1207
group memberships of, 1177-1178
Home Folder, 1194
inheritance effects, 1188
Kerberos options, 1192
Kerberos policy settings, 1173
lockout policy, 1172, 1195
logon rights of, 1178
maintenance overview, 1210
moving, 1211
multiple users, selecting, 1211
naming accounts, 1168
options, managing, 1189-1192
password policy enforcement, 1170-1171
Password Settings containers, 1169
permissions of, 1178
policy configuration, 1169-1170
privileges of, 1178
profile settings, 1193-1194
properties, viewing and setting, 1187-1188
renaming, 1211-1212
resetting passwords, 1212-1213
security descriptors of, 1188
SIDs (security identifiers) of, 1210
smart cards, requiring, 1192
top-level account policies, 1169
troubleshooting, 1195
unlocking, 1213-1214
user profiles. See user profiles
DomainIDs, 516
domains, Active Directory
assigning user rights for, 1182-1183
changing designs for, 1061-1062
creating new domains in new forests, 1122-1125
creating new domains or trees in existing forests, 1125-1126
creation in Active Directory, 1005
defined for Active Directory, 999, 1053
delegation of administrative rights, 1136-1139
deleting, 1129-1133
design considerations, 1059
domain functional level, 1016-1018
domain security policies, 1059
enforcing inheritance, 1258-1259
forests, relationship to, 1054-1055
group policies created with, 1235
group policies of. See Group Policy
group policy inheritance order, 1254
joining computer accounts to, 1226-1227
language standardization within, 1059
membership options, 83
OUs in. See OUs (organizational units)
planning overview, 1058-1059
policies on, 1059
privileges required for installing, 1112-1113
raising functional levels, 1019-1020
renaming, 1061-1062
replication considerations, 1059
resource access issues, 1059
root domains, 1000
servers for. See domain controllers
single vs. multiple, design considerations, 1060-1061
sites, relationship to, 1071
task delegation, 1138-1139
top-level domains, 653
trees. See trees, Active Directory
trusted and trusting, 1001-1002
DoS attacks, DHCP vulnerability to, 688
drive letters
assigning, 436
configuring, 440-442
enumeration of, 435
drivers
adding print drivers, 888
base installation library of, 222
bugginess of, 211
Code Signing For Device Drivers policy, 224
detection of missing, automatic, 215
disabling, 236-237
improvements in, 19
installation steps, 230-232
installation wizards, 229-230
installing available updates, 215-216
kernel mode, 845
loading disk drivers during installation, 94-95
maintaining lists of, 228
manifest files, 222
Microsoft Universal Printer Driver, 846
network adapters, Advanced settings for, 227
new device installation, 216-219
non-Plug and Play, adding, 235-236
Plug and Play installation process, 216-219
policies for updates, 230
PostScript, 846
printer, 844-846, 887-889
printer, client-side, 894-895
purpose of, 215, 222
Registry, interactions with, 222
remote management of, 221
removing, 234
removing print drivers, 889
resource settings for, 227-228
restricting installation using group policy, 232-233
rolling back, 233
Setup Information files, 222
signed, 223
troubleshooting, 237-243
Unidrv, 846
uninstalling, 236-237
unsigned, 223-224
Update Driver settings, 128
update settings for, 215
updating, 219
user mode, 845
version issues, 229
viewing information about, 224
DSA (Directory Systems Agent), 992-993
dsadd group command, 1221
dsadd user command, 1186
dsget group command, 1221
DSM (Device Specific Module), 411
Dsmgmt command, 1165
dsmod group command, 1221
dsquery user -disabled command, 1195
dump files, 1380
dust and air quality, 1314
dynamic disks
converting to and from basic disks, 430-432
drive section types, 429
extending partitions, 445-446
limitations of, 430
moving, 456-457
purpose of, 428
shrinking partitions, 446-447
spanned volumes, 452-454
types of volumes allowed, 452
dynamic DNS, 759-760
dynamic IP addressing. See also DHCP (Dynamic Host Configuration Protocol)
configuring, 663-665
conflicting addresses, troubleshooting, 677
dynamic clients, 685
temporary vs. nontemporary IPv6, 709
dynamic updates, DNS, 668, 759-760, 776, 781-782, 819
E
earthquakes, 1315
editions of Windows Server 2008
Datacenter, 6
determining which to use, 61-63
Enterprise, 6
hardware requirements, table of, 72-73
for Itanium-Based Systems, 8
list of, 5
selection criteria, 61-63
Standard, 5
Web Server, 6-7
effective permissions
determining, 578-579
Effective Permissions tool, 578-579, 1188-1189
EFI (Extensible Firmware Interface)
ACPI requirement, 379
boot maintenance manager of, 78
creating new BCD store, 393-394
entering during boots, 380
installing Windows Server 2008 on Itanium systems, 78-79
EFS (Encrypting File System)
EFSInfo utility, 1114
evading, 477
purpose of, 467
vulnerability of, 467
EIST (Enhanced Intel SpeedStep Technology), 381
elevation
administrator applications requirement for, 295
color coding of prompts for, 297-298
defined, 290
security settings related to, 299-301
software installation, required for, 285
distribution groups, 1216
SMTP (Simple Mail Transfer Protocol) Server, 189
emergencies. See also disaster planning
data recovery plans, 1318-1319
emergency response teams, 1371
problem-escalation procedures, 1319
EMF (enhanced metafile format)
printing process with, 842-843
purpose of, 842-843
server hardware requirements, 847
Unidrv support for, 846
EMS (Emergency Management Services), 70-71
Enable User And Computer Accounts To Be Trusted For Delegation privilege, 1179
encryption
drive. See BitLocker Drive Encryption
Encrypting File System. See EFS (Encrypting File System)
remote desktop use of, 613
Terminal Services, 924, 959
Enforce Password History setting, 1170-1171
Enhanced Intel SpeedStep Technology (EIST), 381
enhanced metafile format. See EMF (enhanced metafile format)
enterprise administrators, 1002
Enterprise edition, Windows Server 2008
hardware requirements for installations, 72-73
purpose of, 6
selection criteria, 61-62
TS Session Broker, required for, 944
Enterprise Read-Only Domain Controller group, 1159
environment variables, 1194
envisioning phase of MSF (Microsoft Solutions Framework), 28
error messages, hardware, table of, 238-240
eSATA, 213
ESE (Extensible Storage Engine)
operations of, 993-995
Utility, 997
ESP partition type, 449-450
Event Viewer
archiving logs, 337-338
Computer field, 332
defined, 107
entries in, 330-332
event levels, 330
filtered views, 334-337
Help features, 332
Properties dialog boxes for events, 332
remote systems, viewing, 333
searching logs, 334
sorting logs, 334
starting, 329
subscription creation, 341-342
User field, 331
views available, 329-330
events
Application log, 327
Applications and Services logs, 327-328
archiving logs, 337-338
backups, tracking, 1400-1401
configuring logs, 329
defined, 326
DFS Replication log, 328
Directory Services log, 328
DNS Server log, 328, 808-809
Event Log service, 327
File Replication Service log, 328
filtered views of, 334-337
Forwarded Events log, 327
forwarding to logging servers, 341-342
Hardware Events log, 328
logging servers, enabling, 341-342
Microsoft\Windows logs, 328
network load balancing events, 1344
of remote systems, viewing, 333
PowerShell for tracking, 338-341
searching logs for, 334
Security log, 327
Setup log, 327
sizing of logs, 328-329
sorting within logs, 334
subscriptions, 341-342
System log, 327
viewing. See Event Viewer
Windows logs, 327
Exchange Server 2007, 1014
exclusions for IP addresses, 686, 709, 712-713
Execute File special permission, 573
exFAT, 434
expiration options for accounts, 1192
explicit trusts, 1028-1029
Explorer, Network. See Network Explorer
Explorer, Windows. See Windows Explorer
Extensible Storage Engine. See ESE (Extensible Storage Engine)
extension components of MMCs, 155-156
external trusts, 1003
F
facilities for servers. See structures and facilities
failover clustering
Active Directory configuration for, 1351
active node mode, 1327-1328, 1345
adding nodes to clusters, 1360
availability planning, 1364
cluadmin command, 1356
Cluster Administrator renamed, 1352
cluster databases, 1354
Cluster Disk Driver, 1353
Cluster Network Driver, 1352-1353
cluster objects, 1352-1353
Cluster service, 1352-1353, 1365
cluster-unaware applications with, 1348-1349
cluster-aware applications, 1348
configuration options, 1345-1347
controlling nodes, 1365
creating clusters, 1356-1360
database server requirements, 1349-1351
DFS namespace server with, 1363
DHCP Server with, 1363
failback policy settings, 1366
Failed state, 1355-1356
Failover Cluster Management tool, 107, 1352
failover policy settings, 1365-1366
File Server with, 1363
Generic Application resource type, 1363
Generic Script resource type, 1363
hardware optimization for, 1349-1351
heartbeats, 1353
high-availability configuration for services and applications, 1364-1365
host name, setting for, 1359
installing, 1345
iSCSI with, 1350-1351
majority node clusters, 1346
Microsoft Cluster service, 1345
multinode clusters, 1346
network adapter interface states, 1355
network adapters for, 1350
network optimization for, 1351-1352
network settings, modifying, 1361
network states, 1355-1356
nodes, maximum number of, 1345
paging files, 1349
passive node mode, 1327-1328
print servers with, 1363, 1367
purpose of, 188, 1323
quorum resources, 1354
quorum settings, 1362
RAID configurations, 1349-1350
resources of, 1347-1349
resources specification, 1363-1365
SAN optimization for, 1351-1352
shared folder creation, 1366
single node clusters, 1345
sites, multiple physical, 1329-1330
SQL Server requirements, 1349
storage devices for, 1345, 1351
storage tests, 1357
storage, adding to clusters, 1361
support applications of clustered services, 1364
types of clusters, basic, 1345
Unavailable state, 1355-1356
Up state, 1356
validation tests, 1356-1358
Web server requirements, 1349-1351
Windows Server 2008 compatibility, 1350
Windows services with, 1363
WINS with, 1363
failover, DHCP service, 693-695
farms
farm names in Terminal Services, 949
organization of servers in, 1325-1326
FAT (file allocation table) file system
capabilities of, 500-501
Check Disk, analyzing volumes with, 538-539
clusters, 498-500
converting to NTFS, 432-433
data storage calculations, 501-502
data streams not supported, 513
disadvantages of, 500-501
file allocation table structure, 499-500
formatting drives as, 437-439
integrity of files, 535
mounting volumes, 502
overview of, 499
structure of, 499-500
versions of, 498
volume size issues, 501-502
fault tolerance
DHCP, 693-695
disaster planning, for, 1370
high availability, contribution to, 1312
RAID 5, 462-463
faxing
Fax Server, 186
FAX$ shares, 554
features
Add Features Wizard, starting, 114
adding, 199
component names for, 204-207
defined, 185
removing, 199-200
table of, 188-190
federated forest design, 1030-1032
Fibre Channel. See also SANs (storage area networks)
arbitrated loop not supported, 410
defined, 406
file associations, Registry, 258-259
File Replication Service. See FRS (File Replication Service)
File Server Resource Manager. See FSRM (File Server Resource Manager)
file servers
backups, 1384
File Server, failover clustering of, 1363
services. See File Services
File Services
adding role to servers, 416-419
defined, 187
DFS with, 415, 417-418
disk quota management, 415
FRS, 416
File Services, continued
FSRM with, 415, 418
Multipath I/O with, 416
NFS with, 416
planning for, 60
report generation, 415
screening policies, 415
search services with, 416, 419
Share And Storage Management, 415
UNIX interoperability, 417
file sharing
access permissions for, 571-578
adding user or group permissions, 566
ADMIN$ shares, 554
administrative access to, 555-556
administrative shares, 553-555
Administrators Have Full Access, Other Users Have No Access permissions, 562
Administrators Have Full Access, Other Users Have Read-Only Access permissions, 561
All Users Have Read-Only Access permissions, 561
Apply Onto options, 577-578
attributes of files and folders, 567
auditing access, 581-585
basic folder permissions, table of, 572
basic permissions, setting, 572-573
C$ type drive shares, 554
Change permissions, 564
Change Permissions special permission, 575
changing share permissions, 558-559
clearing inherited permissions, 569-570
combining special permissions for basic permissions, 575-576
Computer Management for, 556
Computer Management for share permission configuration, 565-566
configuration for, accessing, 549
configuration login script for, 581
Create A Shared Folder Wizard, 560-562
Create Files/Write Data special permission, 574
Create Folders/Append Data special permission, 574
creating shares with Computer Management, 559-562
creating shares with Windows Explorer, 556-559
Custom Permissions option, 562
default shares, 553-555
defined, 547
Delete special permission, 574
Delete Subfolders And Files special permission, 574
denying permissions, 565-566
descriptions of shares, entering, 561
effective permissions, determining, 578-579
Execute File special permission, 573
FAX$ shares, 554
file permission management overview, 567
finding shared folders, 552
folder path, selecting for folder to share, 560
folder permission management overview, 567
Full Control permissions, 564, 572
group permissions, 564-565
hidden shares, 553
inheritance of permissions, 569-570
IPC$ share, 554
List Folder Contents permission, 572
List Folder special permission, 573
listing shares, 579-580
management overview, 563-564
mapping share folders as network drives, 550-551
membership required for creating shares, 556
model options for, 547
Modify permission, 572
multiple shares on one folder, 558
Net Share command-line tool, 556, 579-581
NETLOGON share, 555
Network Discover required, 551
Network Explorer for viewing, 551
ownership of files and folders, 567-568
permissions options, 561-562
permissions types, 564
PRINT$ shares, 555
public file sharing, 548
Public folder, configuring, 549-550
PUBLIC shares, 555
publishing share information, 552
publishing shares, 563
Read & Execute permission, 572
Read Attributes special permission, 573
Read Data special permission, 573
Read Extended Attributes special permission, 574
Read permissions, 564, 572
Read Permissions special permission, 575
remote computers, administration, 556
removing users or groups for permissions, 577
resetting permissions, 570-571
security logs for, viewing, 585
security, importance to choosing sharing model, 548
Server service required for, 547
setting special permissions for files and folders, 576-577
shadow copies of shared folders. See shadow copies
share details, viewing, 580
share names, 558, 560
share permissions, 563-566
shrpubw command, 560
special permissions, 573-578
special shares, 553-555
specifying files and folders for auditing, 582-584
standard file sharing, 547
standard file sharing, configuring, 549
stop sharing, 558
SYSVOL$ shares, 555
Take Ownership special permission, 575
transferring ownership, 568
Traverse Folder special permission, 573
troubleshooting, 579-581
UNC paths to shares, 551
users and groups, selecting for, 556-558
viewing permissions for files and folders, 571
viewing share permissions, 565
Windows Explorer for, 556
Write Attributes special permission, 574
Write permission, 572
file synchronization, 1209-1210
file systems. See also storage
bad sectors, marking, 540
Check Disk tool for fixing errors, 535-538
clusters, 498-499
compression. See file-based compression
defragmenting, 541-546
dirty, marking disks as, 537
error creation, 535
FAT. See FAT (file allocation table) file system
Folder Options utility, 123-124
FSutil tool, 409
NTFS. See NTFS
quotas. See quota management
sectors, 497-498
structure overview, 497-499
type and features, viewing, 502
file type associations, Registry, 258-259
file-based compression
NTFS, 521-523
zipped folders, 524-525
FIPS (Federal Information Processing Standard)
BitLocker with, 481
purpose of, 924
fire suppression systems, 1315
firewalls
backup exceptions, 1390
network troubleshooting issues, 679
Remote Desktop for Administration with, 610
Windows Firewall, 13
FireWire (IEEE 1394), 213-214
firmware
ACPI requirement, 379
entering during boots, 380
installation problems caused by, 100
interfaces, 13-14
TPM compliance, 469
folders
access permissions for, 571-578
attributes of, 567
auditing file and folder access, 581-585
basic folder permissions, setting, 572-573
basic folder permissions, table of, 572
child, 569
compressed (zipped), 524-525
Delete special permission, 574
Folder Options utility, 123-124
folder redirection, 1203-1210
Home Folder, user accounts, 1194
junction points, 1080
ownership of, 567-568
parent, 569
permission management overview, 567
Public folder, 548
shadow copies of shared folders. See shadow copies
shared folders on clustered file servers, 1366
sharing. See file sharing
Force A Shutdown Of A Remote System privilege, 1179
forest functional levels
design considerations, 1018-1020
operations masters, 57
planning for, 55-57
raising, 1019-1020
RODC level requirements, 1148
setting, 1123-1124
table of, 1018
forest trusts
architecture of, 1030-1032
configuring, 1035
trust configurations, 1055
forests, Active Directory
administration of, 1057-1058
administrator roles in, 1055
configuration containers, 1055
creating new domains in new forests, 1122-1125
creating new domains or trees in existing forests, 1125-1126
cross-forest transitive trusts, 1030-1032
dedicated roots, 1061
defined, 1053
domains, relationship to, 1054-1055
empty roots, 1061
enforcing inheritance, 1258-1259
forest root domains, 1054-1055, 1062
functional levels. See forest functional levels
global catalogs in, 1055
Group Policy Management Console (GPMC) with, 1243
merging, 1057
forests, Active Directory, continued
namespaces of, 1054-1055
non-dedicated roots, 1061
planning overview, 1054
privileges required for installing first domain controller, 1112
renaming domains in, 1061-1062
replication, 1008
replication issues, 1057
shortcut trusts, 1028-1029
single vs. multiple, 1056
structure of, 1000-1001
trusts. See forest trusts
Forgotten Password Wizard, 1214
formatting partitions, 437-440
forms, printer, 885-886
forward lookups, DNS
conditional. See conditional forwarding, DNS
forwarders, 777-778, 782-783, 786-788, 818
queries, 743
zone creation, 774-781, 783-785
Forwarded Events log, 327
forwarded tickets, 1040
FQDNs (fully qualified domain names), 654
fragmented drives. See defragmenting drives
frequently used programs list, 133, 137-140
FRS (File Replication Service)
backward compatibility provided by, 416
defined, 408
File Replication Service log, 328
object identifiers, 516-517
Sysvol replication, 1077-1082
FSMO (flexible single-master operations) role, 1044
FSRM (File Server Resource Manager)
capabilities of, 415
configuring, 418
defined, 107
FSutil FSinfo command, 508-510
FSutil tool, 409
Full Control permissions, file sharing, 564, 572
full-server installation type, 81
functional levels, Active Directory. See domain functional levels; forest functional levels
G
gateways
Automatic Dead Gateway Retry, 631
Default Gateways panel, 666
IPv4 addresses for, 639
metric, 665-666
multiple, configuration of, 665-666
GDI (Graphics Device Interface), 844
Generate Security Audits privilege, 1179
geographic model for OUs, 1067
global catalog servers
attribute management, 1014-1016
defined, 58
design considerations, 1011-1012
designating, 1012-1013
forests, in, 1055
partition replication, 1095
place of, 1006
removing, warning about, 1130
RODC requirements for, 1148
sites, requirements for, 1073, 1105
universal group storage, 1218
global groups
defined, 1217
member inclusion rules, 1218
nesting limitations, 1218
permissions, 1218
reasons for using, 1219
security data structures, inclusion in, 1218
globally unique identifiers. See GUIDs (globally unique identifiers)
goal assessment task for planning deployments
business perspectives, 34-35
defined, 29
documentation, 34
IT goal identification, 35
IT-business interaction issues, 36
predicting changes, 36-37
scope of, 33
governing phase of MSF (Microsoft Solutions Framework), 28
GPMC (Group Policy Management Console). See Group Policy Management Console (GPMC)
GPOs (Group Policy objects)
Account Policies, editing with default GPOs, 1247-1249
Administrative Templates, 1237-1238
ADMX files, 1237-1238
Apply Group Policy permission, 1259-1261
applying to all members of a group, 1260
applying to no members of a group, 1260
backing up, 1278-1280
blocking inheritance from, 1257-1258
configuring user policies, 1169-1170
creation rights management, 1249-1250
Default Domain Controllers Policy GPO, 1235, 1247-1249
Default Domain Policy GPO, 1235, 1247-1249
default policy restoration, 1282
default, working with, 1247-1249
deleting, 1247
deleting links to, 1247
Edit Settings permissions, 1251-1252
Edit Settings, Delete, Modify Security permissions, 1252
editing GPOs, 1245
enforcing inheritance, 1258-1259
filtering policy application, 1259-1261
folder redirection, 1203-1207
Group Policy Starter GPO Editor, 1239
indeterminate as to applying to group membership, 1260
LGPOs (local GPOs), 1239-1242
Link GPOs permission, 1251, 1253
link order, editing, 1255-1256
linking to existing GPOs, 1246
Local Group Policy Object Editor, 1239
Local Security Policy console, 1241-1242
logoff scripts, 1265-1266
logon scripts, 1265-1266
loopback processing, 1263-1264
Management Editor tool for, 1239
modeling changes in, 1274-1277
new GPO creation, 1244-1245
Object Editor, 1241-1242
Perform Group Policy Modeling Analysis permission, 1251, 1253
preference order, changing, 1245
processing of policies overview, 1254
Read Group Policy Results Data permission, 1253
Read permissions, 1251-1252
refreshing, 1268-1278
restoring, 1280-1281
selectively applying, 1260
shutdown scripts, 1264-1265
starter GPO creation, 1246-1247
starter GPOs, 1245
startup scripts, 1264-1265
startup sequence, 1261-1262
viewing applicable GPOs, 1271-1274
GPT partition style
background on, 425
basic-dynamic conversions, 430
changing to MBR, 428
drive letter assignment, 435
ESP partition type, 449-450
format support, 427-428
LDM partitions, 451-452
managing on basic disks, 449-452
mirrored boot and system volumes, 459-462
MSR partitions, 450-451
OEM partitions, 452
primary partitions, 451
selecting, 424
structure of, 426-427
types of partitions, 449
x86 vs. Itanium, 427
GPTs (Group Policy Templates)
partition styles. See GPT partition style
role of, 1235
Graphics Device Interface (GDI), 844
Group Policy
accessing the top-level LGPO, 1240-1241
Account Lockout Policy, 1247
Account Policies, editing with default GPOs, 1247-1249
Accounts: Rename Administrator Account policy, 1248
Accounts: Rename Guest Account policy, 1248
Active Directory group policy, 1234-1235
Administrative Templates, 1235, 1237-1238
ADMX files, 1237-1238
applicability of, 1235
Apply Group Policy permission, 1259-1261
applying to all members of a group, 1260
applying to no members of a group, 1260
architecture of, 1236-1237
backing up GPOs, 1278-1280
backups, 1384
capabilities of, 1233
client-side extensions, 1236
Computer Configuration category, 1235
Computer Configuration startup sequence, 1261-1262
Computer Configuration, disabling settings, 1263
conflict resolution with local GPOs, 1240
creation rights management, 1249-1250
Dcgpofix utility, 1282
Default Domain Controllers Policy GPO, 1235, 1247-1249
Default Domain Policy GPO, 1235, 1247-1249
default policy restoration, 1282
delegating Group Policy management privileges, 1252-1253
delegating privileges for links and RSoP, 1253
deleting GPOs, 1247
disabling an enabled policy, 1257
domain creation, policies created with, 1235
editing GPOs, 1245
enabling a disabled policy, 1257
events triggering policy processing, 1236
features of, 1233
filtering policy application, 1259-1261
GPOs, role of, 1235. See also GPOs (Group Policy objects)
implementation overview, 1238-1239
indeterminate as to applying to group membership, 1260
inheritance. See Group Policy inheritance
Group Policy, continued
Kerberos Policy, 1247
legacy OSs not supported, 1234
Link GPOs permission, 1251, 1253
link order, editing, 1255-1256
linking to existing GPOs, 1246
local group policies. See local group policy
Local Group Policy Editor, 1242
Local Group Policy Object Editor, 1239
Local Security Policy console, 1241-1242
logoff scripts, 1265-1266
logon scripts, 1265-1266
loopback processing, 1263-1264
maintenance tasks, 1268-1282
Management Console. See Group Policy Management Console (GPMC)
Management Editor, 1236, 1239
Modeling Wizard, 1274-1277
Network Access: Allow Anonymous SID/NAME Translation policy, 1248
Network Security: Force Logoff When Logon Hours Expire policy, 1248
new GPO creation, 1244-1245
Object Editor, 1241-1242, 1270-1271
OUs (organizational units), applying to, 1065
overriding higher level policies, 1255-1257
Password Policy, 1247
PDC emulators, 1239
Perform Group Policy Modeling Analysis permission, 1251, 1253
planning using modeling feature, 1274-1277
Policies nodes, 1234
processing modification, 1262-1263
processing of policies overview, 1254
processing order, 1255. See also Group Policy inheritance
purpose of, 1233
Read Group Policy Results Data permission, 1251, 1253
refreshing, 1268-1278
restoring GPOs, 1280-1281
restricting device installation with, 232-233
reviewing Group Policy management privileges, 1250-1252
RSoP (Resultant Set of Policy), 1251
scripts for, 1264-1266
security templates, 1266-1268
selectively applying GPOs, 1260
shutdown scripts, 1264-1265
Software Settings class, 1235
starter GPO creation, 1246-1247
Starter GPO Editor, 1239
starter GPOs, 1245
startup scripts, 1264-1265
startup sequence, 1261-1262
Sysvol folder for components, 1237
troubleshooting, 1268-1282
universal group membership caching, 1020-1022
User Configuration category, 1235
User Configuration startup sequence, 1261-1262
User Configuration, disabling settings, 1263
Userevn.dll, 1236
versions of, compatibility issues, 1234
viewing applicable GPOs, 1271-1274
Windows Settings class, 1235
Group Policy inheritance
Apply Group Policy permission, 1259-1261
blocking, 1257-1258
child OU group policy inheritance order, 1254
configuration option effects, 1254
disabling an enabled policy, 1257
domain group policy inheritance order, 1254
enabling a disabled policy, 1257
enforcing inheritance, 1258-1259
filtering policy application, 1259-1261
link order effects, 1255-1256
loopback processing, 1263-1264
order of, 1254
OU group policy inheritance order, 1254
overriding higher level policies, 1255-1257
processing modification, 1262-1263
processing of policies overview, 1254
purpose of inheritance, 1254
site group policy inheritance order, 1254
Group Policy Management Console (GPMC)
assigning user rights for domains and OUs, 1182-1183
availability of, 1238-1239
backing up GPOs, 1278-1280
blocking inheritance, 1257-1258
creation rights management with, 1249-1250
delegating permission to create GPOs, 1249-1250
deleting GPOs, 1247
deleting links to GPOs, 1247
domain access, 1244
editing GPOs, 1245
enforcing inheritance, 1258-1259
folder redirection, 1203-1207
forest access, 1243
Group Policy Slow Link Detection policy configuration, 1269-1270
Group Policy Starter GPO Editor, 1239
installing, 1242
link order, editing, 1255-1256
linking to existing GPOs, 1246
listing of GPOs and OUs by, 1243
Local Group Policy Object Editor, 1239
logoff script configuration, 1265-1266
logon script configuration, 1265-1266
loopback processing, configuring, 1263-1264
Management Editor, 1236, 1239
modeling GPOs with, 1274-1277
new GPO creation, 1244-1245
offline file configuration, 1209
PDC emulators, 1239
point and print restrictions, 870-871
printer connection deployment policies, 869
processing modification, 1262-1263
refresh policy management, 1268-1278
restoring GPOs, 1280-1281
reviewing Group Policy management privileges, 1250-1252
selectively applying GPOs, 1260
shutdown script, assigning, 1264-1265
site access, 1244
starter GPO creation, 1246-1247
starting, 1242-1243
startup scripts, assigning, 1264-1265
user profiles, 1197
viewing applicable GPOs, 1271-1274
Group Policy Management feature, 188. See also Group Policy Management Console (GPMC)
Group Policy objects. See GPOs (Group Policy objects)
Group Policy Slow Link Detection policy, 1269-1270
Group Policy Templates. See GPTs (Group Policy Templates)
groups
accounts membership in, 1177-1178
adding members to, 1222
assigning rights to, for domains and OUs, 1182-1183
assigning rights to, for specific computers, 1184
caching, 1215-1216
creating, 1220-1221
default logon rights assigned to, table of, 1181-1182
default privileges assigned to, table of, 1178-1181
defined, 1215
deleting, 1222
department based, 1217
distribution groups, 1216
domain local. See domain local groups
dsadd group command, 1221
dsget group command, 1221
dsmod group command, 1221
Effective Permissions tool, 1188-1189
file sharing permissions, 564-565
finding, 1223
fundamentals, 1215-1216
global. See global groups
member inclusion and permissions by types, 1218
moving, 1224
nesting limitations, 1218
options for new, selecting, 1220-1221
Password Settings group, 1173-1176
precedence order, 1175
properties, editing, 1223-1224
Remote Desktop Users group, 938
renaming, 1224
replication of, 1216
RODC-specific, 1159
scope conversions and domain functional levels, table of, 1224
scopes of, 1216-1218
security groups, 1216
sending mail to, 1224
type selection criteria, 1217-1218
types of, 1216
universal. See universal groups
viewing permissions for files and folders, 571
Guest account
Accounts: Rename Guest Account policy, 1248
purpose of, 1168
GUIDs (globally unique identifiers)
Active Directory use of, 992
BCD (Boot Configuration Data) stores, 392
H
HAL (hardware abstraction layer), 222
hard disk drives. See also storage
adding new disks, 423-424
allocation unit size, 438
bad sectors, marking, 438, 540
basic disk type, 428-432
Check Disk for analyzing, 538-540
clusters, 498
compression, setting, 438
Computer Management Storage Tools, 116
defragmenting, 541-546
disk I/O subsystem, 497
disk quota management, 415
disk write caching, 424
drive letter assignment, 435
drive letter configuration, 440-442
driver installation, 94-95
dynamic disks, 428-432
formatting, 439-440
fragmented. See defragmenting drives
hot-swapping disks, 423
I/O bottlenecks, 360-362
Initialize Disk Wizard, 423-424
managing. See Disk Management snap-in
managing MBR partitions on basic disks, 434-448
mirrored volumes, 452, 457-462, 464-466
Missing status, 455-456
mount points on. See mount points
NTFS recommended file format, 437
paging file options, 305-308
performance issues, 413-414
performance statistics, 345
Physical Disk counters for, 358
physical structure of, 497-498
platters, 497
print server requirements, 848
RAID. See RAID (redundant array of independent disks)
recovering, 455-456
sectors, 497-498
space requirements by edition, 72-73
spanned volumes, 452-454
storage area network. See SANs (storage area networks)
striped volumes, 452, 454-455, 462-463
tracks, 497-498
troubleshooting, 100
types of, 211-212
hard links, 511-512
hardware
Active Directory guidelines, 1108-1109
compatibility checks, 96
deployment process, standardized, 1312
disabling, 236-237
drivers for. See drivers
drives. See hard disk drives
error message with actions for, table of, 238-240
eSATA, 213
events log, 328
external devices, choosing, 212-214
failover clustering, optimization for, 1349-1351
fault tolerance for. See fault tolerance
FireWire (IEEE 1394), 213-214
HAL, 222
Hardware Compatibility List, 1311
high-availability planning checklists, 1313
high-availability, strategy for, 1311-1313
independence, boot environment role in, 13-14
installing devices, 215-221
internal devices, choosing, 211-212
IRQ settings, 240-243
memory. See memory
Multipath I/O devices, 412-413
new devices, installing, 216-219
non-Plug and Play, adding, 235-236
Plug and Play installation process, 216-219
power state management capabilities, 379-382
print server requirements, 847-848
Problem Reports And Solutions console, 237
RAM. See memory
redundancy, components for improving, 1312
Registry keys for, 251-252, 254-255
remote management of, 221
removal during installations, 97
requirements for installations, 72-73
resource conflicts, 240-243
restricting installation using group policy, 232-233
routers. See routers
server types, standardization by, 1312
spare parts, 1312
standardization for high availability, 1311-1312
standards selection, 53
standby systems, 1312
troubleshooting, 237-243
uninstalling, 236-237
updating drivers, 219
USB 2.0, 213-214
viewing devices with Device Manager, 219-220
Windows Server Catalog, 1311
Hardware Compatibility List (HCL), 1311
HCL (Hardware Compatibility List), 1311
headers
IPv4 packets, 647
IPv6 packets, 652
heartbeats
Cluster service, 1353
NLB, 1331-1332
help desks, 1319
hibernate state, 380
hidden shares, 553
high availability. See availability
highly available server deployment, 1321-1322
HKEY_CLASSES_ROOT (HKCR), 252, 258-259
HKEY_CURRENT_CONFIG (HKCC), 252, 259
HKEY_CURRENT_USER (HKCU), 252, 259
HKEY_LOCAL_MACHINE (HKLM), 252-258
HKEY_USERS (HKU), 252, 258
Home Folder, user accounts, 1194
host IDs
classes, by, 638-639
defined, 633
network prefix notation, 640-641
host names
aliases for, 797-798
defined, 653
LLMNR for resolving, 656
WINS for resolving, 654-655
host records, 653
hot-swapping disks, 423
humidity, 1314
Hyper V, 9-10
Hypervisor Settings entries, 397
I
IAID (identity association ID), 686
ICM (Integrated Color Management), 906
identification status of networks, 16
IIS (Internet Information Services)
TS Web Access requirements, 932
TS Web Access, automatically installed with, 920
IKE (Internet Key Exchange) IPv6 Security feature, 632
image names, 308
incident response teams
day-to-day operations plan for, 1320
disasters, planning for, 1371
Increase A Process Working Set privilege, 1179
Increase Scheduling Priority privilege, 1180
incremental adoption of Windows Server 2008, 3-4
incremental backups, 1385-1386
InetOrgPerson accounts
defined, 1167
InetOrgPerson objects, 1014, 1063
infrastructure masters
configuration, 1044-1046
defined, 57
inheritance
Group Policy. See Group Policy inheritance
permissions for file sharing, 569-570
permissions, effect on, 1188
Initial Configuration Tasks console
purpose of, 87, 113
table of tasks available, 113-114
ink-jet printers, 849
in-place file sharing, 547
installing Active Directory
AD DS binaries, 1112
Add Role feature for, 1112
Advanced Installation mode, choosing, 1114
answer file creation, 1120
backup requirements, 1110-1111
Basic Installation mode, 1114
client preparations, 1111
Configure TCP/IP warning, 1115
CPUs, requirements for, 1108
creating domain controllers for existing domains, 1114-1122
creating new domains in new forests, 1122-1125
creating new domains or trees in existing forests, 1125-1126
data protection requirements, 1109
Dcpromo command, 1112, 1114, 1129
disabling secure communications requirement, 1111
DNS configuration for, 1122
DNS server requirements, 1109-1110
DNS server selection, 1117-1118
domain selection step, 1115-1116
file volumes, 1109
forest functional levels, 1123-1124
global catalogs, last, warning for, 1130
hardware guidelines, 1108-1109
installation media creation, 1127
installation step, 1120
Installation Wizard, starting, 1114
IP addresses, 1109, 1113, 1117-1118
local account issues, 1113-1114
locations for files, selecting, 1119
media, installing from, 1118, 1126-1129
memory requirements, 1108
NetBIOS name generation, 1123
Network Credentials information, 1115
OU creation, 1133-1134. See also OUs (organizational units)
overview of process, 1107
password for Restore mode, 1120
privileges required for, 1112-1113
replication partner selection, 1118
RODC installations, 1148-1158
SAN configuration issues, 1110-1111
servermanagercmd install command, 1112
site selection step, 1117
starting Installation Wizard, 1114
storage requirements, 1108
System State files, 1110-1111, 1129
Sysvol, 1109
uninstalling, 1129-1133
verification of installs, 1121-1122
installing application software. See software installation
installing DHCP Server service
product keys and activations, 71-72
steps for, 697-700
installing TCP/IP networking
local area connections, 659-660
network adapter installation, 658-659
permissions for, 657
preparing for, 657-658
requirements for, 657
services installation, 659-660
installing Windows Server 2008
activation, 88-90
administration tools, installing, 109-110
answer files, 70
automated setup overview, 69
boot from media method, 77
installing Windows Server 2008, continued
clean installation steps, 84-88
clean installs, 74
commands during install process, table of, 90-93
core-server installation type, 80
CPU issues, 98-99
debugging, 96-97
desktop class system issues, 377
disk device drivers, 94-95
disk drive issues, 100
domain membership options, 83
DVD-ROM problems, 97
firmware issues, 100
full-server installation type, 81
general installation parameters, 70-71
hardware requirements, 72-73, 96
Initial Configuration Tasks console, 87, 113-114
installation step, 87
interactive setup overview, 69
introduction to, 69
Itanium-based systems issues, 78-79
language selection, 86
licensing issues, 71-72
memory issues, 98-99
naming computers, 81-82
network component options, 83-84
partition issues, 76-80, 95
passwords, 88
Plug and Play configuration issues, 97
points of failure, potential, 96
postinstallation checks, 100-101
preinstallation tasks, 76-77
preparing for, overview, 72
product keys, 85-86
protocol options, 82-83
quick start guide, 69-71
RAID, 80
rolling back installations, 84
Setup, running. See Setup.exe
simplest method, 77
Startup Repair Tool, 1408-1409
Stop errors, 98-99
troubleshooting, 96-100
types of installs, 69
types, full and core, 80-81
unattended installing, 69-70
updates during, 85
upgrades, 73-74
where to install to, choosing, 86-87
Windows Update, 74-75
x86 drive sections, 77-78
integrity levels, 297
Intel Quick Resume Technology Driver (QRTD), 381
Intel VT, 10
Internet connections, troubleshooting, 675
Internet Printing Client, 188
Internet Printing service, installing, 853
interrupts, bottlenecks from, 359
intrusion detection, 1319-1320
IP (Internet Protocol). See also TCP/IP (Transmission Control Protocol/Internet Protocol)
addressing. See IP addresses; IPv4 addressing
defined, 627
IPCONFIG command, invoking, 673
Next Generation TCP/IP stack, 631-632
security protocol. See IPSec (IP Security)
IP addresses
domain controller configuration, 1109, 1113
IPv4. See IPv4 addressing
IPv6. See IPv6 (Internet Protocol version 6)
NLB (Network Load Balancing), 1331, 1333
IP replication transport, 1288
IPC$ share, 554
IPCONFIG command
DHCP troubleshooting with, 680
DNS information and troubleshooting with, 680-683
flushdns command, 811
invoking, 673
registerdns command, 809
renew command, 810-811
troubleshooting with, 677
IPSec (IP Security)
IPv6 implementation of, 652
troubleshooting, 679
IPv4 (Internet Protocol version 4)
addresses. See IPv4 addressing
classes, 633-635
installing, 659-660
IPv6 compared to, 631
Next Generation TCP/IP stack, 631-632
packet structure, 647
IPv4 addressing
addresses defined, 633
autoconfiguration by DHCP, 687
broadcast IP addresses, 636-637
casting modes, 633
classes, 633-635
classful host IDs, table of, 638-639
classful network IDs, table of, 638
classful vs. nonclassful networks, 636-637
conflict detection with DHCP, 734
dynamic, 660
host IDs, 633
installation requirements, 657-658
loopback addresses, 635
multicast IP addresses, 636
multiple addresses per computer, 665-666
name resolution. See name resolution services
NAT (Network Address Translation), 635-636
network IDs, 633, 638
packet structure, 647
pinging IP addresses, 661-662
planning for, 647-649
private addresses. See private IP addresses
public addresses. See public IP addresses
router addresses, 639
special addressing rules, 638
static IP address assignment, 660-663
subnetting. See subnets
syntax of, 633
troubleshooting, 676-677
unicast addresses, 633-636
IPv6 (Internet Protocol Version 6)
advantages of, 649-650
autoconfiguration by DHCP, 687-688
DHCPv6 capable client, 632
DNS configuration, 667-669
DNS server issues, 681
dynamic address configuration, 664-665
headers, 652
hexadecimal notation for, 650-651
installing, 659-660
IP Security feature, 632
IPSec (IP Security) implementation, 652
IPv4 compared to, 631
jumbograms, 652
Link-Local Multicast Name Resolution, 632
loopback addresses, 651
MLDv2, 632
multicast IP addresses, 651
name resolution with LLMNR, 655-656
network IDs, 651
Next Generation TCP/IP stack, 631-632
normal IPv6 scopes, 708-710
packet structure, 652
payloads, 652
PPPv6, 632
Random Interface IDs, 632
static IP address assignment, 661-663
Symmetric Network Address Translators, 632
types of addresses, 651
IRQ settings, 240-243
ISA Server, 1333
iSCSI
clustering requirements with, 1350-1351
defined, 406
Multipath I/O, adding support for, 412-413
ISNS (Internet Storage Name Server), 188
ISTG (Inter-Site Topology Generator)
bridgehead servers with, 1089-1091
listing for a site, 1303
monitoring, 1297-1298
site links, effect of additional, 1287
Itanium-based servers
64-bit computing overview, 7-8
boot maintenance manager, 78
COM parameters not supported for EMS, 71
hardware requirements for installations, 73
installation issues, 78-79
Setup.exe, booting, 70
J
jobs, print
canceling all jobs, 907
managing, 908
viewing, 907-908
jumbograms, 652
K
KCC (knowledge consistency checker)
CPU requirements for, 1108
forcing topology recalculation, 1303
ISTG designation, 1091-1092
replication topology generation, 1085
site maximum from, 1077
testing replication, 1305-1306
KDCs (Key Distribution Centers)
operation of, 1024-1026
RODCs as, 1144-1145
Kerberos
account options for, 1192
advantages of, 1023
authentication process, 1024-1025
components of, 1024
cross-forest transitive trusts, 1030-1032
delegating authentication, 1040-1043
forwarded tickets, 1040
KDCs (Key Distribution Centers), 1024-1026
Kerberos Policy, 1169, 1247
mutual domain controller authentication by, 1083
policy settings, 1173
proxy tickets, 1040
resource access process, 1025-1026
kernels
kernel architecture, 11-13
kernel memory, 312
kernel memory dump files, 1380
L
language selection
domains, standardization within, 1059
selection step, 86
LANs (local area networks)
NTLM. See NTLM (NT LAN Manager)
setting up. See networking
sites, relation to, 1071
laser printers, 849, 852
LDAP (Lightweight Directory Access Protocol)
Active Directory architecture, 991, 998-999
step in replication procedure, 1082
LDM partitions, 451-452
leases, DHCP
audits, 728
broadcast process, 689-693
databases of, 685
date stamps, 673
defined, 660
duration specification, 705-706
renewal process, 679-680
legacy applications, 294, 296
LGPOs (local GPOs), 1239-1242
licensing
CAL Installation Wizard, Terminal Services, 954-957
client access licenses. See CALs (client access licenses)
Enterprise Agreement License program, 65-66
installation issues, 71-72
License Server, Terminal Services, 951-957
Microsoft Clearinghouse, automatic method with, 955
Open License program, 64-65
overview, 63-64
product keys and activations, table of, 71-72
retail licenses, 64
Select License program, 65
Server Licenses, 63
Software Assurance, 66
Terminal Services, 925-927, 937
volume licensing programs, 64-66
Lightweight Directory Access Protocol. See LDAP (Lightweight Directory Access Protocol)
limited broadcasts, 637
link bridge costs, 1101-1104, 1289
link costs for replication, 1100-1101
Link GPOs permission, 1251, 1253
link order of GPOs, editing, 1255-1256
Link-Layer Topology Responder components, 83
Links toolbar, 150
List Folder Contents permission, 572
List Folder special permission, 573
LLMNR (Link-Local Multicast Name Resolution), 632, 655-656, 757
LMHOSTS, 669-671
Load And Unload Device Drivers privilege, 1180
load balancing
NLB. See NLB (Network Load Balancing)
round-robin using DNS, 797
Terminal Services with, 933-935. See also TS Session Broker servers
local area connections
adding TCP/IP services, 659-660
configuration, viewing current, 672-673
creating, 660
disabling, 673-674
enabling, 673-674
IPCONFIG command with, 673
purpose of, 671
renaming connections, 674
speed, checking, 672
status of, checking, 671-672
troubleshooting, 674-675
local group policy
advantages of multiple, 1240
conflict resolution, 1240
inheritance order, 1254
LGPO assignment, 1239
Local Group Object Editor, 1241-1242
Local Group Policy Editor, 1242
managing settings, 1241-1242
processing order, 1240
top-level object access, 1240-1241
Local Security Authority. See LSA (Local Security Authority)
Local Security Policy console
auditing file and folder access, 581-582
local group policy settings, 1241-1242
Registry policy settings, 282-283
user rights, assigning for specific computers, 1184
local user accounts
defined, 1167
lockout policy, 1172
password policy enforcement, 1170-1171
policies for, 1169
local user profiles
configuring, 1199-1200
data storage, 1196
defined, 1196
location for storage of, 1196
switching to roaming, 1202
localization issues
planning for, 39
Regional and Language Options utility, 125
Lock Pages In Memory privilege, 1180
lockout policy
Account Lockout Policy, 1247
enabling accounts disabled by, 1195
number of allowed attempts, specifying, 1176
logoff scripts, Group Policy, 1265-1266
logon rights
accounts, relationship to, 1178
default, groups assigned to, table of, 1181-1182
logons
Active Directory related features, list of, 989-990
cached credentials for, 1195
Group Policy logon scripts, 1265-1266
Log On To option, 1190
Logon Hours option, 1190
Logon Script option, 1194
Network Security: Force Logoff When Logon Hours Expire policy, 1248
security token generation, 1020-1022
sites, isolating by, 1072
Terminal Services settings for, 959
Unlock Account check box, 1191
UPNs (user principal names), 1021
logs of events. See events
loopback addresses
IPv4, 635
IPv6 (Internet Protocol version 6), 651
LPD (Line Printer Daemon) Service, installing, 853
LPR (Line Printer Remote) Port Monitor
installing, 860
port monitor settings, 863-865
purpose of, 188
UNIX print servers with, 860
LSA (Local Security Authority)
defined, 988-989
Server, Active Directory use of, 990
LUNs (logical unit numbers), 411
M
MAC addresses
checking, 673
DHCP use of, 686
NLB (Network Load Balancing) use of, 1334
mail servers, DNS records for, 798-799
Manage Auditing And Security Log privilege, 1180
Manage Documents permission, 880
Manage Printers permission, 880
managing Windows Server 2008 systems
console for computer management. See Computer Management console
console for server management. See Server Manager console
Control Panel utilities. See Control Panel
MMCs for. See MMCs (Microsoft Management Consoles)
tools for. See administration tools
tools, legacy compatibility issues, 52
mandatory user profiles
configuring, 1201-1202
defined, 1196
preconfigured, creating, 1198-1199
man-in-the-middle attacks, 1111
Map Network Drive command, 551
MAPI (Messaging Application Programming Interface), 992
mapping network infrastructure, 1096-1098
Maximum Password Age setting, 1171
MBR partition style
background on, 425
changing to GPT, 428
creating partitions, 435-439
drive letter assignment, 435
format support, 427-428
formatting, 437-439
managing partitions on basic disks, 434-448
mirrored boot and system volumes, 459
selecting, 424
structure of, 425-426
x86 vs. Itanium, 427
media rotation, 1386-1387
memory
Active Directory requirements, 1108
bottlenecks, 356-358
counters, 357-358
diagnostics, 25
faults, paging file, 357
improved diagnostics for, 19
insufficient during installation, 98
nonpaged pools, 356
paged pools, 356
print server requirements, 847
process usage of, 315
Reliability And Performance Monitor statistics on, 345
requirements by edition, table of, 72-73
specifying boot amount to use, 386
Terminal Services requirements, 930
usage, viewing in Task Manager, 312-313
Windows Memory Diagnostics Tools, 1377
menu system
adding items, 134-135
changes from 2003, 130-131
copying items, 135-136
folder options, Start menu, 131-132
frequently used programs list, 137-140
hiding items, 136-137
highlighted items, 136-137
optional folders, 132
overview of, 129-130
pinned items, 133
removing items, 141
renaming items, 141
Search box, 132-133
sorting items, 140
standard Start menu new features, 133-134
Message Queuing, 189
Messaging Application Programming Interface. See MAPI (Messaging Application Programming Interface)
MFTs (master file tables), 503-506
Microsoft Cluster service, 1345
Microsoft DSM, 411
Microsoft Internet Security and Acceleration Server, 1333
Microsoft Management Consoles. See MMCs (Microsoft Management Consoles)
Microsoft Operations Framework (MOF), 28
Microsoft Product Support, 1375-1376
Microsoft Solutions Framework Process Model, 28-29
Microsoft Solutions Framework Team Model, 31-32
Microsoft Universal Printer Driver, 846
Microsoft Vista. See Windows Vista
Microsoft\Windows logs, 328
migration to Windows Server 2008, 88. See also upgrading to Windows Server 2008
Minimum Password Age setting, 1171
Minimum Password Length setting, 1171
mirror sites, 1329-1330
mirrored volumes
breaking, 463-464
configuring, 457-458
defined, 452
GPT boot and system volumes, 459-462
MBR boot and system volumes, 459
troubleshooting, 464-466
mission-critical systems. See availability
MLDv2 (Multicast Listener Discovery version 2), 632
MMCs (Microsoft Management Consoles)
3.0 version changes, 154
32-bit vs. 64-bit snap-ins, 160
Active Directory Users And Computers. See Active Directory Users and Computers snap-in
Active Directory-related snap-ins, 163
adding snap-ins to custom consoles, 165-169
administrative tool set, installing full, 160-161
advantages of, 153
Appearance And Personalization console, 120-122
author mode, 156-157
capabilities of, 153
changes from 2003, 154
Computer Management. See Computer Management console
console tools with file names, table of, 161-162
console trees, 158
creating custom consoles, 164-165
customization overview, 163
details pane, 158
directories for tools, 159
Disk Management. See Disk Management snap-in
extension components, 155-156
GPMC. See Group Policy Management Console (GPMC)
icons for custom consoles, 171-172
limitations of, 154
Local Security Policy. See Local Security Policy console
main pane, 158
mode settings for custom consoles, 170
modes of, 156-158
nodes in, 155, 158
opening console specification, 159
Print Management. See Print Management console
publishing, 184
Reliability. See Reliability And Performance Monitor console
remote systems with, 162-163
saving custom console tools, 172-173
saving custom consoles, 169-172
snaps-ins, generally, 154-156
starting, 158-159
taskpads, custom, 173-183
tool availability, 160-161
user mode, 156-157, 170
Modified Fast Recovery Algorithm, 631
Modify An Object Label privilege, 1180
Modify Firmware Environment Values privilege, 1180
Modify permission, 572
modular component design architecture, 14
monitoring operations, 1316-1317
monitoring performance. See performance monitoring
monitors
display settings for, 122
spanning for remote sessions, 613
motherboard power state management capabilities, 379
mount points
adding and removing, 442-443
purpose of, 442
reparse points, 517-518
shadow copy issues with, 594
mouse pointer selection, 121
MPIO (Multipath I/O), 189
msconfig.exe command boot configuration, 385-388
MSF (Microsoft Solutions Framework), 28-29
MSR partitions, 450-451
multicast IP addresses
address class for, 636
host groups, 636
IPv6, 651
scopes for, 702
sending nodes, 636
Multipath I/O
Active/Active controller model, 411
adding hardware devices, 412-413
DSM with, 411
File Services with, 416
MPIO Properties dialog box, opening, 411
purpose of, 408
removing devices, 413
multiple operating systems
disk formats for, 437
settings for, 384-385
multiprocessor system CPU affinity issues, 359
multisite options for clusters, 1329-1330
N
name resolution services
DNS. See DNS (Domain Name System)
list of supported systems, 652
LLMNR, 655-656
LMHOSTS, 669-671
NetBIOS. See NetBIOS
processes for, 654
purpose of, 652
sites, requirements for, 1073
troubleshooting, 680-683
WINS. See WINS (Windows Internet Naming Service)
named data streams, 512-513
named pipes, IPC$ share, 554
namespaces
Active Directory design overview, 54-55
DNS, 744-746
forest, 1054-1055
private, 746
naming computers, 81-82
NAP (Network Access Policy) Network Policy Server tool, 108
NAP (Network Access Protection)
class clients, setting options with DHCP, 722-723
DHCP integration with, 731-733
NAS (network-attached storage)
command-line tools for managing, list of, 409
defined, 406
NAT (Network Address Translation), 635-636
Neighbor-Unreachability Detection, 631
NET LOGON, 989
net share command, 556
Net Share command-line tool, 579-581
Net tools, commands available, 111-112
NetBIOS
Active Directory domains, name generation for, 1123
name resolution services for, 669-670
node types, 824
scope, 824
WINS support for, 654-655, 823-824
NETLOGON share, 555
netsh command
activation of scopes, 716-717
DHCP database management, 736
DHCP with, 700
scope management with, 710-711
troubleshooting with, 677-679
WINS commands with, 827
Network Access: Allow Anonymous SID/NAME Translation policy, 1170, 1248
network adapters
binding DHCP to, 729
configuration, viewing current, 672-673
driver settings, 227
failover clustering interface states, 1355
failover clustering requirements, 1350
installation, 658-659
IP addresses of, configuring, 662-663
IPCONFIG command with, 673
MAC addresses of, 673, 686
monitoring statistics with Task Manager, 323-324
Network Load Balancing choices, 1332-1334
reservations, DHCP, 686
Network Address Translation (NAT), 635-636
Network And Sharing Center
Access field, 629-630
accessing, 549, 629
Connection field, 629-630
diagnostics from, 630
discovery, turning on, 676
dynamic address configuration, 664-665
identification status of networks, 16
multiple gateway configuration, 665-666
sharing and discovery area, 630
static IP address configuration, 662-663
summary network map area, 629
TCP/IP services, installing, 659-660
network awareness
defined, 628
Network Diagnostics Framework, 15-18
network browsing, troubleshooting, 676
network connections
binding DHCP to, 729
local. See local area connections
Network Connections tool
configuration, viewing current, 672-673
DNS configuration, 667-669
dynamic address configuration, 664-665
enabling connections, 673-674
multiple gateway configuration, 665-666
renaming connections, 674
static IP address configuration, 662-663
Status dialog box, 671-672
TCP/IP services, installing, 659-660
Network Diagnostics Framework
CAPI2, 18
identification status of networks, 16
management policies, 18
network awareness, 15-17
Next Generation stack enhancement, as, 631
OCSP, 18
SMB 2, 17
SRA (Secure Remote Access), 18
SSO, 18
SSTP (Secure Socket Tunneling Protocol), 18
Network Discovery
automatic configuration of, 628-629
categories of networks defined in, 628
controlling in Network And Sharing Center, 630
Off (Disabled) state, 629
On (Enabled) state, 628
purpose of, 628
troubleshooting with, 676
Network Explorer
accessing, 629
enabling discovery, 629
finding shared folders, 552
viewing shared files, 551
network IDs
classful network, list of, 638
defined, 633
IPv6, 651
network prefix notation, 640-641
Network Load Balancing (NLB). See NLB (Network Load Balancing)
network management tools for deployment planning, 44
Network Policy Servers
DHCP servers set up as, 731-733
planning for, 60
network prefix notation, 640-641
Network Security
Force Logoff When Logon Hours Expire policy, 1170, 1248
network troubleshooting
DHCP issues, 679-680
discovery issues, 676
DNS issues, 680-683
Internet connections, 675
IPSec issues, 679
IPv4 addressing, 676-677
local area connection issues, 674-675
netsh command, 677-679
network browsing, 676
packet filtering issues, 679
Pathping command, 678
PING command for, 675-676
subnets, 677
Tracert for, 678
Windows Firewall issues, 679
network-attached printers
adding to print servers, 860-863
defined, 850
Network Printer Installation Wizard, 855, 857-863
network-attached storage. See NAS (network-attached storage)
networking
addresses. See IP addresses
automatic address assignment. See DHCP (Dynamic Host Configuration Protocol)
bottlenecks, 362-363
cabling, 1314
classes of networks, 633-635
classful vs. nonclassful networks, 636-637
configuring TCP/IP. See configuring TCP/IP networking
connections. See local area connections; Network Connections tool
diagnostics. See Network Diagnostics Framework
discovery feature. See Network Discovery
Explorer. See Network Explorer
fault tolerance, 1312
IDs. See network IDs
installing. See installing TCP/IP networking
installing, component options, 83-84
latency issues, 362
mapping network infrastructure, 1096-1098
monitoring availability, 1317
monitoring statistics with Task Manager, 323-324
name resolution. See name resolution services
navigation of, overview, 627-630
NLB. See NLB (Network Load Balancing)
packets, data. See packets
performance monitoring, 362-363
policy servers. See Network Policy Servers
prefix notation, 640-641
printers. See network-attached printers; print servers
Reliability And Performance Monitor statistics on, 345
statistics, table of, 324
storage. See NAS (network-attached storage); SANs (storage area networks)
subnetting. See subnets
TCP/IP. See TCP/IP (Transmission Control Protocol/Internet Protocol)
Terminal Services bandwidth requirements, 920, 931
tools for, list of, 627
troubleshooting. See network troubleshooting
New ObjectUser Wizard, 1184-1185
New Task Wizard, 179-183
New Trust Wizard, 1035-1038
Next Generation TCP/IP stack, 631-632
NFS (Network File System)
purpose of, 416
tool for, 108
NICs (network interface cards). See network adapters
NLB (Network Load Balancing)
active node mode, 1327-1328
adding nodes to a cluster, 1342-1343
basic models for, 1332
broadcast plus filtering traffic direction, 1332
cluster adapters, 1333
cluster management options, 1344
cluster parameter settings, 1341
cluster size requirements, 1336
creating new clusters, 1337-1342
data storage for, 1331
dedicated adapters, 1333
Drainstop option, 1344
event logging, 1344
failover in, 1331
filtering modes, 1335, 1342
heartbeats, 1331-1332
host management options, 1344-1345
host parameter settings, 1339
installing, 1337
IP addresses for, 1331, 1333, 1339-1340
ISA Server with, 1333
MAC addresses, 1334
maximum number of computers in clusters, 1331
multicast mode, 1332
NDIS lightweight filter model, 1332
network adapters, single vs. multiple, 1332-1334
network driver nature of, 1332
Network Load Balancing Manager, 1337
network types supported, 1332
nlbmgr command, 1337
operations mode, setting, 1341
optimization of servers, 1336
planning, 1336-1337
port rules, 1335, 1342
protocols controlled by, 1333
purpose of, 189, 1323, 1331
RAID with, 1336
recommended applications for, 1331
removing nodes from a cluster, 1343
Resume option, 1344
round-robin DNS compared to, 1331
router issues, 1334
services that work with, 1336
session state maintenance, 1335
Shared Configuration feature with, 1337
sites, multiple physical, 1329-1330
specific traffic to specific servers allowed, 1332
Start option, 1344-1345
stopping, 1344
stress testing of, 1336
Suspend option, 1344
switch flooding, limiting, 1341
synchronization of data, 1336
unicast mode, 1332
VPN with, 1336
workload distribution paradigms, 1335
nodes, cluster
active vs. passive, 1327-1328
active, for failover clusters, 1345
adding to a cluster, 1342-1343, 1360
defined, 1323
maximum number supported, 1326
multiple physical sites for, 1329-1330
removing from a cluster, 1343
nonauthoritative restores of Active Directory, 1411-1412
nonclassful networks
defined, 636-637
network number identification, 638
nonpaged pools, 356
normal backups, 1385-1386
NPAS (Network Policy And Access Services), 187
nslookup command, 812
NTDS, Settings dialog box, 1013
Ntdsa.dll. See directory service (Ntdsa.dll)
ntdsutil
activate instance ntds command, 1127-1128
failed domain controllers, removing references to, 1415-1416
restoring Active Directory, 1413-1414
NTFS
advanced features, list of, 511
boot sectors, 503
change journals, 514-515
Check Disk, analyzing volumes with, 539-540
clusters, 498-499, 508
converting FAT disks to, 432-433
data streams, 512-513
feature set of, 507-508
file-based compression, 521-523
formatting drives as, 437-439
FSutil FSinfo command, 508-510
hard links, 511-512
integrity of files, 535
metadata, 503-504, 510
MFTs (master file tables), 503-506
nonresident attributes, 504
object identifiers, 516-517
quota management. See quota management
recommended file format, 437
reparse points, 517-518
resident attributes, 503
Self-Healing NTFS, 520-521
sparse files, 518-519
structure of volumes, 503-506
transactional NTFS, 520
VCNs (virtual cluster numbers), 505
versions of, 507-508
viewing drive information, 508-510
NTLM (NT LAN Manager)
authentication with, 1023-1024
Security Accounts Manager, 990
NX (non-execute) page protection, 402
O
object identifiers, 516-517
objectives, defining
budget issues, 47-48
contingency allowances, 48-49
organizational objectives, 45-46
overview of, 45
schedules for projects, setting, 46-47
specificity of goals, 46
tips for growing projects, 45
OCSP (Online Certificate Status Protocol), 18
OEM partitions, 452
offline files
configuring, 1207-1209
file synchronization for, 1209-1210
On Screen Keyboard, 1377
operations management
auditing procedures, 1319-1320
backup plans, 1318
change control procedures, 1317-1318
checklist, 1320-1321
critical procedures list, 1316
data recovery plans, 1318-1319
incident response teams, 1320
monitoring plan, 1316-1317
problem-escalation procedures, 1319
resources, training and documentation, 1317
staffing requirements, 1317
operations masters
changing roles, 1046
defined, 57
domain design considerations, 1044
domain naming master role, 1044-1046, 1048
guidelines for configuring, 1046
infrastructure master role, 1044-1046, 1050-1051
listing current, 1045
PDC emulator role, 1044-1046, 1050
purpose of, 1044
RID (relative ID) role, 1044-1046, 1048-1050
RODCs not allowed as, 1145
roles, 1044
schema master role, 1044-1047
seizing and transferring roles, 1051-1052
transferring roles, 1047
organizational objectives, specifying, 45-46
OUs (organizational units)
accounts, placing in, 1136
administration model for, 1069
administrative rights delegation to, 1064
advantages over multiple domains, 1060
assigning user rights for, 1182-1183
attributes, editing, 1135
canonical name option, 1135
child OU group policy inheritance order, 1254
COM+ partitions, 1135
cost center model for, 1068
creating, 1133-1134
defined, 1063
delegation of administrative rights, 1064-1065, 1136-1139
deleting, 1134
descriptive information option, 1135
design overview, 1065
division or business unit model, 1066
enforcing inheritance, 1258-1259
geographic model for, 1067
group policy inheritance order, 1254
group policy with, 1065
InetOrgPerson objects, 1063
Managed By option, 1135
managing groups of objects with, 1064
naming, 1134
permissions required to create, 1133
properties, setting, 1135
recursive capabilities of, 1064
resources, placing in, 1136
task delegation, 1138-1139
Terminal Services, for, 613, 931-932
types of objects in, 1063
utility of, 1064
ownership of files and folders, 567-568, 575
P
packets
IPv4, structure of, 647
IPv6, structure of, 652
packet filtering, troubleshooting, 679
packs
organization of servers in, 1325-1326
SQL Server use of, 1326
PAE (Physical Address Extension) options, 402
page file partitions, 429
paged pools, 356
paging files
counters for, 357-358
failover clustering requirements, 1349
faults, 357
page faults per process, 315
partitions, 77
tuning performance of, 305-308
paper trays, printer, 850
parent domains, 653
parent folders, 569
partitions, directory
purpose of, 1005-1006
replication of, 1093-1095
RODC replication of, 1146-1147
partitions, drive
active, 429
allocation unit size, 438
basic disk, 428-432
BitLocker, 482-485
boot partitions, 429
changing during installations, 95
crash dump partitions, 429
creating, 435-439
creating additional, 79
deleting, 448
DiskPart tool, 409
ESP partition type, 449-450
extended, 430, 436
extending, 443-446
formatting, 437-440
GPT types, 449
Itanium-based, 78
LDM partitions, 451-452
MSR partitions, 450-451
OEM partitions, 452
page file, 429
planning issues, 79-80
postinstallation checks, 101
primary partitions, 451
RAID, 80
shrinking, 446-447
size, setting, 435-436
styles, 424-428
system partitions, 429
types of, 76-78
where to install to, choosing, 86-87
passwords
account options, setting, 1185
Active Directory Restore mode, 1120
backing up, 1214-1215
complexity status setting, 1175
Enforce Password History setting, 1170-1171
history length setting, 1175
Kerberos policy settings, 1173
lockout policy, 1172, 1176
Maximum Password Age setting, 1171, 1176
Minimum Password Age setting, 1171, 1176
Minimum Password Length setting, 1171, 1175
options for, setting, 1191-1192
Password Must Meet Complexity Requirements setting, 1171
Password Policy, 1247
Password Settings containers, 1169
Password Settings group, 1173-1176
policy enforcement, 1170-1171
PSOs (Password Settings objects), 1169, 1173-1177
reset disks, 1214-1215
resetting by administrators, 1212-1213
RODC replication policies, 1148, 1158-1165
security policy effects on, 998
setting for new accounts, 1185-1187
settings object creation, 1173-1176
Store Passwords Using Reversible Encryption setting, 1171, 1175
strong, 88
trusts, creating for, 1037-1038
Pathping command, 678
payloads, IPv6, 652
PCL (Printer Control Language), 842, 846. See also EMF (enhanced metafile format)
PDC emulators
purpose of, 57
RODCs with, 1145, 1148
role, operations master, 1044-1046
Perform Group Policy Modeling Analysis permission, 1251, 1253
Perform Volume Maintenance Tasks privilege, 1180
performance
baselines, establishing, 303, 344
bottleneck overview, 356
counters for. See counters
CPU bottlenecks, 359-360
data collector sets for monitoring. See data collector sets
disk I/O bottlenecks, 360-362
memory bottlenecks, 356-358
monitoring. See Performance Monitor; performance monitoring
network bottlenecks, 362-363
Performance Diagnostics, 24
reliability monitor. See Reliability Monitor
tuning. See tuning performance
visual effects hits on, 303-304
Performance Monitor
Active Directory, monitoring, 1303-1304
Add button, 352
adding counters, 349-350
alert configuration, 369-370
alerts, 346
Change Graph Type button, 352
Copy Properties button, 352
counter list, 352
counters defined, 346-347. See also counters
CPU counters, 360
data collectors. See data collector sets
Delete button, 352
deleting counters, 350
Directory Services performance object, 1303-1304
Freeze Display button, 352
graphing counter statistics, 351
help, 353
Highlight button, 352
Histogram Bar view, 353
log files of, 346
memory counters, 357-358
network counters, 362-363
Paste Counter List button, 352
performance object instances, 347
performance objects, 347
performance objects, table of common, 348-349
print server performance, 909-912
Properties button, 352
purpose of, 343, 346
Reliability And Performance Monitor, location in, 346
remote monitoring, 354-355
replication statistics, 1303-1304
Report view, 353
resources consumed by issue, 354
toolbar, 351-352
Update Data button, 353
View Current Activity button, 352
View Log Data button, 352
performance monitoring
applications status, 314
baselines, establishing, 344
command-line commands for, 370-373
configuration data sets, 368
counters for. See counters
CPU counters, 360
CPU statistics, 311-313
data collectors. See data collector sets
defined, 303
get-process command, 315-320
get-service command, 321-322
kernel memory, 312
memory counters, 357-358
memory usage in Task Manager, 312-313
network counters, 362-363
networking statistics, 323-324
Performance tab, Task Manager, 311-313
print servers, 909-912
processes, 309-310, 314-320
remote monitoring, 354-355
replication monitoring, 1303-1304
Task Manager overview, 308-309. See also Task Manager
Tracerpt, 372-373
Typeperf command, 370-372
Performance Options dialog box, 305
permissions
access permissions for files and folders, 571-578
accounts, relationship to, 1178
Apply Group Policy permission, 1259-1261
Apply Onto options, 577-578
atomic permissions, 575
Change Permissions special permission, 575
Change permissions, file sharing, 564
Create Files/Write Data special permission, 574
Create Folders/Append Data special permission, 574
delegation to manage Active Directory objects, 1136-1139
Delete special permission, 574
Delete Subfolders And Files special permission, 574
Effective Permissions tool, 1188-1189
effective permissions, determining, 578-579
Execute File special permission, 573
Full Control permissions, file sharing, 564, 572
Group Policy management permissions, 1250-1253
Group Policy, effects on, 1259. See also Group Policy
groups, table of types, 1218
inheritance of, for file sharing, 569-570
List Folder Contents permission, 572
List Folder special permission, 573
Modify permission, 572
Permissions icons, 289
printers, for. See printer permissions
Read & Execute permission, 572
Read Attributes special permission, 573
Read Data special permission, 573
Read Extended Attributes special permission, 574
Read permissions, 572
Read Permissions special permission, 575
Read permissions, file sharing, 564
Remote Desktop for Administration, for, 610-612
removing users or groups for permissions, 577
resetting for files and folders, 570-571
setting special permissions for files and folders, 576-577
share permissions, 563-566
special permissions, 573-578
Take Ownership special permission, 575
Terminal Services, 961-964
Traverse Folder special permission, 573
viewing for files and folders, 571
Write Attributes special permission, 574
Write permission, 572
Physical Address Extension (PAE) options, 402
physical security, 1370
PING command
checking for IP addresses, 661-662
testing networks with, 675-676
planning deployments
Active Directory issues, 54-58. See also Active Directory system design
administrative approach issues, 51-54
analysis of existing system, 29, 37-44
budget issues, 47-48
building phase of MSF, 28
business perspectives, 34-35
change management process, 54
contingency allowances, 48-49
deploying phase of MSF, 28
designing the new network. See designing new networks
DHCP servers, 60
disaster recovery, 43-44
DNS server issues, 59
documentation, 34
domain architecture, 50
domain controllers, 58-59
domain functional levels, 55-57
domain trusts, 55
editions of Windows Server 2008, selecting, 61-63
envisioning phase of MSF, 28
file services, 60
global catalog servers, 58
goal assessment, 29, 33-37
governing phase of MSF, 28
hardware inventories, 39-40
installation phases, 30. See also installing Windows Server 2008
IT-business interaction issues, 36
IT goal identification, 35
licensing programs, 63-66
localization issues, 39
management tools, reviewing, 51-52
Microsoft Operations Framework (MOF), 28
Microsoft Solutions Framework Process Model, 28-29
namespace design, 54-55
network administration review, 42-43
network infrastructure evaluation, 38
network management tools, assessing, 44
Network Policy Servers, 60
network services and applications identification, 40-41
new installation issues, 67
objectives, defining, 45-49
operations masters, 57
organizational objectives, 45-46
overview, 27
partition issues, 79-80
planning phase of MSF, 28
predicting changes, 36-37
print services, 60
project scope definition, 29-30
remote locations, 38
schedules for projects, setting, 46-47
scope of projects, finalizing, 49
security infrastructure, 41-42, 51
servers and services, assessing, 39
server roles, 57-61
stabilizing phase of MSF, 28
standards selection, 52-53
tasks in deployment process, 29-30
team identification, 29, 31-33
testing the design, 30
WINS servers, 60
platters, 497
Plug and Play devices
installation process, 216-219
remote administration, 615
PNRP (Peer Name Resolution Protocol), 189
point and print restrictions, 870-871
policies
account. See account policies
assigning user rights with, 1182-1183
domain user accounts, configuring for, 1169-1170
Group Policy objects. See GPOs (Group Policy objects)
Local Security Policy console, 1184
user profiles, for, 1197
pooling printers, 898-900
ports
replication use of, 1084
Terminal Services, 941
ports, printer
managing, 886-887
pooling printers, 899-900
port names, 862
postinstallation checks, 100-101
PostScript, 842, 846-847
power protection, 1370
power state management
ACPI requirement, 379
ACPI Suspend State or Suspend Mode setting, 380
After Power Failure or AC Recovery setting, 380
Enhanced Intel SpeedStep Technology (EIST), 381
hardware dependence of, 379-382
Intel Quick Resume Technology Driver (QRTD), 381
motherboard specificity, 379
states of, 379-380
Wake On LAN From S5 or Auto Power On setting, 380
Windows Vista, 378
power supplies, 1314
Power Users group legacy only in 2008, 296
PowerShell
commands, 112-113
feature for installing, 190
get-eventlog command, 338-341
get-process command, 309-310, 315-320
get-service command, 310, 321-322
installing, 112
stopping processes, 320
PPP (Point-to-Point Protocol), 632
preinstallation tasks, 76-77
Previous Versions feature, 603-605
primary DNS servers, 750-751
primary partitions, 451
Print Management console
adding local printers, 855-859
adding print devices manually, 857-859
adding print servers to, 872-873
Additional Drivers command, 857
auditing access, 884
automatic installation of network printers, 855
Cancel All Jobs command, 907
client printer drivers, 894-895
color profiles, 906-907
denying printer permissions, 881-883
deploying connections, 868-869
driver property management, 887-889
drivers for network printers, 862-863
Enable Advanced Printing Features option, 901
Extended view, 907
filtered displays of printers, 876-878
forms, 885-886
general properties, setting, 891
granting printer permissions, 881-883
Hold Mismatched Documents option, 901
job properties, changing, 908
jobs, managing, 908
jobs, viewing, 907-908
Keep Printed Documents option, 901
listing available printers, 856
menu command to open, 854
migrating printers and queues, 873-876
network-attached printers, adding, 860-863
notifications property settings, 889-890
notifications, setting, 877
pausing all printing, 907
pausing individual jobs, 908
pooling printers, 898-900
port management, 886-887
Print Directly To The Printer option, 901
Print Spooled Documents First option, 901
properties of individual printers, 890
property management overview, 885
queue priority, setting, 896-898
recommended tool, 872
remote print server management, enabling, 872
removing print servers from, 873
resuming all printing, 907
scheduling queues, 896-898
share names, 856
sharing printers, 895-896
spooler property settings, 889-890
spooling configuration, 900-901. See also Print Spooler service
Start Printing options, 900
TCP/IP port monitor settings, 863-865
viewing printer permissions, 881
watermarks, 893-894
print processors, 901-902, 916-917
print servers
64-bit driver support, 845
adding local printers, 855-859
adding print devices manually, 857-859
adding print drivers, 888
adding to Print Management console, 872-873
application-based printing issues, 917
auditing access, 884
automatic installation of network printers, 855
backing up, 912-913
backups, 1384
canceling all jobs, 907
client print drivers, 894-895
client relationship to, 842-843
client-computer-based errors, 917-918
clustering, 846, 1363, 1367
command-line scripts, 854-855
command-line tool for, 854
connecting from client computers, 865-867
console for, 854. See also Print Management console
counters, performance, 909-912
data types for drivers, 841-842
defined, 841, 852
deploying connections, 868-869
disk I/O requirements, 848
disk space requirements, 848
driver installation on clients, 845-846, 857
driver property management, 887-889
driver storage location, 844
drivers for network printers, 862-863
EMF (enhanced metafile format), 842-843, 846-847
error handling, 845-846, 914
failure, preparing for, 912-913
filtered displays of printers, 876-878
form management, 885-886
frozen queues, 909
GDI preprocessing, 844
handles, 847-848
hardware configuration, 847-848
high-resolution graphics resource requirements, 847
installing, 853-854
Internet Printing service, 853
IP address issues, 916
jobs, managing, 908
jobs, viewing, 907-908
kernel mode drivers, 845
legacy Windows clients, 848
listing available printers, 856
local print providers, 845
local print spoolers, 844-845
location descriptions, 863
logging spooler events, 889-890
logical devices, multiple per printer, 853
LPD (Line Printer Daemon) Service, 853
LPR (Line Printer Remote) Port Monitor, 860
maintenance overview, 909
memory requirements, 847
Microsoft Universal Printer Driver, 846
migrating printers and queues, 873-876
multiple logical devices per printer, 896
Net Use command, 867
network issues, 916-917
network-attached printers, adding to, 860-863
non-Windows clients, 848
notifications, setting, 877, 889-890
optimization overview, 896
overview of printing process, 842-845
pausing printers, 907
PCL (Printer Control Language), 842, 846
performance monitoring, 909-912
permissions. See printer permissions
point and print restrictions, 870-871
pooling printers, 898-900
port management, 886-887
port names, 862
PostScript, 842, 846-847
print monitors, 845
Print Services role, adding to servers, 853-854
Print Spooler service, 844-845, 889-890, 909, 913, 916
PRINT$ shares, 555
printer installed bases, 841
Printer Migration Wizard, 873-876
property management overview, 885
queue errors, 916
queue priority, 896-898
queues, location of, 845
queues, tracking performance of, 911
RAW data type, 842-843
remote users, printer availability to, 863
removing print drivers, 889
RPC connections, 847-848
scheduling queues, 896-898
scripts, command line, 854-855
secondary servers recommended, 912
separator pages, 902-906
service. See Print Services
share names, 856
SMB connections, 848, 918
spool folder free space, 916
spooler property settings, 889-890
spooling, 844-845. See also Print Spooler service
spooling configuration, 900-901
SpoolSv instance, 909
TCP/IP port monitor settings, 863-865
test pages, printing, 914
troubleshooting, 913-918
Unidrv, 846
UNIX, 860
user access to printers, 865-867
user mode drivers, 845
user relations issues, 915
user, single, unable to print, 917-918
VBScript for connections, 867
Print Services
defined, 187
planning deployments of, 40, 60
role, adding to servers, 853-854
Print Spooler service
automatic spooling restarts, 913
configuring, 889-890
manually restarting, 909
place in connection sequence, 844-845
remote access to Registry requirement, 282
spooling configuration, 900-901
SpoolSv instance, 909
uncleared error documents in queue, 916
printer permissions
auditing access, 884
Change Permissions permission, 880
default condition, 879
defined, 879
denying, 881-883
granting, 881-883
Manage Documents permission, 880
Manage Printers permission, 880
ownership assignments, 883
Print permission, 880
Read Permissions permission, 880
restricting printer use, reasons for, 879
special permissions, 880
spool folder permissions, 881
standard permissions, 880
Take Ownership permission, 880
troubleshooting, 917
users and groups, 880
viewing, 881
printers
application-based printing issues, 917
automatic installation of network printers, 855
cabling options, 857
color, 851, 906-907
Comment property, 891
direct-attached, 850
domain local groups for accessing, 1218-1219
duplexers, 850
duty cycles of, 851-852
failure, preparing for, 912-913
Form To Tray Assignment property, 892
general properties, setting, 891
ink-jet printers, 849
IP address issues, 916
Job Timeout property, 892
large-format printing, 850
laser printers, 849, 852
Layout tab, 892
local printer name property, 891
local printers, adding to print servers, 855-859
location descriptions, 863
Location property, 891
memory expansion, 849, 892
migrating printers and queues, 873-876
monitoring, 847
Net Use command, 867
network issues, 916-917
network-attached, 850
ownership assignments, 883
paper trays, 850
Paper/Quality tab, 892
permissions. See printer permissions
photoprinting, 850-851
print processors, 901-902
PRINT$ shares, 555
printing preferences, setting, 891-892
properties of individual printers, 890
publishing by Active Directory, 895
scheduling, 896-898
security settings, client, 870-871
separator pages, 902-906
servers for. See print servers
share configuration, 550
share names, 856
sharing, 854, 895-896
status checks, 914-915
Terminal Services support for, 924-925
test pages, printing, 914
troubleshooting, 913-918
user access to shared, 865-867
VBScript for connections, 867
Wait Timeout property, 892
watermarks, 893-894
private IP addresses
classes of, 635-636
guideline for using, 647-648
static IP address assignment, 661
privileges
accounts, relationship to, 1178
default, groups assigned to, table of, 1178-1181
Problem Reports And Solutions console, 22, 237
problem resolution policy documents, 1371-1373
problem-escalation procedures, 1319
processes
get-process command, PowerShell, 309-310, 315-320
Processes tab, Task Manager, 308
statistics, table of names and descriptions, 316-319
stopping, 320
Task Manager display of, 314-320
terminating with Software Explorer, 288
processors. See CPUs (central processing units)
product keys
changing, 127
entering, 85-86
product management teams, 31
Profile A Single Process privilege, 1180
Profile System Performance privilege, 1180
profiles
setting for accounts, 1193-1194
user. See user profiles
Program Compatibility Assistant, 286-287
program management teams, 32
Programs And Features page, 287-288
project worksheets, 37
protocol installation options, 82-83
proxy tickets, 1040
PSCs (Password Settings containers), 1169
PSOs (Password Settings objects), 1169, 1173-1177
public file sharing
configuring, 549-550
overview of, 548
PUBLIC shares, 555
Public folder
configuring, 549-550
purpose of, 548
public IP addresses
defined, 635
determining number needed, 649
subnets with, 640
PUBLIC shares, 555
Q
QRTD (Intel Quick Resume Technology Driver), 381
queues, printer
queue errors, 916
queue priority, 896-898
queues, location of, 845
queues, tracking performance of, 911
Quick Launch toolbar, 143, 148-149
quorums
resources, failover clustering, 1354, 1362
server clusters, 1330
quota management
adding users outside local domain, 530
Administrators group, special treatment of, 526
capabilities of, 525
configuring quotas, 527-528
defined, 525
exporting entries, 534
importing entries, 534
logging events, 533-534
organizational culture issues, 525-526
ownership changes, 526
quota entries, viewing, 532-534
Recycle Bin, effect of, 527
setting quotas for individual users, 529-532
user notifications, 532
viewing quotas, 529
violations, checking for, 532-534
volume basis of, 526
R
RAID (redundant array of independent disks)
availability gains from, 414
disk I/O bottlenecks, 361
failover clustering requirements, 1349-1350
NLB (Network Load Balancing) with, 1336
paging file effects, 306
planning for installations, 80
RAID 0 configuration, 454-455
RAID 1 configuration, 457-462
RAID 5 configuration, 462-463
RAID 5 troubleshooting, 466
RAID-5 volumes, 452
software RAID, 430
RAM. See memory
RAW data type
defined, 842
port monitor settings, 863-865
printing process with, 843
PScript5.dll engine for, 846
RDC (Remote Desktop Connection)
admin mode starts, 615
Advanced tab, 619
client features, 613-614
Clipboard with, 618
connection bar, 619-620
connection speed settings, 618
desktop settings, 618-619
device control, 618
Display tab, 617-618
encryption issues, 613
ending sessions, 620
Experience tab, 618-619
General tab, 617
keyboard combinations, 618
loading saved connection settings, 617
Local Resources tab, 617-618
logons, 616-617, 619
lost connections, 619
printers with, 618
Programs tab, 618
purpose of, 607
specifying computer to connect to, 616
starting clients, 615-616
Terminal Services, as client for, 919
virtual mode starts, 616
RDC (Remote Differential Compression), 1078
RDNs (relative distinguished names)
defined, 1003
searching, 1010-1011
RDP (Remote Desktop Protocol)
RemoteApps .rdp file creation, 970-971
Terminal Services, configuring for, 958-960
TS Gateway, used by, 920
Read & Execute permission, 572
Read Attributes special permission, 573
Read Data special permission, 573
Read Extended Attributes special permission, 574
Read Group Policy Results Data permission, 1251, 1253
Read Permissions special permission, 575, 880
Read permissions, file sharing, 564, 572
read/writable domain controllers. See domain controllers
Read-Only Domain Controller group, 1159
read-only domain controllers. See RODCs (read-only domain controllers)
realm trusts, 1034-1038
Receive Window Auto Tuning, 632
recovery. See also restores
applications, of specific, 1403
authoritative restores of Active Directory, 1412-1414
current server data, 1402-1405
disaster planning aspect of, 1370
domain controller strategies, 1409-1410
domain controllers, restoring failed with new, 1415-1416
event logs of, 1405
folders, of, 1403
full system recoveries, 1408-1409
location to recover to, selecting, 1404
nonauthoritative restores of Active Directory, 1411-1412
OS recovery, 1408-1409
overwriting options, 1404
plans (data), 1318-1319
Recovery Wizard, 1402-1407
remote server data recovery, 1406-1407
Repair Your Computer option, 1377-1378
Startup Recovery Options wizard, 1378
Startup Repair Tool, 1408-1409
stop errors, recovering from, 1378-1380
system state recovery, 1407
Sysvol data, 1414-1415
volumes, of, 1403
Windows Complete PC Restore, 1377
Windows Error Recovery mode, 1418-1419
Windows Memory Diagnostics Tools, 1377
Windows Recovery Environment, 1377
Windows Server Backup for, 1388
Recycle Bins, quota management effects, 527
redundancy
components for improving, 1312
power supply, 1314
refreshing Group Policy objects, 1268-1278
Regedt32, 250, 278
Regional and Language Options utility, 125
Registries
32-bit and 64-bit keys, 252
access control to, 277-278
adding values and keys, 266
application settings storage, 247
auditing access to, 283-284
backing up, 272
command line for editing, 271
Components subkey, 253-254
configuration data sets, 368
control sets, 257
creation of data in, 260-261
data types in, 261-262
database nature of, 248-249
device enumeration, 257
Directory Replicator remote access requirement, 282
driver configuration settings, 222
Editor, 250, 262-271
Editor, modifying permissions on, 277
hardware profiles, 257
Hardware subkey, 254-255
hives, 249, 260-261, 270
HKEY_CLASSES_ROOT (HKCR), 252, 258-259
HKEY_CURRENT_CONFIG (HKCC), 252, 259
HKEY_CURRENT_USER (HKCU), 252, 259
HKEY_LOCAL_MACHINE (HKLM), 252-258
HKEY_USERS (HKU), 252, 258
importing and exporting Registry data, 267-269
keys, 251
loading hives, 270
maintenance overview, 273-274
modifying values, 264-265
organization of, 246
paths, parsing, 251
permissions on keys, 278-282
purpose of, 245-246
redundancy of, 260
REG command, 271
REG command, modifying permissions on, 277-278
regedit command, 262
Regedt32, 250, 278
remote access, blocking, 281-283
remote machine modification, 267
Remote Registry service, 283
removing damaged settings, 276
removing settings for failed installations, 276
removing values and keys, 266
restoring, 272
root keys, 251-259
SAM (Security Accounts Manager) subkey, 255
searching, 263
security issues, 276-284
Security subkey, 255
size of, 249
Software subkeys, 255-256
Spooler Service remote access requirement, 282
standard user tokens, 247
storage in memory, 249-250
structure of, 248-251
subtrees, 251
subtrees, table of, 251-252
System subkey, 256-258
Terminal Services configuration for applications, 942-943
tools as interfaces for, 248
Transactional, 247
Uninstall Or Change A Program utility, 273
unloading hives, 270
value entry paths, 248-249
values, 251
virtualization, 246-248
virtualization for legacy applications, 296
Windows Installer Clean Up Utility, 273-274
Windows Installer Zapper, 275-276
relay agents, DHCP, 689-693
release management teams, 32
Reliability And Performance Monitor console
CPU statistics, 345
data collector sets, 363-364
Disk statistics, 345
Memory statistics, 345
Network statistics, 345
Performance Monitor. See Performance Monitor
Performance Monitor location, 346
purpose of, 108
reliability. See Reliability Monitor
starting, 344-345
Reliability Monitor
location of, 346
pinpointing stability problems with, 346
purpose of, 343
remote access
administrating file sharing, 556
administration with. See Remote Desktop for Administration; Remote Desktops snap-in
enabling Remote Desktop, 324-325
MMCs with, 162-163
performance monitoring with, 354-355
Registry, blocking access to, 281-283
remote administration. See Remote Desktop for Administration
Remote Application, Terminal Services
applications available through. See RemoteApps
function of, 920
Remote Assistance, 12
Remote Desktop for Administration
admin mode, 608, 615
Allow Connections configuration options, 609-610
authentication certificates required, 610
BitLocker booting issue, 478
client settings tabs, 617-619
configuration, starting, 114
connection speed settings, 618
data prioritization settings, 614
defined, 12
device management, 221
disconnecting vs. logging off, 624
enabling, 324-325, 607, 609
encryption issues, 613
ending sessions, 620, 624
enhanced experience settings, 614
firewalls with, 610
flow control settings, 614
limitations of, 608
logons, 616-617, 619
lost connections, 613, 619
monitor spanning, 613
number of active administrators allowed, 608
organizational policy for, 608
passwords, 610
permissions for, 610-612
Plug and Play device redirection, 615
printers with, 618
purpose of, 607
RDC (Remote Desktop Connection) with, 607
RDC client features, 613-614
Registries, editing, 267
Remote Desktop Users group, 610-611
Remote Desktops snap-in for connecting to, 620-622
Remote Registry service, 283
resource redirection, 615
restricting users and groups from, 612
RSAT (Remote Server Administration Tools), 189
sessions allowed, 325
specifying computer to connect to, 616
starting clients, 615-616
Terminal Services policy configuration, 612-613
Terminal Services, relation to, 607
tracking logged-on clients, 623-624
virtual mode, 608, 616
Windows Firewall with, 610
Remote Desktop Users group
Terminal Services, 924
Terminal Services, adding to, 938
Remote Desktops snap-in. See also Remote Desktop for Administration
disconnecting, 621
establishing connections, 620
purpose of, 609
saving configurations, 622
screen options, 621-622
starting, 620
RemoteApp Manager, Terminal Services
configuring RemoteApps with, 966-975
purpose of, 922-923
RemoteApps
.rdp file creation for, 969-971
Alias property, 967
appearance to clients, 968
automatic installation with Terminal Server, 966
choosing programs step, 966-967
client access methods, 969
client computer devices and resources, 974-975
Command Line Arguments property, 967
defined, 966
deleting programs, 975
deploying the applications, 968-969
deployment setting configuration, 973-975
deployment settings for, copying, 922-923
farm names, 973
file extensions, taking over, 973
Icon property, 967
Location property, 967
making programs available as, 966-968
modifying program properties, 975
Program Name property, 967
Properties options, 967-968
RDP port numbers, 973
RemoteApp Wizard, starting, 966
server authentication settings, 973
server names, 973
TS Gateway settings, 974
TS RemoteApp Manager, starting, 966
TS Web Access availability property, 967
TS Web Access deployment setting, 974
TS Web Access, client access with, 969-970
unlisted programs settings, 974
Windows Installer package creation, 971-973
removable disks, 434
Remove Computer From Docking Station privilege, 1180
repairs. See also troubleshooting
Repair Your Computer, 1377-1378
Startup Repair Tool (StR), 22-24, 1408-1409
reparse points, 517-518
Replace A Process Level Token privilege, 1180
replication
Active Directory, 991-992
Active Directory design consideration, 1008-1009
Administrator, Replication (Rep Admin), 1302-1303
architecture of, 1082-1088
attribute designation, 1014-1016
attribute management, 1076
automatic compression between sites, 1072, 1077
bandwidth considerations, 1097
bridgehead server configuration, 1298-1301
bridgehead servers, 1089-1091, 1094-1095
compression of traffic, 1089
CPU requirements for, 1108
designing structure of, 1098-1105
DFS for. See DFS (Distributed File System)
domain design considerations, 1059
enhancements in 2008, 1076-1077
FRS for. See FRS (File Replication Service)
global catalog partitions, 1095
groups, of, 1216
intersite, 1076-1077, 1089-1091
intersite replication topology design, 1100-1101
intrasite, 1085
ISTG. See ISTG (Inter-Site Topology Generator)
Kerberos role in, 1083
link bridge costs, 1101-1104
link costs, 1100-1101
mapping network infrastructure, 1096-1098
maximum latency, intrasite, 1091-1092
monitoring, 1302-1304
partitions, of, 1093-1095
Performance Monitor, tracking with, 1303-1304
ports used for, 1084
priority, 1086
pull model, 1085
RDC (Remote Differential Compression), 1078
ring topology model, 1085-1087, 1093-1094
RODCs with, 1142, 1154
RPC role in, 1083
scheduling for intersite, 1077, 1089, 1100
schema changes, 1088
services needed for, 1084
single vs. multiple forest designs, 1057
sites, between, 1072-1075
steps in procedure of, 1082-1083
Sysvol, 1077-1082
time delays for, 1085-1086
topology based on number of domain controllers, 1092
transactional processing effects, 1076
troubleshooting, 1302-1303
up-to-dateness vectors, 1088
urgent, 1086
USNs for, 1087-1088
reservations, DHCP, 686, 713-716, 718
reset disks, 1214-1215
resolver caches, 681-683, 811
resources
IRQ settings, 240-243
Resources And Support section, Server Manager console, 118
Restart Manager, 22
restarts, troubleshooting, 1419
restores
authoritative restores of Active Directory, 1412-1414
Group Policy objects, of, 1280-1281
registries, 272
Restore Files And Directories privilege, 1181
Startup Repair Tool, 1408-1409
reverse lookups, DNS
queries, 743-744
zone creation, 781-782, 785-786
zones defined, 774
RID (relative ID) masters, 57, 1044-1046
rights
assigning user rights for domains and OUs, 1182-1183
logon. See logon rights
user. See user rights
ring topology model of replication, 1085-1087. See also ISTG (Inter-Site Topology Generator)
roaming user profiles
adding to Administrators group, 1197
configuring, 1200-1201
data storage, 1196
defined, 1196
denying access on per-computer basis, 1197
folder path, specifying, 1197
location for storage of, 1196
preconfigured, creating, 1198-1199
preventing changes from propagating, 1197
switching to local, 1202
RODCs (read-only domain controllers)
account access, viewing, 1163-1164
account password policies for, 1148
ACLs for, 1158
Active Directory Domain Services Installation Wizard step, 1150
Add Roles Wizard step for installing, 1150
additional domain controllers in existing domains, 1155-1156
administrative advantages of, 1145
administrative permissions, delegation of, 1149, 1153, 1165
adprep /rodcprep command requirement, 1149
Advanced Installation mode advantages, 1149
Advanced Installation mode selection, 1150
advantages of, 1141
Allowed RODC Password Replication group, 1159-1160
application readiness for, 1143
authentication process, 1144-1145
caching of credentials by, 1144-1145
credentials management, 1162-1164
defined, 1008
Denied Accounts list, 1160
Denied RODC Password Replication group, 1159-1160
deployment configuration options step, 1150
design considerations for, 1145-1148
DNS on, 1143
DNS requirements, 1149
DNS server option, 1151
domain functional level requirements, 1148
domain selection step, 1151
dsmgmt command with, 1165
editing Password Application Policy, 1160-1162
Enterprise Read-Only Domain Controller group, 1159
exporting settings to answer files, 1155
file locations, configuring, 1154-1155
forest functional level requirements, 1148
future changes likely in, 1141
global catalog server option, 1151
global catalog server requirements, 1148
groups specific to RODCs, 1159
install from media option, 1149, 1154
installing, 1148-1158
IP address issues, 1150, 1152
KDC advertisement of, 1144-1145
Kerberos Target account of, 1144-1145
limited functions of, 1145
media installations of, 1156-1158
multi-valued directory attributes, 1159
Network Credentials step, 1151
overview of, 1141-1142
Password Replication Policy configuration, 1149, 1152, 1158-1165
PDC emulator requirements, 1145, 1148
preinstallation check list, 1148-1149
prerequisite operating systems, 1141
Read-Only Domain Controller group, 1159
replication fundamentals for, 1142, 1146
replication of partitions, 1146-1147
replication partners, choosing, 1154
Restore Mode password selection, 1155
site selection step, 1151
sites, relationship to, 1145-1148
WANs with, 1148
roles
AD CS (Active Directory Certificate Services), 186
AD DS (Active Directory Domain Services), 186, 193
AD FS (Active Directory Federation Services), 186
AD LDS (Active Directory Lightweight Directory Services), 186
AD RMS (Active Directory Rights Management Services), 186
adding roles, 192-195
additional required features, 194
Application Server, 186
command line management of. See ServerManagerCmd
component names, 202-207
configuration overview, 185
DHCP Server, 186
DNS Server, 186
Fax Server, 186
features, 185
features, adding, 199
features, removing, 199-200
features, table of, 188-190
File Services, 187
managing. See Server Manager console
NPAS (Network Policy And Access Services), 187
operations master, set of, 1044-1046
overview in Server Manager console, 117-118
Print Services, 187
removing server roles, 195-196
role services, 185
role services, adding, 197
role services, removing, 198
server roles, 185
table of primary roles and services, 185-187
Terminal Services, 187
UDDI (Universal Description Discovery Integration) Services, 187
WDS (Windows Deployment Services), 187
Web Server (IIS), 187
Windows SharePoint Services, 187
WSUS (Windows Server Update Services), 187
Rollback wizard, 1378
rolling back installations, 84
root domains, 1000, 1003-1004
round-robin load balancing
DNS for, 797
Terminal Services with, 944-945
TS Session Broker servers, 950-951
routers
DHCP console router address specification, 706
IPv4 addresses for, 639
Network Load Balancing with, 1334
obtaining addresses of, 678
troubleshooting, 678-679
zone IDs of, 678
Routing and Remote Access Services, 737-739
Routing Compartments, 632
RPC (Remote Procedure Call) over HTTP Proxy
print server connections, 847-848
purpose of, 189
replication role, 1083
site connections using, 1288
RRAS (Routing and Remote Access Service)
DHCP, integration with, 686-687
setting options for, 722-723
RSAT (Remote Server Administration Tools), 189
RSM (Removable Storage Manager), 189
RSoP (Resultant Set of Policy)
granting permissions for, 1253
permissions to determine, 1251
run levels
configuring, 298-299
RunAsAdmin, 297
RunAsHighest, 297
RunAsInvoker, 296
security settings related to, 299-301
security tokens for, 247
RWDCs (read/writable domain controllers). See domain controllers
S
SA (Software Assurance), 66
Safe Mode, 1416-1418
SAM (Security Accounts Manager)
Active Directory use of, 990
Registry subkey, 255
role in non-Active Directory systems, 990
Windows NT 4 with Active Directory, 992
SANs (storage area networks)
Active Directory configuration issues, 1110-1111
booting from, 409-411
clusters using, 409-411
command-line tools for managing, list of, 409
defined, 406-407
DFS (Distributed File System), 408
failover clustering with, 1351-1352
FRS (File Replication Service), 408
LUNs (logical unit numbers), 411
Multipath I/O, 408, 411-414
sites, multiple physical, 1329-1330
Storage Explorer tool, 108
Storage Manager for SANs, 189, 411
troubleshooting, 410
VDS (Virtual Disk Service), 408
volume automounting, 408
VSS (Volume Shadow Copy Service), 407
SATA devices, 211-212
scalability
clustering, limits by OS version, 1326
goal of clustering servers, 1325
Terminal Services, improvement of, 927-928
schedules for projects, setting, 46-47
schema master role, 1044-1047
schemas, Active Directory
forests, sharing for domains in, 1055
replication, 1088
scopes for IP addresses
activation of, 716-717
adding during DHCP installations, 697
defined, 686
exclusions, 712-713
multicast, 702
Netsh command for management, 710-711
normal IPv4 scopes, 702-707
normal IPv6 scopes, 708-710
normal scopes, 701
planning address ranges for, 702
superscopes, 702
TCP/IP scope options, 718
types of scopes supported, 701-702
screen savers, 121
scripts
running in clustered environments, 1363
Terminal Services application compatibility scripts, 942
Search box, 132-133
secondary DNS servers
notification configuration, 793-794
purpose of, 750
zone creation, 775
zone setup, 770-771
sectors, 497-498
secure desktop, 298
security
Admin Approval Mode, 290-293
auditing file and folder access, 581-585
authentication for. See authentication
design planning issues, 51
DHCP issues, 688-689
direct physical access issues, 467
disabling secure communications requirement, 1111
DNSSEC (DNS Security), 757-758
drive encryption. See BitLocker Drive Encryption; EFS (Encrypting File System)
encryption, file. See EFS (Encrypting File System)
firewalls for. See firewalls
intrusion detection, 1319-1320
Local Security Policy console, 1241-1242
logons. See logon rights
man-in-the-middle attacks, 1111
passwords for. See passwords
permission settings. See permissions
physical, 1370
planning for deployments, 41-42
policies for. See Group Policy
printer. See printer permissions
Registry protection, 276-284
Registry subkeys, 255
Security Configuration And Analysis snap-in, 1266-1268
Security log, 327
security template configuration, 1266-1268
standards selection, 52-53
subsystem. See security subsystem
Terminal Services, 961-964
tokens for applications, 247
tokens, generation of, 1020-1022
TPM. See TPM (Trusted Platform Module) Services
UAC. See UAC (User Account Control)
viewing status with Server Manager, 118
Windows Defender, 12
Security Accounts Manager. See SAM (Security Accounts Manager)
security descriptors, 1188
security groups, 1216
security subsystem
Active Directory a subset of, 987
authentication mechanisms, list of, 989
authentication procedure, 990
Directory service (Ntdsa.dll), 990
key areas used with Active Directory, 989-990
logon/access features used with Active Directory, 989-990
LSA (Local Security Authority), 988-989
LSA Server use with Active Directory, 990
NET LOGON, 989
non-Active Directory systems, 990
Security Accounts Manager, 990
user mode, 987
seismic protection, 1315
Selected Acknowledgments (SACKs)
Extended, 631
SACK-based Loss Recovery, 632
selective startups, 385-388
Self-Healing NTFS, 520-521
separator pages
customization, 905-906
default pages, 902-903
defined, 902
interpreting code for, 905
printer-installed pages, 903
problems caused by, 918
selecting, 903
testing, 904
variables, table of, 904-905
server farms, 1325-1326
Server Manager console
adding roles, 192-195
command line counterpart of, 185
Computer Information section, 117
Configuration node, 117
Device Manager, opening, 219-220
device display options, 221
Diagnostics node, 117
downloadable components, 190-191
Features node, 117
Features Summary section, 118
groupings of roles, services, and features, 185
IE ESC, 118
installing Active Directory with, 1112
purpose of, 116
removing server roles, 195-196
Resources And Support section, 118
role services, adding, 197
role services, removing, 198
Roles node, 117
Roles Summary section, 118
Security Information section, 118
starting, 116-117
viewing configured roles and services, 191
server roles. See also roles
defined, 185
planning for, 57-61
ServerManagerCmd
component names, 202-207
determining installed components, 207
-inputPath, 201
-install command, 201
installing components, 208-209
parameters for, 201-202
purpose of, 200
-query command, 201, 207
-remove command, 201
removing components, 209
-version command, 201
servers
Active Directory. See domain controllers
clusters. See clusters, server
DHCP. See DHCP (Dynamic Host Configuration Protocol)
DNS. See DNS (Domain Name System)
hardware components of. See hardware
planning issues, 58-61
printer. See print servers
server rooms. See structures and facilities
services
control commands for, 322
delegating authentication for, 1040-1043
failure recovery, 19
get-service command, PowerShell, 310
restarting, 322
startup problems from, 387
viewing information on, 321-322
Services tool, 108
Session Directory Computers group, 944, 946-947
session state maintenance with NLB, 1335
session tickets
KDC servers handling of, 1025-1026
Kerberos policy settings, 1173
sessions, Terminal Server, 325-326
setting up Windows Server 2008. See installing Windows Server 2008
Setup log, 327
Setup.exe
alternate file folder option, 70
answer file specification, 70
baud rate for EMS option, 71
booting methods, 70
debug mode, 96-97
drive location for temporary files, specifying, 70
Emergency Management Services options, 70-71
general installation parameters, 70-71
no reboot option, 70
rolling back, 84
starting, 84
Stop errors, 98-99
shadow copies
API for, 589
autoretry interval, 599
backups, advantages for, 1383
clients for, 592
clustered servers issues, 595
configuring in Computer Management, 593-596
copying snapshots, 605
Create Now command, 596
defragmentation issues
deleting shadow copies of volumes, 597
deleting specific snapshots, 596, 601-602
differential copy procedure, 590
disabling shadow copies, 597, 602
enabling from command line, 598-599
file recovery by users goal of, 588
files centrally manageable with, 588-589
how it works, 589-590
key issues for implementing, 590
locations for files, 591, 594
manual snapshot creation, 596, 599
Maximum Size option, 594-595
mount point issues, 594
opening copies in Windows Explorer, 605
overview, 587
planning deployment of, 588-592
Previous Versions client feature, 603-605
purpose of, 587-588
restoring folders, 605
reverting entire volumes, 597-598, 602-603
scheduled runs of, 590-592, 595-596
service writers installed, 589
settings, changing, 596
snapshot creation, 588, 596-597
storage information, viewing, 601
storage requirements for, 590-591
user instructions for, 592
viewing allotted storage, 591
viewing information on, 600-601
volume selection for, 590-591, 594
Volume Shadow Copy Service, 581-585
VSSAdmin command-line commands, 598-603
Share And Storage Management console, 415
Shared Configuration feature, 1337
SharePoint (Windows SharePoint Services), 187
sharing files. See file sharing
shortcut trusts
creating, 1035-1038
purpose of, 1003
rapid authentication effects of, 1028-1029
shrinking partitions, 446-447
Shut Down The System privilege, 1181
shutdowns, troubleshooting, 1419
SIDs (security identifiers)
Active Directory use of, 993
user account, 1210
Simple TCP/IP Services, 189
simple volumes, 453-454
site links
adding sites to, 1290
advanced link options, 1301-1302
bridgehead server configuration, 1298-1301
choosing during site creation, 1284-1285
compression option, 1302
costs, 1289, 1295
creating, 1289-1292
default, 1287
endpoints of, 1289
firewall port issues, 1289
IP replication transport, 1288
ISTG with, 1287, 1297-1298
management overview, 1287-1288
naming, 1290
notification for replication option, 1301-1302
purpose of, 1287
replication interval, 1289, 1291-1292
replication issues, 1287
replication schedule, 1289, 1291-1294
replication schedules, 1297
replication transports for, 1288
RPC over IP with, 1288
site link bridges, configuring, 1295-1297
SMTP replication transport, 1288
testing replication, 1305-1306
three hop rule, 1292
transitive links, disabling, 1297
transitive nature of, 1288
transport folder selection, 1291
two-way synchronization option, 1302
sites, Active Directory
bandwidth considerations, 1075, 1097
boundary determination, 1075
bridgehead servers, 1072, 1089-1091
compression of traffic, 1077, 1089
creating, 1283-1285
Default-First-Site-Name creation, 1283
defined, 1071
designing, 1098-1105
DFS with, 1073-1074
DHCP server placement, 1105
DNS server placement, 1105
domain controller placement, 1104-1105
domain controller requirements, 1285
domain controllers, associating with, 1286-1287
domains, relation to, 1071
first site creation, 1283
global catalog requirements, 1073, 1105, 1285
Group Policy inheritance order, 1254
Group Policy Management Console (GPMC) with, 1244
intersite replication, 1076-1077, 1089-1091
intersite replication topology design, 1100-1101
intersite vs. intrasite replication, 1071
intrasite replication, 1085
ISTG (Inter-Site Topology Generator), 1089-1091
KCC (knowledge consistency checker), 1077, 1085, 1091-1092
LANs and WANs, relation to, 1071
link bridge costs, 1101-1104. See also site links
link costs, 1100-1101
links. See site links
mapping network infrastructure, 1096-1098
mapping networks to site structures, 1098-1099
name resolution requirements, 1073
naming, 1099-1100, 1284
partitions, replication of, 1093-1095
replication architecture, 1082-1088
replication between, 1072-1075
RODCs, designs with, 1145-1148
scheduling for intersite replication, 1077, 1089
scheduling replication, 1100
server placement, 1104-1105
single vs. multiple site designs, 1072-1074
site-aware applications and services, 1073-1074
subnet creation, 1285
subnet requirements, 1071
subnets, associating with, 1285-1286
subnets, relationship with, 1283
Sysvol replication, 1077-1082
sites, multiple physical, 1329-1330
sleep states, 379-380
smart cards, requiring for logons, 1192
SMB (Server Message Block) version 2, 17
SMTP (Simple Mail Transfer Protocol) Server
purpose of, 189
replication transport, 1288
snap-ins. See MMCs (Microsoft Management Consoles)
SNMP (Simple Network Management Protocol), 189
Software Assurance, 66
Software Explorer, terminating processes with, 288
software installation
2008 compliance requirements, 285-286
backups recommended before, 286
configuration after installs, 287-288
diagnosing problems, 286
downloaded programs, 287
elevated privileges requirement for, 285
failed installation procedure, 287
installer program requirements, 286
known compatibility issue detection, 286
Programs And Features page for, 287-288
run-level designations, 296-297
security settings related to, 299-301
Software Explorer, 288
software licensing programs. See licensing
sound schemes, 121
spanned volumes
creating, 453-454
defined, 452
recovering, 455-456
spare parts, 1312
sparse files, 518-519
special permissions, file and folder, 573-578
special shares, 553-555
split-brain DNS design, 762-763
spool folder permissions, 881
spoolers, printer. See Print Spooler service
Spurious Retransmission Timeout Detection, 632
spyware protection, 12
SQL Server clustering requirements, 1349
SRA (Secure Remote Access), 18
SRKs (Storage Root Keys), 468
SSO (Single Sign On), 18
SSTP (Secure Socket Tunneling Protocol), 18
stabilizing phase of MSF (Microsoft Solutions Framework), 28
Standard edition, Windows Server 2008
features of, 5
hardware requirements for installations, 72-73
selection criteria, 61
standard file sharing
configuring, 549
defined, 547
hidden shares, 553
mapping share folders as network drives, 550-551
standard user tokens
default nature of, 294
purpose of, 247
standardization of hardware for high availability, 1311-1312
standardized software components for system services, 1310
standby state, Windows Vista configuration of, 378
standby systems, 1312
Start menu
adding items, 134-135
All Programs button, 133
changes from 2003, 130-131
copying items, 135-136
folder options, 131-132
frequently used programs list, 133, 137-140
hiding items, 136-137
highlighted items, 136-137
optional folders, 132
pinned items, 133
removing items, 141
renaming items, 141
saving custom console tools to, 172-173
Search box, 132-133
sorting items, 140
standard menu new features, 133-134
views available, 129-130
startup
issues compounded in 2008, 377. See also boot configuration
Startup And Recovery dialog box, 384-385
Startup Recovery Options wizard, 1378
Startup Repair wizard, 1374-1375
startup scripts, Group Policy, 1264-1265
stop errors, recovering from, 1378-1380
System Configuration, 385-388
troubleshooting, 1416-1418
Windows Error Recovery mode, 1418-1419
Startup folder, taskbar, 145-147
Startup Repair Tool (StR), 22-24, 1408-1409
static IP addresses, assignment of, 660-663
stop errors
causes of, 98-99
recovering from, 1378-1380
storage. See also file systems
Active Directory requirements for, 1108
adding new disks, 423-424
allocation unit size, 438
availability, 414
backups, selecting for, 1390
basic disk type, 428-432
capacity requirements, 413-414
clusters with, 409-411
command-line tools for managing, list of, 409
Computer Management Storage Tools, 116
DAS (direct-attached storage), 405-406
deleting volumes, 448
DFS (Distributed File System), 408
DFS command-line tools, 409
Dfscmd tool, 409
disk I/O subsystem, 497
Disk Management. See Disk Management snap-in
disk quota management, 415
disk write caching, 424
DiskPart tool, 409
disks for. See hard disk drives
drive letter configuration, 440-442
drives. See hard disk drives
dynamic disks, 428-432
ESP partition type, 449-450
extending partitions, 443-446
external storage, 406
fault tolerance, 1312
file services for. See File Services
formatting partitions, 437-439
FRS (File Replication Service), 408
FSutil tool, 409
hot-swapping disks, 423
importance of managing soundly, 405
increasing need for, 405
internal storage, 405-406
LDM partitions, 451-452
LUNs (logical unit numbers), 411
managing GPT partitions on basic disks, 449-452
managing MBR partitions on basic disks, 434-448
mirrored volumes, 452, 457-462, 464-466
mount points, 442-443
moving dynamic disks, 456-457
MSR partitions, 450-451
Multipath I/O, 408, 411-414
NAS, 406
NTFS recommended file format, 437
OEM partitions, 452
partition styles, 425-428
partitions. See partitions, drive
performance requirements, 413-414, 424
primary partitions, 451
RAID. See RAID (redundant array of independent disks)
recovering disks, 455-456
recovery plans, 1318-1319
removable disks, 434
report generation, 415
SANs, 406-407. See also SANs (storage area networks)
shadow copy requirements for, 590-591
shrinking partitions, 446-447
simple volumes, 453-454
spanned volumes, 452-454
striped volumes, 452, 454-455, 462-463
types, 428
VDS (Virtual Disk Service), 408
volume automounting, 408
volumes. See volumes
VSS (Volume Shadow Copy Service), 407
Vssadmin tool, 409
storage area networks. See SANs (storage area networks)
Storage Manager for SANs, 189
Store Passwords Using Reversible Encryption setting, 1171, 1175
StR. See Startup Repair Tool (StR)
striped volumes
configuring RAID 0, 454-455
configuring RAID 5, 462-463
defined, 452
recovering, 455-456
strong passwords, 88
structures and facilities
access control systems, physical, 1315
cabling, 1314
checklist, 1315-1316
dust and air quality, 1314
factors to consider, list of, 1313
fire suppression systems, 1315
humidity, 1314
importance of, 1313
power supplies, 1314
seismic protection, 1315
sites, multiple physical, 1329-1330
surveillance, physical, 1315
temperature, 1313-1314
UPS (uninterruptible power supplies), 1314
subnets
allocating, 641-642
broadcasts, 637
class A network subnets, 642-644
class B network subnets, 644-645
class C network subnets, 645-646
creating, 1285
defined, 639
mapping network infrastructure, 1096-1098
masks, 639-640
masks assigned to adapters, viewing, 673
network prefix notation, 640-641
public addresses with, 640
purpose of, 639
sites, Active Directory, relation to, 1071, 1283
sites, associating with, 1285-1286
static IP address assignment, 661-663
troubleshooting, 677
superscopes, 702
support architecture
Network Diagnostics Framework, 15-18
overview of, 14-15
WDI (Windows Diagnostics Infrastructure), 19-25
surveillance, physical, 1315
Synchronize Directory Service Data privilege, 1181
System Configuration, 385-388
System Console, 126-128
System log, 327
system partitions
defined, 77
mirrored system volumes, 459-462
striped and spanned volumes, prohibited on, 429
system state data
backups of, 1382-1383
recovery of, 1407
system tray, 145-148
System utility Startup And Recovery panel, 1378-1380
Sysvol
Group Policy components in, 1237
location choices, 1109
location for, selecting, 1119
media-based Active Directory installations, 1126-1129
replication of, 1077-1082
restoring, 1414-1415
T
Take Ownership Of Files Or Other Objects privilege, 1181
Take Ownership special permission, 575, 880
Task Manager
Applications tab, 314
CPU statistics, 311-313
image names, 308
memory usage, 312-313
Networking tab, 323-324
opening, 308
performance monitoring features, 308-309
Performance tab, 311-313
processes, 308, 314-320
Services tab, 321-322
System statistics, 312
Terminal Services connection data, 325-326
Task Scheduler
purpose of, 12
shadow copy dependence on, 596
taskbars
Address toolbar, 149-150
areas of, 143
Auto Hide feature, 144
creating personal toolbars, 150-151
Desktop toolbar, 150
grouping items, 145
icon control, 147
Links toolbar, 150
location, changing, 143-144
locking, 144-145
Notification area, 143, 145-148
program control with, 145-148
Programs/Toolbars area, 143
purpose of, 143
Quick Launch, 143, 148-149
resizing, 143-144
Startup folder, 145-147
system tray, 145-148
toolbar optimization, 148-151
taskpads
Active Directory Users And Computers example, 174
creating, 176-178
editing, 178
editing tasks, 183
items allowed in, 173
menu command task creation, 179-180
navigation task creation, 181-183
New Task Wizard, 179-183
purpose of, 173
removing tasks, 183
shell command task creation, 180-181
task creation, 179-183
tasks defined, 173
view styles, 174-176
TCP (Transmission Control Protocol). See also TCP/IP (Transmission Control Protocol/Internet Protocol)
Automatic Black Hole Router Detection, 631
Compound TCP, 631
defined, 627
TCP Extended Statistics, 632
TCP/IP (Transmission Control Protocol/Internet Protocol)
addressing. See IP addresses
automatic address assignment. See DHCP (Dynamic Host Configuration Protocol)
Automatic Black Hole Router Detection, 631
configuring. See configuring TCP/IP networking
defined, 627
DHCP, setting options with. See TCP/IP options under DHCP
DHCPv6 capable client, 632
dual IP architecture, 631
Extended Selected Acknowledgments, 631
host IDs, 633
installing. See installing TCP/IP networking
IPv4. See IPv4 (Internet Protocol version 4)
IPv6. See IPv6 (Internet Protocol version 6)
Modified Fast Recovery Algorithm, 631
NAT (Network Address Translation), 635-636
Neighbor-Unreachability Detection, 631
network IDs, 633
Next Generation TCP/IP stack, 631-632
port monitor settings for printers, 863-865
Receive Window Auto Tuning, 632
SACK-Based Loss Recovery, 632
Simple TCP/IP Services, 189
Spurious Retransmission Timeout Detection, 632
subnetting. See subnets
Windows Filtering Platform, 632
TCP/IP options under DHCP
class options, 718
client-specific options, 718
Default Router Metric Base option, 721
default user classes, 719-720
directly connected clients, setting options for, 723-724
Disable NetBIOS option, 721
DNS Domain Name option, 719
DNS Servers option, 719
levels of options, 717-718
message limitations, 717
Microsoft Add-On options, 720-721
NAP clients, setting options for, 722-723
NetBIOS Scope option, 719
predefined options, 717
Release DHCP Lease On Shutdown option, 721
reservation options, 718
Router option, 719
RRAS clients, setting options for, 722-723
scope options, 718
server options, 718
setting options for all clients at a level, 721
standard options, table of, 718-719
user class memberships, viewing, 720
user-defined classes, 724-726
vendor classes, 720-721
WINS/NBNS Servers option, 719
WINS/NBT Node Type option, 719
team identification for planning deployments
architecture teams, 31
defined, 29
departmental representation on teams, 32-33
development teams, 32
management team growth issues, 37
Microsoft Solutions Framework Team Model, 31-32
outsourcing responsibilities, 33
product management teams, 31
program management teams, 32
release management teams, 32
size of teams, 31
testing teams, 32
user experience teams, 32
technical specification development. See designing new networks
temperature of server rooms, 1313-1314
Terminal Services
activating license servers, 954-957
adding terminal servers to specific groups, 976
adding user and group permissions, 963-964
adding users and groups, 938-939
administration tools for, 921-925
advantages of, 919
application compatibility scripts, 942
applications, choosing, 939-940
applications, installing, 932-934, 936-937, 939-943
auditing access to, 964-966
authentication method selection, 937
Automatic Connection licensing method, 955
bandwidth requirements, 920
CAL Installation Wizard, 954-957
capacity planning, 927-931
Change Logon command, 941
Change Port command, 941
Change User command, 941
Client Licensing Wizard, 956-957
client overview, 919-921
command-line commands for managing, 978-980
Configuration tool, 922, 957-958
connecting to a specific server for managing, 976
connecting to a user's session, 977
CPU impact on capacity, 928-930
data entry worker clients, 928
defined, 60, 187
Delete Temporary Folders On Exit setting, 960
Desktop Experience feature, 938
disconnecting active sessions, 977
disk performance requirements, 931
editing settings, 960-961
encryption support, 924, 959
environment settings, 959
Execute mode, 940
experience settings, 930
feature dependence on bandwidth, 920
Full Control permission, 961
Gateway, 920, 924, 932
Gateway Manager, 923
global connection settings, 958-960
grace period for license servers, 952
groups of servers, actions available for, 976
Guest Access permission, 961
HKCU and HKLM, 940-941
importing information from TS Session Broker, 976
Install mode, 940-941
installing for multi-server deployments, 934-935
installing for single-server deployments, 932-933
installing license servers, 952-953
installing terminal servers, steps for, 936-938
key elements of, 919
knowledge worker clients, 928
License Server Discovery Mode setting, 961
license servers, setting up, 951-957
licensing, 925-927, 937
Licensing Manager, 922, 954-957
listing terminal servers, 976
listing user connections to, 325-326
load balancing with, 933-935. See also TS Session Broker servers
logging off users administratively, 977
Logoff command, 980
logon settings, 959
Manager, 921, 975-978
Member Of Farm In TS Session Broker setting, 961
memory requirements, 930
modifying applications after installation, 942-943
Msg command, 980
multi-server deployments, 933-935
network bandwidth requirements, 931
new group creation for terminal servers, 976
number of users, restraints on, 928-931
organizational structure planning, 931-932
OUs, separate for, 613
performance tuning Registry values, 943
permissions, viewing, 962
policy configuration, 612-613
printing enhancements, 924-925
processes running on terminal servers, ending, 977-978
productivity worker clients, 928
purpose of, 919
Query commands, 978-979
RDC client, 919-921. See also RDC (Remote Desktop Connection)
RDP (Remote Desktop Protocol), 920
RDP configuration, 958-960
RDP over HTTPS for Gateway, 924
Redirect Only The Default Client Printer setting, 925
refreshing server information, 976
Registry configuration for applications, 942-943
Remote Application, 920
remote connection verification, 939
remote control of user sessions, 977, 979, 981
remote control settings, 959
Remote Desktop mode. See Remote Desktop for Administration
Remote Desktop Users group, 924, 938-939
RemoteApp Manager, 922-923, 966-975
RemoteApps feature. See RemoteApps
removing terminal servers from specific groups, 976
Reset Session command, 980
resetting user sessions, 977
Restrict Each User To A Single Session setting, 960-961
Resume Configuration Wizard, 938
RootDrv.cmd, 942
scalability improvements, 927-928
security changes in 2008 version, 924
security configuration, 961-964
security permissions settings, 960
sending messages to users, 978, 980
server setup basics, 921-925
session management. See TS Session Broker servers
session settings, 959
SetPaths.cmd, 942
setting user file paths to drive letters, 942
Shadow command, 979
single-server deployments, 932-933
special permissions, table of, 961-962
standard options of, 920-921
system architecture issues, 920-921
Terminal Services Licensing Mode setting, 961
tsadmin.exe command, 975
TSCon command, 980
tsconfig.msc tool, invoking, 957-958
TSDisCon command, 980
TSKill command, 980
Use Temporary Folders Per Session setting, 960
User Access permission, 961
user impact on performance, 928-930
User Logon Mode setting, 961
user profiles, 982-983
user sessions, displaying status of, 978
user sessions, managing, 976-978
virtual sessions, 919, 933-934
Web Access, 920, 932
Web Access Administration, 923
Web access type servers, 921
Windows System Resource Manager with, 938
testing for high availability, 1310
testing teams, 32
themes, 121-122
threads
bottlenecks from, 359
statistics for, 315
tickets. See session tickets
time
Date And Time utility, 122-123
Windows Time, 13
toolbars
Address toolbar, 149-150
creating personal, 150-151
Desktop toolbar, 150
displaying, 150
Links toolbar, 150
Quick Launch toolbar, 143, 148-149
top-level domains, 653
TPM (Trusted Platform Module) Services
BitLocker with, 468, 477-478
boot file validation, 468
changing owner passwords, 476
clearing, 475-476
error, starting console without TPM on, 469-470
firmware compliance, 469
Initialize The TPM Security Hardware wizard, 469, 471-473
initializing for first use, 471-473
management console for, 469
master wrapping keys, 468
password creation for ownership, 471-473
purpose of, 467-468
sealed keys, 468
setting ownership, 471-473
SRKs, 468
status indicators, 470
strength of, 468
TCG-compliant firmware, 469
TPM microchips, 467-468
turning off, 473-474
turning on in firmware, 469
turning on with Management console, 474-475
Tracerpt command, 372-373
Tracert command, 678
traces
startup event traces, 364
trace data sets, 364, 367-368
Tracerpt command, 372-373
transactional NTFS, 520
Transactional Registries, 247
Transmission Control Protocol/Internet Protocol. See TCP/IP (Transmission Control Protocol/Internet Protocol)
Traverse Folder special permission, 573
trees, Active Directory
creating new domains or trees in existing forests, 1125-1126
defined, 1053
privileges required for installing first domain controller, 1113
root domains for, 1054-1055
searching, 1010-1011
structure of, 999-1000
troubleshooting
computer accounts, 1230-1231
CPU-based install issues, 98-99
deployments, initial, 1322
disk drive issues, 100
DNS, 808-821. See also DNS (Domain Name System)
file sharing, 579-581
firmware issues, 100
Group Policy, 1268-1282
hardware, 237-243
hardware removal during installations, 97
installations of Windows Server 2008, 96-100
logs of events. See Event Viewer; events
networking, 323
networks. See network troubleshooting
printing, 913-918
replication, 1302-1303
SANs, 410
shutdowns, 1419
startup issues, 385-388, 1416-1418
trust relationships, 1039-1040
user accounts, 1195
trust paths, 1002-1003
trusts
creating, steps for, 1035-1038
cross-forest transitive trusts, 1030-1032, 1035
defined, 1001
delegating authentication, 1040-1043
direction of trust property, 1035-1037
domain administrators, 1002
enterprise administrators, 1002
explicit trusts, 1028-1029
external trusts, 1003
forests, automatic creation between domains in, 1001
forests, configurations in, 1055
Kerberos for, 1026-1027
New Trust Wizard, 1035-1038
outgoing trust authentication levels, 1038
passwords for, 1037-1038
paths, 1002-1003
permission availability, 1001
realm trusts, 1034-1038
shortcut trusts, 1003, 1028-1029, 1036
transitivity, 1035
troubleshooting, 1039-1040
trust trees, 1027-1028
Trust Type property, 1034
trusted domains, 1002
trusting domains, 1001
two-way transitive trusts, 1027-1028
validation, 1039-1040
viewing existing trusts, 1033-1035
TS Gateway
function of, 920
RDP over HTTPS for, 924
RemoteApps settings for, 974
system requirements for, 932
TS Licensing Manager, 954-957
TS RemoteApp Manager. See RemoteApps
TS Session Broker servers
authorizing Terminal Servers to use, 946-948
automatic startup of service, 944
configuring, 945-946
configuring terminal servers to join, 948-950
Enterprise version requirement, 944
farm names, 949
Member Of Farm In TS Session Broker setting, 961
multi-server environment for, 934-935
overview of, 944-945
redirection configuration, 950
relative-weighting load balancing, 944-945, 949
round-robin load balancing, 944-945, 950-951
Session Directory Computers group, 944, 946-947
Terminal Services Configuration tool, 948-950
third-party router-based solutions issues, 950
TS Session Broker Farm Name policy settings, 948
tsconfig command, 948
workgroup computer account authorization, 947-948
TS Web Access
function of, 920
RemoteApps availability property for, 967
RemoteApps deployment setting, 974
RemoteApps, client access with, 969-970
system requirements for, 932
tuning performance
bottleneck overview, 356
CPU bottlenecks, resolving, 359-360
memory bottlenecks, 356-358
Performance Options dialog box, 305
processor scheduling options, 304-305
purpose of, 303
virtual memory, 305-308
visual effects, minimizing, 303-304
two-way transitive trusts, 1027-1028
Typeperf command, 370-372
U
UAC (User Account Control)
Admin Approval Mode, 290-293
administrator applications, 295
administrator user tokens
application integrity, 294
application settings storage, 247
background tasks for, 290
color coding of elevation prompts, 297-298
configuring settings for, 292-293
elevation, 290
legacy applications, 296
Permissions icons, 289
prompts, criteria for, 289
purpose of, 288-289
run levels, 296-299
security settings related to, 299-301
software installation elevated privileges requirement, 285
standard user tokens, 294
user applications, 295
UDDI (Universal Description Discovery Integration) Services, 187
unattended installing, 69-70
unicast IP addresses
IPv4, 633-636
IPv6, 651
Unidrv, 846
Uninstall Or Change A Program utility, 273
uninstalling Active Directory, 1129-1133
uninstalling programs
Windows Installer Clean Up Utility, 273-274
Windows Installer Zapper, 275-276
universal groups
caching, 1215-1216
defined, 1217
global catalog replication, 1218
member inclusion, 1218
membership caching, 1020-1022
nesting limitations, 1218
permissions, 1218
reasons for using, 1219-1220
UNIX
interoperability, configuring for, 417
print servers, 860
Subsystem for UNIX-based Applications, 190
Unlock Account check box, 1191
updates, 74-75
upgrading to Windows Server 2008
migration, 88
overview, 73-74
performing the upgrade, 88
supported paths for, 74
UPNs (user principal names), 1021
UPS (uninterruptible power supplies), 1314, 1370-1371
up-to-dateness vectors, 1088
USB 2.0, 213-214
USB flash keys for password resets, 1214-1215
user accounts
Administrator. See Administrator account
backing up passwords, 1214-1215
command line creation of, 1186
creating, 1184-1187
default user accounts, 1168
delegated authentication, 1041-1043
deleting, 1210-1211
disabling, 1191, 1193, 1195, 1211
domain. See domain user accounts
Effective Permissions tool, 1188-1189
enabling, 1211
expiration options for, 1192
folder redirection, 1203-1207
Guest account, 1168
Home Folder, 1194
importance of availability of data, 1203
Kerberos options, 1192
local, 1167, 1169. See also local user accounts
maintenance overview, 1210
moving, 1211
multiple users, selecting, 1211
naming accounts, 1168
options, managing, 1189-1192
profile settings, 1193-1194
properties, viewing and setting, 1187-1188
renaming, 1211-1212
resetting passwords, 1212-1213
SIDs (security identifiers) of, 1210
troubleshooting, 1195
unlocking, 1213-1214
user profiles. See user profiles
user applications, 295
user data management
file synchronization, 1209-1210
folder redirection, 1203-1207
importance of availability of data, 1203
offline files, 1207-1209
user experience teams, 32
user mode of security subsystem, 987-988
user principal names. See UPNs (user principal names)
user profiles
data storage, 1196
deleting unused automatically, 1197
deleting while in use, 1196
HKEY_CURRENT_USER (HKCU), 259
HKEY_USERS (HKU) Registry key, 258
local, 1196
location for storage of, 1196
mandatory, 1196
permissions for preconfigured, 1199
policies for, 1197
preconfigured, creating, 1198-1199
purpose of, 1195
roaming, 1196
switching from local to roaming, 1202
Terminal Services, 982-983
types of, 1196
User Profiles dialog box, launching, 1198
user rights
assigning for domains and OUs, 1182-1183
assigning for specific computers, 1184
Userevn.dll, 1236
UserName environment variable, 1194
USN (update sequence number) change journals, 514-515
USNs (update sequence numbers), 1087-1088
V
VDS (Virtual Disk Service), 408
Virtual Disk Service (VDS), 408
virtual memory
bottleneck issues, 356-358
tuning performance of, 305-308
virtual servers, 9-10
virtual sessions, 919
virtualization
Hypervisor Settings entries, 397
Registry, 246-248
Vista. See Windows Vista
Visual Effects tab, 304
volume automounting, 408
Volume Shadow Copy Service (VSS), 407, 587. See also shadow copies
volumes
basic, 428-432
creating, 435-439
defined, 77
defragmenting, 541-546
deleting, 448
DiskPart tool, 409
drive letter configuration, 440-442
dynamic, 428-432. See also dynamic disks
dynamic, types of, 452
extending, 443-446
formatting, 437-440
labels, setting, 438
mirrored volumes, 452, 457-462, 464-466
mount points, 442-443
quotas for users. See quota management
RAID-5 volumes, 452
removing, shadow copy issues, 597
sharing. See file sharing
shrinking, 446-447
simple, 453-454
size, setting, 435-436
spanned, 452-454
striped, 452, 454-455, 462-463
VPNs (virtual private networks)
computer account settings, 1230
SRA (Secure Remote Access), 18
SSTP (Secure Socket Tunneling Protocol), 18
VPN with NLB, 1336
VSS (Volume Shadow Copy Service). See also shadow copies
advantages of, 407
purpose of, 587
snapshots, 407
VSSAdmin command-line commands, 598-603
Vssadmin tool, 409
Windows Server Backup use of, 1387, 1399
W
WANs (wide area networks)
RODCs with, 1148
sites, relation to, 1071
watermarks, printer, 893-894
Wbadmin, 1390
WDI (Windows Diagnostics Infrastructure), 19-25
WDS (Windows Deployment Services), 187
Web Server (IIS) role, 187
Web Server edition of Windows Server 2008
features of, 6-7
hardware requirements for installations, 72-73
selection criteria, 63
Web servers
farms, 1325
hardware for failover clustering, 1349-1351
planning for, 60
WIM (Windows Imaging Format), 14
Windows 2000 Server native mode domains, 1017
Windows Backup, 1384. See also backups
Windows Boot Manager
overview, 13-14
purpose of, 383
Windows Complete PC Restore, 1377
Windows Defender
purpose of, 12
Software Explorer in, 288
Windows Error Recovery mode, 1418-1419
Windows Explorer
adding users or groups for permissions, 576
Apply Onto options, 577-578
clearing inherited permissions, 569-570
creating shares with, 556-559
file sharing with, 556
Permissions tab, accessing, 569
removing users or groups for permissions, 577
setting special permissions for files and folders, 576-577
special permissions, viewing, 573
viewing permissions for files and folders, 571
Windows Filtering Platform, 632
Windows Firewall
backup exceptions, 1390
defined, 13
network troubleshooting issues, 679
Remote Desktop for Administration with, 610
Windows Installer
Clean Up Utility, 273-274
RemoteApps, package creation for, 971-973
Zapper, 275-276
Windows Internal Database, 190
Windows logs, 327
Windows Memory Diagnostics Tools, 1377
Windows Network Diagnostics
accessing from Network And Sharing Center, 630
Internet connections, 675
local area connection troubleshooting with, 674-675
Windows NT 4.0 NTLM, 1023-1024
Windows PC environment (WinPE), 1377-1378
Windows PowerShell. See PowerShell
Windows Process Activation Service, 190
Windows Product Activation (WPA), 66
Windows Recovery Environment, 190, 1377
Windows Registry. See Registries
Windows Search Service
configuring, 419
purpose of, 416
Windows Server 2003
native mode domains, 1017-1018
universal group membership caching, 1020-1022
Windows Server 2008 Datacenter, 6
Windows Server 2008 Enterprise, 6
Windows Server 2008 Standard, 5
Windows Server Backup
Always Perform Full Backup option, 1389
Always Perform Incremental Backup option, 1389
automatic management by, 1387
Backup Once Wizard, 1396-1400
capabilities of, 1387
configuring backup type, 1389
current server data recovery, 1402-1405
Custom options, 1389, 1392, 1397
destination selection, 1393, 1398
event logs, 1400-1401
feature description, 190
first backup after installation, 1388-1389
installing, 1388
manual backups, 1396-1400
Modify Backup option, 1395
recovery capabilities, 1388
recovery details summaries, 1405
Recovery Wizard, 1402-1407
remote server data recovery, 1406-1407
scheduling, 1391-1395
starting, 1388
Stop Backup option, 1395
system state recovery, 1407
tracking backups, 1400-1401
VSS with, 1387, 1399
Wbadmin command line equivalent, 1390
Windows Server Catalog, 1311
Windows services in clustered environments, 1363
Windows System Resource Manager
editions available in, 62
Terminal Services with, 938
Windows Time, 13
Windows Update, 74-75
Windows Vista
Active Directory with, 10-11
editions of, 10
kernel architecture, 11-13
power state management, 378
Windows Web Server 2008, 6-7
WinPE (Windows PC environment), 1377-1378
Winprint, 901-902
WINS (Windows Internet Naming Service)
active registrations, viewing, 835-836
backing up databases, 838
backups of, 1384
B-Nodes, 824
burst handling, 832-833
caches, 825
clients, 823
clustering with, 1363
compacting databases, 838
configuring, 669-671, 826-827, 832-836
console for, 826, 833
database maintenance, 836-839
database of mappings, 824
DHCP setup with, 697
DNS-based lookups, enabling, 839
H-Nodes, 824
installing server service, 826
legacy support function, 823
M-Nodes, 824
multiple servers recommended, 825
name registration, 824-825
NetBIOS names, 823
NetBIOS scope, 824
Netsh command-line commands, 827
Netsh info command, 835
Netsh statistics command, 834
node types, 824
overview of, 654-655
persistent connections, 825
planning deployments of, 40, 60
P-Nodes, 824
record export, 825
remote management of, 827
replication, 825, 828-831
restoring databases, 839
scavenging records, 836
small networks with, 824
status, viewing, 833-835
tombstoning records, 825, 835-836
troubleshooting, 828, 834
verifying database consistency, 837
wireless network security issues, 689
Wireless Networking, 13
wiring, 1314
workgroups
DHCP, setting up for, 697
viewing, 126
WPA (Windows Product Activation), 66, 71-72
Write Attributes special permission, 574
Write permission, 572
WSRM (Windows System Resource Manager), 190
WSUS (Windows Server Update Services), 74-75, 187
Z
zones, DNS
Active Directory-integrated type, 750, 752-755, 780, 784
automatic record creation, 794
conditional forwarding, 754, 756
defined, 749
domain-based zone structure, 751
forward lookup zone creation, 774-781, 783-785
GlobalNames zone, 803-804
ISP zone maintenance, 776
listing, 819-820
non-domain-based zone structure, 751-752
polling intervals, 813
primary DNS servers, 750-751, 779, 783
primary zone creation, 775
records of a particular zone, displaying, 820-821
replication scope, 780, 784
restart issues, 754-755
reverse lookup zone creation, 781-782, 785-786
secondary DNS servers, 750, 779, 781, 784
secondary notification configuration, 793-794
secondary zone creation, 775
secondary zone setup, 770-771
secondary zones, 755
standard primary type, 749
standard secondary type, 750
stub type, 750, 755-756, 779, 784
transfers, 750-751, 791-793
types supported, 749-750
zone files, 781-782
zones, Internet security, 118
© Microsoft. All Rights Reserved.