Index

 Symbols and Numbers | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | Z

Symbols and Numbers

.NET Framework 3.0, 188

64-bit computing, 7-8. See also Itanium-based servers

A

access control

access permissions for files and folders, 571-578

Active Directory related features, list of, 989-990

entries. See ACEs (access control entries)

lists. See ACLs (access control lists)

systems, physical, 1315

user account control. See UAC (User Account Control)

account policies. See also Group Policy

Account Policies, editing with default GPOs, 1247-1249

configuring user policies, 1169-1170

Group Policy objects. See GPOs (Group Policy objects)

Kerberos policy settings, 1169, 1173

local user accounts, 1169

location of, 1169

lockout policy, 1172, 1247

password policy enforcement, 1170-1171

password settings object creation, 1173-1176

accounts

Accounts: Rename Administrator Account policy, 1248

Accounts: Rename Guest Account policy, 1248

Administrator. See Administrator account

authentication of. See authentication

built-in capabilities of, 1178

contact accounts, 1168

creating user accounts, 1184-1187

default user accounts, 1168

domain. See domain user accounts

expiration options for, 1192

Guest account, 1168

InetOrgPerson. See InetOrgPerson accounts

local. See local user accounts

membership in groups, 1178

naming accounts, 1168

OUs, placing in, 1136

permissions of. See permissions

policies for. See account policies

RODC password replication policies, 1148, 1158-1159

user. See user accounts

user account control. See UAC (User Account Control)

ACEs (access control entries), 1188

ACLs (access control lists)

Active Directory, role in, 988

RODCs, for, 1158

ACPI (Advanced Configuration and Power Interface), 379-382

ACPI BIOS, 240-241

Act As Part Of The Operating System privilege, 1178

activation of Windows Server 2008

process for, 88-90

viewing status of, 126-127

Active Directory

administering. See Active Directory Users And Computers snap-in

architecture of. See Active Directory architecture

attribute management, 1014-1016, 1076

authoritative restores of, 1412-1414

backup strategies for, 1409-1410

backups for installation media creation, 1127-1128

bridgehead servers role, 58. See also bridgehead servers

building blocks, logical, 1053

business requirements for, 1053-1054

changing structure of, 1061-1062

classes of objects, 1014

client connection requirements, 1111

compatibility issues, 1016-1020

Computer objects, 1014

configuration containers in a forest, 1055

Contact objects, 1014

counters for, 1303-1304

CPUs, requirements for, 1108

creating domain controllers for existing domains, 1114-1122

data store architecture, 995-997

delegation of administrative rights, 1064-1065, 1136-1139

designing systems of. See Active Directory system design

DHCP authorization, 689

DHCP set up with, 696, 698, 701

Active Directory, continued

Directory Services log, 328

DNs (distinguished names), 1003-1004

DNS zones, Active Directory-integrated type, 752-755

domain architecture design for, 50

Domain objects, 1014

Domain Rename utility, 1061-1062

domain trees. See trees, Active Directory

domain trust design, 55

domains. See domains, Active Directory

failed domain controllers, removing references to, 1415-1416

failover clustering, configuration for, 1351

forests. See forests, Active Directory

functional levels, 1016-1020

global catalog server role, 58. See also global catalog servers

Group objects, 1014

group policy. See Group Policy

InetOrgPerson objects, 1014, 1063

infrastructure masters, 57

inheritance of permissions, 1137

installing. See installing Active Directory

installing DNS Server service with, 767-771

KCCs. See KCC (knowledge consistency checker)

links. See site links

LSA (Local Security Authority), 988-989

managing. See Active Directory Users And Computers snap-in

media, installing from, 1126-1129

memory requirements, 1108

namespace design, 54-55

nonauthoritative restores of, 1411-1412

operations master role, 57. See also operations masters

OS support issues, 1016-1018

OUs. See OUs (organizational units)

PDC emulators, 57

Performance Monitor counters for, 1303-1304

planning deployments, 54-58

PrintQueue objects, 1014

read-only domain controllers. See RODCs (read-only domain controllers)

recovery on SANs, 1110-1111

RID masters, 57

RODCs. See RODCs (read-only domain controllers)

Schema snap-in, 1047

Server objects, 1014

server roles, planning for, 57-58

share information, publishing, 552

site concept, 58. See also sites, Active Directory

Site objects, 1014

snap-ins, 163

Subnet objects, 1014

System State files, 1110-1111, 1129

system volume. See Sysvol

Sysvol replication, 1077-1082. See also Sysvol

SYSVOL$ shares, 555

task delegation, 1138-1139

tools for administering, table of, 107

transactional processing, 993-995, 1076

trees. See trees, Active Directory

troubleshooting trust relationships, 1039-1040

trust relationships. See trusts

uninstalling, 1129-1133

User objects, 1014

Windows Vista with, 10-11

Active Directory architecture

ACLs, 988

administrator types, 1002

attributes of objects, 998

authentication mechanisms, list of, 989

authentication procedure, 990

Checkpoint file, 995

common names of objects, 1003

Configuration containers, 1004

containers, 998

data file types, 995-996

data store architecture, 995-997

Database Layer, 992-993

directory service component, 990-993

directory trees, 999-1000

DNs (distinguished names), 1003-1004

domains, 999, 1004. See also domains, Active Directory

ESE (Extensible Storage Engine), 993-995, 997

external trusts, 1003

Forest Root Domain containers, 1004

forests, 1000-1001. See also forests, Active Directory

global catalog servers, 1006

group policy, role of, 988

GUIDs, 992

indexed tables, 996

LDAP, 991, 998-999

log files, 995-997

logical architecture overview, 997-998

logon/access features used with, 989-990

MAPI, 992

multimaster approach to replication, 991-992, 1085

names of objects in data store, 992

NET LOGON, 989

object class types, 998

objects, 988, 998-999

operations masters. See operations masters

OUs. See OUs (organizational units)

partitions, 1005-1006

physical layer overview, 987-988

primary data files, 995-997

purpose of Active Directory, 987

RDNs, 1003

replication support, 991-993

RODC design considerations, 1145-1148

root domains, 1000, 1003-1004

rootDSE objects, 1003-1004

SAM with, 990, 992

Schema containers, 1004

schemas, 993, 998-999, 1055

security descriptor tables, 996

security subsystem key areas, 989-990

security subsystem, relation to, 987

shortcut trusts, 1003

SIDs (security identifiers), 993

sites. See sites, Active Directory

Temporary data files, 995

tombstoned objects, 994-995

top-level view of, 987-988

transaction logs, 994

trust paths, 1002-1003

trust relationships, 988, 1001-1003

user mode, 987

Windows NT 4 with, 992

Active Directory Domain Services Installation Wizard. See installing Active Directory

Active Directory Domains And Trusts tool

creating trusts with, 1035-1038

raising functional levels, 1019-1020

Trust Type property, 1034

UPN suffixes, adding, 1021

validating trust relationships, 1039-1040

viewing existing trusts, 1033-1035

Active Directory Migration Tool. See ADMT (Active Directory Migration Tool)

Active Directory Schema snap-in, 1047

Active Directory Sites And Services

bridgehead servers, configuring as preferred, 1300-1301

changing forest connected to, 1284

creating sites, 1283-1285

domain controllers, associating with sites, 1286-1287

global catalog server designation, 1012-1013

site link bridges, configuring, 1295-1297

site link creation, 1289-1292

starting, 1012

subnet creation, 1285

subnets, associating with, 1285-1286

universal group membership caching, 1021-1022

Active Directory system design

attribute management, 1014-1016

authentication design overview, 1020

building blocks for, 1053

business requirements for, 1053-1054

compatibility issues, 1016-1020

cross-forest transitive trusts, 1030-1032

delegating authentication, 1040-1043

domain functional level, 1016-1018

domain planning overview, 1058-1059

elements of, 1007

Exchange Server 2007 with, 1014

federated forest design, 1030-1032

forest function level, 1018-1020

forests. See forests, Active Directory

global catalog access, 1011-1013

Kerberos for authentication, 1023-1026

LDAP, 1010

multimaster replication model, 1008

NTLM (NT LAN Manager), 1023-1024

operations masters. See operations masters

OS support issues, 1016-1018

OUs. See OUs (organizational units)

planning overview, 1007-1008, 1053-1054

read-only domain controllers, 1008

relative names of objects, 1010-1011

replication attribute designation, 1014-1016

replication design, 1008-1009. See also replication

resource access process, 1025-1026

RODC design considerations, 1145-1148

security tokens, 1020-1022

session tickets, 1025-1026

shortcut trusts, 1028-1029

single vs. multiple domains, 1060-1061

single vs. multiple forests, 1056-1057

sites. See sites, Active Directory

trees, searching, 1010-1011. See also trees, Active Directory

trusts. See trusts

two-way transitive trusts, 1027-1028

universal groups, 1020-1022

UPNs (user principal names), 1021

Windows Server 2008 domain functional level features, 1018

writable domain controllers, 1008

Active Directory Users And Computers snap-in

account options, managing, 1189-1192

adding members to groups, 1222

administration, delegation of, 1137-1139

computer account management, 1225-1231

computer account property configuration, 1229-1230

creating computer accounts, 1225-1226

Active Directory Users And Computers snap-in, continued

creating domain user accounts, 1184-1187

creating groups, 1220

default accounts, listing, 1168

delegated authentication, 1041-1043

deleting computer accounts, 1228

disabling computer accounts, 1228

finding shared folders, 552

group properties, editing, 1223-1224

infrastructure master role, managing, 1050-1051

joining computers to domains, 1226-1227

managing computer accounts remotely, 1228

Member Of tab, 1188

moving computer accounts, 1227

moving groups, 1224

OU creation with, 1133-1134

Password Settings group creation, 1173-1176

PDC emulator role, managing, 1050

purpose of, 153

queries, saving, 1223

renaming groups, 1224

renaming user accounts, 1211-1212

resetting passwords for computer accounts, 1228-1229

resetting user account passwords, 1212-1213

RID (relative ID) role, managing, 1048-1050

RODC Password Application Policy, editing, 1160-1162

sending mail to groups, 1224

taskpad example, 174

unlocking user accounts, 1213-1214

user account properties, viewing and setting, 1187-1188

active partitions, 77, 429

Active/Active controller model, 411

AD CS (Active Directory Certificate Services), 186

AD DS (Active Directory Domain Services)

described, 186

installing, 1114. See also installing Active Directory

AD FS (Active Directory Federation Services), 186

AD LDS (Active Directory Lightweight Directory Services), 186

AD RMS (Active Directory Rights Management Services), 186

Add Features Wizard

starting, 114

Windows Server Backup, installing, 1388

Add Hardware Wizard, 235-236

Add Roles Wizard

RODC installations with, 1150

starting, 114

Terminal Services installation, 936-938

Add Workstations To Domain privilege, 1178

Add/Remote Programs utility, 285-286

address classes. See classes of networks

Address toolbar, 149-150

addresses, IP. See IP addresses

Adjust Memory Quotas For A Process privilege, 1178

Admin Approval Mode, 290-293

ADMIN$ shares, 554

administration

Active Directory, of. See Active Directory Users And Computers snap-in

delegation of administrative rights using OUs, 1064-1065

delegation of, for Active Directory objects, 1136-1139

planning deployments, 51-54

planning, reviewing for, 42-43

remote. See Remote Desktop for Administration

tools for. See administration tools

tools, legacy compatibility issues, 52

administration tools

Active Directory tools, 107

Administrative Tools menu, 106-110

availability of, 109

Certification Authority tool, 107

command-line utilities, 110-111

Computer Management console, 115-116

computer specification for, 109

Control Panel utilities. See Control Panel

Data Sources (ODBC) tool, 107

DFS Management tool, 107

Event Viewer tool, 107

Failover Cluster Management tool, 107

File Server Resource Manager tool, 107

Initial Configuration Tasks console, 113-114

installing, 109-110

installing full tool set, 160-161

Net tools, 111-112

Network Policy Server tool, 108

overview of, 105-106

PowerShell, 112-113

Registry, effect of tools on, 248

Reliability And Performance Monitor, 108

Server Manager. See Server Manager console

Services tool, 108

Storage Explorer, 108

System console, 126-128

administrative shares, 553-555

Administrative Templates, Group Policy, 1235

Administrative Tools menu, 385-388

Administrator account

Accounts: Rename Administrator Account policy, 1248

defined, 1168

renaming, 1168

strong passwords recommended, 88

administrator applications, 295

administrator tokens

application integrity, assuring

defined, 247

administrators

domain, 1002

enterprise, 1002

forests, roles in, 1055

Administrators group

default logon rights assigned to, table of, 1181-1182

default privileges assigned to, table of, 1178-1181

roaming user profiles, adding to, 1197

ADMT (Active Directory Migration Tool), 1061

ADMX files, 1237-1238

Advanced Boot Options menu, 383

advantages of Windows Server 2008, 3-4

aliases, DNS, 797-798

Allowed RODC Password Replication group, 1159-1160

alternate IP addressing, 660, 663-665

AMD-V, 10

analysis of preexisting system for deployment planning

assessing servers and services, 39

disaster recovery, 43-44

hardware inventories, 39-40

licenses, 39

localization issues, 39

network administration review, 42-43

network infrastructure evaluation, 38

network management tools, assessing, 44

network map creation, 38

network services and applications identification, 40-41

project worksheets, 37

purpose of, 37

remote locations, 38

security infrastructure, 41-42

storage, 39

task in planning sequence, 29

answer files

purpose of, 70

specifying in Setup, 70

APIPA (Automatic Private IP Addressing)

troubleshooting, 676-677

use with DHCP, 665

Appearance And Personalization console, 120-122

application integrity

administrator applications, 295

administrator user tokens

Application Information service, 294

compliant applications, 294

integrity levels, 297

legacy applications, 294

overview, 294

run levels, 296-299

security settings related to, 299-301

standard user tokens, 294

UAC role in, 294

user applications, 295

Application log, 327

application servers

Application Server, 186

defined, 60

applications

high-availability guidelines for, 1309-1311

installing. See software installation

monitoring with Task Manager, 314

RemoteApps, making programs available as. See RemoteApps

run levels, security tokens for, 247

running on remote servers. See Terminal Services

settings, storage of, 247

startup problems from, 388

Terminal Services compatibility scripts, 942

Terminal Services, installing, 939-943

virtualization, security tokens for, 247

Applications and Services logs, 327-328

Apply Group Policy permission, 1259-1261

architecture of Windows Server 2008

boot environment, 13-14

DNS design, 762-765

kernel architecture, 11-13

Network Diagnostics Framework, 15-18

support architecture, 14-25

architecture, Active Directory. See Active Directory architecture

architecture, network

domain architecture, 50

team for planning, 31

archives

archive attribute, 1385

media rotation, 1386-1387

media types supported, 1387

atomic permissions, 575

attributes

Active Directory architecture object attributes, 998

file and folder, 567

multi-valued directory attributes, 1159

nonresident NTFS attributes, 504

OUs attributes, editing, 1135

Read Attributes special permission, 573

Read Extended Attributes special permission, 574

resident NTFS attributes, 503

Write Attributes special permission, file sharing, 574

auditing

file and folder access, 581-585

logging, DHCP, 727-729

printer access, 884

Registry access, 283-284

Security log, 327

systemic procedures for, 1319-1320

Terminal Services access, 964-966

Authenticated Users group

default logon rights assigned to, table of, 1181

default privileges assigned to, table of, 1178

authentication

Active Directory related mechanisms, list of, 989

computer accounts, troubleshooting, 1230-1231

cross-forest transitive trusts, 1030-1032

delegation overview, 1040-1041. See also delegating authentication

design overview, 1020

forwarded tickets, 1040

Kerberos for, 1023-1026

NTLM (NT LAN Manager), 1023-1024

outgoing trust authentication levels, 1038

proxy tickets, 1040

RODC process for, 1144-1145

security token generation, 1020-1022

session tickets, KDC server, 1025-1026

session tickets, Kerberos policy settings, 1173

Terminal Services, for, 937

trust paths, 1002-1003

trusts. See trusts

universal group membership caching, 1020-1022

authoritative restores of Active Directory, 1412-1414

Automatic Black Hole Router Detection, 631

Automatic Dead Gateway Retry, 631

Automatic Updates, 11

availability

99.9 percent uptime goal, 1309

application requirements for, 1310

checklist for application deployments, 1311

clustering servers to improve. See clusters, server

facilities design. See structures and facilities

failover capabilities. See failover clustering

fault tolerance for, 1312. See also fault tolerance

hardware deployment process, 1312

hardware planning checklists, 1313

hardware standardization for high availability, 1311-1312

hardware strategy for, 1311-1313

high, defined, 1309

highly available server deployment, 1321-1322

integrated testing of applications for, 1310

noncritical system goals, 1309

operational plan for. See operations management

power supply redundancy, 1314

predeployment planning checklist, 1322

redundancy, components for improving, 1312

server types, standardization by, 1312

spare parts, 1312

standardized components for system services, 1310

standardized deployment process, 1310

standby systems, 1312

B

backups

Active Directory backup procedure, 1409-1410

Active Directory requirements, 1110-1111

archive attribute, 1385

Back Up Files And Directories privilege, 1178

command-line tools for, 1387

configuring backup type, 1389

copy backups, 1385

daily backups, 1385

data considerations, 1382-1383

destination selection, 1398

DHCP backups, 1384

differential backups, 1385-1386

disaster preparedness procedures, 1373-1374

disaster preparedness, relation to, 1384. See also disaster planning

DNS backups, 1384

DVDs for, 1390

event logs for, 1400-1401

file server backups, 1384

group membership required for, 1388

Group Policy backups, 1278-1280, 1384

importance of, 1381

incremental backups, 1385-1386

installing Windows Server Backup, 1388

manual backups, 1396-1400

media rotation, 1386-1387

normal backups, 1385-1386

one-time backups, 1396-1400

optimal technique selection, 1383-1385

plans for, 1318-1319

print server, 912-913, 1384

programs for, 1384, 1388

recommended strategy for, 1383

recovering data. See recovery

Registries, 272

scheduling, 1391-1395

services, backup functions of, 1383-1384

Shadow Copy API advantages for, 1383

starting Windows Server Backup, 1388

storage location selection, 1390

strategy considerations, 1382-1383

strategy creation questions, 1381-1382

system file considerations, 1382-1383

volume specification for, 1390-1391

VSS for file servers, 1384. See also VSS (Volume Shadow Copy Service)

Wbadmin command, 1387, 1390

Windows Firewall settings for, 1390

Windows Server Backup feature, 190

Windows Server Backup overview, 1387

WINS backups, 1384

baselines for performance, establishing, 344

basic disks

compared with dynamic type, 428-430

conversions to and from dynamic type, 430-432

ESP partition type, 449-450

LDM partitions, 451-452

managing GPT partitions on, 449-452

managing MBR partitions, 434-448

MSR partitions, 450-451

OEM partitions, 452

primary partitions, 451

basic folder permissions, table of, 572

BCD (Boot Configuration Data) stores

boot sequence, temporarily changing, 404

commands, table of, 389-390

creating entries, 394-395

creating new, 393-394

Debugger Settings entries, 397

default operating system entry selection, 403

deleting entries, 395

deleting options, 395-396

DEP (Data Execution Prevention) options, 402

Editor, 388-390

EMS Settings entries, 396-397

entries in, 388

exporting, 394

guidelines for modifying, 390

GUIDs with, 392

Hypervisor Settings entries, 397

importing, 394

multiple operating systems with, 393

operating system display order, 402-403

options for boot application entries, 399

options for Windows OS Loader applications, 400-401

PAE mode options, 402

properties, table of, 391

purpose of, 382-383

registry for, 382

Resume from Hibernate entries, 396

sample listing, 390-391

setting entry values, 395

system BCD stores, 390

timeout default, setting, 404

viewing entries, 390-393, 396-397

well-known identifiers, 392

Windows Legacy OS Loader entries, 396

Windows Memory Tester entries, 396

BIOS (basic input/output system)

ACPI requirement, 379

entering during boots, 380

legacy boots, 382

BirthObjectIDs, 516

BirthVolumeIDs, 516

BitLocker Drive Encryption

boot file validation, 477

boot issues, 382

data volume encryption, 493-494

decrypting data volumes, 495

defined, 188

deploying, 478-480

disabling, 495

Drive Preparation Tool, 484-485

enabling encryption with PINs, 491

enabling encryption with startup keys, 488-491

FIPS, 481

installing, 485

keys for volumes, 481

listing encrypted volumes, 492

non-TPM operation of, 477-478

partitions for, 479-480, 482-485

password management, 492-493

performance issues, 477

PIN management, 492-493

PINs, role of, 491-492

planning for, 479

policy settings for, 480-481, 486-487

purpose of, 11, 477

readiness test, 485-486

recovering data, 494-495

Recovery mode, 477-478

recovery passwords, 487-488

remote administration issues, 478

setup steps, overview, 481-482

Startup Key Only mode, 478

startup keys, 488-491

system vs. data volume encryption, 481

TPM and PIN mode, 478

TPM and Startup Key mode, 478

TPM with, 468, 477-478

TPM-Only mode, 478

USB flash startup keys, 478

Windows Vista vs. Windows Server 2008 versions, 479

BITS (Background Intelligent Transfer Service) Server Extensions, 188

boot configuration

ACPI requirement, 379

Advanced Boot Options menu, 383

applications problems, 388

BCD stores. See BCD (Boot Configuration Data) stores

BIOS legacy boots, 382

BitLocker boots, 382

boot environment layer, 382-383

boot loader applications, list of, 388

boot sequence, temporarily changing, 404

CPUs, specifying number to use, 386

DEP (Data Execution Prevention) options, 402

desktop class system issues, 377

EFI legacy boots, 382

firmware boot settings, 381-382

firmware types, 379

firmware, entering during boots, 380

hardware capabilities, 379-382

memory, specifying amount to use, 386

msconfig.exe command, 385-388

No GUI boots, 386

overview, 13-14, 377

partition styles, 382

power settings in firmware, 380-381

power state management capabilities, 379-382

power state options, 379-380

Safe Boot modes, 386

SANs, booting from, 409-411

services problems, 387

Startup And Recovery dialog box, 384-385

startup control within boot environment, 382-383

startup issues compounded in 2008, 377

Startup Repair Tool, 1408-1409

System Configuration, 385-388

timeout default, setting, 404

TPM for boot file validation, 468

Windows Boot Loader, 383

Windows Boot Manager, 383

Windows Vista power state management, 378

boot partitions

defined, 77

mirrored boot volumes, 459-462

system partition allowed with, 429

BOOTP (Bootstrap Protocol), 685

bottlenecks

disk I/O, 360-362

memory, 356-358

network-based, 362-363

overview of, 356

bridgehead servers

configuring, 1298-1301

defined, 58

intersite replication with, 1089-1091

listing for sites, 1298

multiple, 1094-1095

preferred servers, 1299-1301

replication attribute options, 1305-1306

RODCs not allowed as, 1145

site links, relationship to, 1287

sites, role in, 1072

testing replication, 1305-1306

bridges, 639

broadcast IP addresses, 636-637

budget issues, 47-48

building phase of MSF (Microsoft Solutions Framework), 28

business requirements

Active Directory planning for, 1053-1054

goal assessment task for planning deployments, 34-35

organizational objectives, specifying, 45-46

system availability. See availability

business units as OUs (organizational units), 1066

Bypass Traverse Checking privilege, 1178

C

C$ type drive shares, 554

cabling, 1314

CALs (client access licenses)

CAL Installation Wizard, Terminal Services, 954-957

defined, 63

per-server vs. per-user options, 71

Terminal Services with, 925-927

CAPI2 (CryptoAPI version 2), 18

certificates

Certification Authority tool, 107

OCSP (Online Certificate Status Protocol), 18

change control procedures, 1317-1318

change journals, 514-515

change logs, 1317

change management planning process, 54

Change Permissions

file sharing, 564

file special permission, 575

printer permission, 880

Change The System Time privilege, 1179

Change The Time Zone privilege, 1179

Check Disk tool

bad sectors, marking, 540

command-line parameters, table of, 537-538

dirty, marking disks as, 537

FAT volumes, analyzing, 538-539

fixing errors with, 535-537

NTFS volumes, analyzing, 539-540

repairing volumes, 540

Self Healing NTFS alternative to, 520-521

syntax for, command line, 537

child domains, 653

child folders, 569

CIDR (classless interdomain routing)

nonclassful network nature of, 637

notation, 640-641

classes of networks

class A network subnets, 642-644

class B network subnets, 644-645

class C network subnets, 645-646

IDs for, 638-639

purpose of, 633-635

clean installations

Initial Configuration Tasks console, 87

installation step, 87

language selection, 86

product keys, 85-86

rolling back installations, 84

starting, 84

steps for, 84-88

updates during, 85

where to install to, choosing, 86-87

client access licenses. See CALs (client access licenses)

cluster-aware applications

failover clustering of, 1348

high-availability goals for, 1309-1310

redundancy role of clustered systems, 1312

service compatibility requirements, 1325

clusters, file system

FAT, 500

file system overview, 498-499

NTFS, 508

clusters, server

active nodes, 1327-1328

application software compatibility with. See cluster-aware applications

availability goal of, 1324

benefits of, 1324-1325

Cluster Administrator renamed, 1352

Cluster service, 1352-1353

failover function. See failover clustering

failures, causes of, 1324

farms, 1325

fault tolerance not provided by, 1324

high availability, 1323-1324

load balancing. See NLB (Network Load Balancing)

maximum number of nodes supported, 1326

multisite options, 1329-1330

nodes defined, 1323

operating modes, 1327-1328

operating system version differences for, 1326

organization of servers in, 1325-1326

packs, 1325-1326

passive nodes, 1327-1328

print drivers with, 846

purpose of, 1324

quorums, 1330

redundancy role of, 1312

reliability goals, 1324-1325

SANs using, 409-411

scalability goals, 1325

scalability limits, 1326

server clusters defined, 1323-1324

shadow copy issues, 595

three-tier structure for, 1326

CMAK (Connection Manager Administration Kit), 188

color printers

basics of, 851

profiles, configuring, 906-907

color scheme selection, 120-121

command-line utilities, list of, 110-111

Compact command, 523

compliant applications, 294

Compound TCP, 631

compressed (zipped) folders, 524-525

computer accounts

authentication issues, 1230-1231

Computer container, 1225

computer name, viewing, 1229

creating, 1225-1226

delegated authentication, 1042-1043, 1229

deleting, 1228

dial-in settings, 1230

disabling, 1228

Effective Permissions tool, 1188-1189

group membership configuration, 1229

group policies for. See Group Policy

joining computers to domains, 1226-1227

Managed By property, 1229

managing remotely, 1228

moving, 1227

properties, configuring, 1229-1230

remote install option, 1230

resetting passwords, 1228-1229

security options, advanced, 1230

troubleshooting, 1230-1231

user object canonical name, 1229

Computer Management console

components of, 115

Computer Management Services And Applications tools, 116

Computer Management Storage tools, 116

Computer Management System Tools, 115-116

creating shares with, 559-562

file sharing, 556

MMC nature of, 155

offline files configuration, 1207-1208

Computer Management console, continued

publishing shares, 563

remote device management, 221

shadow copy configuration, 593-596

share permission configuration, 565-566

TS Session Broker authorization, 946-947

computer names

Append Suffixes settings, 667-668

changing, 127

viewing, 117, 126

WINS for resolving, 654-655

conditional forwarding, DNS

benefits of, 754

configuring, 786-788

drawbacks of, 756

purpose of, 748

configuration tools. See administration tools

Configure A DNS Server Wizard, 773-783

configuring TCP/IP networking

alternate IP addressing, 660, 663-665

DNS configuration, 667-669

dynamic IP addressing, 660, 663-665

IP address configuration methods, 660-661

IP address information needed, 657-658

multiple gateway configuration, 665-666

overview of, 660

static IP address assignment, 660-663

WINS configuration, 669-671

configuring Windows Server 2008. See also specific configuration topics

desktop configuration, 142-143

menu customization. See menu system

overview of, 129

Quick Launch, 148-149

taskbar configuration, 143-148

toolbar optimization, 148-151

conflict detection of IP addresses, 734

consoles. See MMCs (Microsoft Management Consoles)

contact accounts, 1168

contingency allowances in planning projects, 48-49

Control Panel

Appearance And Personalization console, 120-122

color scheme selection, 120-121

Date and Time utility, 122-123

desktop background selection, 121

display settings for monitors, 122

Folder Options utility, 123-124

mouse pointer selection, 121

overview of utilities in, 106

Programs And Features page, 287-288

Regional and Language Options utility, 125

Registry, effect of tools on, 248

screen savers, 121

sound schemes, 121

themes, 121-122

Uninstall Or Change A Program utility, 273

views available, 119-120

copy backups, 1385

copying items, 135-136

core-server installation type, 80

counters

Active Directory counters, 1303-1304

adding to Performance Monitor, 349-350

alert configuration, 369-370

counter list, 352

data collector sets of. See data collector sets

default, 349

defined, 346-347

deleting, 350

disk I/O, 360-362

display of, 350

graphing of statistics for, 351

Histogram Bar view, 353

memory, 357-358

Memory\Available Bytes, 357

Memory\Commit Limit, 357

Memory\Committed Bytes, 357

Memory\Page Faults/Sec, 357

Memory\Pages Input/Sec, 357

Memory\Pages Output/Sec, 357

Memory\Pages/Sec, 357

Memory\Pool Nonpaged Bytes, 358

Memory\Pool Paged Bytes, 358

network, 362-363

Paging File\% Usage, 358

Paging File\% Usage Peak, 358

Paste Counter List button, Performance Monitor, 352

performance objects, table of common, 348-349

Physical Disk\% Disk Time, 358

Physical Disk\Avg Disk Queue Length, 358

Physical Disk\Avg Disk Sec/Transfer, 358

PhysicalDisk\ counters, 361-362

print server, 909-912

Processor\% Privileged Time, 360

Processor\% Processor Time, 360

Processor\% User Time, 360

Processor\Interrupts/Sec, 360

remote monitoring of, 354-355

Report view, 353

sample rates, 351

System\Processor Queue Length, 360

CPUs (central processing units)

Active Directory requirements for, 1108

bottlenecks, resolving, 359-360

counters for, 360

installation errors caused by, 98-99

Itanium. See Itanium-based servers

listing types of, 126

multiprocessor affinity issues, 359

performance statistics in Reliability And Performance Monitor, 345

performance statistics in Task Manager, 311-313

process usage of, 315

processor scheduling options, 304-305

requirements by edition, 72-73

specifying number to use, 386

WSRM (Windows System Resource Manager), 190

crash dump partitions, 77, 429

Create A Pagefile privilege, 1179

Create A Shared Folder Wizard, 560-562

Create Files/Write Data special permission, 574

Create Folders/Append Data special permission, 574

Create privileges, 1179

credentials, logon, 1195

cross-forest transitive trusts, 1030-1032, 1035

D

daily backups, 1385

DAS (direct-attached storage), 405-406

data collector sets

alert configuration, 369-370

capabilities of, 363

configuration sets, 364, 368

creating, 365-367

deleting, 365

performance counter sets, 364-367

purpose of, 343, 363

Reliability And Performance Monitor console for, 363-364

reports, viewing, 368-369

saving as templates, 364

startup event traces, 364

trace data sets, 364, 367-368

types of, 364

Data Execution Prevention (DEP) options, 402

data packets. See packets

Data Sources (ODBC) tool, 107

data streams, 512-513

database server failover clustering, 1349-1351

Datacenter edition, Windows Server 2008

features of, 6

hardware requirements for installations, 72-73

selection criteria, 62-63

Date And Time utility, 122-123

day-to-day operations. See operations management

Dcgpofix utility, 1282

Dcpromo command, 1112, 1114, 1129

Debug Programs privilege, 1179

Default Domain Controllers Policy GPO

purpose of, 1235

restoring defaults, 1282

Default Domain Policy GPO

purpose of, 1235

restoring defaults, 1282

defragmenting drives

configuring automated, 541-542

Disk Defragmenter for, 543-544

fragmentation analysis, 545-546

fragmentation process, 541

shadow copy issues

delegating authentication

account option for, 1192

configuring, 1041-1043

purpose of, 1040

ticket models for, 1040

delegating management tasks

defined, 1249

delegating Group Policy management privileges, 1252-1253

delegating privileges for links and RSoP, 1253

GPO creation rights, 1249-1250

reviewing Group Policy management privileges, 1250-1252

Delete special permission, 574

Delete Subfolders And Files special permission, 574

deleting user accounts, 1210-1211

Denied RODC Password Replication group, 1159-1160

DEP (Data Execution Prevention) options, 402

department based groups, 1217

deployments of applications

checklist for, 1311

standardized deployment process for high availability, 1310

deployments of hardware

highly available server deployment, 1321-1322

standard process checklist, 1312

deployments of Windows Server 2008

MSF deployment phase, 28

planning. See planning deployments

designing new networks

domain architecture, 50

network operations issues, 50-51

overall objectives for, 50

place in overall design plan, 30

security requirements, 51

Desktop Experience

defined, 12-13

purpose of, 188

recommended, 129

Software Explorer, 288

Desktop toolbar, 150

desktops, configuring, 142-143

development teams, 32

Device Manager

conflicting devices, 240-243

driver installation steps, 230-232

drivers, viewing information about, 224

Enable Device command, 225

removing drivers, 234

Resources tabs for drivers, 227-228

rolling back drivers, 233

shortcut menu options, 220

troubleshooting with, 237-243

types of devices displayed, options for, 221

viewing devices with, 219-220

warning symbols, 220

devices. See also hardware

drivers for. See drivers

installing, 215-221

DFS (Distributed File System)

architecture of, 1081-1082

clustering with, 1363

DFS command-line tools, 409

DFS management tool, 107

Dfscmd tool, 409

Dfsdiag tool, 409

metatdata of, 1080

Namespaces, 415, 417-418

optimizing File Services with, 415

purpose of, 408

Replication, 415

Replication log, 328

sites, Active Directory, effects on, 1073-1074

Sysvol replication, 1077-1082

DHCP (Dynamic Host Configuration Protocol). See also DHCP console

Active Directory authorization for, 689, 701

Active Directory, setting up with, 696, 698

APIPA, 665, 676-677

audit logging, 727-729

autoconfiguration routine, 687-688

availability, 693-695

backups of, 1384

client broadcasts, 689-690

clients per server guideline, 686

clustering with, 1363

configuring network addresses, 663-665

conflict detection with, 734

conflicting addresses, troubleshooting, 677

console. See DHCP console

database management, 735-737

defined, 685

DHCP Server, 186

DHCPv6 capable clients, 632, 687-688

DHCPv6 stateless mode, 698

Discover messages, 689-690

DNS configuration with, 667, 686, 697, 730, 757

domain controller collocation issue, 689

dynamic addressing, 660

dynamic clients, 685

dynamic DNS with, 759-760

exclusions, 686, 709, 712-713

failover, 693-695

fault tolerance, 693-695

installing DHCP Server service, 697-700

IPCONFIG command for lease control, 680

IPv4 autoconfiguration, 687

IPv4 messages and relay agents, 689-691

IPv6 autoconfiguration, 687-688

IPv6 messages and relay agents, 691-693

lease audits, 728

lease broadcast process, 689-693

lease databases, 685

lease date stamps, viewing, 673

lease duration specification, 705-706

lease renewal process, 679-680

leases defined, 660

limited broadcasts, 637

M and O flags, 691-693

management console. See DHCP console

message mechanics, 689-693

multiple gateway configuration, 665

NAP integration, 731-733

Netsh DHCP command, 700

NICs, binding to server's, 729

normal scope creation, 702-710

number of clients per server, 696

Offer messages, 689-690

planning issues, 60, 689-695

relay agents, 691-693, 737-742

renewing leases, 690-691

Request messages, 689-690

reservations, 686, 713-716, 718

restoring data, 737

Routing and Remote Access Services setup, 737-739

RRAS integration, 686-687

saving configurations of, 734-735

saving data, 737

scopes. See scopes for IP addresses

security issues, 688-689

server selection guidelines, 689, 696

servers, reservations recommended for, 686

setting up servers, overview of, 696-697

sites, requirements for, 1073

standby servers, 696

startup sequence for clients, 687

TCP/IP option configuration. See TCP/IP options under DHCP

troubleshooting, 679-680

user-defined classes, 724-726

WINS settings, 697

wireless network security issues, 689

workgroup setup with, 697

DHCP console

activation of scopes, 716

domain name specification, 706

exclusions, 712-713

lease duration specification, 705-706

normal IPv6 scope configuration, 708-710

reservation management, 713-716

router address specification, 706

scope creation, 702-705

starting, 699

WINS server specification, 707

DHCPv6. See also DHCP (Dynamic Host Configuration Protocol)

clients, 632, 687-688

stateless mode, 698

diagnostics

key areas, table of, 20-21

Network Diagnostics Framework, 15-18

overview of, 14-15

startups, diagnostic, 385-388

WDI (Windows Diagnostics Infrastructure), 19-25

dial-in settings for computer accounts, 1230

differential backups, 1385-1386

direct-attached storage. See DAS (direct-attached storage)

directory. See Active Directory

directory partitions. See partitions, directory

Directory Replicator remote access to Registry requirement, 282

directory service (Ntdsa.dll)

Active Directory with, 992-993

defined, 990

names of objects, 992

replication, role in, 993

schemas, 993

SIDs, reading, 993

Directory Services log, 328

Directory Systems Agent. See DSA (Directory Systems Agent)

directory trees. See trees, Active Directory

disabling user accounts, 1193, 1195, 1211

disaster planning

availability issues. See availability

backup plans for data, 1370

backup procedures, 1373-1374

backups, coordinating with, 1384

emergency response teams, 1371

escalation procedures, 1372-1373

fault tolerance, 1370

identification of essential systems, 1369-1370

incident response teams, 1371

Microsoft Product Support, 1375-1376

notification procedures, 1372

On Screen Keyboard, 1377

overview of, 1369

physical security, 1370

post-action reporting, 1373

power protection plan, 1370-1371

preparedness procedures list, 1373

priorities systems, 1373

problem resolution policy documents, 1371-1373

recovery issues, 43-44, 1370

Rollback wizard, 1378

servers, types of essential, 1369

staff key data, 1372

Startup Repair, 1374-1375

UPS (uninterruptible power supplies), 1370-1371

vendor key data, 1372

Disk Defragmenter, 541-546. See also defragmenting drives

disk drives. See hard disk drives; storage

disk I/O subsystem, 497

Disk Management snap-in

adding new disks, 423-424

bad sectors, marking, 438

Check Disk, starting, 536

command-line counterpart. See DiskPart tool

converting basic to dynamic disks, 431-432

converting dynamic to basic disks, 432

encrypted BitLocker volumes, 492

extending volumes, 443-446

moving dynamic disks, 456-457

purpose of, 419-420

quotas, setting, 529-532

rescanning disks, 455-456

shrinking partitions with, 446-447

spanned volume creation, 453-454

views available, 421

volume creation, 435-439

disk mirroring. See mirrored volumes

disk quotas. See quota management

disk striping. See striped volumes

DiskPart tool

converting disk types, 432

defined, 409, 421

extending volumes, 445-446

DiskPart tool, continued

invoking, 421

listing devices with, 422

sample session, 422

selecting devices, 422

shrinking partitions with, 447

Distributed File System. See DFS (Distributed File System)

distribution groups, 1216

DLT (Distributed Link Tracking) Client, 516-517

DNs (distinguished names)

defined, 1003-1004

searching, 1010-1011

DNS (Domain Name System)

A records, 794-797

AAAA records, 794-797

Active Directory requirements, 1109-1110

Add Roles Wizard for installing services, 771

aging configuration, 807-808, 818

aliases, 797-798

appending computer names settings, 667-668

application directory partitions, configuring, 804-806

architecture for, 762-765

automatic record creation, 794

backups of, 1384

cache management, 813

canonical names, 748

client TCP/IP configuration checks, 810-811

client/server nature of, 743

CNAME records, 797-798

conditional forwarding, 748, 754, 756, 786-788

configuration flags, table of, 816-818

Configure A DNS Server Wizard, 773-783

configuring settings, 667-669

database for, 746

defined, 743

destination caches, 683

DHCP-based configuration, 667, 686, 697, 730, 757

DNS console, 771-772

DNS names for domains, setting, 768

Dnscmd /Info command, 813-814

Dnscmd /Statistics command, 818-819

Dnscmd command, 772

DNSSEC (DNS Security), 757-758

domain names, 653-654

dynamic updates, 668, 759-760, 776, 781-782, 819

event logging, 808-809

external name resolution security, 760-761

external resource requests, 747-748

forward lookup queries, 743

forward lookup zone creation, 774-781, 783-785

forwarders, 777-778, 782-783, 786-788, 818

global name deployment, 803-804

host addresses, 748

host names, 653

inappropriate associations, 757

installing DNS Server service with Active Directory, 767-771

installing DNS Server service without Active Directory, 771-773

IPv6 addresses for servers, 681, 756-757

ISP zone maintenance, 776

LLMNR with, 655-656

log configuration, 808-809

lookups, troubleshooting with, 812

mail exchange addresses, 749

main components of, 746

MX (Mail Exchanger) records, 798-799

name resolution in, 654, 746-748

name server resource records, 749

namespace, Active Directory planning, 54-55

namespaces, 744-746

NS records, 794, 799-800

parameters, server configuration, table of, 815-818

planning deployments of, 40, 59

planning overview, 744

pointer resource records, 749

preferred DNS server IP addresses, 773

primary DNS servers, 750-751, 771

primary zone creation, 775

private namespace, 746

PTR records, 794-797

purpose of, 652

query and reply, basic, 746-747

query security issues, 757-758

query statistics, 818-819

query types, 743

record change propagation, 795

recursion, 778, 786-788

registering clients, 809

replication scope, 780, 782

replication, troubleshooting, 813

resolver caches, 681-683, 811

resource records, 748-749, 794-802

restart issues, 754-755

reverse lookup queries, 743-744

reverse lookup zone creation, 781-782, 785-786

reverse lookup zones, 774

RODCs with, 1143, 1149

root hints files, 760-761, 778

roots name servers, 760-761

roots, namespace, 745

round-robin load balancing, 797, 1331

scavenging, 807-808

secondary DNS servers, 750

secondary notification configuration, 793-794

secondary zone creation, 775

secondary zone setup, 770-771

secure dynamic updates, 759-760

separate-name design, 763-765

server order, setting, 667

server TCP/IP configuration checks, 812-813

service location resource records, 749

sites, requirements for, 1073

small network configuration, 774-778

SOA records, 794, 800

split-brain design, 762-763

SRV records, 794, 801-802

start-of-authority resource records, 749

static, single label name configuration, 803-804

subdomain configuration, 788-791

testing, 682

top-level domains, 745-746

troubleshooting, 680-683

troubleshooting client services, 809-812

troubleshooting server services, 800-821

TTL values, 682

viewing server configuration, 813-819

WINS lookups using, 839

zone transfers, 791-793

zones, 749-757

DNS Server. See also DNS (Domain Name System)

defined, 186

log, 328

documentation, importance of, 1317

domain administrators, 1002

domain controllers

authoritative restores of Active Directory, 1412-1414

backup media, creating from, 1127-1128

backup requirements, 1110-1111

change journals, 514

configuration containers in a forest, 1055

creating domain controllers for existing domains, 1114-1122

Default Domain Controllers Policy GPO, 1235, 1247-1249

delegation of administrative rights, 1136-1139

deleting, 1129-1133

designing systems of. See Active Directory system design

DHCP server collocation issue, 689

domain architecture design, 50

failed, removing references to, 1415-1416

global catalog access, 1011-1013

global catalog servers, 1006

hardware guidelines, 1108-1109

IP addresses, 1109

local account issues, 1113-1114

moving out of Domain Controllers OU, danger of, 1249

NETLOGON share, 555

nonauthoritative restores of Active Directory, 1411-1412

operations master. See operations masters

OS support issues, 1016-1018

OUs created within, 1133

partitions, 1005

planning issues, 58-59

privileges required for creating, 1112-1113

read-only. See RODCs (read-only domain controllers)

recovery strategies for, 1409-1410

replication issues. See replication

replication scope, 1008

replication topology based on number of, 1092

restoring failed with new, 1415-1416

restoring Sysvol data, 1414-1415

sites, associating with, 1286-1287

sites, locating in separate, advantages of, 1075

subdomain, DNS configuration for, 788-791

SYSVOL$ shares, 555

trust paths, 1002-1003

domain functional levels

operations masters, 57

planning for, 55-57

purpose of, 1016

RODC level requirements, 1148

Sysvol replication, 1077-1082

table of, 1017

Windows 2000 native mode, 1017

Windows 2008 mode, 1018

Windows Server 2003 mode, 1017-1018

domain local groups

defined, 1217

local domain processing requirement, 1218

member inclusion rules, 1218

nesting limitations, 1218

permissions rules, 1218

reasons for using, 1218-1219

domain names

child domains, 653

defined, 653

fully qualified, 654

obtaining, 653

parent domains, 653

resolving. See name resolution services

top-level domains, 653

domain naming master role, 1044-1046, 1048

Domain Rename utility, 1061-1062

domain trees, 1053. See also trees, Active Directory

domain trusts

configuring, 1035

planning for, 55

domain user accounts

Administrator. See Administrator account

backing up passwords, 1214-1215

built-in capabilities of, 1178

cached credentials, 1195

consistency requirement, 1169

creating, 1184-1187

default user accounts, 1168

defined, 1167

deleting, 1210-1211

disabling, 1191, 1193, 1195, 1211

Effective Permissions tool, 1188-1189

enabling, 1211

enabling disabled, 1195

expiration options for, 1192

folder redirection, 1203-1207

group memberships of, 1177-1178

Home Folder, 1194

inheritance effects, 1188

Kerberos options, 1192

Kerberos policy settings, 1173

lockout policy, 1172, 1195

logon rights of, 1178

maintenance overview, 1210

moving, 1211

multiple users, selecting, 1211

naming accounts, 1168

options, managing, 1189-1192

password policy enforcement, 1170-1171

Password Settings containers, 1169

permissions of, 1178

policy configuration, 1169-1170

privileges of, 1178

profile settings, 1193-1194

properties, viewing and setting, 1187-1188

renaming, 1211-1212

resetting passwords, 1212-1213

security descriptors of, 1188

SIDs (security identifiers) of, 1210

smart cards, requiring, 1192

top-level account policies, 1169

troubleshooting, 1195

unlocking, 1213-1214

user profiles. See user profiles

DomainIDs, 516

domains, Active Directory

assigning user rights for, 1182-1183

changing designs for, 1061-1062

creating new domains in new forests, 1122-1125

creating new domains or trees in existing forests, 1125-1126

creation in Active Directory, 1005

defined for Active Directory, 999, 1053

delegation of administrative rights, 1136-1139

deleting, 1129-1133

design considerations, 1059

domain functional level, 1016-1018

domain security policies, 1059

enforcing inheritance, 1258-1259

forests, relationship to, 1054-1055

group policies created with, 1235

group policies of. See Group Policy

group policy inheritance order, 1254

joining computer accounts to, 1226-1227

language standardization within, 1059

membership options, 83

OUs in. See OUs (organizational units)

planning overview, 1058-1059

policies on, 1059

privileges required for installing, 1112-1113

raising functional levels, 1019-1020

renaming, 1061-1062

replication considerations, 1059

resource access issues, 1059

root domains, 1000

servers for. See domain controllers

single vs. multiple, design considerations, 1060-1061

sites, relationship to, 1071

task delegation, 1138-1139

top-level domains, 653

trees. See trees, Active Directory

trusted and trusting, 1001-1002

DoS attacks, DHCP vulnerability to, 688

drive letters

assigning, 436

configuring, 440-442

enumeration of, 435

drivers

adding print drivers, 888

base installation library of, 222

bugginess of, 211

Code Signing For Device Drivers policy, 224

detection of missing, automatic, 215

disabling, 236-237

improvements in, 19

installation steps, 230-232

installation wizards, 229-230

installing available updates, 215-216

kernel mode, 845

loading disk drivers during installation, 94-95

maintaining lists of, 228

manifest files, 222

Microsoft Universal Printer Driver, 846

network adapters, Advanced settings for, 227

new device installation, 216-219

non-Plug and Play, adding, 235-236

Plug and Play installation process, 216-219

policies for updates, 230

PostScript, 846

printer, 844-846, 887-889

printer, client-side, 894-895

purpose of, 215, 222

Registry, interactions with, 222

remote management of, 221

removing, 234

removing print drivers, 889

resource settings for, 227-228

restricting installation using group policy, 232-233

rolling back, 233

Setup Information files, 222

signed, 223

troubleshooting, 237-243

Unidrv, 846

uninstalling, 236-237

unsigned, 223-224

Update Driver settings, 128

update settings for, 215

updating, 219

user mode, 845

version issues, 229

viewing information about, 224

DSA (Directory Systems Agent), 992-993

dsadd group command, 1221

dsadd user command, 1186

dsget group command, 1221

DSM (Device Specific Module), 411

Dsmgmt command, 1165

dsmod group command, 1221

dsquery user -disabled command, 1195

dump files, 1380

dust and air quality, 1314

dynamic disks

converting to and from basic disks, 430-432

drive section types, 429

extending partitions, 445-446

limitations of, 430

moving, 456-457

purpose of, 428

shrinking partitions, 446-447

spanned volumes, 452-454

types of volumes allowed, 452

dynamic DNS, 759-760

dynamic IP addressing. See also DHCP (Dynamic Host Configuration Protocol)

configuring, 663-665

conflicting addresses, troubleshooting, 677

dynamic clients, 685

temporary vs. nontemporary IPv6, 709

dynamic updates, DNS, 668, 759-760, 776, 781-782, 819

E

earthquakes, 1315

editions of Windows Server 2008

Datacenter, 6

determining which to use, 61-63

Enterprise, 6

hardware requirements, table of, 72-73

for Itanium-Based Systems, 8

list of, 5

selection criteria, 61-63

Standard, 5

Web Server, 6-7

effective permissions

determining, 578-579

Effective Permissions tool, 578-579, 1188-1189

EFI (Extensible Firmware Interface)

ACPI requirement, 379

boot maintenance manager of, 78

creating new BCD store, 393-394

entering during boots, 380

installing Windows Server 2008 on Itanium systems, 78-79

EFS (Encrypting File System)

EFSInfo utility, 1114

evading, 477

purpose of, 467

vulnerability of, 467

EIST (Enhanced Intel SpeedStep Technology), 381

elevation

administrator applications requirement for, 295

color coding of prompts for, 297-298

defined, 290

security settings related to, 299-301

software installation, required for, 285

e-mail

distribution groups, 1216

SMTP (Simple Mail Transfer Protocol) Server, 189

emergencies. See also disaster planning

data recovery plans, 1318-1319

emergency response teams, 1371

problem-escalation procedures, 1319

EMF (enhanced metafile format)

printing process with, 842-843

purpose of, 842-843

server hardware requirements, 847

Unidrv support for, 846

EMS (Emergency Management Services), 70-71

Enable User And Computer Accounts To Be Trusted For Delegation privilege, 1179

encryption

drive. See BitLocker Drive Encryption

Encrypting File System. See EFS (Encrypting File System)

remote desktop use of, 613

Terminal Services, 924, 959

Enforce Password History setting, 1170-1171

Enhanced Intel SpeedStep Technology (EIST), 381

enhanced metafile format. See EMF (enhanced metafile format)

enterprise administrators, 1002

Enterprise edition, Windows Server 2008

hardware requirements for installations, 72-73

purpose of, 6

selection criteria, 61-62

TS Session Broker, required for, 944

Enterprise Read-Only Domain Controller group, 1159

environment variables, 1194

envisioning phase of MSF (Microsoft Solutions Framework), 28

error messages, hardware, table of, 238-240

eSATA, 213

ESE (Extensible Storage Engine)

operations of, 993-995

Utility, 997

ESP partition type, 449-450

Event Viewer

archiving logs, 337-338

Computer field, 332

defined, 107

entries in, 330-332

event levels, 330

filtered views, 334-337

Help features, 332

Properties dialog boxes for events, 332

remote systems, viewing, 333

searching logs, 334

sorting logs, 334

starting, 329

subscription creation, 341-342

User field, 331

views available, 329-330

events

Application log, 327

Applications and Services logs, 327-328

archiving logs, 337-338

backups, tracking, 1400-1401

configuring logs, 329

defined, 326

DFS Replication log, 328

Directory Services log, 328

DNS Server log, 328, 808-809

Event Log service, 327

File Replication Service log, 328

filtered views of, 334-337

Forwarded Events log, 327

forwarding to logging servers, 341-342

Hardware Events log, 328

logging servers, enabling, 341-342

Microsoft\Windows logs, 328

network load balancing events, 1344

of remote systems, viewing, 333

PowerShell for tracking, 338-341

searching logs for, 334

Security log, 327

Setup log, 327

sizing of logs, 328-329

sorting within logs, 334

subscriptions, 341-342

System log, 327

viewing. See Event Viewer

Windows logs, 327

Exchange Server 2007, 1014

exclusions for IP addresses, 686, 709, 712-713

Execute File special permission, 573

exFAT, 434

expiration options for accounts, 1192

explicit trusts, 1028-1029

Explorer, Network. See Network Explorer

Explorer, Windows. See Windows Explorer

Extensible Storage Engine. See ESE (Extensible Storage Engine)

extension components of MMCs, 155-156

external trusts, 1003

F

facilities for servers. See structures and facilities

failover clustering

Active Directory configuration for, 1351

active node mode, 1327-1328, 1345

adding nodes to clusters, 1360

availability planning, 1364

cluadmin command, 1356

Cluster Administrator renamed, 1352

cluster databases, 1354

Cluster Disk Driver, 1353

Cluster Network Driver, 1352-1353

cluster objects, 1352-1353

Cluster service, 1352-1353, 1365

cluster-unaware applications with, 1348-1349

cluster-aware applications, 1348

configuration options, 1345-1347

controlling nodes, 1365

creating clusters, 1356-1360

database server requirements, 1349-1351

DFS namespace server with, 1363

DHCP Server with, 1363

failback policy settings, 1366

Failed state, 1355-1356

Failover Cluster Management tool, 107, 1352

failover policy settings, 1365-1366

File Server with, 1363

Generic Application resource type, 1363

Generic Script resource type, 1363

hardware optimization for, 1349-1351

heartbeats, 1353

high-availability configuration for services and applications, 1364-1365

host name, setting for, 1359

installing, 1345

iSCSI with, 1350-1351

majority node clusters, 1346

Microsoft Cluster service, 1345

multinode clusters, 1346

network adapter interface states, 1355

network adapters for, 1350

network optimization for, 1351-1352

network settings, modifying, 1361

network states, 1355-1356

nodes, maximum number of, 1345

paging files, 1349

passive node mode, 1327-1328

print servers with, 1363, 1367

purpose of, 188, 1323

quorum resources, 1354

quorum settings, 1362

RAID configurations, 1349-1350

resources of, 1347-1349

resources specification, 1363-1365

SAN optimization for, 1351-1352

shared folder creation, 1366

single node clusters, 1345

sites, multiple physical, 1329-1330

SQL Server requirements, 1349

storage devices for, 1345, 1351

storage tests, 1357

storage, adding to clusters, 1361

support applications of clustered services, 1364

types of clusters, basic, 1345

Unavailable state, 1355-1356

Up state, 1356

validation tests, 1356-1358

Web server requirements, 1349-1351

Windows Server 2008 compatibility, 1350

Windows services with, 1363

WINS with, 1363

failover, DHCP service, 693-695

farms

farm names in Terminal Services, 949

organization of servers in, 1325-1326

FAT (file allocation table) file system

capabilities of, 500-501

Check Disk, analyzing volumes with, 538-539

clusters, 498-500

converting to NTFS, 432-433

data storage calculations, 501-502

data streams not supported, 513

disadvantages of, 500-501

file allocation table structure, 499-500

formatting drives as, 437-439

integrity of files, 535

mounting volumes, 502

overview of, 499

structure of, 499-500

versions of, 498

volume size issues, 501-502

fault tolerance

DHCP, 693-695

disaster planning, for, 1370

high availability, contribution to, 1312

RAID 5, 462-463

faxing

Fax Server, 186

FAX$ shares, 554

features

Add Features Wizard, starting, 114

adding, 199

component names for, 204-207

defined, 185

removing, 199-200

table of, 188-190

federated forest design, 1030-1032

Fibre Channel. See also SANs (storage area networks)

arbitrated loop not supported, 410

defined, 406

file associations, Registry, 258-259

File Replication Service. See FRS (File Replication Service)

File Server Resource Manager. See FSRM (File Server Resource Manager)

file servers

backups, 1384

File Server, failover clustering of, 1363

services. See File Services

File Services

adding role to servers, 416-419

defined, 187

DFS with, 415, 417-418

disk quota management, 415

FRS, 416

File Services, continued

FSRM with, 415, 418

Multipath I/O with, 416

NFS with, 416

planning for, 60

report generation, 415

screening policies, 415

search services with, 416, 419

Share And Storage Management, 415

UNIX interoperability, 417

file sharing

access permissions for, 571-578

adding user or group permissions, 566

ADMIN$ shares, 554

administrative access to, 555-556

administrative shares, 553-555

Administrators Have Full Access, Other Users Have No Access permissions, 562

Administrators Have Full Access, Other Users Have Read-Only Access permissions, 561

All Users Have Read-Only Access permissions, 561

Apply Onto options, 577-578

attributes of files and folders, 567

auditing access, 581-585

basic folder permissions, table of, 572

basic permissions, setting, 572-573

C$ type drive shares, 554

Change permissions, 564

Change Permissions special permission, 575

changing share permissions, 558-559

clearing inherited permissions, 569-570

combining special permissions for basic permissions, 575-576

Computer Management for, 556

Computer Management for share permission configuration, 565-566

configuration for, accessing, 549

configuration login script for, 581

Create A Shared Folder Wizard, 560-562

Create Files/Write Data special permission, 574

Create Folders/Append Data special permission, 574

creating shares with Computer Management, 559-562

creating shares with Windows Explorer, 556-559

Custom Permissions option, 562

default shares, 553-555

defined, 547

Delete special permission, 574

Delete Subfolders And Files special permission, 574

denying permissions, 565-566

descriptions of shares, entering, 561

effective permissions, determining, 578-579

Execute File special permission, 573

FAX$ shares, 554

file permission management overview, 567

finding shared folders, 552

folder path, selecting for folder to share, 560

folder permission management overview, 567

Full Control permissions, 564, 572

group permissions, 564-565

hidden shares, 553

inheritance of permissions, 569-570

IPC$ share, 554

List Folder Contents permission, 572

List Folder special permission, 573

listing shares, 579-580

management overview, 563-564

mapping share folders as network drives, 550-551

membership required for creating shares, 556

model options for, 547

Modify permission, 572

multiple shares on one folder, 558

Net Share command-line tool, 556, 579-581

NETLOGON share, 555

Network Discover required, 551

Network Explorer for viewing, 551

ownership of files and folders, 567-568

permissions options, 561-562

permissions types, 564

PRINT$ shares, 555

public file sharing, 548

Public folder, configuring, 549-550

PUBLIC shares, 555

publishing share information, 552

publishing shares, 563

Read & Execute permission, 572

Read Attributes special permission, 573

Read Data special permission, 573

Read Extended Attributes special permission, 574

Read permissions, 564, 572

Read Permissions special permission, 575

remote computers, administration, 556

removing users or groups for permissions, 577

resetting permissions, 570-571

security logs for, viewing, 585

security, importance to choosing sharing model, 548

Server service required for, 547

setting special permissions for files and folders, 576-577

shadow copies of shared folders. See shadow copies

share details, viewing, 580

share names, 558, 560

share permissions, 563-566

shrpubw command, 560

special permissions, 573-578

special shares, 553-555

specifying files and folders for auditing, 582-584

standard file sharing, 547

standard file sharing, configuring, 549

stop sharing, 558

SYSVOL$ shares, 555

Take Ownership special permission, 575

transferring ownership, 568

Traverse Folder special permission, 573

troubleshooting, 579-581

UNC paths to shares, 551

users and groups, selecting for, 556-558

viewing permissions for files and folders, 571

viewing share permissions, 565

Windows Explorer for, 556

Write Attributes special permission, 574

Write permission, 572

file synchronization, 1209-1210

file systems. See also storage

bad sectors, marking, 540

Check Disk tool for fixing errors, 535-538

clusters, 498-499

compression. See file-based compression

defragmenting, 541-546

dirty, marking disks as, 537

error creation, 535

FAT. See FAT (file allocation table) file system

Folder Options utility, 123-124

FSutil tool, 409

NTFS. See NTFS

quotas. See quota management

sectors, 497-498

structure overview, 497-499

type and features, viewing, 502

file type associations, Registry, 258-259

file-based compression

NTFS, 521-523

zipped folders, 524-525

FIPS (Federal Information Processing Standard)

BitLocker with, 481

purpose of, 924

fire suppression systems, 1315

firewalls

backup exceptions, 1390

network troubleshooting issues, 679

Remote Desktop for Administration with, 610

Windows Firewall, 13

FireWire (IEEE 1394), 213-214

firmware

ACPI requirement, 379

entering during boots, 380

installation problems caused by, 100

interfaces, 13-14

TPM compliance, 469

folders

access permissions for, 571-578

attributes of, 567

auditing file and folder access, 581-585

basic folder permissions, setting, 572-573

basic folder permissions, table of, 572

child, 569

compressed (zipped), 524-525

Delete special permission, 574

Folder Options utility, 123-124

folder redirection, 1203-1210

Home Folder, user accounts, 1194

junction points, 1080

ownership of, 567-568

parent, 569

permission management overview, 567

Public folder, 548

shadow copies of shared folders. See shadow copies

shared folders on clustered file servers, 1366

sharing. See file sharing

Force A Shutdown Of A Remote System privilege, 1179

forest functional levels

design considerations, 1018-1020

operations masters, 57

planning for, 55-57

raising, 1019-1020

RODC level requirements, 1148

setting, 1123-1124

table of, 1018

forest trusts

architecture of, 1030-1032

configuring, 1035

trust configurations, 1055

forests, Active Directory

administration of, 1057-1058

administrator roles in, 1055

configuration containers, 1055

creating new domains in new forests, 1122-1125

creating new domains or trees in existing forests, 1125-1126

cross-forest transitive trusts, 1030-1032

dedicated roots, 1061

defined, 1053

domains, relationship to, 1054-1055

empty roots, 1061

enforcing inheritance, 1258-1259

forest root domains, 1054-1055, 1062

functional levels. See forest functional levels

global catalogs in, 1055

Group Policy Management Console (GPMC) with, 1243

merging, 1057

forests, Active Directory, continued

namespaces of, 1054-1055

non-dedicated roots, 1061

planning overview, 1054

privileges required for installing first domain controller, 1112

renaming domains in, 1061-1062

replication, 1008

replication issues, 1057

shortcut trusts, 1028-1029

single vs. multiple, 1056

structure of, 1000-1001

trusts. See forest trusts

Forgotten Password Wizard, 1214

formatting partitions, 437-440

forms, printer, 885-886

forward lookups, DNS

conditional. See conditional forwarding, DNS

forwarders, 777-778, 782-783, 786-788, 818

queries, 743

zone creation, 774-781, 783-785

Forwarded Events log, 327

forwarded tickets, 1040

FQDNs (fully qualified domain names), 654

fragmented drives. See defragmenting drives

frequently used programs list, 133, 137-140

FRS (File Replication Service)

backward compatibility provided by, 416

defined, 408

File Replication Service log, 328

object identifiers, 516-517

Sysvol replication, 1077-1082

FSMO (flexible single-master operations) role, 1044

FSRM (File Server Resource Manager)

capabilities of, 415

configuring, 418

defined, 107

FSutil FSinfo command, 508-510

FSutil tool, 409

Full Control permissions, file sharing, 564, 572

full-server installation type, 81

functional levels, Active Directory. See domain functional levels; forest functional levels

G

gateways

Automatic Dead Gateway Retry, 631

Default Gateways panel, 666

IPv4 addresses for, 639

metric, 665-666

multiple, configuration of, 665-666

GDI (Graphics Device Interface), 844

Generate Security Audits privilege, 1179

geographic model for OUs, 1067

global catalog servers

attribute management, 1014-1016

defined, 58

design considerations, 1011-1012

designating, 1012-1013

forests, in, 1055

partition replication, 1095

place of, 1006

removing, warning about, 1130

RODC requirements for, 1148

sites, requirements for, 1073, 1105

universal group storage, 1218

global groups

defined, 1217

member inclusion rules, 1218

nesting limitations, 1218

permissions, 1218

reasons for using, 1219

security data structures, inclusion in, 1218

globally unique identifiers. See GUIDs (globally unique identifiers)

goal assessment task for planning deployments

business perspectives, 34-35

defined, 29

documentation, 34

IT goal identification, 35

IT-business interaction issues, 36

predicting changes, 36-37

scope of, 33

governing phase of MSF (Microsoft Solutions Framework), 28

GPMC (Group Policy Management Console). See Group Policy Management Console (GPMC)

GPOs (Group Policy objects)

Account Policies, editing with default GPOs, 1247-1249

Administrative Templates, 1237-1238

ADMX files, 1237-1238

Apply Group Policy permission, 1259-1261

applying to all members of a group, 1260

applying to no members of a group, 1260

backing up, 1278-1280

blocking inheritance from, 1257-1258

configuring user policies, 1169-1170

creation rights management, 1249-1250

Default Domain Controllers Policy GPO, 1235, 1247-1249

Default Domain Policy GPO, 1235, 1247-1249

default policy restoration, 1282

default, working with, 1247-1249

deleting, 1247

deleting links to, 1247

Edit Settings permissions, 1251-1252

Edit Settings, Delete, Modify Security permissions, 1252

editing GPOs, 1245

enforcing inheritance, 1258-1259

filtering policy application, 1259-1261

folder redirection, 1203-1207

Group Policy Starter GPO Editor, 1239

indeterminate as to applying to group membership, 1260

LGPOs (local GPOs), 1239-1242

Link GPOs permission, 1251, 1253

link order, editing, 1255-1256

linking to existing GPOs, 1246

Local Group Policy Object Editor, 1239

Local Security Policy console, 1241-1242

logoff scripts, 1265-1266

logon scripts, 1265-1266

loopback processing, 1263-1264

Management Editor tool for, 1239

modeling changes in, 1274-1277

new GPO creation, 1244-1245

Object Editor, 1241-1242

Perform Group Policy Modeling Analysis permission, 1251, 1253

preference order, changing, 1245

processing of policies overview, 1254

Read Group Policy Results Data permission, 1253

Read permissions, 1251-1252

refreshing, 1268-1278

restoring, 1280-1281

selectively applying, 1260

shutdown scripts, 1264-1265

starter GPO creation, 1246-1247

starter GPOs, 1245

startup scripts, 1264-1265

startup sequence, 1261-1262

viewing applicable GPOs, 1271-1274

GPT partition style

background on, 425

basic-dynamic conversions, 430

changing to MBR, 428

drive letter assignment, 435

ESP partition type, 449-450

format support, 427-428

LDM partitions, 451-452

managing on basic disks, 449-452

mirrored boot and system volumes, 459-462

MSR partitions, 450-451

OEM partitions, 452

primary partitions, 451

selecting, 424

structure of, 426-427

types of partitions, 449

x86 vs. Itanium, 427

GPTs (Group Policy Templates)

partition styles. See GPT partition style

role of, 1235

Graphics Device Interface (GDI), 844

Group Policy

accessing the top-level LGPO, 1240-1241

Account Lockout Policy, 1247

Account Policies, editing with default GPOs, 1247-1249

Accounts: Rename Administrator Account policy, 1248

Accounts: Rename Guest Account policy, 1248

Active Directory group policy, 1234-1235

Administrative Templates, 1235, 1237-1238

ADMX files, 1237-1238

applicability of, 1235

Apply Group Policy permission, 1259-1261

applying to all members of a group, 1260

applying to no members of a group, 1260

architecture of, 1236-1237

backing up GPOs, 1278-1280

backups, 1384

capabilities of, 1233

client-side extensions, 1236

Computer Configuration category, 1235

Computer Configuration startup sequence, 1261-1262

Computer Configuration, disabling settings, 1263

conflict resolution with local GPOs, 1240

creation rights management, 1249-1250

Dcgpofix utility, 1282

Default Domain Controllers Policy GPO, 1235, 1247-1249

Default Domain Policy GPO, 1235, 1247-1249

default policy restoration, 1282

delegating Group Policy management privileges, 1252-1253

delegating privileges for links and RSoP, 1253

deleting GPOs, 1247

disabling an enabled policy, 1257

domain creation, policies created with, 1235

editing GPOs, 1245

enabling a disabled policy, 1257

events triggering policy processing, 1236

features of, 1233

filtering policy application, 1259-1261

GPOs, role of, 1235. See also GPOs (Group Policy objects)

implementation overview, 1238-1239

indeterminate as to applying to group membership, 1260

inheritance. See Group Policy inheritance

Group Policy, continued

Kerberos Policy, 1247

legacy OSs not supported, 1234

Link GPOs permission, 1251, 1253

link order, editing, 1255-1256

linking to existing GPOs, 1246

local group policies. See local group policy

Local Group Policy Editor, 1242

Local Group Policy Object Editor, 1239

Local Security Policy console, 1241-1242

logoff scripts, 1265-1266

logon scripts, 1265-1266

loopback processing, 1263-1264

maintenance tasks, 1268-1282

Management Console. See Group Policy Management Console (GPMC)

Management Editor, 1236, 1239

Modeling Wizard, 1274-1277

Network Access: Allow Anonymous SID/NAME Translation policy, 1248

Network Security: Force Logoff When Logon Hours Expire policy, 1248

new GPO creation, 1244-1245

Object Editor, 1241-1242, 1270-1271

OUs (organizational units), applying to, 1065

overriding higher level policies, 1255-1257

Password Policy, 1247

PDC emulators, 1239

Perform Group Policy Modeling Analysis permission, 1251, 1253

planning using modeling feature, 1274-1277

Policies nodes, 1234

processing modification, 1262-1263

processing of policies overview, 1254

processing order, 1255. See also Group Policy inheritance

purpose of, 1233

Read Group Policy Results Data permission, 1251, 1253

refreshing, 1268-1278

restoring GPOs, 1280-1281

restricting device installation with, 232-233

reviewing Group Policy management privileges, 1250-1252

RSoP (Resultant Set of Policy), 1251

scripts for, 1264-1266

security templates, 1266-1268

selectively applying GPOs, 1260

shutdown scripts, 1264-1265

Software Settings class, 1235

starter GPO creation, 1246-1247

Starter GPO Editor, 1239

starter GPOs, 1245

startup scripts, 1264-1265

startup sequence, 1261-1262

Sysvol folder for components, 1237

troubleshooting, 1268-1282

universal group membership caching, 1020-1022

User Configuration category, 1235

User Configuration startup sequence, 1261-1262

User Configuration, disabling settings, 1263

Userevn.dll, 1236

versions of, compatibility issues, 1234

viewing applicable GPOs, 1271-1274

Windows Settings class, 1235

Group Policy inheritance

Apply Group Policy permission, 1259-1261

blocking, 1257-1258

child OU group policy inheritance order, 1254

configuration option effects, 1254

disabling an enabled policy, 1257

domain group policy inheritance order, 1254

enabling a disabled policy, 1257

enforcing inheritance, 1258-1259

filtering policy application, 1259-1261

link order effects, 1255-1256

loopback processing, 1263-1264

order of, 1254

OU group policy inheritance order, 1254

overriding higher level policies, 1255-1257

processing modification, 1262-1263

processing of policies overview, 1254

purpose of inheritance, 1254

site group policy inheritance order, 1254

Group Policy Management Console (GPMC)

assigning user rights for domains and OUs, 1182-1183

availability of, 1238-1239

backing up GPOs, 1278-1280

blocking inheritance, 1257-1258

creation rights management with, 1249-1250

delegating permission to create GPOs, 1249-1250

deleting GPOs, 1247

deleting links to GPOs, 1247

domain access, 1244

editing GPOs, 1245

enforcing inheritance, 1258-1259

folder redirection, 1203-1207

forest access, 1243

Group Policy Slow Link Detection policy configuration, 1269-1270

Group Policy Starter GPO Editor, 1239

installing, 1242

link order, editing, 1255-1256

linking to existing GPOs, 1246

listing of GPOs and OUs by, 1243

Local Group Policy Object Editor, 1239

logoff script configuration, 1265-1266

logon script configuration, 1265-1266

loopback processing, configuring, 1263-1264

Management Editor, 1236, 1239

modeling GPOs with, 1274-1277

new GPO creation, 1244-1245

offline file configuration, 1209

PDC emulators, 1239

point and print restrictions, 870-871

printer connection deployment policies, 869

processing modification, 1262-1263

refresh policy management, 1268-1278

restoring GPOs, 1280-1281

reviewing Group Policy management privileges, 1250-1252

selectively applying GPOs, 1260

shutdown script, assigning, 1264-1265

site access, 1244

starter GPO creation, 1246-1247

starting, 1242-1243

startup scripts, assigning, 1264-1265

user profiles, 1197

viewing applicable GPOs, 1271-1274

Group Policy Management feature, 188. See also Group Policy Management Console (GPMC)

Group Policy objects. See GPOs (Group Policy objects)

Group Policy Slow Link Detection policy, 1269-1270

Group Policy Templates. See GPTs (Group Policy Templates)

groups

accounts membership in, 1177-1178

adding members to, 1222

assigning rights to, for domains and OUs, 1182-1183

assigning rights to, for specific computers, 1184

caching, 1215-1216

creating, 1220-1221

default logon rights assigned to, table of, 1181-1182

default privileges assigned to, table of, 1178-1181

defined, 1215

deleting, 1222

department based, 1217

distribution groups, 1216

domain local. See domain local groups

dsadd group command, 1221

dsget group command, 1221

dsmod group command, 1221

Effective Permissions tool, 1188-1189

file sharing permissions, 564-565

finding, 1223

fundamentals, 1215-1216

global. See global groups

member inclusion and permissions by types, 1218

moving, 1224

nesting limitations, 1218

options for new, selecting, 1220-1221

Password Settings group, 1173-1176

precedence order, 1175

properties, editing, 1223-1224

Remote Desktop Users group, 938

renaming, 1224

replication of, 1216

RODC-specific, 1159

scope conversions and domain functional levels, table of, 1224

scopes of, 1216-1218

security groups, 1216

sending mail to, 1224

type selection criteria, 1217-1218

types of, 1216

universal. See universal groups

viewing permissions for files and folders, 571

Guest account

Accounts: Rename Guest Account policy, 1248

purpose of, 1168

GUIDs (globally unique identifiers)

Active Directory use of, 992

BCD (Boot Configuration Data) stores, 392

H

HAL (hardware abstraction layer), 222

hard disk drives. See also storage

adding new disks, 423-424

allocation unit size, 438

bad sectors, marking, 438, 540

basic disk type, 428-432

Check Disk for analyzing, 538-540

clusters, 498

compression, setting, 438

Computer Management Storage Tools, 116

defragmenting, 541-546

disk I/O subsystem, 497

disk quota management, 415

disk write caching, 424

drive letter assignment, 435

drive letter configuration, 440-442

driver installation, 94-95

dynamic disks, 428-432

formatting, 439-440

fragmented. See defragmenting drives

hot-swapping disks, 423

I/O bottlenecks, 360-362

Initialize Disk Wizard, 423-424

managing. See Disk Management snap-in

managing MBR partitions on basic disks, 434-448

mirrored volumes, 452, 457-462, 464-466

Missing status, 455-456

mount points on. See mount points

NTFS recommended file format, 437

paging file options, 305-308

performance issues, 413-414

performance statistics, 345

Physical Disk counters for, 358

physical structure of, 497-498

platters, 497

print server requirements, 848

RAID. See RAID (redundant array of independent disks)

recovering, 455-456

sectors, 497-498

space requirements by edition, 72-73

spanned volumes, 452-454

storage area network. See SANs (storage area networks)

striped volumes, 452, 454-455, 462-463

tracks, 497-498

troubleshooting, 100

types of, 211-212

hard links, 511-512

hardware

Active Directory guidelines, 1108-1109

compatibility checks, 96

deployment process, standardized, 1312

disabling, 236-237

drivers for. See drivers

drives. See hard disk drives

error message with actions for, table of, 238-240

eSATA, 213

events log, 328

external devices, choosing, 212-214

failover clustering, optimization for, 1349-1351

fault tolerance for. See fault tolerance

FireWire (IEEE 1394), 213-214

HAL, 222

Hardware Compatibility List, 1311

high-availability planning checklists, 1313

high-availability, strategy for, 1311-1313

independence, boot environment role in, 13-14

installing devices, 215-221

internal devices, choosing, 211-212

IRQ settings, 240-243

memory. See memory

Multipath I/O devices, 412-413

new devices, installing, 216-219

non-Plug and Play, adding, 235-236

Plug and Play installation process, 216-219

power state management capabilities, 379-382

print server requirements, 847-848

Problem Reports And Solutions console, 237

RAM. See memory

redundancy, components for improving, 1312

Registry keys for, 251-252, 254-255

remote management of, 221

removal during installations, 97

requirements for installations, 72-73

resource conflicts, 240-243

restricting installation using group policy, 232-233

routers. See routers

server types, standardization by, 1312

spare parts, 1312

standardization for high availability, 1311-1312

standards selection, 53

standby systems, 1312

troubleshooting, 237-243

uninstalling, 236-237

updating drivers, 219

USB 2.0, 213-214

viewing devices with Device Manager, 219-220

Windows Server Catalog, 1311

Hardware Compatibility List (HCL), 1311

HCL (Hardware Compatibility List), 1311

headers

IPv4 packets, 647

IPv6 packets, 652

heartbeats

Cluster service, 1353

NLB, 1331-1332

help desks, 1319

hibernate state, 380

hidden shares, 553

high availability. See availability

highly available server deployment, 1321-1322

HKEY_CLASSES_ROOT (HKCR), 252, 258-259

HKEY_CURRENT_CONFIG (HKCC), 252, 259

HKEY_CURRENT_USER (HKCU), 252, 259

HKEY_LOCAL_MACHINE (HKLM), 252-258

HKEY_USERS (HKU), 252, 258

Home Folder, user accounts, 1194

host IDs

classes, by, 638-639

defined, 633

network prefix notation, 640-641

host names

aliases for, 797-798

defined, 653

LLMNR for resolving, 656

WINS for resolving, 654-655

host records, 653

hot-swapping disks, 423

humidity, 1314

Hyper V, 9-10

Hypervisor Settings entries, 397

I

IAID (identity association ID), 686

ICM (Integrated Color Management), 906

identification status of networks, 16

IIS (Internet Information Services)

TS Web Access requirements, 932

TS Web Access, automatically installed with, 920

IKE (Internet Key Exchange) IPv6 Security feature, 632

image names, 308

incident response teams

day-to-day operations plan for, 1320

disasters, planning for, 1371

Increase A Process Working Set privilege, 1179

Increase Scheduling Priority privilege, 1180

incremental adoption of Windows Server 2008, 3-4

incremental backups, 1385-1386

InetOrgPerson accounts

defined, 1167

InetOrgPerson objects, 1014, 1063

infrastructure masters

configuration, 1044-1046

defined, 57

inheritance

Group Policy. See Group Policy inheritance

permissions for file sharing, 569-570

permissions, effect on, 1188

Initial Configuration Tasks console

purpose of, 87, 113

table of tasks available, 113-114

ink-jet printers, 849

in-place file sharing, 547

installing Active Directory

AD DS binaries, 1112

Add Role feature for, 1112

Advanced Installation mode, choosing, 1114

answer file creation, 1120

backup requirements, 1110-1111

Basic Installation mode, 1114

client preparations, 1111

Configure TCP/IP warning, 1115

CPUs, requirements for, 1108

creating domain controllers for existing domains, 1114-1122

creating new domains in new forests, 1122-1125

creating new domains or trees in existing forests, 1125-1126

data protection requirements, 1109

Dcpromo command, 1112, 1114, 1129

disabling secure communications requirement, 1111

DNS configuration for, 1122

DNS server requirements, 1109-1110

DNS server selection, 1117-1118

domain selection step, 1115-1116

file volumes, 1109

forest functional levels, 1123-1124

global catalogs, last, warning for, 1130

hardware guidelines, 1108-1109

installation media creation, 1127

installation step, 1120

Installation Wizard, starting, 1114

IP addresses, 1109, 1113, 1117-1118

local account issues, 1113-1114

locations for files, selecting, 1119

media, installing from, 1118, 1126-1129

memory requirements, 1108

NetBIOS name generation, 1123

Network Credentials information, 1115

OU creation, 1133-1134. See also OUs (organizational units)

overview of process, 1107

password for Restore mode, 1120

privileges required for, 1112-1113

replication partner selection, 1118

RODC installations, 1148-1158

SAN configuration issues, 1110-1111

servermanagercmd install command, 1112

site selection step, 1117

starting Installation Wizard, 1114

storage requirements, 1108

System State files, 1110-1111, 1129

Sysvol, 1109

uninstalling, 1129-1133

verification of installs, 1121-1122

installing application software. See software installation

installing DHCP Server service

product keys and activations, 71-72

steps for, 697-700

installing TCP/IP networking

local area connections, 659-660

network adapter installation, 658-659

permissions for, 657

preparing for, 657-658

requirements for, 657

services installation, 659-660

installing Windows Server 2008

activation, 88-90

administration tools, installing, 109-110

answer files, 70

automated setup overview, 69

boot from media method, 77

installing Windows Server 2008, continued

clean installation steps, 84-88

clean installs, 74

commands during install process, table of, 90-93

core-server installation type, 80

CPU issues, 98-99

debugging, 96-97

desktop class system issues, 377

disk device drivers, 94-95

disk drive issues, 100

domain membership options, 83

DVD-ROM problems, 97

firmware issues, 100

full-server installation type, 81

general installation parameters, 70-71

hardware requirements, 72-73, 96

Initial Configuration Tasks console, 87, 113-114

installation step, 87

interactive setup overview, 69

introduction to, 69

Itanium-based systems issues, 78-79

language selection, 86

licensing issues, 71-72

memory issues, 98-99

naming computers, 81-82

network component options, 83-84

partition issues, 76-80, 95

passwords, 88

Plug and Play configuration issues, 97

points of failure, potential, 96

postinstallation checks, 100-101

preinstallation tasks, 76-77

preparing for, overview, 72

product keys, 85-86

protocol options, 82-83

quick start guide, 69-71

RAID, 80

rolling back installations, 84

Setup, running. See Setup.exe

simplest method, 77

Startup Repair Tool, 1408-1409

Stop errors, 98-99

troubleshooting, 96-100

types of installs, 69

types, full and core, 80-81

unattended installing, 69-70

updates during, 85

upgrades, 73-74

where to install to, choosing, 86-87

Windows Update, 74-75

x86 drive sections, 77-78

integrity levels, 297

Intel Quick Resume Technology Driver (QRTD), 381

Intel VT, 10

Internet connections, troubleshooting, 675

Internet Printing Client, 188

Internet Printing service, installing, 853

interrupts, bottlenecks from, 359

intrusion detection, 1319-1320

IP (Internet Protocol). See also TCP/IP (Transmission Control Protocol/Internet Protocol)

addressing. See IP addresses; IPv4 addressing

defined, 627

IPCONFIG command, invoking, 673

Next Generation TCP/IP stack, 631-632

security protocol. See IPSec (IP Security)

IP addresses

domain controller configuration, 1109, 1113

IPv4. See IPv4 addressing

IPv6. See IPv6 (Internet Protocol version 6)

NLB (Network Load Balancing), 1331, 1333

IP replication transport, 1288

IPC$ share, 554

IPCONFIG command

DHCP troubleshooting with, 680

DNS information and troubleshooting with, 680-683

flushdns command, 811

invoking, 673

registerdns command, 809

renew command, 810-811

troubleshooting with, 677

IPSec (IP Security)

IPv6 implementation of, 652

troubleshooting, 679

IPv4 (Internet Protocol version 4)

addresses. See IPv4 addressing

classes, 633-635

installing, 659-660

IPv6 compared to, 631

Next Generation TCP/IP stack, 631-632

packet structure, 647

IPv4 addressing

addresses defined, 633

autoconfiguration by DHCP, 687

broadcast IP addresses, 636-637

casting modes, 633

classes, 633-635

classful host IDs, table of, 638-639

classful network IDs, table of, 638

classful vs. nonclassful networks, 636-637

conflict detection with DHCP, 734

dynamic, 660

host IDs, 633

installation requirements, 657-658

loopback addresses, 635

multicast IP addresses, 636

multiple addresses per computer, 665-666

name resolution. See name resolution services

NAT (Network Address Translation), 635-636

network IDs, 633, 638

packet structure, 647

pinging IP addresses, 661-662

planning for, 647-649

private addresses. See private IP addresses

public addresses. See public IP addresses

router addresses, 639

special addressing rules, 638

static IP address assignment, 660-663

subnetting. See subnets

syntax of, 633

troubleshooting, 676-677

unicast addresses, 633-636

IPv6 (Internet Protocol Version 6)

advantages of, 649-650

autoconfiguration by DHCP, 687-688

DHCPv6 capable client, 632

DNS configuration, 667-669

DNS server issues, 681

dynamic address configuration, 664-665

headers, 652

hexadecimal notation for, 650-651

installing, 659-660

IP Security feature, 632

IPSec (IP Security) implementation, 652

IPv4 compared to, 631

jumbograms, 652

Link-Local Multicast Name Resolution, 632

loopback addresses, 651

MLDv2, 632

multicast IP addresses, 651

name resolution with LLMNR, 655-656

network IDs, 651

Next Generation TCP/IP stack, 631-632

normal IPv6 scopes, 708-710

packet structure, 652

payloads, 652

PPPv6, 632

Random Interface IDs, 632

static IP address assignment, 661-663

Symmetric Network Address Translators, 632

types of addresses, 651

IRQ settings, 240-243

ISA Server, 1333

iSCSI

clustering requirements with, 1350-1351

defined, 406

Multipath I/O, adding support for, 412-413

ISNS (Internet Storage Name Server), 188

ISTG (Inter-Site Topology Generator)

bridgehead servers with, 1089-1091

listing for a site, 1303

monitoring, 1297-1298

site links, effect of additional, 1287

Itanium-based servers

64-bit computing overview, 7-8

boot maintenance manager, 78

COM parameters not supported for EMS, 71

hardware requirements for installations, 73

installation issues, 78-79

Setup.exe, booting, 70

J

jobs, print

canceling all jobs, 907

managing, 908

viewing, 907-908

jumbograms, 652

K

KCC (knowledge consistency checker)

CPU requirements for, 1108

forcing topology recalculation, 1303

ISTG designation, 1091-1092

replication topology generation, 1085

site maximum from, 1077

testing replication, 1305-1306

KDCs (Key Distribution Centers)

operation of, 1024-1026

RODCs as, 1144-1145

Kerberos

account options for, 1192

advantages of, 1023

authentication process, 1024-1025

components of, 1024

cross-forest transitive trusts, 1030-1032

delegating authentication, 1040-1043

forwarded tickets, 1040

KDCs (Key Distribution Centers), 1024-1026

Kerberos Policy, 1169, 1247

mutual domain controller authentication by, 1083

policy settings, 1173

proxy tickets, 1040

resource access process, 1025-1026

kernels

kernel architecture, 11-13

kernel memory, 312

kernel memory dump files, 1380

L

language selection

domains, standardization within, 1059

selection step, 86

LANs (local area networks)

NTLM. See NTLM (NT LAN Manager)

setting up. See networking

sites, relation to, 1071

laser printers, 849, 852

LDAP (Lightweight Directory Access Protocol)

Active Directory architecture, 991, 998-999

step in replication procedure, 1082

LDM partitions, 451-452

leases, DHCP

audits, 728

broadcast process, 689-693

databases of, 685

date stamps, 673

defined, 660

duration specification, 705-706

renewal process, 679-680

legacy applications, 294, 296

LGPOs (local GPOs), 1239-1242

licensing

CAL Installation Wizard, Terminal Services, 954-957

client access licenses. See CALs (client access licenses)

Enterprise Agreement License program, 65-66

installation issues, 71-72

License Server, Terminal Services, 951-957

Microsoft Clearinghouse, automatic method with, 955

Open License program, 64-65

overview, 63-64

product keys and activations, table of, 71-72

retail licenses, 64

Select License program, 65

Server Licenses, 63

Software Assurance, 66

Terminal Services, 925-927, 937

volume licensing programs, 64-66

Lightweight Directory Access Protocol. See LDAP (Lightweight Directory Access Protocol)

limited broadcasts, 637

link bridge costs, 1101-1104, 1289

link costs for replication, 1100-1101

Link GPOs permission, 1251, 1253

link order of GPOs, editing, 1255-1256

Link-Layer Topology Responder components, 83

Links toolbar, 150

List Folder Contents permission, 572

List Folder special permission, 573

LLMNR (Link-Local Multicast Name Resolution), 632, 655-656, 757

LMHOSTS, 669-671

Load And Unload Device Drivers privilege, 1180

load balancing

NLB. See NLB (Network Load Balancing)

round-robin using DNS, 797

Terminal Services with, 933-935. See also TS Session Broker servers

local area connections

adding TCP/IP services, 659-660

configuration, viewing current, 672-673

creating, 660

disabling, 673-674

enabling, 673-674

IPCONFIG command with, 673

purpose of, 671

renaming connections, 674

speed, checking, 672

status of, checking, 671-672

troubleshooting, 674-675

local group policy

advantages of multiple, 1240

conflict resolution, 1240

inheritance order, 1254

LGPO assignment, 1239

Local Group Object Editor, 1241-1242

Local Group Policy Editor, 1242

managing settings, 1241-1242

processing order, 1240

top-level object access, 1240-1241

Local Security Authority. See LSA (Local Security Authority)

Local Security Policy console

auditing file and folder access, 581-582

local group policy settings, 1241-1242

Registry policy settings, 282-283

user rights, assigning for specific computers, 1184

local user accounts

defined, 1167

lockout policy, 1172

password policy enforcement, 1170-1171

policies for, 1169

local user profiles

configuring, 1199-1200

data storage, 1196

defined, 1196

location for storage of, 1196

switching to roaming, 1202

localization issues

planning for, 39

Regional and Language Options utility, 125

Lock Pages In Memory privilege, 1180

lockout policy

Account Lockout Policy, 1247

enabling accounts disabled by, 1195

number of allowed attempts, specifying, 1176

logoff scripts, Group Policy, 1265-1266

logon rights

accounts, relationship to, 1178

default, groups assigned to, table of, 1181-1182

logons

Active Directory related features, list of, 989-990

cached credentials for, 1195

Group Policy logon scripts, 1265-1266

Log On To option, 1190

Logon Hours option, 1190

Logon Script option, 1194

Network Security: Force Logoff When Logon Hours Expire policy, 1248

security token generation, 1020-1022

sites, isolating by, 1072

Terminal Services settings for, 959

Unlock Account check box, 1191

UPNs (user principal names), 1021

logs of events. See events

loopback addresses

IPv4, 635

IPv6 (Internet Protocol version 6), 651

LPD (Line Printer Daemon) Service, installing, 853

LPR (Line Printer Remote) Port Monitor

installing, 860

port monitor settings, 863-865

purpose of, 188

UNIX print servers with, 860

LSA (Local Security Authority)

defined, 988-989

Server, Active Directory use of, 990

LUNs (logical unit numbers), 411

M

MAC addresses

checking, 673

DHCP use of, 686

NLB (Network Load Balancing) use of, 1334

mail servers, DNS records for, 798-799

Manage Auditing And Security Log privilege, 1180

Manage Documents permission, 880

Manage Printers permission, 880

managing Windows Server 2008 systems

console for computer management. See Computer Management console

console for server management. See Server Manager console

Control Panel utilities. See Control Panel

MMCs for. See MMCs (Microsoft Management Consoles)

tools for. See administration tools

tools, legacy compatibility issues, 52

mandatory user profiles

configuring, 1201-1202

defined, 1196

preconfigured, creating, 1198-1199

man-in-the-middle attacks, 1111

Map Network Drive command, 551

MAPI (Messaging Application Programming Interface), 992

mapping network infrastructure, 1096-1098

Maximum Password Age setting, 1171

MBR partition style

background on, 425

changing to GPT, 428

creating partitions, 435-439

drive letter assignment, 435

format support, 427-428

formatting, 437-439

managing partitions on basic disks, 434-448

mirrored boot and system volumes, 459

selecting, 424

structure of, 425-426

x86 vs. Itanium, 427

media rotation, 1386-1387

memory

Active Directory requirements, 1108

bottlenecks, 356-358

counters, 357-358

diagnostics, 25

faults, paging file, 357

improved diagnostics for, 19

insufficient during installation, 98

nonpaged pools, 356

paged pools, 356

print server requirements, 847

process usage of, 315

Reliability And Performance Monitor statistics on, 345

requirements by edition, table of, 72-73

specifying boot amount to use, 386

Terminal Services requirements, 930

usage, viewing in Task Manager, 312-313

Windows Memory Diagnostics Tools, 1377

menu system

adding items, 134-135

changes from 2003, 130-131

copying items, 135-136

folder options, Start menu, 131-132

frequently used programs list, 137-140

hiding items, 136-137

highlighted items, 136-137

optional folders, 132

overview of, 129-130

pinned items, 133

removing items, 141

renaming items, 141

Search box, 132-133

sorting items, 140

standard Start menu new features, 133-134

Message Queuing, 189

Messaging Application Programming Interface. See MAPI (Messaging Application Programming Interface)

MFTs (master file tables), 503-506

Microsoft Cluster service, 1345

Microsoft DSM, 411

Microsoft Internet Security and Acceleration Server, 1333

Microsoft Management Consoles. See MMCs (Microsoft Management Consoles)

Microsoft Operations Framework (MOF), 28

Microsoft Product Support, 1375-1376

Microsoft Solutions Framework Process Model, 28-29

Microsoft Solutions Framework Team Model, 31-32

Microsoft Universal Printer Driver, 846

Microsoft Vista. See Windows Vista

Microsoft\Windows logs, 328

migration to Windows Server 2008, 88. See also upgrading to Windows Server 2008

Minimum Password Age setting, 1171

Minimum Password Length setting, 1171

mirror sites, 1329-1330

mirrored volumes

breaking, 463-464

configuring, 457-458

defined, 452

GPT boot and system volumes, 459-462

MBR boot and system volumes, 459

troubleshooting, 464-466

mission-critical systems. See availability

MLDv2 (Multicast Listener Discovery version 2), 632

MMCs (Microsoft Management Consoles)

3.0 version changes, 154

32-bit vs. 64-bit snap-ins, 160

Active Directory Users And Computers. See Active Directory Users and Computers snap-in

Active Directory-related snap-ins, 163

adding snap-ins to custom consoles, 165-169

administrative tool set, installing full, 160-161

advantages of, 153

Appearance And Personalization console, 120-122

author mode, 156-157

capabilities of, 153

changes from 2003, 154

Computer Management. See Computer Management console

console tools with file names, table of, 161-162

console trees, 158

creating custom consoles, 164-165

customization overview, 163

details pane, 158

directories for tools, 159

Disk Management. See Disk Management snap-in

extension components, 155-156

GPMC. See Group Policy Management Console (GPMC)

icons for custom consoles, 171-172

limitations of, 154

Local Security Policy. See Local Security Policy console

main pane, 158

mode settings for custom consoles, 170

modes of, 156-158

nodes in, 155, 158

opening console specification, 159

Print Management. See Print Management console

publishing, 184

Reliability. See Reliability And Performance Monitor console

remote systems with, 162-163

saving custom console tools, 172-173

saving custom consoles, 169-172

snaps-ins, generally, 154-156

starting, 158-159

taskpads, custom, 173-183

tool availability, 160-161

user mode, 156-157, 170

Modified Fast Recovery Algorithm, 631

Modify An Object Label privilege, 1180

Modify Firmware Environment Values privilege, 1180

Modify permission, 572

modular component design architecture, 14

monitoring operations, 1316-1317

monitoring performance. See performance monitoring

monitors

display settings for, 122

spanning for remote sessions, 613

motherboard power state management capabilities, 379

mount points

adding and removing, 442-443

purpose of, 442

reparse points, 517-518

shadow copy issues with, 594

mouse pointer selection, 121

MPIO (Multipath I/O), 189

msconfig.exe command boot configuration, 385-388

MSF (Microsoft Solutions Framework), 28-29

MSR partitions, 450-451

multicast IP addresses

address class for, 636

host groups, 636

IPv6, 651

scopes for, 702

sending nodes, 636

Multipath I/O

Active/Active controller model, 411

adding hardware devices, 412-413

DSM with, 411

File Services with, 416

MPIO Properties dialog box, opening, 411

purpose of, 408

removing devices, 413

multiple operating systems

disk formats for, 437

settings for, 384-385

multiprocessor system CPU affinity issues, 359

multisite options for clusters, 1329-1330

N

name resolution services

DNS. See DNS (Domain Name System)

list of supported systems, 652

LLMNR, 655-656

LMHOSTS, 669-671

NetBIOS. See NetBIOS

processes for, 654

purpose of, 652

sites, requirements for, 1073

troubleshooting, 680-683

WINS. See WINS (Windows Internet Naming Service)

named data streams, 512-513

named pipes, IPC$ share, 554

namespaces

Active Directory design overview, 54-55

DNS, 744-746

forest, 1054-1055

private, 746

naming computers, 81-82

NAP (Network Access Policy) Network Policy Server tool, 108

NAP (Network Access Protection)

class clients, setting options with DHCP, 722-723

DHCP integration with, 731-733

NAS (network-attached storage)

command-line tools for managing, list of, 409

defined, 406

NAT (Network Address Translation), 635-636

Neighbor-Unreachability Detection, 631

NET LOGON, 989

net share command, 556

Net Share command-line tool, 579-581

Net tools, commands available, 111-112

NetBIOS

Active Directory domains, name generation for, 1123

name resolution services for, 669-670

node types, 824

scope, 824

WINS support for, 654-655, 823-824

NETLOGON share, 555

netsh command

activation of scopes, 716-717

DHCP database management, 736

DHCP with, 700

scope management with, 710-711

troubleshooting with, 677-679

WINS commands with, 827

Network Access: Allow Anonymous SID/NAME Translation policy, 1170, 1248

network adapters

binding DHCP to, 729

configuration, viewing current, 672-673

driver settings, 227

failover clustering interface states, 1355

failover clustering requirements, 1350

installation, 658-659

IP addresses of, configuring, 662-663

IPCONFIG command with, 673

MAC addresses of, 673, 686

monitoring statistics with Task Manager, 323-324

Network Load Balancing choices, 1332-1334

reservations, DHCP, 686

Network Address Translation (NAT), 635-636

Network And Sharing Center

Access field, 629-630

accessing, 549, 629

Connection field, 629-630

diagnostics from, 630

discovery, turning on, 676

dynamic address configuration, 664-665

identification status of networks, 16

multiple gateway configuration, 665-666

sharing and discovery area, 630

static IP address configuration, 662-663

summary network map area, 629

TCP/IP services, installing, 659-660

network awareness

defined, 628

Network Diagnostics Framework, 15-18

network browsing, troubleshooting, 676

network connections

binding DHCP to, 729

local. See local area connections

Network Connections tool

configuration, viewing current, 672-673

DNS configuration, 667-669

dynamic address configuration, 664-665

enabling connections, 673-674

multiple gateway configuration, 665-666

renaming connections, 674

static IP address configuration, 662-663

Status dialog box, 671-672

TCP/IP services, installing, 659-660

Network Diagnostics Framework

CAPI2, 18

identification status of networks, 16

management policies, 18

network awareness, 15-17

Next Generation stack enhancement, as, 631

OCSP, 18

SMB 2, 17

SRA (Secure Remote Access), 18

SSO, 18

SSTP (Secure Socket Tunneling Protocol), 18

Network Discovery

automatic configuration of, 628-629

categories of networks defined in, 628

controlling in Network And Sharing Center, 630

Off (Disabled) state, 629

On (Enabled) state, 628

purpose of, 628

troubleshooting with, 676

Network Explorer

accessing, 629

enabling discovery, 629

finding shared folders, 552

viewing shared files, 551

network IDs

classful network, list of, 638

defined, 633

IPv6, 651

network prefix notation, 640-641

Network Load Balancing (NLB). See NLB (Network Load Balancing)

network management tools for deployment planning, 44

Network Policy Servers

DHCP servers set up as, 731-733

planning for, 60

network prefix notation, 640-641

Network Security

Force Logoff When Logon Hours Expire policy, 1170, 1248

network troubleshooting

DHCP issues, 679-680

discovery issues, 676

DNS issues, 680-683

Internet connections, 675

IPSec issues, 679

IPv4 addressing, 676-677

local area connection issues, 674-675

netsh command, 677-679

network browsing, 676

packet filtering issues, 679

Pathping command, 678

PING command for, 675-676

subnets, 677

Tracert for, 678

Windows Firewall issues, 679

network-attached printers

adding to print servers, 860-863

defined, 850

Network Printer Installation Wizard, 855, 857-863

network-attached storage. See NAS (network-attached storage)

networking

addresses. See IP addresses

automatic address assignment. See DHCP (Dynamic Host Configuration Protocol)

bottlenecks, 362-363

cabling, 1314

classes of networks, 633-635

classful vs. nonclassful networks, 636-637

configuring TCP/IP. See configuring TCP/IP networking

connections. See local area connections; Network Connections tool

diagnostics. See Network Diagnostics Framework

discovery feature. See Network Discovery

Explorer. See Network Explorer

fault tolerance, 1312

IDs. See network IDs

installing. See installing TCP/IP networking

installing, component options, 83-84

latency issues, 362

mapping network infrastructure, 1096-1098

monitoring availability, 1317

monitoring statistics with Task Manager, 323-324

name resolution. See name resolution services

navigation of, overview, 627-630

NLB. See NLB (Network Load Balancing)

packets, data. See packets

performance monitoring, 362-363

policy servers. See Network Policy Servers

prefix notation, 640-641

printers. See network-attached printers; print servers

Reliability And Performance Monitor statistics on, 345

statistics, table of, 324

storage. See NAS (network-attached storage); SANs (storage area networks)

subnetting. See subnets

TCP/IP. See TCP/IP (Transmission Control Protocol/Internet Protocol)

Terminal Services bandwidth requirements, 920, 931

tools for, list of, 627

troubleshooting. See network troubleshooting

New ObjectUser Wizard, 1184-1185

New Task Wizard, 179-183

New Trust Wizard, 1035-1038

Next Generation TCP/IP stack, 631-632

NFS (Network File System)

purpose of, 416

tool for, 108

NICs (network interface cards). See network adapters

NLB (Network Load Balancing)

active node mode, 1327-1328

adding nodes to a cluster, 1342-1343

basic models for, 1332

broadcast plus filtering traffic direction, 1332

cluster adapters, 1333

cluster management options, 1344

cluster parameter settings, 1341

cluster size requirements, 1336

creating new clusters, 1337-1342

data storage for, 1331

dedicated adapters, 1333

Drainstop option, 1344

event logging, 1344

failover in, 1331

filtering modes, 1335, 1342

heartbeats, 1331-1332

host management options, 1344-1345

host parameter settings, 1339

installing, 1337

IP addresses for, 1331, 1333, 1339-1340

ISA Server with, 1333

MAC addresses, 1334

maximum number of computers in clusters, 1331

multicast mode, 1332

NDIS lightweight filter model, 1332

network adapters, single vs. multiple, 1332-1334

network driver nature of, 1332

Network Load Balancing Manager, 1337

network types supported, 1332

nlbmgr command, 1337

operations mode, setting, 1341

optimization of servers, 1336

planning, 1336-1337

port rules, 1335, 1342

protocols controlled by, 1333

purpose of, 189, 1323, 1331

RAID with, 1336

recommended applications for, 1331

removing nodes from a cluster, 1343

Resume option, 1344

round-robin DNS compared to, 1331

router issues, 1334

services that work with, 1336

session state maintenance, 1335

Shared Configuration feature with, 1337

sites, multiple physical, 1329-1330

specific traffic to specific servers allowed, 1332

Start option, 1344-1345

stopping, 1344

stress testing of, 1336

Suspend option, 1344

switch flooding, limiting, 1341

synchronization of data, 1336

unicast mode, 1332

VPN with, 1336

workload distribution paradigms, 1335

nodes, cluster

active vs. passive, 1327-1328

active, for failover clusters, 1345

adding to a cluster, 1342-1343, 1360

defined, 1323

maximum number supported, 1326

multiple physical sites for, 1329-1330

removing from a cluster, 1343

nonauthoritative restores of Active Directory, 1411-1412

nonclassful networks

defined, 636-637

network number identification, 638

nonpaged pools, 356

normal backups, 1385-1386

NPAS (Network Policy And Access Services), 187

nslookup command, 812

NTDS, Settings dialog box, 1013

Ntdsa.dll. See directory service (Ntdsa.dll)

ntdsutil

activate instance ntds command, 1127-1128

failed domain controllers, removing references to, 1415-1416

restoring Active Directory, 1413-1414

NTFS

advanced features, list of, 511

boot sectors, 503

change journals, 514-515

Check Disk, analyzing volumes with, 539-540

clusters, 498-499, 508

converting FAT disks to, 432-433

data streams, 512-513

feature set of, 507-508

file-based compression, 521-523

formatting drives as, 437-439

FSutil FSinfo command, 508-510

hard links, 511-512

integrity of files, 535

metadata, 503-504, 510

MFTs (master file tables), 503-506

nonresident attributes, 504

object identifiers, 516-517

quota management. See quota management

recommended file format, 437

reparse points, 517-518

resident attributes, 503

Self-Healing NTFS, 520-521

sparse files, 518-519

structure of volumes, 503-506

transactional NTFS, 520

VCNs (virtual cluster numbers), 505

versions of, 507-508

viewing drive information, 508-510

NTLM (NT LAN Manager)

authentication with, 1023-1024

Security Accounts Manager, 990

NX (non-execute) page protection, 402

O

object identifiers, 516-517

objectives, defining

budget issues, 47-48

contingency allowances, 48-49

organizational objectives, 45-46

overview of, 45

schedules for projects, setting, 46-47

specificity of goals, 46

tips for growing projects, 45

OCSP (Online Certificate Status Protocol), 18

OEM partitions, 452

offline files

configuring, 1207-1209

file synchronization for, 1209-1210

On Screen Keyboard, 1377

operations management

auditing procedures, 1319-1320

backup plans, 1318

change control procedures, 1317-1318

checklist, 1320-1321

critical procedures list, 1316

data recovery plans, 1318-1319

incident response teams, 1320

monitoring plan, 1316-1317

problem-escalation procedures, 1319

resources, training and documentation, 1317

staffing requirements, 1317

operations masters

changing roles, 1046

defined, 57

domain design considerations, 1044

domain naming master role, 1044-1046, 1048

guidelines for configuring, 1046

infrastructure master role, 1044-1046, 1050-1051

listing current, 1045

PDC emulator role, 1044-1046, 1050

purpose of, 1044

RID (relative ID) role, 1044-1046, 1048-1050

RODCs not allowed as, 1145

roles, 1044

schema master role, 1044-1047

seizing and transferring roles, 1051-1052

transferring roles, 1047

organizational objectives, specifying, 45-46

OUs (organizational units)

accounts, placing in, 1136

administration model for, 1069

administrative rights delegation to, 1064

advantages over multiple domains, 1060

assigning user rights for, 1182-1183

attributes, editing, 1135

canonical name option, 1135

child OU group policy inheritance order, 1254

COM+ partitions, 1135

cost center model for, 1068

creating, 1133-1134

defined, 1063

delegation of administrative rights, 1064-1065, 1136-1139

deleting, 1134

descriptive information option, 1135

design overview, 1065

division or business unit model, 1066

enforcing inheritance, 1258-1259

geographic model for, 1067

group policy inheritance order, 1254

group policy with, 1065

InetOrgPerson objects, 1063

Managed By option, 1135

managing groups of objects with, 1064

naming, 1134

permissions required to create, 1133

properties, setting, 1135

recursive capabilities of, 1064

resources, placing in, 1136

task delegation, 1138-1139

Terminal Services, for, 613, 931-932

types of objects in, 1063

utility of, 1064

ownership of files and folders, 567-568, 575

P

packets

IPv4, structure of, 647

IPv6, structure of, 652

packet filtering, troubleshooting, 679

packs

organization of servers in, 1325-1326

SQL Server use of, 1326

PAE (Physical Address Extension) options, 402

page file partitions, 429

paged pools, 356

paging files

counters for, 357-358

failover clustering requirements, 1349

faults, 357

page faults per process, 315

partitions, 77

tuning performance of, 305-308

paper trays, printer, 850

parent domains, 653

parent folders, 569

partitions, directory

purpose of, 1005-1006

replication of, 1093-1095

RODC replication of, 1146-1147

partitions, drive

active, 429

allocation unit size, 438

basic disk, 428-432

BitLocker, 482-485

boot partitions, 429

changing during installations, 95

crash dump partitions, 429

creating, 435-439

creating additional, 79

deleting, 448

DiskPart tool, 409

ESP partition type, 449-450

extended, 430, 436

extending, 443-446

formatting, 437-440

GPT types, 449

Itanium-based, 78

LDM partitions, 451-452

MSR partitions, 450-451

OEM partitions, 452

page file, 429

planning issues, 79-80

postinstallation checks, 101

primary partitions, 451

RAID, 80

shrinking, 446-447

size, setting, 435-436

styles, 424-428

system partitions, 429

types of, 76-78

where to install to, choosing, 86-87

passwords

account options, setting, 1185

Active Directory Restore mode, 1120

backing up, 1214-1215

complexity status setting, 1175

Enforce Password History setting, 1170-1171

history length setting, 1175

Kerberos policy settings, 1173

lockout policy, 1172, 1176

Maximum Password Age setting, 1171, 1176

Minimum Password Age setting, 1171, 1176

Minimum Password Length setting, 1171, 1175

options for, setting, 1191-1192

Password Must Meet Complexity Requirements setting, 1171

Password Policy, 1247

Password Settings containers, 1169

Password Settings group, 1173-1176

policy enforcement, 1170-1171

PSOs (Password Settings objects), 1169, 1173-1177

reset disks, 1214-1215

resetting by administrators, 1212-1213

RODC replication policies, 1148, 1158-1165

security policy effects on, 998

setting for new accounts, 1185-1187

settings object creation, 1173-1176

Store Passwords Using Reversible Encryption setting, 1171, 1175

strong, 88

trusts, creating for, 1037-1038

Pathping command, 678

payloads, IPv6, 652

PCL (Printer Control Language), 842, 846. See also EMF (enhanced metafile format)

PDC emulators

purpose of, 57

RODCs with, 1145, 1148

role, operations master, 1044-1046

Perform Group Policy Modeling Analysis permission, 1251, 1253

Perform Volume Maintenance Tasks privilege, 1180

performance

baselines, establishing, 303, 344

bottleneck overview, 356

counters for. See counters

CPU bottlenecks, 359-360

data collector sets for monitoring. See data collector sets

disk I/O bottlenecks, 360-362

memory bottlenecks, 356-358

monitoring. See Performance Monitor; performance monitoring

network bottlenecks, 362-363

Performance Diagnostics, 24

reliability monitor. See Reliability Monitor

tuning. See tuning performance

visual effects hits on, 303-304

Performance Monitor

Active Directory, monitoring, 1303-1304

Add button, 352

adding counters, 349-350

alert configuration, 369-370

alerts, 346

Change Graph Type button, 352

Copy Properties button, 352

counter list, 352

counters defined, 346-347. See also counters

CPU counters, 360

data collectors. See data collector sets

Delete button, 352

deleting counters, 350

Directory Services performance object, 1303-1304

Freeze Display button, 352

graphing counter statistics, 351

help, 353

Highlight button, 352

Histogram Bar view, 353

log files of, 346

memory counters, 357-358

network counters, 362-363

Paste Counter List button, 352

performance object instances, 347

performance objects, 347

performance objects, table of common, 348-349

print server performance, 909-912

Properties button, 352

purpose of, 343, 346

Reliability And Performance Monitor, location in, 346

remote monitoring, 354-355

replication statistics, 1303-1304

Report view, 353

resources consumed by issue, 354

toolbar, 351-352

Update Data button, 353

View Current Activity button, 352

View Log Data button, 352

performance monitoring

applications status, 314

baselines, establishing, 344

command-line commands for, 370-373

configuration data sets, 368

counters for. See counters

CPU counters, 360

CPU statistics, 311-313

data collectors. See data collector sets

defined, 303

get-process command, 315-320

get-service command, 321-322

kernel memory, 312

memory counters, 357-358

memory usage in Task Manager, 312-313

network counters, 362-363

networking statistics, 323-324

Performance tab, Task Manager, 311-313

print servers, 909-912

processes, 309-310, 314-320

remote monitoring, 354-355

replication monitoring, 1303-1304

Task Manager overview, 308-309. See also Task Manager

Tracerpt, 372-373

Typeperf command, 370-372

Performance Options dialog box, 305

permissions

access permissions for files and folders, 571-578

accounts, relationship to, 1178

Apply Group Policy permission, 1259-1261

Apply Onto options, 577-578

atomic permissions, 575

Change Permissions special permission, 575

Change permissions, file sharing, 564

Create Files/Write Data special permission, 574

Create Folders/Append Data special permission, 574

delegation to manage Active Directory objects, 1136-1139

Delete special permission, 574

Delete Subfolders And Files special permission, 574

Effective Permissions tool, 1188-1189

effective permissions, determining, 578-579

Execute File special permission, 573

Full Control permissions, file sharing, 564, 572

Group Policy management permissions, 1250-1253

Group Policy, effects on, 1259. See also Group Policy

groups, table of types, 1218

inheritance of, for file sharing, 569-570

List Folder Contents permission, 572

List Folder special permission, 573

Modify permission, 572

Permissions icons, 289

printers, for. See printer permissions

Read & Execute permission, 572

Read Attributes special permission, 573

Read Data special permission, 573

Read Extended Attributes special permission, 574

Read permissions, 572

Read Permissions special permission, 575

Read permissions, file sharing, 564

Remote Desktop for Administration, for, 610-612

removing users or groups for permissions, 577

resetting for files and folders, 570-571

setting special permissions for files and folders, 576-577

share permissions, 563-566

special permissions, 573-578

Take Ownership special permission, 575

Terminal Services, 961-964

Traverse Folder special permission, 573

viewing for files and folders, 571

Write Attributes special permission, 574

Write permission, 572

Physical Address Extension (PAE) options, 402

physical security, 1370

PING command

checking for IP addresses, 661-662

testing networks with, 675-676

planning deployments

Active Directory issues, 54-58. See also Active Directory system design

administrative approach issues, 51-54

analysis of existing system, 29, 37-44

budget issues, 47-48

building phase of MSF, 28

business perspectives, 34-35

change management process, 54

contingency allowances, 48-49

deploying phase of MSF, 28

designing the new network. See designing new networks

DHCP servers, 60

disaster recovery, 43-44

DNS server issues, 59

documentation, 34

domain architecture, 50

domain controllers, 58-59

domain functional levels, 55-57

domain trusts, 55

editions of Windows Server 2008, selecting, 61-63

envisioning phase of MSF, 28

file services, 60

global catalog servers, 58

goal assessment, 29, 33-37

governing phase of MSF, 28

hardware inventories, 39-40

installation phases, 30. See also installing Windows Server 2008

IT-business interaction issues, 36

IT goal identification, 35

licensing programs, 63-66

localization issues, 39

management tools, reviewing, 51-52

Microsoft Operations Framework (MOF), 28

Microsoft Solutions Framework Process Model, 28-29

namespace design, 54-55

network administration review, 42-43

network infrastructure evaluation, 38

network management tools, assessing, 44

Network Policy Servers, 60

network services and applications identification, 40-41

new installation issues, 67

objectives, defining, 45-49

operations masters, 57

organizational objectives, 45-46

overview, 27

partition issues, 79-80

planning phase of MSF, 28

predicting changes, 36-37

print services, 60

project scope definition, 29-30

remote locations, 38

schedules for projects, setting, 46-47

scope of projects, finalizing, 49

security infrastructure, 41-42, 51

servers and services, assessing, 39

server roles, 57-61

stabilizing phase of MSF, 28

standards selection, 52-53

tasks in deployment process, 29-30

team identification, 29, 31-33

testing the design, 30

WINS servers, 60

platters, 497

Plug and Play devices

installation process, 216-219

remote administration, 615

PNRP (Peer Name Resolution Protocol), 189

point and print restrictions, 870-871

policies

account. See account policies

assigning user rights with, 1182-1183

domain user accounts, configuring for, 1169-1170

Group Policy objects. See GPOs (Group Policy objects)

Local Security Policy console, 1184

user profiles, for, 1197

pooling printers, 898-900

ports

replication use of, 1084

Terminal Services, 941

ports, printer

managing, 886-887

pooling printers, 899-900

port names, 862

postinstallation checks, 100-101

PostScript, 842, 846-847

power protection, 1370

power state management

ACPI requirement, 379

ACPI Suspend State or Suspend Mode setting, 380

After Power Failure or AC Recovery setting, 380

Enhanced Intel SpeedStep Technology (EIST), 381

hardware dependence of, 379-382

Intel Quick Resume Technology Driver (QRTD), 381

motherboard specificity, 379

states of, 379-380

Wake On LAN From S5 or Auto Power On setting, 380

Windows Vista, 378

power supplies, 1314

Power Users group legacy only in 2008, 296

PowerShell

commands, 112-113

feature for installing, 190

get-eventlog command, 338-341

get-process command, 309-310, 315-320

get-service command, 310, 321-322

installing, 112

stopping processes, 320

PPP (Point-to-Point Protocol), 632

preinstallation tasks, 76-77

Previous Versions feature, 603-605

primary DNS servers, 750-751

primary partitions, 451

Print Management console

adding local printers, 855-859

adding print devices manually, 857-859

adding print servers to, 872-873

Additional Drivers command, 857

auditing access, 884

automatic installation of network printers, 855

Cancel All Jobs command, 907

client printer drivers, 894-895

color profiles, 906-907

denying printer permissions, 881-883

deploying connections, 868-869

driver property management, 887-889

drivers for network printers, 862-863

Enable Advanced Printing Features option, 901

Extended view, 907

filtered displays of printers, 876-878

forms, 885-886

general properties, setting, 891

granting printer permissions, 881-883

Hold Mismatched Documents option, 901

job properties, changing, 908

jobs, managing, 908

jobs, viewing, 907-908

Keep Printed Documents option, 901

listing available printers, 856

menu command to open, 854

migrating printers and queues, 873-876

network-attached printers, adding, 860-863

notifications property settings, 889-890

notifications, setting, 877

pausing all printing, 907

pausing individual jobs, 908

pooling printers, 898-900

port management, 886-887

Print Directly To The Printer option, 901

Print Spooled Documents First option, 901

properties of individual printers, 890

property management overview, 885

queue priority, setting, 896-898

recommended tool, 872

remote print server management, enabling, 872

removing print servers from, 873

resuming all printing, 907

scheduling queues, 896-898

share names, 856

sharing printers, 895-896

spooler property settings, 889-890

spooling configuration, 900-901. See also Print Spooler service

Start Printing options, 900

TCP/IP port monitor settings, 863-865

viewing printer permissions, 881

watermarks, 893-894

print processors, 901-902, 916-917

print servers

64-bit driver support, 845

adding local printers, 855-859

adding print devices manually, 857-859

adding print drivers, 888

adding to Print Management console, 872-873

application-based printing issues, 917

auditing access, 884

automatic installation of network printers, 855

backing up, 912-913

backups, 1384

canceling all jobs, 907

client print drivers, 894-895

client relationship to, 842-843

client-computer-based errors, 917-918

clustering, 846, 1363, 1367

command-line scripts, 854-855

command-line tool for, 854

connecting from client computers, 865-867

console for, 854. See also Print Management console

counters, performance, 909-912

data types for drivers, 841-842

defined, 841, 852

deploying connections, 868-869

disk I/O requirements, 848

disk space requirements, 848

driver installation on clients, 845-846, 857

driver property management, 887-889

driver storage location, 844

drivers for network printers, 862-863

EMF (enhanced metafile format), 842-843, 846-847

error handling, 845-846, 914

failure, preparing for, 912-913

filtered displays of printers, 876-878

form management, 885-886

frozen queues, 909

GDI preprocessing, 844

handles, 847-848

hardware configuration, 847-848

high-resolution graphics resource requirements, 847

installing, 853-854

Internet Printing service, 853

IP address issues, 916

jobs, managing, 908

jobs, viewing, 907-908

kernel mode drivers, 845

legacy Windows clients, 848

listing available printers, 856

local print providers, 845

local print spoolers, 844-845

location descriptions, 863

logging spooler events, 889-890

logical devices, multiple per printer, 853

LPD (Line Printer Daemon) Service, 853

LPR (Line Printer Remote) Port Monitor, 860

maintenance overview, 909

memory requirements, 847

Microsoft Universal Printer Driver, 846

migrating printers and queues, 873-876

multiple logical devices per printer, 896

Net Use command, 867

network issues, 916-917

network-attached printers, adding to, 860-863

non-Windows clients, 848

notifications, setting, 877, 889-890

optimization overview, 896

overview of printing process, 842-845

pausing printers, 907

PCL (Printer Control Language), 842, 846

performance monitoring, 909-912

permissions. See printer permissions

point and print restrictions, 870-871

pooling printers, 898-900

port management, 886-887

port names, 862

PostScript, 842, 846-847

print monitors, 845

Print Services role, adding to servers, 853-854

Print Spooler service, 844-845, 889-890, 909, 913, 916

PRINT$ shares, 555

printer installed bases, 841

Printer Migration Wizard, 873-876

property management overview, 885

queue errors, 916

queue priority, 896-898

queues, location of, 845

queues, tracking performance of, 911

RAW data type, 842-843

remote users, printer availability to, 863

removing print drivers, 889

RPC connections, 847-848

scheduling queues, 896-898

scripts, command line, 854-855

secondary servers recommended, 912

separator pages, 902-906

service. See Print Services

share names, 856

SMB connections, 848, 918

spool folder free space, 916

spooler property settings, 889-890

spooling, 844-845. See also Print Spooler service

spooling configuration, 900-901

SpoolSv instance, 909

TCP/IP port monitor settings, 863-865

test pages, printing, 914

troubleshooting, 913-918

Unidrv, 846

UNIX, 860

user access to printers, 865-867

user mode drivers, 845

user relations issues, 915

user, single, unable to print, 917-918

VBScript for connections, 867

Print Services

defined, 187

planning deployments of, 40, 60

role, adding to servers, 853-854

Print Spooler service

automatic spooling restarts, 913

configuring, 889-890

manually restarting, 909

place in connection sequence, 844-845

remote access to Registry requirement, 282

spooling configuration, 900-901

SpoolSv instance, 909

uncleared error documents in queue, 916

printer permissions

auditing access, 884

Change Permissions permission, 880

default condition, 879

defined, 879

denying, 881-883

granting, 881-883

Manage Documents permission, 880

Manage Printers permission, 880

ownership assignments, 883

Print permission, 880

Read Permissions permission, 880

restricting printer use, reasons for, 879

special permissions, 880

spool folder permissions, 881

standard permissions, 880

Take Ownership permission, 880

troubleshooting, 917

users and groups, 880

viewing, 881

printers

application-based printing issues, 917

automatic installation of network printers, 855

cabling options, 857

color, 851, 906-907

Comment property, 891

direct-attached, 850

domain local groups for accessing, 1218-1219

duplexers, 850

duty cycles of, 851-852

failure, preparing for, 912-913

Form To Tray Assignment property, 892

general properties, setting, 891

ink-jet printers, 849

IP address issues, 916

Job Timeout property, 892

large-format printing, 850

laser printers, 849, 852

Layout tab, 892

local printer name property, 891

local printers, adding to print servers, 855-859

location descriptions, 863

Location property, 891

memory expansion, 849, 892

migrating printers and queues, 873-876

monitoring, 847

Net Use command, 867

network issues, 916-917

network-attached, 850

ownership assignments, 883

paper trays, 850

Paper/Quality tab, 892

permissions. See printer permissions

photoprinting, 850-851

print processors, 901-902

PRINT$ shares, 555

printing preferences, setting, 891-892

properties of individual printers, 890

publishing by Active Directory, 895

scheduling, 896-898

security settings, client, 870-871

separator pages, 902-906

servers for. See print servers

share configuration, 550

share names, 856

sharing, 854, 895-896

status checks, 914-915

Terminal Services support for, 924-925

test pages, printing, 914

troubleshooting, 913-918

user access to shared, 865-867

VBScript for connections, 867

Wait Timeout property, 892

watermarks, 893-894

private IP addresses

classes of, 635-636

guideline for using, 647-648

static IP address assignment, 661

privileges

accounts, relationship to, 1178

default, groups assigned to, table of, 1178-1181

Problem Reports And Solutions console, 22, 237

problem resolution policy documents, 1371-1373

problem-escalation procedures, 1319

processes

get-process command, PowerShell, 309-310, 315-320

Processes tab, Task Manager, 308

statistics, table of names and descriptions, 316-319

stopping, 320

Task Manager display of, 314-320

terminating with Software Explorer, 288

processors. See CPUs (central processing units)

product keys

changing, 127

entering, 85-86

product management teams, 31

Profile A Single Process privilege, 1180

Profile System Performance privilege, 1180

profiles

setting for accounts, 1193-1194

user. See user profiles

Program Compatibility Assistant, 286-287

program management teams, 32

Programs And Features page, 287-288

project worksheets, 37

protocol installation options, 82-83

proxy tickets, 1040

PSCs (Password Settings containers), 1169

PSOs (Password Settings objects), 1169, 1173-1177

public file sharing

configuring, 549-550

overview of, 548

PUBLIC shares, 555

Public folder

configuring, 549-550

purpose of, 548

public IP addresses

defined, 635

determining number needed, 649

subnets with, 640

PUBLIC shares, 555

Q

QRTD (Intel Quick Resume Technology Driver), 381

queues, printer

queue errors, 916

queue priority, 896-898

queues, location of, 845

queues, tracking performance of, 911

Quick Launch toolbar, 143, 148-149

quorums

resources, failover clustering, 1354, 1362

server clusters, 1330

quota management

adding users outside local domain, 530

Administrators group, special treatment of, 526

capabilities of, 525

configuring quotas, 527-528

defined, 525

exporting entries, 534

importing entries, 534

logging events, 533-534

organizational culture issues, 525-526

ownership changes, 526

quota entries, viewing, 532-534

Recycle Bin, effect of, 527

setting quotas for individual users, 529-532

user notifications, 532

viewing quotas, 529

violations, checking for, 532-534

volume basis of, 526

R

RAID (redundant array of independent disks)

availability gains from, 414

disk I/O bottlenecks, 361

failover clustering requirements, 1349-1350

NLB (Network Load Balancing) with, 1336

paging file effects, 306

planning for installations, 80

RAID 0 configuration, 454-455

RAID 1 configuration, 457-462

RAID 5 configuration, 462-463

RAID 5 troubleshooting, 466

RAID-5 volumes, 452

software RAID, 430

RAM. See memory

RAW data type

defined, 842

port monitor settings, 863-865

printing process with, 843

PScript5.dll engine for, 846

RDC (Remote Desktop Connection)

admin mode starts, 615

Advanced tab, 619

client features, 613-614

Clipboard with, 618

connection bar, 619-620

connection speed settings, 618

desktop settings, 618-619

device control, 618

Display tab, 617-618

encryption issues, 613

ending sessions, 620

Experience tab, 618-619

General tab, 617

keyboard combinations, 618

loading saved connection settings, 617

Local Resources tab, 617-618

logons, 616-617, 619

lost connections, 619

printers with, 618

Programs tab, 618

purpose of, 607

specifying computer to connect to, 616

starting clients, 615-616

Terminal Services, as client for, 919

virtual mode starts, 616

RDC (Remote Differential Compression), 1078

RDNs (relative distinguished names)

defined, 1003

searching, 1010-1011

RDP (Remote Desktop Protocol)

RemoteApps .rdp file creation, 970-971

Terminal Services, configuring for, 958-960

TS Gateway, used by, 920

Read & Execute permission, 572

Read Attributes special permission, 573

Read Data special permission, 573

Read Extended Attributes special permission, 574

Read Group Policy Results Data permission, 1251, 1253

Read Permissions special permission, 575, 880

Read permissions, file sharing, 564, 572

read/writable domain controllers. See domain controllers

Read-Only Domain Controller group, 1159

read-only domain controllers. See RODCs (read-only domain controllers)

realm trusts, 1034-1038

Receive Window Auto Tuning, 632

recovery. See also restores

applications, of specific, 1403

authoritative restores of Active Directory, 1412-1414

current server data, 1402-1405

disaster planning aspect of, 1370

domain controller strategies, 1409-1410

domain controllers, restoring failed with new, 1415-1416

event logs of, 1405

folders, of, 1403

full system recoveries, 1408-1409

location to recover to, selecting, 1404

nonauthoritative restores of Active Directory, 1411-1412

OS recovery, 1408-1409

overwriting options, 1404

plans (data), 1318-1319

Recovery Wizard, 1402-1407

remote server data recovery, 1406-1407

Repair Your Computer option, 1377-1378

Startup Recovery Options wizard, 1378

Startup Repair Tool, 1408-1409

stop errors, recovering from, 1378-1380

system state recovery, 1407

Sysvol data, 1414-1415

volumes, of, 1403

Windows Complete PC Restore, 1377

Windows Error Recovery mode, 1418-1419

Windows Memory Diagnostics Tools, 1377

Windows Recovery Environment, 1377

Windows Server Backup for, 1388

Recycle Bins, quota management effects, 527

redundancy

components for improving, 1312

power supply, 1314

refreshing Group Policy objects, 1268-1278

Regedt32, 250, 278

Regional and Language Options utility, 125

Registries

32-bit and 64-bit keys, 252

access control to, 277-278

adding values and keys, 266

application settings storage, 247

auditing access to, 283-284

backing up, 272

command line for editing, 271

Components subkey, 253-254

configuration data sets, 368

control sets, 257

creation of data in, 260-261

data types in, 261-262

database nature of, 248-249

device enumeration, 257

Directory Replicator remote access requirement, 282

driver configuration settings, 222

Editor, 250, 262-271

Editor, modifying permissions on, 277

hardware profiles, 257

Hardware subkey, 254-255

hives, 249, 260-261, 270

HKEY_CLASSES_ROOT (HKCR), 252, 258-259

HKEY_CURRENT_CONFIG (HKCC), 252, 259

HKEY_CURRENT_USER (HKCU), 252, 259

HKEY_LOCAL_MACHINE (HKLM), 252-258

HKEY_USERS (HKU), 252, 258

importing and exporting Registry data, 267-269

keys, 251

loading hives, 270

maintenance overview, 273-274

modifying values, 264-265

organization of, 246

paths, parsing, 251

permissions on keys, 278-282

purpose of, 245-246

redundancy of, 260

REG command, 271

REG command, modifying permissions on, 277-278

regedit command, 262

Regedt32, 250, 278

remote access, blocking, 281-283

remote machine modification, 267

Remote Registry service, 283

removing damaged settings, 276

removing settings for failed installations, 276

removing values and keys, 266

restoring, 272

root keys, 251-259

SAM (Security Accounts Manager) subkey, 255

searching, 263

security issues, 276-284

Security subkey, 255

size of, 249

Software subkeys, 255-256

Spooler Service remote access requirement, 282

standard user tokens, 247

storage in memory, 249-250

structure of, 248-251

subtrees, 251

subtrees, table of, 251-252

System subkey, 256-258

Terminal Services configuration for applications, 942-943

tools as interfaces for, 248

Transactional, 247

Uninstall Or Change A Program utility, 273

unloading hives, 270

value entry paths, 248-249

values, 251

virtualization, 246-248

virtualization for legacy applications, 296

Windows Installer Clean Up Utility, 273-274

Windows Installer Zapper, 275-276

relay agents, DHCP, 689-693

release management teams, 32

Reliability And Performance Monitor console

CPU statistics, 345

data collector sets, 363-364

Disk statistics, 345

Memory statistics, 345

Network statistics, 345

Performance Monitor. See Performance Monitor

Performance Monitor location, 346

purpose of, 108

reliability. See Reliability Monitor

starting, 344-345

Reliability Monitor

location of, 346

pinpointing stability problems with, 346

purpose of, 343

remote access

administrating file sharing, 556

administration with. See Remote Desktop for Administration; Remote Desktops snap-in

enabling Remote Desktop, 324-325

MMCs with, 162-163

performance monitoring with, 354-355

Registry, blocking access to, 281-283

remote administration. See Remote Desktop for Administration

Remote Application, Terminal Services

applications available through. See RemoteApps

function of, 920

Remote Assistance, 12

Remote Desktop for Administration

admin mode, 608, 615

Allow Connections configuration options, 609-610

authentication certificates required, 610

BitLocker booting issue, 478

client settings tabs, 617-619

configuration, starting, 114

connection speed settings, 618

data prioritization settings, 614

defined, 12

device management, 221

disconnecting vs. logging off, 624

enabling, 324-325, 607, 609

encryption issues, 613

ending sessions, 620, 624

enhanced experience settings, 614

firewalls with, 610

flow control settings, 614

limitations of, 608

logons, 616-617, 619

lost connections, 613, 619

monitor spanning, 613

number of active administrators allowed, 608

organizational policy for, 608

passwords, 610

permissions for, 610-612

Plug and Play device redirection, 615

printers with, 618

purpose of, 607

RDC (Remote Desktop Connection) with, 607

RDC client features, 613-614

Registries, editing, 267

Remote Desktop Users group, 610-611

Remote Desktops snap-in for connecting to, 620-622

Remote Registry service, 283

resource redirection, 615

restricting users and groups from, 612

RSAT (Remote Server Administration Tools), 189

sessions allowed, 325

specifying computer to connect to, 616

starting clients, 615-616

Terminal Services policy configuration, 612-613

Terminal Services, relation to, 607

tracking logged-on clients, 623-624

virtual mode, 608, 616

Windows Firewall with, 610

Remote Desktop Users group

Terminal Services, 924

Terminal Services, adding to, 938

Remote Desktops snap-in. See also Remote Desktop for Administration

disconnecting, 621

establishing connections, 620

purpose of, 609

saving configurations, 622

screen options, 621-622

starting, 620

RemoteApp Manager, Terminal Services

configuring RemoteApps with, 966-975

purpose of, 922-923

RemoteApps

.rdp file creation for, 969-971

Alias property, 967

appearance to clients, 968

automatic installation with Terminal Server, 966

choosing programs step, 966-967

client access methods, 969

client computer devices and resources, 974-975

Command Line Arguments property, 967

defined, 966

deleting programs, 975

deploying the applications, 968-969

deployment setting configuration, 973-975

deployment settings for, copying, 922-923

farm names, 973

file extensions, taking over, 973

Icon property, 967

Location property, 967

making programs available as, 966-968

modifying program properties, 975

Program Name property, 967

Properties options, 967-968

RDP port numbers, 973

RemoteApp Wizard, starting, 966

server authentication settings, 973

server names, 973

TS Gateway settings, 974

TS RemoteApp Manager, starting, 966

TS Web Access availability property, 967

TS Web Access deployment setting, 974

TS Web Access, client access with, 969-970

unlisted programs settings, 974

Windows Installer package creation, 971-973

removable disks, 434

Remove Computer From Docking Station privilege, 1180

repairs. See also troubleshooting

Repair Your Computer, 1377-1378

Startup Repair Tool (StR), 22-24, 1408-1409

reparse points, 517-518

Replace A Process Level Token privilege, 1180

replication

Active Directory, 991-992

Active Directory design consideration, 1008-1009

Administrator, Replication (Rep Admin), 1302-1303

architecture of, 1082-1088

attribute designation, 1014-1016

attribute management, 1076

automatic compression between sites, 1072, 1077

bandwidth considerations, 1097

bridgehead server configuration, 1298-1301

bridgehead servers, 1089-1091, 1094-1095

compression of traffic, 1089

CPU requirements for, 1108

designing structure of, 1098-1105

DFS for. See DFS (Distributed File System)

domain design considerations, 1059

enhancements in 2008, 1076-1077

FRS for. See FRS (File Replication Service)

global catalog partitions, 1095

groups, of, 1216

intersite, 1076-1077, 1089-1091

intersite replication topology design, 1100-1101

intrasite, 1085

ISTG. See ISTG (Inter-Site Topology Generator)

Kerberos role in, 1083

link bridge costs, 1101-1104

link costs, 1100-1101

mapping network infrastructure, 1096-1098

maximum latency, intrasite, 1091-1092

monitoring, 1302-1304

partitions, of, 1093-1095

Performance Monitor, tracking with, 1303-1304

ports used for, 1084

priority, 1086

pull model, 1085

RDC (Remote Differential Compression), 1078

ring topology model, 1085-1087, 1093-1094

RODCs with, 1142, 1154

RPC role in, 1083

scheduling for intersite, 1077, 1089, 1100

schema changes, 1088

services needed for, 1084

single vs. multiple forest designs, 1057

sites, between, 1072-1075

steps in procedure of, 1082-1083

Sysvol, 1077-1082

time delays for, 1085-1086

topology based on number of domain controllers, 1092

transactional processing effects, 1076

troubleshooting, 1302-1303

up-to-dateness vectors, 1088

urgent, 1086

USNs for, 1087-1088

reservations, DHCP, 686, 713-716, 718

reset disks, 1214-1215

resolver caches, 681-683, 811

resources

IRQ settings, 240-243

Resources And Support section, Server Manager console, 118

Restart Manager, 22

restarts, troubleshooting, 1419

restores

authoritative restores of Active Directory, 1412-1414

Group Policy objects, of, 1280-1281

registries, 272

Restore Files And Directories privilege, 1181

Startup Repair Tool, 1408-1409

reverse lookups, DNS

queries, 743-744

zone creation, 781-782, 785-786

zones defined, 774

RID (relative ID) masters, 57, 1044-1046

rights

assigning user rights for domains and OUs, 1182-1183

logon. See logon rights

user. See user rights

ring topology model of replication, 1085-1087. See also ISTG (Inter-Site Topology Generator)

roaming user profiles

adding to Administrators group, 1197

configuring, 1200-1201

data storage, 1196

defined, 1196

denying access on per-computer basis, 1197

folder path, specifying, 1197

location for storage of, 1196

preconfigured, creating, 1198-1199

preventing changes from propagating, 1197

switching to local, 1202

RODCs (read-only domain controllers)

account access, viewing, 1163-1164

account password policies for, 1148

ACLs for, 1158

Active Directory Domain Services Installation Wizard step, 1150

Add Roles Wizard step for installing, 1150

additional domain controllers in existing domains, 1155-1156

administrative advantages of, 1145

administrative permissions, delegation of, 1149, 1153, 1165

adprep /rodcprep command requirement, 1149

Advanced Installation mode advantages, 1149

Advanced Installation mode selection, 1150

advantages of, 1141

Allowed RODC Password Replication group, 1159-1160

application readiness for, 1143

authentication process, 1144-1145

caching of credentials by, 1144-1145

credentials management, 1162-1164

defined, 1008

Denied Accounts list, 1160

Denied RODC Password Replication group, 1159-1160

deployment configuration options step, 1150

design considerations for, 1145-1148

DNS on, 1143

DNS requirements, 1149

DNS server option, 1151

domain functional level requirements, 1148

domain selection step, 1151

dsmgmt command with, 1165

editing Password Application Policy, 1160-1162

Enterprise Read-Only Domain Controller group, 1159

exporting settings to answer files, 1155

file locations, configuring, 1154-1155

forest functional level requirements, 1148

future changes likely in, 1141

global catalog server option, 1151

global catalog server requirements, 1148

groups specific to RODCs, 1159

install from media option, 1149, 1154

installing, 1148-1158

IP address issues, 1150, 1152

KDC advertisement of, 1144-1145

Kerberos Target account of, 1144-1145

limited functions of, 1145

media installations of, 1156-1158

multi-valued directory attributes, 1159

Network Credentials step, 1151

overview of, 1141-1142

Password Replication Policy configuration, 1149, 1152, 1158-1165

PDC emulator requirements, 1145, 1148

preinstallation check list, 1148-1149

prerequisite operating systems, 1141

Read-Only Domain Controller group, 1159

replication fundamentals for, 1142, 1146

replication of partitions, 1146-1147

replication partners, choosing, 1154

Restore Mode password selection, 1155

site selection step, 1151

sites, relationship to, 1145-1148

WANs with, 1148

roles

AD CS (Active Directory Certificate Services), 186

AD DS (Active Directory Domain Services), 186, 193

AD FS (Active Directory Federation Services), 186

AD LDS (Active Directory Lightweight Directory Services), 186

AD RMS (Active Directory Rights Management Services), 186

adding roles, 192-195

additional required features, 194

Application Server, 186

command line management of. See ServerManagerCmd

component names, 202-207

configuration overview, 185

DHCP Server, 186

DNS Server, 186

Fax Server, 186

features, 185

features, adding, 199

features, removing, 199-200

features, table of, 188-190

File Services, 187

managing. See Server Manager console

NPAS (Network Policy And Access Services), 187

operations master, set of, 1044-1046

overview in Server Manager console, 117-118

Print Services, 187

removing server roles, 195-196

role services, 185

role services, adding, 197

role services, removing, 198

server roles, 185

table of primary roles and services, 185-187

Terminal Services, 187

UDDI (Universal Description Discovery Integration) Services, 187

WDS (Windows Deployment Services), 187

Web Server (IIS), 187

Windows SharePoint Services, 187

WSUS (Windows Server Update Services), 187

Rollback wizard, 1378

rolling back installations, 84

root domains, 1000, 1003-1004

round-robin load balancing

DNS for, 797

Terminal Services with, 944-945

TS Session Broker servers, 950-951

routers

DHCP console router address specification, 706

IPv4 addresses for, 639

Network Load Balancing with, 1334

obtaining addresses of, 678

troubleshooting, 678-679

zone IDs of, 678

Routing and Remote Access Services, 737-739

Routing Compartments, 632

RPC (Remote Procedure Call) over HTTP Proxy

print server connections, 847-848

purpose of, 189

replication role, 1083

site connections using, 1288

RRAS (Routing and Remote Access Service)

DHCP, integration with, 686-687

setting options for, 722-723

RSAT (Remote Server Administration Tools), 189

RSM (Removable Storage Manager), 189

RSoP (Resultant Set of Policy)

granting permissions for, 1253

permissions to determine, 1251

run levels

configuring, 298-299

RunAsAdmin, 297

RunAsHighest, 297

RunAsInvoker, 296

security settings related to, 299-301

security tokens for, 247

RWDCs (read/writable domain controllers). See domain controllers

S

SA (Software Assurance), 66

Safe Mode, 1416-1418

SAM (Security Accounts Manager)

Active Directory use of, 990

Registry subkey, 255

role in non-Active Directory systems, 990

Windows NT 4 with Active Directory, 992

SANs (storage area networks)

Active Directory configuration issues, 1110-1111

booting from, 409-411

clusters using, 409-411

command-line tools for managing, list of, 409

defined, 406-407

DFS (Distributed File System), 408

failover clustering with, 1351-1352

FRS (File Replication Service), 408

LUNs (logical unit numbers), 411

Multipath I/O, 408, 411-414

sites, multiple physical, 1329-1330

Storage Explorer tool, 108

Storage Manager for SANs, 189, 411

troubleshooting, 410

VDS (Virtual Disk Service), 408

volume automounting, 408

VSS (Volume Shadow Copy Service), 407

SATA devices, 211-212

scalability

clustering, limits by OS version, 1326

goal of clustering servers, 1325

Terminal Services, improvement of, 927-928

schedules for projects, setting, 46-47

schema master role, 1044-1047

schemas, Active Directory

forests, sharing for domains in, 1055

replication, 1088

scopes for IP addresses

activation of, 716-717

adding during DHCP installations, 697

defined, 686

exclusions, 712-713

multicast, 702

Netsh command for management, 710-711

normal IPv4 scopes, 702-707

normal IPv6 scopes, 708-710

normal scopes, 701

planning address ranges for, 702

superscopes, 702

TCP/IP scope options, 718

types of scopes supported, 701-702

screen savers, 121

scripts

running in clustered environments, 1363

Terminal Services application compatibility scripts, 942

Search box, 132-133

secondary DNS servers

notification configuration, 793-794

purpose of, 750

zone creation, 775

zone setup, 770-771

sectors, 497-498

secure desktop, 298

security

Admin Approval Mode, 290-293

auditing file and folder access, 581-585

authentication for. See authentication

design planning issues, 51

DHCP issues, 688-689

direct physical access issues, 467

disabling secure communications requirement, 1111

DNSSEC (DNS Security), 757-758

drive encryption. See BitLocker Drive Encryption; EFS (Encrypting File System)

encryption, file. See EFS (Encrypting File System)

firewalls for. See firewalls

intrusion detection, 1319-1320

Local Security Policy console, 1241-1242

logons. See logon rights

man-in-the-middle attacks, 1111

passwords for. See passwords

permission settings. See permissions

physical, 1370

planning for deployments, 41-42

policies for. See Group Policy

printer. See printer permissions

Registry protection, 276-284

Registry subkeys, 255

Security Configuration And Analysis snap-in, 1266-1268

Security log, 327

security template configuration, 1266-1268

standards selection, 52-53

subsystem. See security subsystem

Terminal Services, 961-964

tokens for applications, 247

tokens, generation of, 1020-1022

TPM. See TPM (Trusted Platform Module) Services

UAC. See UAC (User Account Control)

viewing status with Server Manager, 118

Windows Defender, 12

Security Accounts Manager. See SAM (Security Accounts Manager)

security descriptors, 1188

security groups, 1216

security subsystem

Active Directory a subset of, 987

authentication mechanisms, list of, 989

authentication procedure, 990

Directory service (Ntdsa.dll), 990

key areas used with Active Directory, 989-990

logon/access features used with Active Directory, 989-990

LSA (Local Security Authority), 988-989

LSA Server use with Active Directory, 990

NET LOGON, 989

non-Active Directory systems, 990

Security Accounts Manager, 990

user mode, 987

seismic protection, 1315

Selected Acknowledgments (SACKs)

Extended, 631

SACK-based Loss Recovery, 632

selective startups, 385-388

Self-Healing NTFS, 520-521

separator pages

customization, 905-906

default pages, 902-903

defined, 902

interpreting code for, 905

printer-installed pages, 903

problems caused by, 918

selecting, 903

testing, 904

variables, table of, 904-905

server farms, 1325-1326

Server Manager console

adding roles, 192-195

command line counterpart of, 185

Computer Information section, 117

Configuration node, 117

Device Manager, opening, 219-220

device display options, 221

Diagnostics node, 117

downloadable components, 190-191

Features node, 117

Features Summary section, 118

groupings of roles, services, and features, 185

IE ESC, 118

installing Active Directory with, 1112

purpose of, 116

removing server roles, 195-196

Resources And Support section, 118

role services, adding, 197

role services, removing, 198

Roles node, 117

Roles Summary section, 118

Security Information section, 118

starting, 116-117

viewing configured roles and services, 191

server roles. See also roles

defined, 185

planning for, 57-61

ServerManagerCmd

component names, 202-207

determining installed components, 207

-inputPath, 201

-install command, 201

installing components, 208-209

parameters for, 201-202

purpose of, 200

-query command, 201, 207

-remove command, 201

removing components, 209

-version command, 201

servers

Active Directory. See domain controllers

clusters. See clusters, server

DHCP. See DHCP (Dynamic Host Configuration Protocol)

DNS. See DNS (Domain Name System)

hardware components of. See hardware

planning issues, 58-61

printer. See print servers

server rooms. See structures and facilities

services

control commands for, 322

delegating authentication for, 1040-1043

failure recovery, 19

get-service command, PowerShell, 310

restarting, 322

startup problems from, 387

viewing information on, 321-322

Services tool, 108

Session Directory Computers group, 944, 946-947

session state maintenance with NLB, 1335

session tickets

KDC servers handling of, 1025-1026

Kerberos policy settings, 1173

sessions, Terminal Server, 325-326

setting up Windows Server 2008. See installing Windows Server 2008

Setup log, 327

Setup.exe

alternate file folder option, 70

answer file specification, 70

baud rate for EMS option, 71

booting methods, 70

debug mode, 96-97

drive location for temporary files, specifying, 70

Emergency Management Services options, 70-71

general installation parameters, 70-71

no reboot option, 70

rolling back, 84

starting, 84

Stop errors, 98-99

shadow copies

API for, 589

autoretry interval, 599

backups, advantages for, 1383

clients for, 592

clustered servers issues, 595

configuring in Computer Management, 593-596

copying snapshots, 605

Create Now command, 596

defragmentation issues

deleting shadow copies of volumes, 597

deleting specific snapshots, 596, 601-602

differential copy procedure, 590

disabling shadow copies, 597, 602

enabling from command line, 598-599

file recovery by users goal of, 588

files centrally manageable with, 588-589

how it works, 589-590

key issues for implementing, 590

locations for files, 591, 594

manual snapshot creation, 596, 599

Maximum Size option, 594-595

mount point issues, 594

opening copies in Windows Explorer, 605

overview, 587

planning deployment of, 588-592

Previous Versions client feature, 603-605

purpose of, 587-588

restoring folders, 605

reverting entire volumes, 597-598, 602-603

scheduled runs of, 590-592, 595-596

service writers installed, 589

settings, changing, 596

snapshot creation, 588, 596-597

storage information, viewing, 601

storage requirements for, 590-591

user instructions for, 592

viewing allotted storage, 591

viewing information on, 600-601

volume selection for, 590-591, 594

Volume Shadow Copy Service, 581-585

VSSAdmin command-line commands, 598-603

Share And Storage Management console, 415

Shared Configuration feature, 1337

SharePoint (Windows SharePoint Services), 187

sharing files. See file sharing

shortcut trusts

creating, 1035-1038

purpose of, 1003

rapid authentication effects of, 1028-1029

shrinking partitions, 446-447

Shut Down The System privilege, 1181

shutdowns, troubleshooting, 1419

SIDs (security identifiers)

Active Directory use of, 993

user account, 1210

Simple TCP/IP Services, 189

simple volumes, 453-454

site links

adding sites to, 1290

advanced link options, 1301-1302

bridgehead server configuration, 1298-1301

choosing during site creation, 1284-1285

compression option, 1302

costs, 1289, 1295

creating, 1289-1292

default, 1287

endpoints of, 1289

firewall port issues, 1289

IP replication transport, 1288

ISTG with, 1287, 1297-1298

management overview, 1287-1288

naming, 1290

notification for replication option, 1301-1302

purpose of, 1287

replication interval, 1289, 1291-1292

replication issues, 1287

replication schedule, 1289, 1291-1294

replication schedules, 1297

replication transports for, 1288

RPC over IP with, 1288

site link bridges, configuring, 1295-1297

SMTP replication transport, 1288

testing replication, 1305-1306

three hop rule, 1292

transitive links, disabling, 1297

transitive nature of, 1288

transport folder selection, 1291

two-way synchronization option, 1302

sites, Active Directory

bandwidth considerations, 1075, 1097

boundary determination, 1075

bridgehead servers, 1072, 1089-1091

compression of traffic, 1077, 1089

creating, 1283-1285

Default-First-Site-Name creation, 1283

defined, 1071

designing, 1098-1105

DFS with, 1073-1074

DHCP server placement, 1105

DNS server placement, 1105

domain controller placement, 1104-1105

domain controller requirements, 1285

domain controllers, associating with, 1286-1287

domains, relation to, 1071

first site creation, 1283

global catalog requirements, 1073, 1105, 1285

Group Policy inheritance order, 1254

Group Policy Management Console (GPMC) with, 1244

intersite replication, 1076-1077, 1089-1091

intersite replication topology design, 1100-1101

intersite vs. intrasite replication, 1071

intrasite replication, 1085

ISTG (Inter-Site Topology Generator), 1089-1091

KCC (knowledge consistency checker), 1077, 1085, 1091-1092

LANs and WANs, relation to, 1071

link bridge costs, 1101-1104. See also site links

link costs, 1100-1101

links. See site links

mapping network infrastructure, 1096-1098

mapping networks to site structures, 1098-1099

name resolution requirements, 1073

naming, 1099-1100, 1284

partitions, replication of, 1093-1095

replication architecture, 1082-1088

replication between, 1072-1075

RODCs, designs with, 1145-1148

scheduling for intersite replication, 1077, 1089

scheduling replication, 1100

server placement, 1104-1105

single vs. multiple site designs, 1072-1074

site-aware applications and services, 1073-1074

subnet creation, 1285

subnet requirements, 1071

subnets, associating with, 1285-1286

subnets, relationship with, 1283

Sysvol replication, 1077-1082

sites, multiple physical, 1329-1330

sleep states, 379-380

smart cards, requiring for logons, 1192

SMB (Server Message Block) version 2, 17

SMTP (Simple Mail Transfer Protocol) Server

purpose of, 189

replication transport, 1288

snap-ins. See MMCs (Microsoft Management Consoles)

SNMP (Simple Network Management Protocol), 189

Software Assurance, 66

Software Explorer, terminating processes with, 288

software installation

2008 compliance requirements, 285-286

backups recommended before, 286

configuration after installs, 287-288

diagnosing problems, 286

downloaded programs, 287

elevated privileges requirement for, 285

failed installation procedure, 287

installer program requirements, 286

known compatibility issue detection, 286

Programs And Features page for, 287-288

run-level designations, 296-297

security settings related to, 299-301

Software Explorer, 288

software licensing programs. See licensing

sound schemes, 121

spanned volumes

creating, 453-454

defined, 452

recovering, 455-456

spare parts, 1312

sparse files, 518-519

special permissions, file and folder, 573-578

special shares, 553-555

split-brain DNS design, 762-763

spool folder permissions, 881

spoolers, printer. See Print Spooler service

Spurious Retransmission Timeout Detection, 632

spyware protection, 12

SQL Server clustering requirements, 1349

SRA (Secure Remote Access), 18

SRKs (Storage Root Keys), 468

SSO (Single Sign On), 18

SSTP (Secure Socket Tunneling Protocol), 18

stabilizing phase of MSF (Microsoft Solutions Framework), 28

Standard edition, Windows Server 2008

features of, 5

hardware requirements for installations, 72-73

selection criteria, 61

standard file sharing

configuring, 549

defined, 547

hidden shares, 553

mapping share folders as network drives, 550-551

standard user tokens

default nature of, 294

purpose of, 247

standardization of hardware for high availability, 1311-1312

standardized software components for system services, 1310

standby state, Windows Vista configuration of, 378

standby systems, 1312

Start menu

adding items, 134-135

All Programs button, 133

changes from 2003, 130-131

copying items, 135-136

folder options, 131-132

frequently used programs list, 133, 137-140

hiding items, 136-137

highlighted items, 136-137

optional folders, 132

pinned items, 133

removing items, 141

renaming items, 141

saving custom console tools to, 172-173

Search box, 132-133

sorting items, 140

standard menu new features, 133-134

views available, 129-130

startup

issues compounded in 2008, 377. See also boot configuration

Startup And Recovery dialog box, 384-385

Startup Recovery Options wizard, 1378

Startup Repair wizard, 1374-1375

startup scripts, Group Policy, 1264-1265

stop errors, recovering from, 1378-1380

System Configuration, 385-388

troubleshooting, 1416-1418

Windows Error Recovery mode, 1418-1419

Startup folder, taskbar, 145-147

Startup Repair Tool (StR), 22-24, 1408-1409

static IP addresses, assignment of, 660-663

stop errors

causes of, 98-99

recovering from, 1378-1380

storage. See also file systems

Active Directory requirements for, 1108

adding new disks, 423-424

allocation unit size, 438

availability, 414

backups, selecting for, 1390

basic disk type, 428-432

capacity requirements, 413-414

clusters with, 409-411

command-line tools for managing, list of, 409

Computer Management Storage Tools, 116

DAS (direct-attached storage), 405-406

deleting volumes, 448

DFS (Distributed File System), 408

DFS command-line tools, 409

Dfscmd tool, 409

disk I/O subsystem, 497

Disk Management. See Disk Management snap-in

disk quota management, 415

disk write caching, 424

DiskPart tool, 409

disks for. See hard disk drives

drive letter configuration, 440-442

drives. See hard disk drives

dynamic disks, 428-432

ESP partition type, 449-450

extending partitions, 443-446

external storage, 406

fault tolerance, 1312

file services for. See File Services

formatting partitions, 437-439

FRS (File Replication Service), 408

FSutil tool, 409

hot-swapping disks, 423

importance of managing soundly, 405

increasing need for, 405

internal storage, 405-406

LDM partitions, 451-452

LUNs (logical unit numbers), 411

managing GPT partitions on basic disks, 449-452

managing MBR partitions on basic disks, 434-448

mirrored volumes, 452, 457-462, 464-466

mount points, 442-443

moving dynamic disks, 456-457

MSR partitions, 450-451

Multipath I/O, 408, 411-414

NAS, 406

NTFS recommended file format, 437

OEM partitions, 452

partition styles, 425-428

partitions. See partitions, drive

performance requirements, 413-414, 424

primary partitions, 451

RAID. See RAID (redundant array of independent disks)

recovering disks, 455-456

recovery plans, 1318-1319

removable disks, 434

report generation, 415

SANs, 406-407. See also SANs (storage area networks)

shadow copy requirements for, 590-591

shrinking partitions, 446-447

simple volumes, 453-454

spanned volumes, 452-454

striped volumes, 452, 454-455, 462-463

types, 428

VDS (Virtual Disk Service), 408

volume automounting, 408

volumes. See volumes

VSS (Volume Shadow Copy Service), 407

Vssadmin tool, 409

storage area networks. See SANs (storage area networks)

Storage Manager for SANs, 189

Store Passwords Using Reversible Encryption setting, 1171, 1175

StR. See Startup Repair Tool (StR)

striped volumes

configuring RAID 0, 454-455

configuring RAID 5, 462-463

defined, 452

recovering, 455-456

strong passwords, 88

structures and facilities

access control systems, physical, 1315

cabling, 1314

checklist, 1315-1316

dust and air quality, 1314

factors to consider, list of, 1313

fire suppression systems, 1315

humidity, 1314

importance of, 1313

power supplies, 1314

seismic protection, 1315

sites, multiple physical, 1329-1330

surveillance, physical, 1315

temperature, 1313-1314

UPS (uninterruptible power supplies), 1314

subnets

allocating, 641-642

broadcasts, 637

class A network subnets, 642-644

class B network subnets, 644-645

class C network subnets, 645-646

creating, 1285

defined, 639

mapping network infrastructure, 1096-1098

masks, 639-640

masks assigned to adapters, viewing, 673

network prefix notation, 640-641

public addresses with, 640

purpose of, 639

sites, Active Directory, relation to, 1071, 1283

sites, associating with, 1285-1286

static IP address assignment, 661-663

troubleshooting, 677

superscopes, 702

support architecture

Network Diagnostics Framework, 15-18

overview of, 14-15

WDI (Windows Diagnostics Infrastructure), 19-25

surveillance, physical, 1315

Synchronize Directory Service Data privilege, 1181

System Configuration, 385-388

System Console, 126-128

System log, 327

system partitions

defined, 77

mirrored system volumes, 459-462

striped and spanned volumes, prohibited on, 429

system state data

backups of, 1382-1383

recovery of, 1407

system tray, 145-148

System utility Startup And Recovery panel, 1378-1380

Sysvol

Group Policy components in, 1237

location choices, 1109

location for, selecting, 1119

media-based Active Directory installations, 1126-1129

replication of, 1077-1082

restoring, 1414-1415

T

Take Ownership Of Files Or Other Objects privilege, 1181

Take Ownership special permission, 575, 880

Task Manager

Applications tab, 314

CPU statistics, 311-313

image names, 308

memory usage, 312-313

Networking tab, 323-324

opening, 308

performance monitoring features, 308-309

Performance tab, 311-313

processes, 308, 314-320

Services tab, 321-322

System statistics, 312

Terminal Services connection data, 325-326

Task Scheduler

purpose of, 12

shadow copy dependence on, 596

taskbars

Address toolbar, 149-150

areas of, 143

Auto Hide feature, 144

creating personal toolbars, 150-151

Desktop toolbar, 150

grouping items, 145

icon control, 147

Links toolbar, 150

location, changing, 143-144

locking, 144-145

Notification area, 143, 145-148

program control with, 145-148

Programs/Toolbars area, 143

purpose of, 143

Quick Launch, 143, 148-149

resizing, 143-144

Startup folder, 145-147

system tray, 145-148

toolbar optimization, 148-151

taskpads

Active Directory Users And Computers example, 174

creating, 176-178

editing, 178

editing tasks, 183

items allowed in, 173

menu command task creation, 179-180

navigation task creation, 181-183

New Task Wizard, 179-183

purpose of, 173

removing tasks, 183

shell command task creation, 180-181

task creation, 179-183

tasks defined, 173

view styles, 174-176

TCP (Transmission Control Protocol). See also TCP/IP (Transmission Control Protocol/Internet Protocol)

Automatic Black Hole Router Detection, 631

Compound TCP, 631

defined, 627

TCP Extended Statistics, 632

TCP/IP (Transmission Control Protocol/Internet Protocol)

addressing. See IP addresses

automatic address assignment. See DHCP (Dynamic Host Configuration Protocol)

Automatic Black Hole Router Detection, 631

configuring. See configuring TCP/IP networking

defined, 627

DHCP, setting options with. See TCP/IP options under DHCP

DHCPv6 capable client, 632

dual IP architecture, 631

Extended Selected Acknowledgments, 631

host IDs, 633

installing. See installing TCP/IP networking

IPv4. See IPv4 (Internet Protocol version 4)

IPv6. See IPv6 (Internet Protocol version 6)

Modified Fast Recovery Algorithm, 631

NAT (Network Address Translation), 635-636

Neighbor-Unreachability Detection, 631

network IDs, 633

Next Generation TCP/IP stack, 631-632

port monitor settings for printers, 863-865

Receive Window Auto Tuning, 632

SACK-Based Loss Recovery, 632

Simple TCP/IP Services, 189

Spurious Retransmission Timeout Detection, 632

subnetting. See subnets

Windows Filtering Platform, 632

TCP/IP options under DHCP

class options, 718

client-specific options, 718

Default Router Metric Base option, 721

default user classes, 719-720

directly connected clients, setting options for, 723-724

Disable NetBIOS option, 721

DNS Domain Name option, 719

DNS Servers option, 719

levels of options, 717-718

message limitations, 717

Microsoft Add-On options, 720-721

NAP clients, setting options for, 722-723

NetBIOS Scope option, 719

predefined options, 717

Release DHCP Lease On Shutdown option, 721

reservation options, 718

Router option, 719

RRAS clients, setting options for, 722-723

scope options, 718

server options, 718

setting options for all clients at a level, 721

standard options, table of, 718-719

user class memberships, viewing, 720

user-defined classes, 724-726

vendor classes, 720-721

WINS/NBNS Servers option, 719

WINS/NBT Node Type option, 719

team identification for planning deployments

architecture teams, 31

defined, 29

departmental representation on teams, 32-33

development teams, 32

management team growth issues, 37

Microsoft Solutions Framework Team Model, 31-32

outsourcing responsibilities, 33

product management teams, 31

program management teams, 32

release management teams, 32

size of teams, 31

testing teams, 32

user experience teams, 32

technical specification development. See designing new networks

temperature of server rooms, 1313-1314

Terminal Services

activating license servers, 954-957

adding terminal servers to specific groups, 976

adding user and group permissions, 963-964

adding users and groups, 938-939

administration tools for, 921-925

advantages of, 919

application compatibility scripts, 942

applications, choosing, 939-940

applications, installing, 932-934, 936-937, 939-943

auditing access to, 964-966

authentication method selection, 937

Automatic Connection licensing method, 955

bandwidth requirements, 920

CAL Installation Wizard, 954-957

capacity planning, 927-931

Change Logon command, 941

Change Port command, 941

Change User command, 941

Client Licensing Wizard, 956-957

client overview, 919-921

command-line commands for managing, 978-980

Configuration tool, 922, 957-958

connecting to a specific server for managing, 976

connecting to a user's session, 977

CPU impact on capacity, 928-930

data entry worker clients, 928

defined, 60, 187

Delete Temporary Folders On Exit setting, 960

Desktop Experience feature, 938

disconnecting active sessions, 977

disk performance requirements, 931

editing settings, 960-961

encryption support, 924, 959

environment settings, 959

Execute mode, 940

experience settings, 930

feature dependence on bandwidth, 920

Full Control permission, 961

Gateway, 920, 924, 932

Gateway Manager, 923

global connection settings, 958-960

grace period for license servers, 952

groups of servers, actions available for, 976

Guest Access permission, 961

HKCU and HKLM, 940-941

importing information from TS Session Broker, 976

Install mode, 940-941

installing for multi-server deployments, 934-935

installing for single-server deployments, 932-933

installing license servers, 952-953

installing terminal servers, steps for, 936-938

key elements of, 919

knowledge worker clients, 928

License Server Discovery Mode setting, 961

license servers, setting up, 951-957

licensing, 925-927, 937

Licensing Manager, 922, 954-957

listing terminal servers, 976

listing user connections to, 325-326

load balancing with, 933-935. See also TS Session Broker servers

logging off users administratively, 977

Logoff command, 980

logon settings, 959

Manager, 921, 975-978

Member Of Farm In TS Session Broker setting, 961

memory requirements, 930

modifying applications after installation, 942-943

Msg command, 980

multi-server deployments, 933-935

network bandwidth requirements, 931

new group creation for terminal servers, 976

number of users, restraints on, 928-931

organizational structure planning, 931-932

OUs, separate for, 613

performance tuning Registry values, 943

permissions, viewing, 962

policy configuration, 612-613

printing enhancements, 924-925

processes running on terminal servers, ending, 977-978

productivity worker clients, 928

purpose of, 919

Query commands, 978-979

RDC client, 919-921. See also RDC (Remote Desktop Connection)

RDP (Remote Desktop Protocol), 920

RDP configuration, 958-960

RDP over HTTPS for Gateway, 924

Redirect Only The Default Client Printer setting, 925

refreshing server information, 976

Registry configuration for applications, 942-943

Remote Application, 920

remote connection verification, 939

remote control of user sessions, 977, 979, 981

remote control settings, 959

Remote Desktop mode. See Remote Desktop for Administration

Remote Desktop Users group, 924, 938-939

RemoteApp Manager, 922-923, 966-975

RemoteApps feature. See RemoteApps

removing terminal servers from specific groups, 976

Reset Session command, 980

resetting user sessions, 977

Restrict Each User To A Single Session setting, 960-961

Resume Configuration Wizard, 938

RootDrv.cmd, 942

scalability improvements, 927-928

security changes in 2008 version, 924

security configuration, 961-964

security permissions settings, 960

sending messages to users, 978, 980

server setup basics, 921-925

session management. See TS Session Broker servers

session settings, 959

SetPaths.cmd, 942

setting user file paths to drive letters, 942

Shadow command, 979

single-server deployments, 932-933

special permissions, table of, 961-962

standard options of, 920-921

system architecture issues, 920-921

Terminal Services Licensing Mode setting, 961

tsadmin.exe command, 975

TSCon command, 980

tsconfig.msc tool, invoking, 957-958

TSDisCon command, 980

TSKill command, 980

Use Temporary Folders Per Session setting, 960

User Access permission, 961

user impact on performance, 928-930

User Logon Mode setting, 961

user profiles, 982-983

user sessions, displaying status of, 978

user sessions, managing, 976-978

virtual sessions, 919, 933-934

Web Access, 920, 932

Web Access Administration, 923

Web access type servers, 921

Windows System Resource Manager with, 938

testing for high availability, 1310

testing teams, 32

themes, 121-122

threads

bottlenecks from, 359

statistics for, 315

tickets. See session tickets

time

Date And Time utility, 122-123

Windows Time, 13

toolbars

Address toolbar, 149-150

creating personal, 150-151

Desktop toolbar, 150

displaying, 150

Links toolbar, 150

Quick Launch toolbar, 143, 148-149

top-level domains, 653

TPM (Trusted Platform Module) Services

BitLocker with, 468, 477-478

boot file validation, 468

changing owner passwords, 476

clearing, 475-476

error, starting console without TPM on, 469-470

firmware compliance, 469

Initialize The TPM Security Hardware wizard, 469, 471-473

initializing for first use, 471-473

management console for, 469

master wrapping keys, 468

password creation for ownership, 471-473

purpose of, 467-468

sealed keys, 468

setting ownership, 471-473

SRKs, 468

status indicators, 470

strength of, 468

TCG-compliant firmware, 469

TPM microchips, 467-468

turning off, 473-474

turning on in firmware, 469

turning on with Management console, 474-475

Tracerpt command, 372-373

Tracert command, 678

traces

startup event traces, 364

trace data sets, 364, 367-368

Tracerpt command, 372-373

transactional NTFS, 520

Transactional Registries, 247

Transmission Control Protocol/Internet Protocol. See TCP/IP (Transmission Control Protocol/Internet Protocol)

Traverse Folder special permission, 573

trees, Active Directory

creating new domains or trees in existing forests, 1125-1126

defined, 1053

privileges required for installing first domain controller, 1113

root domains for, 1054-1055

searching, 1010-1011

structure of, 999-1000

troubleshooting

computer accounts, 1230-1231

CPU-based install issues, 98-99

deployments, initial, 1322

disk drive issues, 100

DNS, 808-821. See also DNS (Domain Name System)

file sharing, 579-581

firmware issues, 100

Group Policy, 1268-1282

hardware, 237-243

hardware removal during installations, 97

installations of Windows Server 2008, 96-100

logs of events. See Event Viewer; events

networking, 323

networks. See network troubleshooting

printing, 913-918

replication, 1302-1303

SANs, 410

shutdowns, 1419

startup issues, 385-388, 1416-1418

trust relationships, 1039-1040

user accounts, 1195

trust paths, 1002-1003

trusts

creating, steps for, 1035-1038

cross-forest transitive trusts, 1030-1032, 1035

defined, 1001

delegating authentication, 1040-1043

direction of trust property, 1035-1037

domain administrators, 1002

enterprise administrators, 1002

explicit trusts, 1028-1029

external trusts, 1003

forests, automatic creation between domains in, 1001

forests, configurations in, 1055

Kerberos for, 1026-1027

New Trust Wizard, 1035-1038

outgoing trust authentication levels, 1038

passwords for, 1037-1038

paths, 1002-1003

permission availability, 1001

realm trusts, 1034-1038

shortcut trusts, 1003, 1028-1029, 1036

transitivity, 1035

troubleshooting, 1039-1040

trust trees, 1027-1028

Trust Type property, 1034

trusted domains, 1002

trusting domains, 1001

two-way transitive trusts, 1027-1028

validation, 1039-1040

viewing existing trusts, 1033-1035

TS Gateway

function of, 920

RDP over HTTPS for, 924

RemoteApps settings for, 974

system requirements for, 932

TS Licensing Manager, 954-957

TS RemoteApp Manager. See RemoteApps

TS Session Broker servers

authorizing Terminal Servers to use, 946-948

automatic startup of service, 944

configuring, 945-946

configuring terminal servers to join, 948-950

Enterprise version requirement, 944

farm names, 949

Member Of Farm In TS Session Broker setting, 961

multi-server environment for, 934-935

overview of, 944-945

redirection configuration, 950

relative-weighting load balancing, 944-945, 949

round-robin load balancing, 944-945, 950-951

Session Directory Computers group, 944, 946-947

Terminal Services Configuration tool, 948-950

third-party router-based solutions issues, 950

TS Session Broker Farm Name policy settings, 948

tsconfig command, 948

workgroup computer account authorization, 947-948

TS Web Access

function of, 920

RemoteApps availability property for, 967

RemoteApps deployment setting, 974

RemoteApps, client access with, 969-970

system requirements for, 932

tuning performance

bottleneck overview, 356

CPU bottlenecks, resolving, 359-360

memory bottlenecks, 356-358

Performance Options dialog box, 305

processor scheduling options, 304-305

purpose of, 303

virtual memory, 305-308

visual effects, minimizing, 303-304

two-way transitive trusts, 1027-1028

Typeperf command, 370-372

U

UAC (User Account Control)

Admin Approval Mode, 290-293

administrator applications, 295

administrator user tokens

application integrity, 294

application settings storage, 247

background tasks for, 290

color coding of elevation prompts, 297-298

configuring settings for, 292-293

elevation, 290

legacy applications, 296

Permissions icons, 289

prompts, criteria for, 289

purpose of, 288-289

run levels, 296-299

security settings related to, 299-301

software installation elevated privileges requirement, 285

standard user tokens, 294

user applications, 295

UDDI (Universal Description Discovery Integration) Services, 187

unattended installing, 69-70

unicast IP addresses

IPv4, 633-636

IPv6, 651

Unidrv, 846

Uninstall Or Change A Program utility, 273

uninstalling Active Directory, 1129-1133

uninstalling programs

Windows Installer Clean Up Utility, 273-274

Windows Installer Zapper, 275-276

universal groups

caching, 1215-1216

defined, 1217

global catalog replication, 1218

member inclusion, 1218

membership caching, 1020-1022

nesting limitations, 1218

permissions, 1218

reasons for using, 1219-1220

UNIX

interoperability, configuring for, 417

print servers, 860

Subsystem for UNIX-based Applications, 190

Unlock Account check box, 1191

updates, 74-75

upgrading to Windows Server 2008

migration, 88

overview, 73-74

performing the upgrade, 88

supported paths for, 74

UPNs (user principal names), 1021

UPS (uninterruptible power supplies), 1314, 1370-1371

up-to-dateness vectors, 1088

USB 2.0, 213-214

USB flash keys for password resets, 1214-1215

user accounts

Administrator. See Administrator account

backing up passwords, 1214-1215

command line creation of, 1186

creating, 1184-1187

default user accounts, 1168

delegated authentication, 1041-1043

deleting, 1210-1211

disabling, 1191, 1193, 1195, 1211

domain. See domain user accounts

Effective Permissions tool, 1188-1189

enabling, 1211

expiration options for, 1192

folder redirection, 1203-1207

Guest account, 1168

Home Folder, 1194

importance of availability of data, 1203

Kerberos options, 1192

local, 1167, 1169. See also local user accounts

maintenance overview, 1210

moving, 1211

multiple users, selecting, 1211

naming accounts, 1168

options, managing, 1189-1192

profile settings, 1193-1194

properties, viewing and setting, 1187-1188

renaming, 1211-1212

resetting passwords, 1212-1213

SIDs (security identifiers) of, 1210

troubleshooting, 1195

unlocking, 1213-1214

user profiles. See user profiles

user applications, 295

user data management

file synchronization, 1209-1210

folder redirection, 1203-1207

importance of availability of data, 1203

offline files, 1207-1209

user experience teams, 32

user mode of security subsystem, 987-988

user principal names. See UPNs (user principal names)

user profiles

data storage, 1196

deleting unused automatically, 1197

deleting while in use, 1196

HKEY_CURRENT_USER (HKCU), 259

HKEY_USERS (HKU) Registry key, 258

local, 1196

location for storage of, 1196

mandatory, 1196

permissions for preconfigured, 1199

policies for, 1197

preconfigured, creating, 1198-1199

purpose of, 1195

roaming, 1196

switching from local to roaming, 1202

Terminal Services, 982-983

types of, 1196

User Profiles dialog box, launching, 1198

user rights

assigning for domains and OUs, 1182-1183

assigning for specific computers, 1184

Userevn.dll, 1236

UserName environment variable, 1194

USN (update sequence number) change journals, 514-515

USNs (update sequence numbers), 1087-1088

V

VDS (Virtual Disk Service), 408

Virtual Disk Service (VDS), 408

virtual memory

bottleneck issues, 356-358

tuning performance of, 305-308

virtual servers, 9-10

virtual sessions, 919

virtualization

Hypervisor Settings entries, 397

Registry, 246-248

Vista. See Windows Vista

Visual Effects tab, 304

volume automounting, 408

Volume Shadow Copy Service (VSS), 407, 587. See also shadow copies

volumes

basic, 428-432

creating, 435-439

defined, 77

defragmenting, 541-546

deleting, 448

DiskPart tool, 409

drive letter configuration, 440-442

dynamic, 428-432. See also dynamic disks

dynamic, types of, 452

extending, 443-446

formatting, 437-440

labels, setting, 438

mirrored volumes, 452, 457-462, 464-466

mount points, 442-443

quotas for users. See quota management

RAID-5 volumes, 452

removing, shadow copy issues, 597

sharing. See file sharing

shrinking, 446-447

simple, 453-454

size, setting, 435-436

spanned, 452-454

striped, 452, 454-455, 462-463

VPNs (virtual private networks)

computer account settings, 1230

SRA (Secure Remote Access), 18

SSTP (Secure Socket Tunneling Protocol), 18

VPN with NLB, 1336

VSS (Volume Shadow Copy Service). See also shadow copies

advantages of, 407

purpose of, 587

snapshots, 407

VSSAdmin command-line commands, 598-603

Vssadmin tool, 409

Windows Server Backup use of, 1387, 1399

W

WANs (wide area networks)

RODCs with, 1148

sites, relation to, 1071

watermarks, printer, 893-894

Wbadmin, 1390

WDI (Windows Diagnostics Infrastructure), 19-25

WDS (Windows Deployment Services), 187

Web Server (IIS) role, 187

Web Server edition of Windows Server 2008

features of, 6-7

hardware requirements for installations, 72-73

selection criteria, 63

Web servers

farms, 1325

hardware for failover clustering, 1349-1351

planning for, 60

WIM (Windows Imaging Format), 14

Windows 2000 Server native mode domains, 1017

Windows Backup, 1384. See also backups

Windows Boot Manager

overview, 13-14

purpose of, 383

Windows Complete PC Restore, 1377

Windows Defender

purpose of, 12

Software Explorer in, 288

Windows Error Recovery mode, 1418-1419

Windows Explorer

adding users or groups for permissions, 576

Apply Onto options, 577-578

clearing inherited permissions, 569-570

creating shares with, 556-559

file sharing with, 556

Permissions tab, accessing, 569

removing users or groups for permissions, 577

setting special permissions for files and folders, 576-577

special permissions, viewing, 573

viewing permissions for files and folders, 571

Windows Filtering Platform, 632

Windows Firewall

backup exceptions, 1390

defined, 13

network troubleshooting issues, 679

Remote Desktop for Administration with, 610

Windows Installer

Clean Up Utility, 273-274

RemoteApps, package creation for, 971-973

Zapper, 275-276

Windows Internal Database, 190

Windows logs, 327

Windows Memory Diagnostics Tools, 1377

Windows Network Diagnostics

accessing from Network And Sharing Center, 630

Internet connections, 675

local area connection troubleshooting with, 674-675

Windows NT 4.0 NTLM, 1023-1024

Windows PC environment (WinPE), 1377-1378

Windows PowerShell. See PowerShell

Windows Process Activation Service, 190

Windows Product Activation (WPA), 66

Windows Recovery Environment, 190, 1377

Windows Registry. See Registries

Windows Search Service

configuring, 419

purpose of, 416

Windows Server 2003

native mode domains, 1017-1018

universal group membership caching, 1020-1022

Windows Server 2008 Datacenter, 6

Windows Server 2008 Enterprise, 6

Windows Server 2008 Standard, 5

Windows Server Backup

Always Perform Full Backup option, 1389

Always Perform Incremental Backup option, 1389

automatic management by, 1387

Backup Once Wizard, 1396-1400

capabilities of, 1387

configuring backup type, 1389

current server data recovery, 1402-1405

Custom options, 1389, 1392, 1397

destination selection, 1393, 1398

event logs, 1400-1401

feature description, 190

first backup after installation, 1388-1389

installing, 1388

manual backups, 1396-1400

Modify Backup option, 1395

recovery capabilities, 1388

recovery details summaries, 1405

Recovery Wizard, 1402-1407

remote server data recovery, 1406-1407

scheduling, 1391-1395

starting, 1388

Stop Backup option, 1395

system state recovery, 1407

tracking backups, 1400-1401

VSS with, 1387, 1399

Wbadmin command line equivalent, 1390

Windows Server Catalog, 1311

Windows services in clustered environments, 1363

Windows System Resource Manager

editions available in, 62

Terminal Services with, 938

Windows Time, 13

Windows Update, 74-75

Windows Vista

Active Directory with, 10-11

editions of, 10

kernel architecture, 11-13

power state management, 378

Windows Web Server 2008, 6-7

WinPE (Windows PC environment), 1377-1378

Winprint, 901-902

WINS (Windows Internet Naming Service)

active registrations, viewing, 835-836

backing up databases, 838

backups of, 1384

B-Nodes, 824

burst handling, 832-833

caches, 825

clients, 823

clustering with, 1363

compacting databases, 838

configuring, 669-671, 826-827, 832-836

console for, 826, 833

database maintenance, 836-839

database of mappings, 824

DHCP setup with, 697

DNS-based lookups, enabling, 839

H-Nodes, 824

installing server service, 826

legacy support function, 823

M-Nodes, 824

multiple servers recommended, 825

name registration, 824-825

NetBIOS names, 823

NetBIOS scope, 824

Netsh command-line commands, 827

Netsh info command, 835

Netsh statistics command, 834

node types, 824

overview of, 654-655

persistent connections, 825

planning deployments of, 40, 60

P-Nodes, 824

record export, 825

remote management of, 827

replication, 825, 828-831

restoring databases, 839

scavenging records, 836

small networks with, 824

status, viewing, 833-835

tombstoning records, 825, 835-836

troubleshooting, 828, 834

verifying database consistency, 837

wireless network security issues, 689

Wireless Networking, 13

wiring, 1314

workgroups

DHCP, setting up for, 697

viewing, 126

WPA (Windows Product Activation), 66, 71-72

Write Attributes special permission, 574

Write permission, 572

WSRM (Windows System Resource Manager), 190

WSUS (Windows Server Update Services), 74-75, 187

Z

zones, DNS

Active Directory-integrated type, 750, 752-755, 780, 784

automatic record creation, 794

conditional forwarding, 754, 756

defined, 749

domain-based zone structure, 751

forward lookup zone creation, 774-781, 783-785

GlobalNames zone, 803-804

ISP zone maintenance, 776

listing, 819-820

non-domain-based zone structure, 751-752

polling intervals, 813

primary DNS servers, 750-751, 779, 783

primary zone creation, 775

records of a particular zone, displaying, 820-821

replication scope, 780, 784

restart issues, 754-755

reverse lookup zone creation, 781-782, 785-786

secondary DNS servers, 750, 779, 781, 784

secondary notification configuration, 793-794

secondary zone creation, 775

secondary zone setup, 770-771

secondary zones, 755

standard primary type, 749

standard secondary type, 750

stub type, 750, 755-756, 779, 784

transfers, 750-751, 791-793

types supported, 749-750

zone files, 781-782

zones, Internet security, 118

 

 

© Microsoft. All Rights Reserved.