Table of Contents
Acknowledgments xviii
Introduction xix
Who Is This Book For? xx
How This Book Is Organized xx
Conventions Used in This Book xxi
Other Resources xxii
Support xxii
Part I: Windows Server 2008 Administration Fundamentals
Windows Server 2008 Administration Overview 3
Windows Server 2008 and Windows Vista 4
Getting to Know Windows Server 2008 5
Networking Tools and Protocols 7
Understanding Networking Options 7
Working with Networking Protocols 8
Domain Controllers, Member Servers, and Domain Services 9
Working with Active Directory 9
Using Read-Only Domain Controllers 11
Using Restartable Active Directory Domain Services 12
Name-Resolution Services 13
Using Domain Name System (DNS) 13
Using Windows Internet Name Service (WINS) 15
Using Link-Local Multicast Name Resolution (LLMNR) 17
Frequently Used Tools 19
Using Windows PowerShell 19
Deploying Windows Server 2008 21
Server Roles, Role Services, and Features for Windows Server 2008 22
Full-Server and Core-Server Installations of Windows Server 2008 28
Installing Windows Server 2008 30
Performing a Clean Installation 31
Performing an Upgrade Installation 33
Performing Additional Administration Tasks During Installation 34
Managing Roles, Role Services, and Features 42
Viewing Configured Roles and Role Services 42
Adding or Removing Roles on Servers 43
Viewing and Modifying Role Services on Servers 46
Adding or Removing Features in Windows Server 2008 47
Managing Servers Running Windows Server 2008 48
Performing Initial Configuration Tasks 49
Managing Your Servers 51
Managing System Properties 55
The Computer Name Tab 56
The Hardware Tab 57
The Advanced Tab 58
The Remote Tab 67
Managing Dynamic-Link Libraries 67
Monitoring Processes, Services, and Events 68
Managing Applications, Processes, and Performance 68
Task Manager 69
Managing Applications 69
Administering Processes 70
Viewing System Services 73
Viewing and Managing System Performance 74
Viewing and Managing Networking Performance 76
Viewing and Managing Remote User Sessions 77
Managing System Services 78
Starting, Stopping, and Pausing Services 79
Configuring Service Startup 80
Configuring Service Logon 81
Configuring Service Recovery 82
Disabling Unnecessary Services 84
Event Logging and Viewing 84
Accessing and Using the Event Logs 86
Filtering Event Logs 88
Setting Event Log Options 90
Clearing Event Logs 92
Archiving Event Logs 92
Monitoring Server Performance and Activity 94
Why Monitor Your Server? 94
Getting Ready to Monitor 94
Using the Reliability And Performance Console 95
Choosing Counters to Monitor 98
Performance Logging 100
Viewing Data Collector Reports 104
Configuring Performance Counter Alerts 105
Tuning System Performance 106
Monitoring and Tuning Memory Usage 106
Monitoring and Tuning Processor Usage 108
Monitoring and Tuning Disk I/O 109
Monitoring and Tuning Network Bandwidth and Connectivity 109
Automating Administrative Tasks, Policies, and Procedures 111
Understanding Group Policies 114
Group Policy Essentials 114
In What Order Are Multiple Policies Applied? 115
When Are Group Policies Applied? 115
Group Policy Requirements and Version Compatibility 116
Navigating Group Policy Changes 117
Managing Local Group Policies 120
Local Group Policy Objects 120
Accessing the Top-Level Local Policy Settings 121
LGPO Settings 122
Accessing Administrator, Non-Administrator, and User-Specific Local Group Policy 122
Managing Site, Domain, and Organizational Unit Policies 123
Understanding Domain and Default Policies 123
Using the Group Policy Management Console 125
Getting to Know the Policy Editor 126
Using Administrative Templates to Set Policies 127
Creating a Central Store 129
Creating and Linking GPOs 130
Creating and Using Starter GPOs 131
Delegating Privileges for Group Policy Management 132
Blocking, Overriding, and Disabling Policies 133
Maintaining and Troubleshooting Group Policy 136
Refreshing Group Policy 137
Configuring the Refresh Interval for Domain Controllers 139
Modeling Group Policy for Planning Purposes 140
Copying, Pasting, and Importing Policy Objects 142
Backing Up and Restoring Policy Objects 143
Determining Current Group Policy Settings and Refresh Status 144
Disabling an Unused Part of Group Policy 145
Changing Policy Processing Preferences 145
Configuring Slow-Link Detection 146
Removing Links and Deleting GPOs 149
Troubleshooting Group Policy 150
Fixing Default Group Policy 151
Managing Users and Computers with Group Policy 152
Centrally Managing Special Folders 152
User and Computer Script Management 156
Deploying Software Through Group Policy 159
Automatically Enrolling Computer and User Certificates 165
Managing Automatic Updates in Group Policy 166
Enhancing Computer Security 170
Using Security Templates 170
Using the Security Templates and Security Configuration And Analysis Snap-ins 172
Reviewing and Changing Template Settings 172
Analyzing, Reviewing, and Applying Security Templates 179
Deploying Security Templates to Multiple Computers 182
Using the Security Configuration Wizard 184
Creating Security Policies 184
Edit Existing Security Policies 188
Apply Existing Security Policies 189
Roll Back the Last Applied Security Policy 189
Deploying a Security Policy to Multiple Computers 190
Part II: Windows Server 2008 Directory Services Administration
Using Active Directory 193
Introducing Active Directory 193
Active Directory and DNS 193
Read-Only Domain Controller Deployment 194
Windows Server 2008 with Windows NT 4.0 195
Working with Domain Structures 196
Understanding Domains 196
Understanding Domain Forests and Domain Trees 198
Understanding Organizational Units 200
Understanding Sites and Subnets 201
Working with Active Directory Domains 202
Using Windows 2000 and Later Computer with Active Directory 202
Working with Domain Functional Levels 203
Raising Domain and Forest Functionality 206
Understanding the Directory Structure 208
Exploring the Data Store 208
Exploring Global Catalogs 209
Universal Group Membership Caching 210
Replication and Active Directory 211
Active Directory and LDAP 212
Understanding Operations Master Roles 213
Core Active Directory Administration 215
Tools for Managing Active Directory 215
Active Directory Administration Tools 215
Active Directory Command-Line Tools 216
Active Directory Support Tools 217
Using the Active Directory Users And Computers Tool 218
Getting Started with Active Directory Users And Computers 218
Connecting to a Domain Controller 220
Connecting to a Domain 221
Searching for Accounts and Shared Resources 221
Managing Computer Accounts 223
Creating Computer Accounts on a Workstation or Server 223
Creating Computer Accounts in Active Directory Users And Computers 223
Viewing and Editing Computer Account Properties 224
Deleting, Disabling, and Enabling Computer Accounts 225
Resetting Locked Computer Accounts 225
Moving Computer Accounts 226
Managing Computers 227
Joining a Computer to a Domain or Workgroup 227
Managing Domain Controllers, Roles, and Catalogs 228
Installing and Demoting Domain Controllers 229
Viewing and Transferring Domain-Wide Roles 230
Viewing and Transferring the Domain Naming Master Role 232
Viewing and Transferring Schema Master Roles 232
Transferring Roles Using the Command Line 233
Seizing Roles Using the Command Line 233
Configuring Global Catalogs 235
Configuring Universal Group Membership Caching 236
Managing Organizational Units 236
Creating Organizational Units 237
Viewing and Editing Organizational Unit Properties 237
Renaming and Deleting Organizational Units 237
Moving Organizational Units 237
Managing Sites 238
Creating Sites 238
Creating Subnets 239
Associating Domain Controllers with Sites 240
Configuring Site Links 241
Configuring Site Link Bridges 243
Maintaining Active Directory 245
Using ADSI Edit 245
Examining Inter-Site Topology 246
Troubleshooting Active Directory 248
Understanding User and Group Accounts 251
The Windows Server 2008 Security Model 251
Authentication Protocols 251
Access Controls 253
Differences Between User and Group Accounts 253
User Accounts 254
Group Accounts 255
Default User Accounts and Groups 259
Built-in User Accounts 260
Predefined User Accounts 260
Built-in and Predefined Groups 262
Implicit Groups and Special Identities 262
Account Capabilities 262
Privileges 263
Logon Rights 266
Built-in Capabilities for Groups in Active Directory 266
Using Default Group Accounts 271
Groups Used by Administrators 271
Implicit Groups and Identities 272
Creating User and Group Accounts 274
User Account Setup and Organization 274
Account Naming Policies 274
Password and Account Policies 276
Configuring Account Policies 279
Configuring Password Policies 279
Configuring Account Lockout Policies 281
Configuring Kerberos Policies 283
Configuring User Rights Policies 284
Configuring User Rights Globally 285
Configuring User Rights Locally 286
Adding a User Account 287
Creating Domain User Accounts 287
Creating Local User Accounts 289
Adding a Group Account 291
Creating a Global Group 291
Creating a Local Group and Assigning Members 292
Handling Global Group Membership 293
Managing Individual Membership 294
Managing Multiple Memberships in a Group 295
Setting the Primary Group for Users and Computers 295
Managing Existing User and Group Accounts 296
Managing User Contact Information 296
Setting Contact Information 296
Searching for Users and Groups In Active Directory 298
Configuring the User's Environment Settings 299
System Environment Variables 300
Logon Scripts 301
Assigning Home Directories 302
Setting Account Options and Restrictions 303
Managing Logon Hours 303
Setting Permitted Logon Workstations 305
Setting Dial-In and VPN Privileges 306
Setting Account Security Options 308
Managing User Profiles 309
Local, Roaming, and Mandatory Profiles 310
Using the System Utility to Manage Local Profiles 312
Updating User and Group Accounts 316
Renaming User and Group Accounts 317
Copying Domain User Accounts 318
Importing and Exporting Accounts 319
Changing and Resetting Passwords 320
Enabling User Accounts 321
Managing Multiple User Accounts 322
Setting Profiles for Multiple Accounts 323
Setting Logon Hours for Multiple Accounts 324
Setting Permitted Logon Workstations for Multiple Accounts 324
Setting Logon, Password, and Expiration Properties for Multiple Accounts 325
Troubleshooting Logon Problems 325
Viewing and Setting Active Directory Permissions 327
Part III: Windows Server 2008 Data Administration
Managing File Systems and Drives 331
Managing the File Services Role 331
Adding Hard Disk Drives 337
Physical Drives 337
Preparing a Physical Drive for Use 338
Using Disk Management 339
Removable Storage Devices 341
Installing and Checking for a New Drive 343
Understanding Drive Status 344
Working with Basic and Dynamic Disks 346
Using Basic and Dynamic Disks 346
Special Considerations for Basic and Dynamic Disks 347
Changing Drive Types 348
Reactivating Dynamic Disks 349
Rescanning Disks 350
Moving a Dynamic Disk to a New System 350
Using Basic Disks and Partitions 351
Partitioning Basics 351
Creating Partitions and Simple Volumes 352
Formatting Partitions 355
Managing Existing Partitions and Drives 357
Assigning Drive Letters and Paths 357
Changing or Deleting the Volume Label 358
Deleting Partitions and Drives 359
Converting a Volume to NTFS 359
Resizing Partitions and Volumes 361
Repairing Disk Errors and Inconsistencies 363
Defragmenting Disks 366
Compressing Drives and Data 368
Encrypting Drives and Data 370
Understanding Encryption and the Encrypting File System 370
Working with Encrypted Files and Folders 373
Configuring Recovery Policy 373
Administering Volume Sets and RAID Arrays 375
Using Volumes and Volume Sets 375
Understanding Volume Basics 376
Understanding Volume Sets 377
Creating Volumes and Volume Sets 379
Deleting Volumes and Volume Sets 382
Managing Volumes 382
Improving Performance and Fault Tolerance with RAIDs 382
Implementing RAID on Windows Server 2008 384
Implementing RAID 0: Disk Striping 384
Implementing RAID 1: Disk Mirroring 385
Implementing RAID 5: Disk Striping with Parity 387
Managing RAIDs and Recovering from Failures 388
Breaking a Mirrored Set 388
Resynchronizing and Repairing a Mirrored Set 388
Repairing a Mirrored System Volume to Enable Boot 389
Removing a Mirrored Set 390
Repairing a Striped Set Without Parity 390
Regenerating a Striped Set with Parity 390
Managing LUNs on SANs 391
Configuring Fibre Channel SAN Connections 392
Configuring iSCSI SAN Connections 393
Adding and Removing Targets 394
Creating, Extending, Assigning, and Deleting LUNs 394
Defining a Server Cluster in Storage Manager For SANs 395
Managing File Screening and Storage Reporting 396
Understanding File Screening and Storage Reporting 396
Managing File Screening and Storage Reporting 399
Managing Global File Resource Settings 400
Managing the File Groups to Which Screens Are Applied 403
Managing File Screen Templates 404
Creating File Screens 407
Defining File Screening Exceptions 407
Scheduling and Generating Storage Reports 408
Data Sharing, Security, and Auditing 410
Using and Enabling File Sharing 411
Configuring Standard File Sharing 414
Viewing Existing Shares 414
Creating Shared Folders 417
Creating Additional Shares on an Existing Share 419
Managing Share Permissions 420
The Different Share Permissions 420
Viewing Share Permissions 420
Configuring Share Permissions 421
Modifying Existing Share Permissions 422
Removing Share Permissions for Users and Groups 423
Managing Existing Shares 423
Understanding Special Shares 423
Connecting to Special Shares 424
Viewing User and Computer Sessions 425
Stopping File and Folder Sharing 427
Configuring NFS Sharing 428
Using Shadow Copies 429
Understanding Shadow Copies 430
Creating Shadow Copies 430
Restoring a Shadow Copy 431
Reverting an Entire Volume to a Previous Shadow Copy 431
Deleting Shadow Copies 432
Disabling Shadow Copies 432
Connecting to Network Drives 432
Mapping a Network Drive 433
Disconnecting a Network Drive 433
Object Management, Ownership, and Inheritance 434
Objects and Object Managers 434
Object Ownership and Transfer 434
Object Inheritance 436
File and Folder Permissions 436
Understanding File and Folder Permissions 437
Setting File and Folder Permissions 439
Auditing System Resources 441
Setting Auditing Policies 441
Auditing Files and Folders 443
Auditing the Registry 445
Auditing Active Directory Objects 445
Using, Configuring, and Managing NTFS Disk Quotas 446
Understanding NTFS Disk Quotas and How NTFS Quotas Are Used 447
Setting NTFS Disk Quota Policies 449
Enabling NTFS Disk Quotas on NTFS Volumes 451
Viewing Disk Quota Entries 452
Creating Disk Quota Entries 453
Deleting Disk Quota Entries 454
Exporting and Importing NTFS Disk Quota Settings 455
Disabling NTFS Disk Quotas 456
Using, Configuring, and Managing Resource Manager Disk Quotas 456
Understanding Resource Manager Disk Quotas 457
Managing Disk Quota Templates 458
Creating Resource Manager Disk Quotas 460
Data Backup and Recovery 461
Creating a Backup and Recovery Plan 461
Figuring Out a Backup Plan 461
The Basic Types of Backup 462
Differential and Incremental Backups 463
Selecting Backup Devices and Media 464
Common Backup Solutions 465
Buying and Using Backup Media 466
Selecting a Backup Utility 466
Backing Up Your Data: The Essentials 468
Installing the Windows Backup and Recovery Utilities 468
Getting Started with Windows Server Backup 468
Getting Started with the Backup Command-Line Utility 471
Working with Wbadmin Commands 473
Using General-Purpose Commands 473
Using Backup Management Commands 474
Using Recovery Management Commands 475
Performing Server Backups 475
Configuring Scheduled Backups 477
Modifying or Stopping Scheduled Backups 479
Creating and Scheduling Backups with Wbadmin 481
Running Manual Backups 483
Recovering Your Server from Hardware or Startup Failure 484
Starting a Server in Safe Mode 486
Resuming After a Failed Start 488
Backing Up and Restoring the System State 488
Restoring Active Directory 489
Restoring the Operating System and the Full System 489
Restoring Applications, Non-System Volumes, and Files and Folders 491
Managing Encryption Recovery Policy 493
Understanding Encryption Certificates and Recovery Policy 493
Configuring the EFS Recovery Policy 495
Backing Up and Restoring Encrypted Data and Certificates 496
Backing Up Encryption Certificates 496
Restoring Encryption Certificates 497
Part IV: Windows Server 2008 Network Administration
Managing TCP/IP Networking 501
Navigating Networking in Windows Server 2008 501
Networking Enhancements in Windows Vista and Windows Server 2008 505
Installing TCP/IP Networking 506
Configuring TCP/IP Networking 508
Configuring Static IP Addresses 508
Configuring Dynamic IP Addresses and Alternate IP Addressing 510
Configuring Multiple Gateways 511
Managing Network Connections 512
Checking the Status, Speed, and Activity for Local Area Connections 513
Enabling and Disabling Local Area Connections 513
Renaming Local Area Connections 513
Administering Network Printers and Print Services 514
Managing the Print Services Role 514
Using Print Devices 514
Printing Essentials 515
Configuring Print Servers 517
Enabling and Disabling Print Sharing 518
Getting Started with Print Management 518
Installing Printers 520
Using the Autoinstall Feature of Print Management 520
Installing and Configuring Physically Attached Print Devices 521
Installing Network-Attached Print Devices 525
Connecting to Printers Created on the Network 527
Deploying Printer Connections 528
Configuring Point and Print Restrictions 530
Moving Printers to a New Print Server 532
Monitoring Printers and Printer Queues Automatically 534
Solving Spooling Problems 535
Configuring Printer Properties 536
Adding Comments and Location Information 536
Listing Printers in Active Directory 536
Managing Printer Drivers 536
Setting a Separator Page and Changing Print Device Mode 537
Changing the Printer Port 538
Scheduling and Prioritizing Print Jobs 538
Starting and Stopping Printer Sharing 540
Setting Printer Access Permissions 540
Auditing Print Jobs 541
Setting Document Defaults 542
Configuring Print Server Properties 542
Locating the Spool Folder and Enabling Printing on NTFS 542
Managing High-Volume Printing 543
Logging Printer Events 543
Enabling Print Job Error Notification 543
Managing Print Jobs on Local and Remote Printers 543
Viewing Printer Queues and Print Jobs 544
Pausing the Printer and Resuming Printing 544
Emptying the Print Queue 545
Pausing, Resuming, and Restarting Individual Document Printing 545
Removing a Document and Canceling a Print Job 545
Checking the Properties of Documents in the Printer 545
Setting the Priority of Individual Documents 546
Scheduling the Printing of Individual Documents 546
Running DHCP Clients and Servers 547
Understanding DHCP 547
Using Dynamic IPv4 Addressing and Configuration 547
Using Dynamic IPv6 Addressing and Configuration 548
Checking IP Address Assignment 551
Understanding Scopes 552
Installing a DHCP Server 553
Installing DHCP Components 553
Starting and Using the DHCP Console 556
Connecting to Remote DHCP Servers 557
Starting and Stopping a DHCP Server 557
Authorizing a DHCP Server in Active Directory 558
Configuring DHCP Servers 558
Binding a DHCP Server with Multiple Network Interface Cards to a Specific IP Address 558
Updating DHCP Statistics 559
DHCP Auditing and Troubleshooting 559
Integrating DHCP and DNS 560
Integrating DHCP and NAP 562
Avoiding IP Address Conflicts 565
Saving and Restoring the DHCP Configuration 565
Managing DHCP Scopes 566
Creating and Managing Superscopes 566
Creating and Managing Scopes 567
Managing the Address Pool, Leases, and Reservations 577
Viewing Scope Statistics 577
Setting a New Exclusion Range 577
Deleting an Exclusion Range 578
Reserving DHCP Addresses 578
Modifying Reservation Properties 580
Deleting Leases and Reservations 580
Backing Up and Restoring the DHCP Database 580
Backing Up the DHCP Database 581
Restoring the DHCP Database from Backup 581
Using Backup and Restore to Move the DHCP Database to a New Server 582
Forcing the DHCP Server Service to Regenerate the DHCP Database 582
Reconciling Leases and Reservations 583
Optimizing DNS 584
Understanding DNS 584
Integrating Active Directory and DNS 585
Enabling DNS on the Network 586
Configuring Name Resolution on DNS Clients 588
Installing DNS Servers 590
Installing and Configuring the DNS Server Service 590
Configuring a Primary DNS Server 592
Configuring a Secondary DNS Server 595
Configuring Reverse Lookups 595
Configuring Global Names 597
Managing DNS Servers 598
Adding Remote Servers to the DNS Console 599
Removing a Server from the DNS Console 599
Starting and Stopping a DNS Server 599
Creating Child Domains Within Zones 600
Creating Child Domains in Separate Zones 600
Deleting a Domain or Subnet 601
Managing DNS Records 602
Adding Address and Pointer Records 602
Adding DNS Aliases with CNAME 604
Adding Mail Exchange Servers 605
Adding Name Servers 606
Viewing and Updating DNS Records 607
Updating Zone Properties and the SOA Record 608
Modifying the SOA Record 608
Allowing and Restricting Zone Transfers 609
Notifying Secondaries of Changes 611
Setting the Zone Type 612
Enabling and Disabling Dynamic Updates 612
Managing DNS Server Configuration and Security 613
Enabling and Disabling IP Addresses for a DNS Server 613
Controlling Access to DNS Servers Outside the Organization 613
Enabling and Disabling Event Logging 615
Using Debug Logging to Track DNS Activity 615
Monitoring a DNS Server 616
Index 619
© Microsoft. All Rights Reserved.