Escolar Documentos
Profissional Documentos
Cultura Documentos
Server 2008
WHAT’S NEW| WHAT’S CHANGED
Greg Shields
Contents
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
What’s New & What’s Changed?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Group Policy Central Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
ADMX & ADML Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Converting ADM to ADMX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Group Policy Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Starter GPOs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Filtering and Commenting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Network Location Awareness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
GPMC Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
New and Updated GPO Categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Group Policy Logging & Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Group Policy Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Group Policy Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Userenv Debug Log Redux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
GPLogView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Multiple Local Group Policy Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Fine-Grained Password Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Windows Server Core. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
What it is…. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
What it isn’t…. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
What’s New & What’s Changed?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Installing Server Core. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Initial Configuration Tasks Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Unattended Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Server Core Roles & Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
The ADDS Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Roles & Usage Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Remotely Managing Server Core. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Terminal Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Windows Remote Shell. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
PowerShell. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Customizing Server Core. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
What’s New & What’s Changed?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Schema & Functionality Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Snapping an Offline DC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
ADPREP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
DCPROMO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Creating a New Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Installation From Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Selecting “Helper” DC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Restartable Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
AD Object Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Auditing Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Read-Only Domain Controllers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
vii
Windows Server 2008: What’s New | What’s Changed
viii
Windows Server 2008: What’s New | What’s Changed
ix
Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Built-in Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Object Oriented. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Danger! Danger! Danger!. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Bottom Line: Do I Need to Know All This?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Is PowerShell a Good Investment of My Time?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Where Do I Go from Here?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Help and Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
PowerShell Drives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Navigating a Hierarchical Object Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
More Stores than Just the File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Mapping Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
More Providers!. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
PSDrives = Ease of Use. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Key Cmdlets for Windows Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Cmdlets for Navigating Your System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Listing Child Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Changing Location. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Cmdlets for Working with Items. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Cmdlets for Working with Text Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Cmdlets for Working with Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Cmdlets for Working with PowerShell. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Creating Output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Clearing the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Accepting Input. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Working with Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Working with Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Working with Command-Line History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Working with PSDrives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
The PowerShell Pipeline. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Piping Objects from Cmdlet to Cmdlet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Finding Cmdlets That Accept Pipeline Input. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
The Pipeline Enables Powerful One-Liners. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
The Pipeline Enables Simple Output Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
The End of the (Pipe)line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Cmdlets to Group, Sort, Format, Export, and More . . . . . . . . . . . . . . . . . . . . . 261
Formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Format-List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Format-Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Format-Wide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Format-Custom. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Formatting Rules Overview: When Does PowerShell Use a List or Table? . . . . . . . . . 268
GroupBy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Sort-Object: Sorting Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Where-Object: Filtering Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
ForEach-Object: Performing Actions Against Each Object. . . . . . . . . . . . . . . . . . . . . . . . . . 275
Select-Object: Choosing Specific Object Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Exporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Export-CSV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Export-CliXML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
ConvertTo-HTML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Comparing Objects and Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Practical Tips and Tricks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Using the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Line Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Copy and Paste . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Tab Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Instant Expressions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Pausing a Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Displaying a Progress Meter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Keeping a Transcript. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
PowerShell Command-Line Parsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Quotation Marks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Parsing Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Line Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Working with the PowerShell Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Culture Clash. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Using the UI and RawUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Reading Lines and Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Changing the Window Title. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Changing Colors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Changing Window Size and Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Nested Prompts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Quitting PowerShell. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Prompting the User to Make a Choice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Security Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Why Won’t My Scripts Run?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
When Scripts Don’t Run. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Trusted Scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Execution Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Signing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Alternate Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Is PowerShell Dangerous?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Safer Scripts from the Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Passwords and Secure Strings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Introduction to Windows Server 2008
Chapter 1
Introduction to Windows Server 2008
Have five years passed already? It feels like only yesterday that I was staring down the pipe at this
brand new operating system called Windows 2003. Remember those days? Clustering got a makeover
that made it actually useable. IIS and Terminal Services had a fresh look and feel with new security
functions. Heck, even Group Policy got that much easier with the introduction of the Group Policy
Management Console and all the new policies and settings that came with the O/S. I remember drool-
ing over Group Policy’s new WMI Filtering feature and thinking, “I can’t wait!”
Well, that time is here again. Though the feature sets are different, the excitement associated with a new
server operating system should be enough to simultaneously scare you and make you giddy with delight.
Scary, because any major update like Windows Server 2008 is going to cause plenty of late nights and
early growing pains. Giddy, because that same major update adds so much more to your network envi-
ronment in terms of security, stability, and terrific new management features.
1
Windows Server 2008: What’s New | What’s Changed
one of those behemoths means that something will likely have changed on page 127 by the time I get to
page 1270. Plus, the bloggers and community Web sites all around the net do a much better (and more
searchable) job anyway.
No, this book is slim for two reasons. One, my job as I see it is to give you some detail on specifically
what’s new and what’s changed between Windows Server 2003 and Windows Server 2008. Hence the
title What’s New/What’s Changed. For a few of the really important or complicated topics, I’ll include
step-by-step instructions to get you through the hard parts. But for the most part, this book is designed
to give you an overview of what to expect when you consider your move to Server 2008.
In the following pages, I’ll be spending a few minutes on each of dozens of topics that you need to know
before you start using Server 2008 in your production environment. You’ll come to understand the new
technologies in Server 2008 and how others have changed from what you’re used to seeing in Server
2003.
The second reason for the thickness of this book, as well as my light-hearted, conversational style is to
make reading it fun (I’ll apologize in advance for all the bad jokes). If those other books are heavy on
the step by step, then let’s here be heavy on helping you understand and getting you excited about fit-
ting these technologies into your environment. I’ll be giving you the straight scoop on which new and
updated features are compelling (Terminal Services!) and which ones may not be all that exciting (AD
Snapshots!). Being published through SAPIEN Press and not through Microsoft means I can be com-
pletely honest and, in some cases, brutal about my impressions. I hope you’ll appreciate and respect the
candor.
After you’ve read this book, if you’re still looking for the step by step, may I suggest a trip to the
Internet. In my day job, I serve as Resident Editor for a community of people (OK, it’s a blog) dedi-
cated to the topics, trends, and technology associated with Windows Server of all editions. That Web
site, located at http://www.realtime-windowsserver.com includes daily commentary and regular pod-
casts on up-to-the-second information in the world of Windows Server. I encourage you to check it
out.
2
Introduction to Windows Server 2008
your own. Since Server 2008’s installation is so easy (especially with virtual machines), that it’ll be
worth the few minutes of effort to see how it works with your own eyes.
With Server 2008 only barely past RTM upon the release of this book, you’ll find that some informa-
tion available on the Internet is sparse at best. So in those cases, I’ve done my best to piece together a
usable step-by-step process so you don’t have to do the same level of digging I’ve had to do. Oh, and
you’re welcome!
3
Windows Server 2008: What’s New | What’s Changed
• Chapter 6: Active Directory. Not another schema update! Yup. Server 2008’s Active Directory
Domain Services Role has some schema changes to make. But with those changes come some
great features and functionality. Read-Only Domain Controllers mean branch office DCs are now
much better protected. Changes to the auditing subsystem mean you can actually track changes
to AD. The DCPROMO process gets much less complex. And some new capabilities with AD
backup and restore should help you sleep a little better at night. Don’t fret that schema change.
It’ll only hurt a little.
• Chapter 7: Terminal Services. In my opinion, this is one of the greatest improvements you get
with Server 2008 and arguably the feature that’s most likely to drive an upgrade: Terminal Services
sees a big facelift in this upgrade. Much of the stuff you lusted after in Citrix Presentation Server
is now available for no extra charge in Server 2008 Terminal Services. You get remote applications
in addition to full desktops, an integrated Web interface for launching those applications, (much!)
better printing, and even encryption and security for Internet-based RDP sessions. Wow.
• Chapter 8: Security & the Windows Firewall with Advanced Security. Combining the topics
of security with the Windows firewall, I’ll talk about the improvements to the overall security of
Windows Server itself. I’ll discuss, at length, how the Vista/Server 2008 combo enables some
very MN&C security as well as systems health verifications through technologies like Server &
Domain Isolation and Network Access Protection. Our old friend/nemesis User Account Control
also returns in Server 2008 and BitLocker drive encryption is also available.
• Chapter 9: The Web Server (IIS) Role. IIS v6.0 is arguably one of Microsoft’s least hackable
subsystems. To date it hasn’t seen a single vulnerability in its code. With IIS v7.0, Microsoft has
made it even more secure by splintering it into over forty separate pieces. In this chapter, I’ll talk
about those individual components, how to enable, disable, and manage them both locally and
remotely.
• Chapter 10: Other MN&C Features (you might not know about). The catch-all chapter for those
features I couldn’t fit anywhere else. Chapter 10 will review a few additional new or updated fea-
tures like Windows Clustering, enhanced support for iSCSI, the improved DNS Server and File
Services Roles, as well as some nifty low-level improvements to the NTFS file system itself that
enhances the overall stability of your server system—and therefore your critical data.
Hardware Requirements
No matter what the edition, few in the past have really believed Microsoft’s recommendations for
minimum hardware resources. Their recommended minimums historically got the system to boot and
possibly see the Start bar. Actually getting a Server 2003 instance to run an application usually involved
more resources than the stated minimums suggested.
That being said, Server 2008’s minimums appear to be quite a bit more lodged in reality. In fact, during
the writing of this book I’ve successfully run a number of virtual machines with acceptable performance
at processor and memory levels below these stated minimums. Obviously, your mileage will vary.
The following are Microsoft’s recommendations for minimum hardware requirements. I’ve also
included what Microsoft calls their recommended and optimal settings, as well as maximum capabilities
for each version:
Server 2008 Hardware
Component Recommendations
Processor Minimum: 1 GHz (x86), 1.4 GHz (x64)
Speed Recommended: 2 GHz
Optimal: 3 GHz or faster
Max Number of 4 for Standard (x86 & x64), 8 for Enterprise (x86 & x64), 32 for Datacenter
Sockets (x86), 64 for Datacenter (x64)
Memory Minimum: 512 MB RAM
Recommended: 2 GB RAM
Optimal: 2 GB RAM for Full installation, 1 GB RAM for Server Core installa-
tion
Maximum: 4 GB for Standard (x86), 32 GB for Standard (x64), 64 GB for
Enterprise & Datacenter (x86), 2 TB for Enterprise, Datacenter, & IA64 (x64)
Disk Space Minimum: 10 GB
Recommended: 40 GB for Full installation, 10 GB for Server Core installation
Optimal: 80 GB for Full installation, 16 GB for Server Core installation
Peripherals Required: SVGA (800x600), Keyboard & Mouse
The numbers above are quite telling, especially those for memory. Maximum RAM
changes drastically as a server moves between the three major editions. Substantially
more RAM is available for 64-bit systems if their hardware supports PAE extensions.
Interestingly enough, the total number of supported processors for any edition remains
unchanged. All that being said, I’m quite a bit more willing to trust these minimum and
recommended numbers than was I for Server 2003.
To give you some idea of how the new requirements stack up against the old, compare
those requirements above for Server 2008 with these below for Server 2003 R2:
5
Windows Server 2008: What’s New | What’s Changed
In addition to the level of resources supported by each edition, there are certain features
and capabilities that are only available at each level. Let’s take a look now at each edition
and talk about what you get when you move from edition to edition.
6
Introduction to Windows Server 2008
Virtual Licenses
There is an important distinction in terms of physical vs. virtual when it comes to
Windows Server licenses. When you purchase a physical license for Windows Server
2008 Enterprise Edition, you gain the ability to run four additional virtual servers on
that physical server. Pooling your licenses in this way means that you’ll need to purchase
additional physical licenses if you go beyond the four-license limit. The same goes with
Standard Edition if you go above its one-extra-license limit. Furthermore—and this is a
great benefit—the licensing rules state that you only consume virtual licenses when the
virtual machine is actually running. This means that you’re welcome to store as many
non-running instances of Windows Server you want as long as only four are operational
at a time.
7
Windows Server 2008: What’s New | What’s Changed
Windows 2000 required that you purchase Datacenter as part of a hardware purchase, but with
Windows 2003 they eventually lifted that requirement. You can purchase Datacenter as a separate SKU
and install it anywhere where it is supported.
8
Introduction to Windows Server 2008
RTM = SP1?
Here’s a funny story. From the command prompt of any Server 2008 instance, enter the
command winver to bring forward O/S version information. You’ll immediately notice
that Server 2008 RTM is actually listed as Server 2008 Service Pack 1! The reasoning for
this nomenclature is due to the closeness in the codebase between Server 2008 and Vista,
which released its SP1 at the same time of Server 2008’s release. I’ll admit that seems like
a little “cheating” on the part of Microsoft. Or, maybe genius!? Isn’t the rule of thumb in
many organizations to wait on deploying any new Microsoft operating system until after
it hits SP1? Well, you’re already there, so what are you waiting for! Snark!
Manageability
In the next chapter, I’ll talk about the new Server Manager that combines the functionality of many
previously-separated MMC consoles into a single, unified point of control for many Roles and their
functions. Integration of Windows PowerShell into the operating system adds scripting support to
nearly all manageable objects within the operating system. Post-installation initial tasks also enable
all necessary security and server customizations, like naming and firewalls, as soon as the installation is
complete so you don’t forget steps.
Flexibility
In addition to the manageability features, Server 2008’s componentization of Roles and the services
associated with those roles makes it highly flexible in production operations. Dependencies between
Roles and Services are identified during Role installation, and any dependencies are marked for non-
removal should you remove a Role. Integrated and improved virtualization and Terminal Services
components also ensure that the same Windows Server that can perform one function can also perform
others with a minimum of feature bloat—and that bloat’s associated security problems.
Protection
Lastly, in the area of protection, Microsoft has continued its work in ensuring the safety and security
of the Windows operating system. They’ve configured services to operate within their own session to
prevent interactive sessions from conflicting or corrupting service operation. Microsoft also removed
automatically started services to trim down unnecessary components from operating at risk. Features
like Server 2008’s “hot patching” capability that enables non-kernel patching to occur without need-
ing a restart increases server uptime. And, new and more manageable features like Network Access
Protection and the Group Policy-manageable Windows Firewall with Advanced Security mean indi-
vidual servers start up automatically protected from attack using firewall technology that you won’t want
to turn off.
9
Windows Server 2008: What’s New | What’s Changed
Summary
So, we’re off! As you can see here, there are a lot of options for choosing what kind of Server 2008
instance you want to create in your own environment. But when you really look between the lines, the
options really haven’t changed from the previous version. For the most part, you’ll likely be looking at
the same Standard, Enterprise, and Datacenter Editions you’re used to seeing in Server 2003, albeit with
a few small changes.
In the next Chapter, I’m going to talk about the new setup environment, WinPE, that makes building
servers a much more enjoyable process than in previous versions. You’ll get a glimpse of how WinPE
makes the installation process much easier and I’ll talk about some of the rapid deployment options that
Microsoft freely makes available to help you quickly get new servers deployed.
10
Server Management
Chapter 3
Server Management
Years ago I worked as a Windows systems administrator for a large defense contractor. Like many
computer networks, I was responsible for the daily care and feeding of hundreds of Windows Servers.
Keeping them straight was difficult, made even more so since this was back in the days of Windows NT.
Need to work on a server? Off to the server room you go. Bring a jacket…it’s cold in there...
These days, whether your servers are hosting your company’s Web site or keeping satellites in orbit, the
process of doing server management has gotten quite a bit easier. Need to manipulate the configuration
of a server? Use your MMC console or TermServ to the box. Need access to the console for a software
installation? Log in to your IP KVM or connect to the console session using RDP. You’re off to the
races.
The processes for server management haven’t changed all that much from Server 2003 to Server 2008.
As an administrator, you’ll still be doing most of your configuration remotely using Remote Desktop
and MMC consoles. What’s different in Server 2008 are the mechanisms and tools to automate and
ease the sheer number of administration tasks that you do on a daily basis.
What, you say? You mean I’ll have less time doing repetitive and uninspiring administrative tasks and
more time for playing golf? Count me in!
21
Windows Server 2008: What’s New | What’s Changed
into a single location. And, I’ll finish with some of the other features in Server 2008, like shrinking disk
volumes on the fly and using the Reliability & Performance Monitor that helps you find out why your
server is slow today. In just about every case, I predict you’re going to like what you see.
Thinking back to my days at the defense contractor, at one point my team built this huge procedure
document. Its purpose was to help us remember all the steps necessary when building a new server.
That document, dozens of pages long, went step by step to remind us to name the computer, give it
an appropriate IP address and netmask, and then begin the patching process. Now, with the Initial
Configuration Tasks wizard shown in Figure 3-1, much of that old document is obsolete. Rather than a
document, Microsoft designed this wizard to remind you of all the things you must do to initially con-
figure and secure your server as it begins its service lifecycle.
22
Server Management
Computer Information
Virtually no systems configuration is done at the completion of a manual installation. So as some of the
first initial tasks, you’ll be requested to set the time zone, networking configuration, computer name, and
domain. As discussed in the last chapter, this speeds up the installation process and eliminates the need
to actually sit in front of the installation for the occasional mouse click responding to Are you Sure?
23
Windows Server 2008: What’s New | What’s Changed
24
Server Management
IPv6 Go Away!
There is currently no pre-built Group Policy setting for disabling IPv6 in Server 2008.
However, Microsoft Knowledge Base article 929852 discusses the necessary registry con-
figuration if you’d like to build your own.
Also in Local Area Connection Properties, you may notice two new protocols called the Link Layer
Topology Discovery Mapper I/O Driver and Link Layer Topology Discovery Responder. Microsoft created
these two new protocols to aid in the troubleshooting of network connections. In both Vista and Server
2008, the Network and Sharing Center includes a graphical representation of that system’s connection to
the network and ultimately the Internet (Figure 3-4).
25
Windows Server 2008: What’s New | What’s Changed
Figure 3-4: The Network and Sharing Center gets info from Link Layer Topology.
When problems occur between the system and any of its upstream connections, they will appear visually
in the graphic. These two Link Layer Topology Discovery protocols create and populate the troubleshoot-
ing information in this graphic . Make sure not to disable these two protocols if you and your users
want to be able to use the Network and Sharing Center to help troubleshoot networking issues as they
occur.
For the last component of this section of Initial Configuration tasks, you’ll ensure that your computer
has the proper name and is entered into the correct Active Directory domain.
26
Server Management
Figure 3-5: Configuring Windows Update, Windows Error Reporting, and CEIP.
What’s different here from before is the integration of Windows Error Reporting and the Windows
Customer Experience Improvement Program settings into the usual Windows Update settings wizard.
You’ve seen both of these settings before, but in slightly different places. Windows Error Reporting is the
Server 2008 version of Server 2003’s Error Reporting. Server 2008 uses this tool to forward Windows
crash dump and Dr. Watson information to Microsoft for analysis. When the problem occurs, the tool
queries Microsoft’s Online Crash Analysis database for information relating to the crash. If it finds a
match, it returns that information to the user. This information is particularly helpful for finding infor-
mation about application conflicts with Server 2008’s operating system.
Four options are available when enabling Windows Error Reporting: Yes, Automatically send detailed
reports, Yes, automatically send summary reports, Ask me about sending reports every time an error occurs, and I
don’t want to participate and don’t ask me again. Each of these defines the level of opt-in you want.
In addition to error reporting, this screen also allows you to enable your participation in Windows’
Customer Experience Improvement Program. According to Microsoft, the CEIP records:
• Configuration. This reports items like the number of processors in your computer, how many
network connections you use, which version of Windows is running, and if you’ve turned on some
features such as Bluetooth wireless technology or high-speed USB connections.
• Performance and reliability. This records how quickly a program responds when you click a but-
ton, how many problems you experience with a program or a device, and how quickly the network
sends or receives information.
27
Windows Server 2008: What’s New | What’s Changed
• Program use. This reports on items like the features that you use the most often, how often you
use the Help and Support Center, and how many folders you typically create on your desktop.
The system encrypts and automatically submits information to Microsoft via CEIP when you close each
CEIP-enabled application. You configure CEIP-enabled applications individually by the application, so
your Office Experience Improvement Program settings will not affect the settings at this location. This
particular version of the CEIP handles submission of Windows usage characteristics.
When you’ve completed the wizard, the final step in this section is to Download and install updates. This
link connects you to the Windows Update Wizard which begins the process of downloading and install-
ing approved updates.
Server Manager
Once you’ve completed and closed the Initial Configuration Tasks wizard, you’re greeted with a new
MMC console similar to Figure 3-6 called Server Manager. Server Manager is Server 2008’s consoli-
28
Server Management
dation of many of the previously-separated administrative consoles into a single location. This unified
console can manage all the Roles, Role Services, and Features configured for your server. Additionally,
many of the items previously found in the Manage context menu for My Computer are now found
within Server Manager. Heck, you even get to Server Manager by right-clicking on Computer and
choosing Manage.
29
Windows Server 2008: What’s New | What’s Changed
Locals Only
You cannot retarget Server Manager to another server. You use it in managing the local
server only. The same holds true with the command-line version of Server Manager,
which I’ll discuss in a moment.
30
Server Management
I guess my personal explanation for telling them apart would be the following: If Roles
describe jobs to be done like “mowing the yard,” then Role Services are the items that you
use to get that job done, like “the lawn mower” and “the weed whacker.” Features, then,
must be “Other, Semi-Related Jobs” like “scooping the doggy doo from the yard”.
31
Windows Server 2008: What’s New | What’s Changed
32
Server Management
Conversely, if you want to remove a component, you can do so with the –remove switch. To remove the
Telnet client from your server, use:
33
Windows Server 2008: What’s New | What’s Changed
As you can see, using servermanagercmd.exe to install and remove components is relatively easy—if you
know the proper names of the components you want. You can figure out this information by using the
–query switch. This switch not only gives us the list of Roles & Role Services currently installed on the
server, but also provides a tree view of all possible components and their subcomponents. This tree view
goes far in helping you understand where all the new components reside.
Below is a sample of the output when running the –query switch. The list is actually much, much
longer, so I’ve truncated the list just to give you an idea of what it looks like. You’ll see on this server
that the system has already installed the Active Directory Domain Services Role as well as the Active
Directory Domain Controller Role Service:
Note that creating files in the XML format can be challenging. The XML format is both
case-sensitive and, in many ways, more complicated than we’re used to using with our old
.INI file friends.
Now that you’ve looked at how Roles, Role Services, and Features are administered within Server
Manager, here’s a look at a few of the other new features you’ll find located in Server Manager.
Event Viewer
The new Windows Event Viewer is another major feature upgrade from Server 2003. Potentially one
of the most used tools in troubleshooting Windows problems; it’s surprising how few capabilities it has
sported until recently. The new Event Viewer, which first saw the light of day in Windows Vista, now
sports some great new functionality.
• Preview Pane. No longer do you need to double-click events to read their specifics. The preview
pane gives you the ability to browse events in the list much faster.
34
Server Management
• Custom sorting. Whereas with the old Event Viewer you were given only the option of sorting
the list by clicking the title bars at the top of each column, you now gain rich capabilities in sorting
data. Most exciting is the combination of the Date and Time columns into a single Date/Time
column for chronological sorting of events.
• Views. Taking the idea of sorting a step further is the ability to create permanent Views based
on predetermined characteristics. If you’ve always wanted to create a separate Event Log just for
viewing Spooler errors, you can do that by creating and saving it as a View.
• Log Segregation. Though the System, Application, and Security event logs are still around,
Server 2008 now stores events from many Windows subcomponents in their own event logs. One
excellent example of this segregation is Group Policy events, which Server 2008 now stores in a
separate Group Policy log.
• Copy to Clipboard. Ever hated having to retype event log information into a help desk ticket?
Event log now includes Copy Table and Copy Details as Text to copy that information in its entirety
to the Clipboard for you.
• Time-based Event Summary. By clicking the top-level node in Event Viewer, you’ll be greeted
with a list of event categories and a number showing how many of each type has occurred in the
last hour, last 24 hours, last 7 days, and total. This rollup view helps you get an easy understanding
if event traffic has spiked recently.
• Event tasking. A component of Task Scheduler, the new event log can automatically complete a
task when event conditions occur. This gives you the ability to proactively notify yourself or com-
plete a remedial action when an event occurs rather than having to actively review the logs.
• Event subscriptions. One of the best new features, event subscriptions allows for the aggrega-
tion of event log data from multiple systems into a single log. Similar to UNIX’s Syslog, event
subscriptions and event forwarding allow you to align multiple systems’ event information for a
time-based analysis of those systems.
ChkDsk C: /f /r
Shutdown /g /t 300 /d p:1:1 /c “A disk error was detected. Your computer needs to be restarted.”
Give your batch file a name and drop it into an accessible location. Then, enter that batch file’s name
when asked for the program or script to run.
35
Windows Server 2008: What’s New | What’s Changed
Figure 3-9: Event log tasks can fire the launching of a program or script.
Event subscriptions
Though not intended to be an enterprise-ready solution for aggregation of event log data, event sub-
scriptions go far in assisting you when you’re troubleshooting a problem across multiple servers or
between servers and workstations. Event subscriptions require at least two systems to participate. The
forwarder computer is the source for event data and is the computer that forwards selected event log
information to another host. The collector computer is the target for that event data. The collector com-
puter ingests all the forwarded event log information into a preconfigured event log for later reading.
For those times when you’re trying to correlate a problem across multiple devices, this new capability is a
godsend for seeing how different devices interrelate.
Creating an event subscription isn’t hard, but it’s not all that trivial either. There are a number of steps
that you must configure to get a subscription to work:
• From the Collector computer, open the Event Viewer and click the Subscriptions node.
• When prompted, choose to start the Windows Event Collector service. This will also set the service
to start automatically.
• From a command prompt on both the Collector and Forwarder computers, enter the command:
winrm quickconfig. This will start the Windows Remote Management service, set its startup mode
to Automatic, punch a hole in the local firewall, and create a WinRM listener (I’ll talk more about
WinRM in a second).
• Add the computer account of the collector computer to the Administrators group on the forwarder
computer. You may need to reboot for the computer account to pick up the necessary token.
• Create the subscription on the collector computer. This process will involve multiple steps:
o Do this by right-clicking Subscriptions and choosing Create Subscription. In the result-
ing wizard, shown in Figure 3-10, provide a Subscription Name and Description. Also
36
Server Management
here you’ll determine the destination log for incoming data. This defaults to the
Forwarded Events log but you can select any log on the system for storage of remote
events.
o In the box titled Subscription type and source computers, you’ll be given the option to
select which computer will initiate the connection, either Collector initiated or Source
computer initiated. Select your subscription type and click the button next to that type
to enter the computers that will also participate in the subscription. It is possible for
multiple computers to forward events to a Collector computer, but be careful in send-
ing too many events to a Collector computer. Each connection will consume a level of
resources.
o Now you need to select the type of events you’re interested in collecting. Click the
Select Events button and create a Query Filter for the events to collect. This filter can be
as granular as you wish.
o Lastly, click the Advanced button to select the Event Delivery Optimization setting.
Also here, if you want to encrypt event data as it passes between machines, you can
switch the Protocol from HTTP to HTTPS.
Depending on how you plan on using the events in this subscription, there are four options that you
can select for event delivery. By clicking the Advanced button, you’ll see those four options under Event
Delivery Optimization. The Normal option configures the subscription to pull event information five
items at a time with a batch timeout of 15 minutes. The Minimize Bandwidth option increases the
heartbeat interval to 6 hours. You will want to use this option when sufficient bandwidth between
Collector and Forwarder computers is a concern. The Minimize Latency option changes the timeout to
30 seconds.
As you can see, if you’re interested in seeing near real-time data in the Collector’s event log, you’ll want
to choose to minimize the latency in sending events. This option will have an impact on bandwidth. If
you’re merely collecting events for later review, you can slow down the process—and thereby conserve
bandwidth—by minimizing the bandwidth. Your determination will depend on your need for timeli-
ness of seeing subscribed events.
Once you’ve completed the configuration of the subscription, the subscription will automatically start.
If the subscription is set up correctly between the two computers, you’ll see a green check box next to
the newly created subscription and you’ll begin seeing events arriving in the Collector’s configured event
log shortly.
At any point, you can right-click the subscription to delete it, check its status, disable it, or retry it if it
has experienced problems.
37
Windows Server 2008: What’s New | What’s Changed
Subscription Problems
Because of the complicated setup associated between subscribed computers, there are a
number of places where subscription problems can occur. Ensure that both computers
are running the Windows Remote Management service and that firewalls are not block-
ing traffic. Also, ensure that the Collector computer is running the Windows Event
Collector service.
38
Server Management
39
Windows Server 2008: What’s New | What’s Changed
40
Server Management
Start will begin a collection interval using the configured collectors. You can set a collection interval
to run for a number of minutes or until the data size reaches a certain level. Once the collection has
completed, you can then review the report associated with this collector set within the Reports node.
Navigate to Data Collector Sets | Reports | System Performance and you will see a report named with
today’s date. Click that report to view it. The report, which looks similar to Figure 3-13 shows a snap-
shot view of the server during the collection period. Scheduling these reports to occur on a regular basis
provides you with a comprehensive look at the utilization of your server.
41
Windows Server 2008: What’s New | What’s Changed
Figure 3-14: Data Manager removes or relocates old log data as log size grows.
Task Scheduler
Task Scheduler also gets a major facelift for Server 2008, gaining some much-desired scheduling capa-
bilities as well as a bigger role to play in exposing system-level tasks to the administrator. Personally, I
really like the added exposure that you get with this improved Task Scheduler, specifically in being able
to see otherwise previously hidden system tasks.
For example, Server 2008 automatically configures an automatic defragmentation operation at install
to occur at 1:00a every Wednesday. You can see this in Server Manager by navigating to Configuration
| Task Scheduler | Task Scheduler Library | Microsoft | Windows | Defrag. In previous versions of the O/S,
I’d have to dig into the defrag utility to locate this information. But, with Server 2008 you sched-
ule many system operations like this one from the same place. Scheduled Tasks becomes the central
clearinghouse for user-generated as well as system events. Even better, since Server 2008 exposes sys-
tem-level tasks like this one inside Task Scheduler, I can choose to change the time or day of the week
that task kicks off.
The ability to schedule tasks has improved markedly with the addition of multiple scheduling. With
previous O/S versions, you were only allowed to create a single schedule for starting a task. This was
problematic when you wanted that task to run, for example, for the first and last week of the month.
Doing this used to involve either some fancy scripting or the creation of multiple tasks with different
schedules. Both were painful.
You now create tasks with a set of Triggers. You can assign multiple triggers to a task’s Action. Even
better, triggers need not necessarily be time-based. You can schedule a task to run at log on, at startup,
42
Server Management
on idle, on an Event Log event, as well as other activities or on a time-based schedule. So, now it is pos-
sible as shown in Figure 3-15 to configure an event to occur at multiple times, such as if you want it to
run every day at noon, every third Friday, as well as every time a user logs onto the server.
43
Windows Server 2008: What’s New | What’s Changed
software. The block-level backup also means that you can back up a Windows server as a whole unit,
making bare-metal restore options a reality using just the native tools.
Windows Server Backup can store files on DVD or remote file shares and enhances disk space con-
servation by managing disk space. Depending on how you schedule the backups, the backup process
will automatically remove older backups as the target disk runs out of space. You can configure disks
to be used on a rotating basis so that you can move them to off-site storage as part of a regular rotation
program.
Creating and scheduling a new backup is relatively self-explanatory, but the new restore features are
worth discussing. As discussed before, if you capture a Full Server backup for the server in question, the
system includes all of the necessary bits to perform a bare-metal recovery to a similar piece of hardware.
With earlier operating systems, attempting to restore a full server was often a hairy experience. You first
installed a new O/S, and then restored the backup files atop that basic instance. Now, with Server 2008,
the restore process is a single step.
To complete a bare-metal recovery, first boot the system from either a Server 2008 or Vista installation
DVD. Then, select Repair your computer when prompted and under Choose a recovery tool select Windows
Complete PC Restore. The system will prompt you for the location of the backup files, which can be
either locally stored or on another server. Navigate to the correct backup file. When asked to Choose
how to restore the backup, select the option to Format and repartition disks. The bare-metal restoration will
complete. Once complete, reboot the server to return it to the exact state where it was at the time of the
initial backup.
Windows Server Backup also has some excellent new features that support the backup and restore of
Active Directory. I’ll discuss those features in detail in Chapter 6.
44
Server Management
Command-line Restore
You can also complete a bare-metal restoration via the command line. The native wbad-
min tool can do this from within the Windows Recovery Environment. To use wbadmin,
boot from the O/S media and select the Command Prompt option when asked for a
recovery tool. Then, use:
To identify the correct backup version for the command above, you can use:
The wbadmin tool also works within a running operating system, but without the bare-
metal restoration option. It is possible within a running operating system to start backups
and view backup information as well as start a System State Recovery.
Disk Management
There’s not a lot new in Disk Management between Server 2003 and Server 2008. But the one new
feature that you’ll definitely appreciate is the ability to resize NTFS disks on the fly. This means that it
is now possible to both expand and shrink NTFS disks without requiring a restart and dismount of the
file system.
45
Windows Server 2008: What’s New | What’s Changed
The wizard will identify the amount of disk space that is currently unused and can therefore be shrunk.
Select the new size and click the Shrink button to start the process. Shrinking operations do not
remove the disk from use, so this process can occur while the server is operational.
In the old days you used the Resource Kit tool DISKPART to do much of this disk management, but
even DISKPART didn’t have the ability to shrink volumes. With Server 2008, DISKPART gets a few
new options for identifying disk parameters and performing actions:
• Attributes. Displays, sets, and clears attributes about a selected volume.
• Automount. Enables or disables a volume from automounting at system startup. Also can
remove stale mount point directories and registry settings.
• Filesystems. Displays information about the filesystem for the volume currently in focus.
• Format. Formats a volume. Includes typical items that you can configure at format time like set-
ting volume labels and enabling compression on the drive.
• GPT. Assigns GPT attributes to the GUID partition table. This is an advanced function.
• Setid. Sets the partition type field for the partition in focus. This is an advanced function.
• Shrink. This shrinks the size of the volume in focus.
Windows PowerShell
Server 2008 natively includes Windows PowerShell and continues Microsoft’s involvement with mak-
ing PowerShell its command shell of choice. It is, however, not installed by default. PowerShell arrives
as a Feature and you must install it like the other Features to be used via Server Manager.
To read more about what PowerShell is and why it will soon be the command shell of choice for all
Windows administrators, here is a peek at a short section from Don Jones’ and Jeff Hicks’ recent book,
Windows PowerShell: TFM by SAPIEN Press:
Administrators of UNIX and Linux systems (collectively referred to as “*nix” throughout
this book) have always had the luxury of administrative scripting. In fact, most *nix
operating systems are built on a command-line interface (CLI). The graphical operating
environment of *nix systems—often the “X Windows” environment—is itself a type
of shell; the operating system is fully-functional without this graphical interface. This
presents a powerful combination: Because the operating system is typically built from
the command-line, there’s nothing you can’t do, from an administrative sense, from the
command-line. That’s why *nix administrators are so fond of scripting languages like
Python and Perl: They can accomplish real administration tasks with them.
Windows, however, has always been different. When a Microsoft product group sat down
to develop a new feature—say, the Windows DNS Server software—they had certain
tasks that were simply required. First and foremost, of course, was the actual product
46
Server Management
functionality—such as the DNS Server service, the bit of the software that actually
performs as a DNS server. Some form of management interface was also required, and
the Windows Common Engineering Criteria specified that the minimum management
interface was a Microsoft Management Console (MMC) snap-in—that is, a graphical
administrative interface. If they had extra time, the product team might create a Windows
Management Instrumentation (WMI) provider, “connecting” their product to WMI, or
they might develop a few command-line utilities or Component Object Model (COM)
objects, allowing for some scriptable administrative capability. Rarely did the WMI or
COM interfaces fully duplicate all the functionality available in the graphical console; this
often meant that some administrative tasks could be accomplished via the command-
line or a language like VBScript, but you couldn’t do everything that way. You’d always be
back in the graphical console for something, at some point.
Not that graphical interfaces are bad, mind you. After all, they’re how Microsoft has
made billions from the Windows operating system. But clicking buttons and checkboxes
can only go so fast, and with commonly-performed tasks like creating new users,
manual button-clicking is not only tedious, it’s prone to mistakes and inconsistencies.
Administrators of *nix systems have spent the better part of a decade laughing at
Windows’ pitiable administrative automation, and third parties have done very well
creating tools like AutoIt or KiXtart to help “fill in the gaps” for Windows’ automation
capabilities.
That’s no longer the case, though. Windows PowerShell is now a part of the Windows
Common Engineering Criteria, and it occupies a similar position of importance with
product groups outside the Windows operating system. Now, administrative functionality
is built in Windows PowerShell first. Any other form of administration, including
graphical consoles, utilize the Windows PowerShell-based functionality. Essentially,
graphical consoles are merely “script wizards” that run PowerShell commands in the
background to accomplish whatever they’re doing. Exchange Server 2007 is the first
example of this: The graphical console simply runs PowerShell commands to do whatever
corresponds to the buttons you click (the console even helpfully displays the commands
it’s running, so you can use those as examples to learn from). In fact, that graphical
console only exposes roughly 80% of the product’s total functionality: For everything
else, you have to use the PowerShell command-line. PowerShell is now the single source
for administrative functionality; as it is a command-line interface, that means every piece
of functionality can potentially be scripted or automated!
Of course, only new Microsoft products conform to this vision. Even Windows Server
2008 doesn’t, since its development—under the code-name “Longhorn”—began prior
to PowerShell’s availability. But the next version of Windows will have to be built on
PowerShell. It’s a huge step, and it’s a major change for the way administrators work with
Windows. A change, we might add, that we feel is definitely for the better.
When you open a new PowerShell window, you’re actually running a program called
PowerShell.exe. It’s a small application—just about 300 kilobytes, in fact. It’s job is to
fire up the real PowerShell, what we call the “PowerShell engine,” an application written
in C# and housed in a DLL file. PowerShell.exe—called a hosting application—is what
provides you with the command-line interface to issue instructions to the PowerShell
47
Windows Server 2008: What’s New | What’s Changed
engine, and provides you with a means of reviewing the results that the engine generates.
You operate PowerShell primarily by running cmdlets (pronounces, “command-lets”).
These are special mini-applications written in a .NET language, such as C# or Visual
Basic. They’re designed to run exclusively within PowerShell, and they form the basis
of PowerShell’s functionality. For example, PowerShell comes with about 130 cmdlets
built-in, including ones that work with services, permissions, processes, WMI, and more.
More cmdlets can be “snapped in” to PowerShell. Exchange Server 2007, for example,
snaps in about 300 or so additional cmdlets which handle Exchange administration tasks.
Most cmdlets provide instant gratification: Open PowerShell, type Get-Service, and press
Enter, and you’ll see a list of services installed on your computer. But that’s really just
scratching the surface: These cmdlets can, as you’ll learn, do much more.
If you haven’t taken the time yet to dig a little into PowerShell, you probably should before the advent
of Server 2008. As Don and Jeff say, most recently with the release of Exchange 2007, PowerShell is
quickly becoming the command line of choice for Microsoft and its products.
48
Server Management
Figure 3-17: The Memory Diagnostics Tool tests for bad memory conditions.
You can configure three scopes of testing—Basic, Standard, and Extended—by hitting the F1 key once
the test begins. The system bases the differences between these three scopes on the number and types
of tests performed on the memory. Obviously, the more tests you run, the longer the testing will take to
complete but the more accurate the result. You can run tests multiple times if desired or set them to run
indefinitely. Similar to Figure 3-18, the system displays results once the tests complete, the system has
rebooted, and the administrator logs back in.
49
Windows Server 2008: What’s New | What’s Changed
This command will provide some useful inventory information about the local machine to the screen.
But what if you want to enumerate information from a remote computer? To get specifics of the cur-
rently running processes on a remote computer use the command:
winrm get wmicimv2/Win32_Process –r:{remote host}
Event log subscriptions make use of WinRM to pass event log data from Forwarder computer to
Collector computer. It is likely that you’ll begin seeing more uses of this tool as time progresses.
One tool that you can use today is Windows Remote Shell (WinRS), which enables you to run a script or
executable on a remote system. WinRS operates similar to how the Sysinternals tool PSExec works. It
runs the desired command locally on the remote system, enabling you to do things like request ipconfig
–all information from a remote computer. You’ll quickly find when I talk about Server Core in Chapter
5 that WinRS will become your friend for completing actions when not at the console of your Server
Core systems.
Another very useful use of WinRS is in the remote installation of MSI-packaged software. For many
software installations packaged as an MSI, you can use WinRS to install it to a remote computer using
the following command:
winrs –r:{remote host} msiexec.exe /i {msi file} /quiet
Though both of these tools likely will have limited use at present outside the world of management
software developers, it’s good to know that Microsoft recognizes the need for remote tools for systems
management. These two are good forays into fulfilling that need. Though, between you and me, I’ll still
use PSExec for the time being…
Summary
In this chapter I’ve taken the time to review some of the new and improved management tools you’ll
recognize right off the bat when you complete the installation of your first Server 2008 system. I’ve
talked about Server Manager and how it encapsulates many (though not all!) of the separate consoles of
50
Server Management
old. I’ve also gone into detail on some other management toolsets that you’ll want to know to make the
job of managing your Windows Servers that much easier.
In the next chapter, I’ll take what you’ve learned here in terms of individual system management and
talk about the changes to centralized Windows management and Group Policy. In that chapter I’ll take
a look at how Group Policy has changed (completely for the better) and some of the new ways you can
control and lock down your systems using this powerful tool.
51