Sams windows server 2008 r2 unleashed (2010) (at ti-ca)

1681

TAGS:

Transcript of Sams windows server 2008 r2 unleashed (2010) (at ti-ca)

  1. 1. Windows Server 2008 R2 UNLEASHED 800 East 96th Street, Indianapolis, Indiana 46240 USA Rand Morimoto, Ph.D., MCITP Michael Noel, MVP, MCITP Omar Droubi, MCSE Ross Mistry, MVP, MCITP Chris Amaris, MCSE, CISSP Technical Edit by Guy Yardeni
  2. 2. Windows Server 2008 R2 Unleashed Copyright 2010 by Pearson Education, Inc. All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ISBN-13: 978-0-672-33092-6 ISBN-10: 0-672-33092-X The Library of Congress Cataloging-in-Publication Data is on file. Printed in the United States of America First Printing January 2010 Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Sams Publishing cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possi- ble, but no warranty or fitness is implied. The information provided is on an as is basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of it. Bulk Sales Sams Publishing offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact U.S. Corporate and Government Sales 1-800-382-3419 [email protected] For sales outside of the U.S., please contact International Sales [email protected] Editor-in-Chief Karen Gettman Executive Editor Neil Rowe Development Editor Mark Renfrow Managing Editor Kristy Hart Project Editor Betsy Harris Copy Editor Karen Annett Indexer WordWise Publishing Services Proofreaders Water Crest Publishing Williams Woods Publishing Technical Editor Guy Yardeni Publishing Coordinator Cindy Teeters Book Designer Gary Adair Compositor Jake McFarland Contributing Writers Alex Lewis, CISSP, MVP Colin Spence, MCP, MCTS Jeff Guillet, MVP, MCITP, CISSP Jon Skoog, MCSE, CISSP Stefan Garaygay, MCSE Tyson Kopczynski, CISSP, GSEC, GCIH, MCTS
  3. 3. Contents at a Glance Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Part I Windows Server 2008 R2 Overview 1 Windows Server 2008 R2 Technology Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2 Planning, Prototyping, Migrating, and Deploying Windows Server 2008 R2 Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 3 Installing Windows Server 2008 R2 and Server Core. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Part II Windows Server 2008 R2 Active Directory 4 Active Directory Domain Services Primer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 5 Designing a Windows Server 2008 R2 Active Directory . . . . . . . . . . . . . . . . . . . . . . . 149 6 Designing Organizational Unit and Group Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . 175 7 Active Directory Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 8 Creating Federated Forests and Lightweight Directories. . . . . . . . . . . . . . . . . . . . . . . 227 9 Integrating Active Directory in a UNIX Environment . . . . . . . . . . . . . . . . . . . . . . . . . 245 Part III Networking Services 10 Domain Name System and IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 11 DHCP/WINS/Domain Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 12 Internet Information Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 Part IV Security 13 Server-Level Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 14 Transport-Level Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441 15 Security Policies, Network Policy Server, and Network Access Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 Part V Migrating to Windows Server 2008 R2 16 Migrating from Windows Server 2003/2008 to Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 17 Compatibility Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
  4. 4. Part VI Windows Server 2008 R2 Administration and Management 18 Windows Server 2008 R2 Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549 19 Windows Server 2008 R2 Group Policies and Policy Management. . . . . . . . . 585 20 Windows Server 2008 R2 Management and Maintenance Practices . . . . . . . 639 21 Automating Tasks Using PowerShell Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699 22 Documenting a Windows Server 2008 R2 Environment . . . . . . . . . . . . . . . . . . . . . . 763 23 Integrating System Center Operations Manager 2007 R2 with Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793 Part VII Remote and Mobile Technologies 24 Server-to-Client Remote Access and DirectAccess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 849 25 Remote Desktop Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921 Part VIII Desktop Administration 26 Windows Server 2008 R2 Administration Tools for Desktops. . . . . . . . . . . . . . . . 987 27 Group Policy Management for Network Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023 Part IX Fault-Tolerance Technologies 28 File System Management and Fault Tolerance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1097 29 System-Level Fault Tolerance (Clustering/Network Load Balancing). . . . . 1173 30 Backing Up the Windows Server 2008 R2 Environment. . . . . . . . . . . . . . . . . . . . . 1227 31 Recovering from a Disaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1267 Part X Optimizing, Tuning, Debugging, and Problem Solving 32 Optimizing Windows Server 2008 R2 for Branch Office Communications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1305 33 Logging and Debugging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1345 34 Capacity Analysis and Performance Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1391 Part XI Integrated Windows Application Services 35 Windows SharePoint Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1433 36 Windows Media Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1483 37 Deploying and Using Windows Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1515 Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1553
  5. 5. Table of Contents Introduction 1 Part I Windows Server 2008 R2 Overview 1 Windows Server 2008 R2 Technology Primer 5 Windows Server 2008 R2 Defined. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 When Is the Right Time to Migrate?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Versions of Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Whats New and Whats the Same About Windows Server 2008 R2? . . . . . . . 16 Changes in Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Windows Server 2008 R2 Benefits for Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Improvements in Security in Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . 26 Improvements in Mobile Computing in Windows Server 2008 R2. . . . . . . . . . 28 Improvements in Windows Server 2008 R2 for Better Branch Office Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Improvements for Thin Client Remote Desktop Services. . . . . . . . . . . . . . . . . . . . . . . 33 Improvements in Clustering and Storage Area Network Support. . . . . . . . . . . . . 37 Addition of Migration Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Improvements in Server Roles in Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . 40 Identifying Which Windows Server 2008 R2 Service to Install or Migrate to First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 2 Planning, Prototyping, Migrating, and Deploying Windows Server 2008 R2 Best Practices 49 Determining the Scope of Your Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Identifying the Business Goals and Objectives to Implement Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Identifying the Technical Goals and Objectives to Implement Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 The Discovery Phase: Understanding the Existing Environment. . . . . . . . . . . . . 59 The Design Phase: Documenting the Vision and the Plan . . . . . . . . . . . . . . . . . . . . . 63 The Migration Planning Phase: Documenting the Process for Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 The Prototype Phase: Creating and Testing the Plan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
  6. 6. The Pilot Phase: Validating the Plan to a Limited Number of Users. . . . . . . . . 75 The Migration/Implementation Phase: Conducting the Migration or Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 3 Installing Windows Server 2008 R2 and Server Core 83 Preplanning and Preparing a Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Installing a Clean Version of Windows Server 2008 R2 Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Upgrading to Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Understanding Server Core Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Managing and Configuring a Server Core Installation. . . . . . . . . . . . . . . . . . . . . . . . . 105 Performing an Unattended Windows Server 2008 R2 Installation . . . . . . . . . 111 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Part II Windows Server 2008 R2 Active Directory 4 Active Directory Domain Services Primer 113 Examining the Evolution of Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Understanding the Development of AD DS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Examining AD DSs Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Outlining AD DSs Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Understanding Domain Trusts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Defining Organizational Units. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Outlining the Role of Groups in an AD DS Environment . . . . . . . . . . . . . . . . . . . . 127 Explaining AD DS Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Outlining the Role of DNS in AD DS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Outlining AD DS Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Outlining AD DS Changes in Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . 134 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 5 Designing a Windows Server 2008 R2 Active Directory 149 Understanding AD DS Domain Design. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Choosing a Domain Namespace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Examining Domain Design Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Choosing a Domain Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Understanding the Single Domain Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Windows Server 2008 R2 Unleashedvi
  7. 7. Understanding the Multiple Domain Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Understanding the Multiple Trees in a Single Forest Model. . . . . . . . . . . . . . . . . . 160 Understanding the Federated Forests Design Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Understanding the Empty-Root Domain Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Understanding the Placeholder Domain Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Understanding the Special-Purpose Domain Design Model . . . . . . . . . . . . . . . . . . 169 Renaming an AD DS Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 6 Designing Organizational Unit and Group Structure 175 Defining Organizational Units in AD DS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Defining AD Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Examining OU and Group Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Starting an OU Design. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Using OUs to Delegate Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Group Policies and OU Design. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Understanding Group Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Exploring Sample Design Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 7 Active Directory Infrastructure 195 Understanding AD DS Replication in Depth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Understanding Active Directory Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Planning Replication Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Outlining Windows Server 2008 R2 IPv6 Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 Detailing Real-World Replication Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Deploying Read-Only Domain Controllers (RODCs) . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 8 Creating Federated Forests and Lightweight Directories 227 Keeping a Distributed Environment in Sync. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Active Directory Federation Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Synchronizing Directory Information with Forefront Identity Manager (FIM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236 Harnessing the Power and Potential of FIM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Contents vii
  8. 8. 9 Integrating Active Directory in a UNIX Environment 245 Understanding and Using Windows Server 2008 R2 UNIX Integration Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Reviewing the Subsystem for UNIX-Based Applications (SUA) . . . . . . . . . . . . . . 252 Understanding the Identity Management for UNIX Components . . . . . . . . . 253 Administrative Improvements with Windows Server 2008 R2 . . . . . . . . . . . . . . 256 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Part III Networking Services 10 Domain Name System and IPv6 259 Understanding the Need for DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Getting Started with DNS on Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . 263 Resource Records. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Understanding DNS Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Performing Zone Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 Understanding DNS Queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Other DNS Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Understanding the Evolution of Microsoft DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 DNS in Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286 DNS in an Active Directory Domain Services Environment. . . . . . . . . . . . . . . . . . 288 Troubleshooting DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 IPv6 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 How to Configure IPv6 on Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Secure DNS with DNSSEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 11 DHCP/WINS/Domain Controllers 325 Understanding the Key Components of an Enterprise Network . . . . . . . . . . . . 326 Exploring the Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . 328 Exploring DHCP Changes in Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . 336 Enhancing DHCP Reliability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 Implementing Redundant DHCP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 Exploring Advanced DHCP Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Securing DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Reviewing the Windows Internet Naming Service (WINS) . . . . . . . . . . . . . . . . . . . 361 Installing and Configuring WINS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Planning, Migrating, and Maintaining WINS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Exploring Global Catalog Domain Controller Placement. . . . . . . . . . . . . . . . . . . . . 370 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Windows Server 2008 R2 Unleashedviii
  9. 9. 12 Internet Information Services 377 Understanding Internet Information Services (IIS) 7.5 . . . . . . . . . . . . . . . . . . . . . . . . 377 Planning and Designing Internet Information Services 7.5 . . . . . . . . . . . . . . . . . . 382 Installing and Upgrading IIS 7.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Installing and Configuring Websites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389 Installing and Configuring FTP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397 Securing Internet Information Services 7.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Part IV Security 13 Server-Level Security 419 Defining Windows Server 2008 R2 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 Deploying Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 Using the Integrated Windows Firewall with Advanced Security . . . . . . . . . . . 424 Hardening Server Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 Examining File-Level Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429 Additional Security Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 Using Windows Server Update Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 14 Transport-Level Security 441 Introduction to Transport-Level Security in Windows Server 2008 R2. . . . 442 Deploying a Public Key Infrastructure with Windows Server 2008 R2 . . . . 443 Understanding Active Directory Certificate Services (AD CS) in Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444 Active Directory Rights Management Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 Using IPSec Encryption with Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . 454 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 15 Security Policies, Network Policy Server, and Network Access Protection 459 Understanding Network Access Protection (NAP) in Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 Deploying a Windows Server 2008 R2 Network Policy Server . . . . . . . . . . . . . . . 462 Enforcing Policy Settings with a Network Policy Server . . . . . . . . . . . . . . . . . . . . . . . 465 Deploying and Enforcing a Virtual Private Network (VPN) Using an RRAS Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481 Contents ix
  10. 10. Part V Migrating to Windows Server 2008 R2 16 Migrating from Windows Server 2003/2008 to Windows Server 2008 R2 483 Beginning the Migration Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484 Big Bang Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487 Phased Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491 Multiple Domain Consolidation Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523 17 Compatibility Testing 525 The Importance of Compatibility Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526 Preparing for Compatibility Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Researching Products and Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534 Verifying Compatibility with Vendors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 Microsoft Assessment and Planning (MAP) Toolkit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542 Lab-Testing Existing Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543 Documenting the Results of the Compatibility Testing . . . . . . . . . . . . . . . . . . . . . . . 546 Determining Whether a Prototype Phase Is Required. . . . . . . . . . . . . . . . . . . . . . . . . . 546 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548 Part VI Windows Server 2008 R2 Administration and Management 18 Windows Server 2008 R2 Administration 549 Defining the Administrative Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550 Examining Active Directory Site Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551 Configuring Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554 Examining Windows Server 2008 R2 Active Directory Groups. . . . . . . . . . . . . . 562 Creating Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564 Managing Users with Local Security and Group Policies. . . . . . . . . . . . . . . . . . . . . . 568 Managing Printers with the Print Management Console . . . . . . . . . . . . . . . . . . . . . 576 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583 19 Windows Server 2008 R2 Group Policies and Policy Management 585 Group Policy Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585 Group Policy ProcessingHow Does It Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586 Local Group Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 Security Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590 Elements of Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591 Windows Server 2008 R2 Unleashedx
  11. 11. Group Policy Administrative Templates Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603 Policy Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 Designing a Group Policy Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616 GPO Administrative Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637 20 Windows Server 2008 R2 Management and Maintenance Practices 639 Going Green with Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640 Initial Configuration Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641 Managing Windows Server 2008 R2 Roles and Features. . . . . . . . . . . . . . . . . . . . . . . 643 Server Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647 Server Manager Diagnostics Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652 Server Manager Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657 Server Manager Storage Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661 Auditing the Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665 Managing Windows Server 2008 R2 Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674 Using Common Practices for Securing and Managing Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679 Keeping Up with Service Packs and Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681 Maintaining Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696 21 Automating Tasks Using PowerShell Scripting 699 Understanding Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700 Introduction to PowerShell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702 Understanding the PowerShell Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705 Using Windows PowerShell. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762 22 Documenting a Windows Server 2008 R2 Environment 763 Benefits of Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764 Types of Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765 Planning to Document the Windows Server 2008 R2 Environment. . . . . . . 766 Knowledge Sharing and Knowledge Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766 Windows Server 2008 R2 Project Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767 Administration and Maintenance Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 780 Network Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784 Disaster Recovery Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785 Change Management Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 788 Contents xi
  12. 12. Performance Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 788 Baselining Records for Documentation Comparisons. . . . . . . . . . . . . . . . . . . . . . . . . . 789 Routine Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 789 Security Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 790 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791 23 Integrating System Center Operations Manager 2007 R2 with Windows Server 2008 R2 793 Windows Server 2008 R2 Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 794 Whats New in OpsMgr R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796 Explaining How OpsMgr Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796 Outlining OpsMgr Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 798 Understanding How to Use OpsMgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802 Understanding OpsMgr Component Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805 Understanding Advanced OpsMgr Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807 Securing OpsMgr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811 Installing Operations Manager 2007 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 814 Configuring Operations Manager 2007 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822 Monitoring DMZ Servers with Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 831 Using Operations Manager 2007 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 837 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 846 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 846 Part VII Remote and Mobile Technologies 24 Server-to-Client Remote Access and DirectAccess 849 VPN in Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 850 Authentication Options to an RRAS System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 856 VPN Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 858 DirectAccess in Windows Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 863 Choosing Between Traditional VPN Technologies and DirectAccess. . . . . . . 873 Traditional VPN Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876 DirectAccess Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 898 Connection Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 919 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 919 25 Remote Desktop Services 921 Why Implement Remote Desktop Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922 How Remote Desktop Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925 Understanding the Name Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 928 Windows Server 2008 R2 Unleashedxii
  13. 13. Understanding Remote Desktop Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 928 Planning for Remote Desktop Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 947 Deploying Remote Desktop Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953 Securing Remote Desktop Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 979 Supporting Remote Desktop Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 984 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985 Part VIII Desktop Administration 26 Windows Server 2008 R2 Administration Tools for Desktops 987 Managing Desktops and Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 988 Operating System Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 989 Windows Server 2008 R2 Windows Deployment Services . . . . . . . . . . . . . . . . . . . . 991 Installing Windows Deployment Services (WDS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 994 Creating Discover Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1005 Creating Custom Installations Using Capture Images. . . . . . . . . . . . . . . . . . . . . . . . 1016 General Desktop Administration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1020 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021 27 Group Policy Management for Network Clients 1023 The Need for Group Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024 Windows Group Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025 Group Policy Feature Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1028 Planning Workgroup and Standalone Local Group Policy Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033 Planning Domain Group Policy Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1036 Managing Computers with Domain Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045 Managing Users with Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1070 Managing Active Directory with Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1076 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1095 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1096 Part IX Fault-Tolerance Technologies 28 File System Management and Fault Tolerance 1097 Windows Server 2008 R2 File System Overview/Technologies . . . . . . . . . . . . . 1097 File System Access Services and Technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1102 Windows Server 2008 R2 Disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105 Utilizing External Disk Subsystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1109 Managing Windows Server 2008 R2 Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1109 Contents xiii
  14. 14. System File Reliability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118 Adding the File Services Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1120 Managing Data Access Using Windows Server 2008 R2 Shares . . . . . . . . . . . . 1122 Volume-Based NTFS Quota Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1128 File Server Resource Manager (FSRM). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1130 The Distributed File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1147 Planning a DFS Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1152 Installing DFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1155 Managing and Troubleshooting DFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163 Backing Up DFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1166 Using the Volume Shadow Copy Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1167 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1170 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1170 29 System-Level Fault Tolerance (Clustering/Network Load Balancing) 1173 Building Fault-Tolerant Windows Server 2008 R2 Systems. . . . . . . . . . . . . . . . . . 1174 Windows Server 2008 R2 Clustering Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1177 Determining the Correct Clustering Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1182 Overview of Failover Clusters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1184 Deploying Failover Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1191 Backing Up and Restoring Failover Clusters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1211 Deploying Network Load Balancing Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1215 Managing NLB Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1223 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1225 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1225 30 Backing Up the Windows Server 2008 R2 Environment 1227 Understanding Your Backup and Recovery Needs and Options . . . . . . . . . . . 1228 Creating the Disaster Recovery Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1232 Documenting the Enterprise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1234 Developing a Backup Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1234 Windows Server Backup Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1235 Using Windows Server Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239 Managing Backups Using the Command-Line Utility wbadmin.exe and PowerShell Cmdlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1246 Backing Up Windows Server 2008 R2 Role Services. . . . . . . . . . . . . . . . . . . . . . . . . . . 1248 Volume Shadow Copy Service (VSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1262 Windows Server 2008 R2 Startup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1264 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265 Windows Server 2008 R2 Unleashedxiv
  15. 15. 31 Recovering from a Disaster 1267 Ongoing Backup and Recovery Preparedness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1267 When Disasters Strike. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1271 Disaster Scenario Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1274 Recovering from a Server or System Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1277 Managing and Accessing Windows Server Backup Media . . . . . . . . . . . . . . . . . . . 1285 Windows Server Backup Volume Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1287 Recovering Role Services and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1291 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1302 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1302 Part X Optimizing, Tuning, Debugging, and Problem Solving 32 Optimizing Windows Server 2008 R2 for Branch Office Communications 1305 Understanding Read-Only Domain Controllers (RODCs) . . . . . . . . . . . . . . . . . . . 1306 Installing a Read-Only Domain Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1310 Understanding BitLocker Drive Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1323 Configuring BitLocker Drive Encryption on a Windows Server 2008 R2 Branch Office Domain Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1326 Understanding and Deploying BranchCache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1333 Enhancing Replication and WAN Utilization at the Branch Office. . . . . . . 1339 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1342 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1342 33 Logging and Debugging 1345 Using the Task Manager for Logging and Debugging. . . . . . . . . . . . . . . . . . . . . . . . . 1345 Using Event Viewer for Logging and Debugging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1350 Performance and Reliability Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1359 Setting Baseline Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1369 Using the Debugging Tools Available in Windows Server 2008 R2. . . . . . . 1371 Task Scheduler. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1382 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1388 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1389 34 Capacity Analysis and Performance Optimization 1391 Defining Capacity Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1391 Using Capacity-Analysis Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1395 Monitoring System Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1415 Optimizing Performance by Server Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1423 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1430 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1430 Contents xv
  16. 16. Part XI Integrated Windows Application Services 35 Windows SharePoint Services 1433 Understanding the History of SharePoint Technologies . . . . . . . . . . . . . . . . . . . . . 1434 What Are the Differences Between Windows SharePoint Services 3.0 and SharePoint Server 2007?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1436 Identifying the Need for Windows SharePoint Services. . . . . . . . . . . . . . . . . . . . . . 1439 Installing Windows SharePoint Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1440 Lists and Libraries in Windows SharePoint Services 3.0 . . . . . . . . . . . . . . . . . . . . . 1453 Integrating Office 2007 Applications with Windows SharePoint Services 3.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1469 Managing the Site Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1475 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1479 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1481 36 Windows Media Services 1483 Understanding Windows Media Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1484 Installing Windows Media Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1489 Using Windows Media Services for Real-Time Live Broadcasts . . . . . . . . . . . . 1492 Broadcasting Stored Single Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1495 Hosting a Directory of Videos for On-Demand Playback. . . . . . . . . . . . . . . . . . . . 1498 Combining Multiple Files for a Combined Single Broadcast . . . . . . . . . . . . . . . 1501 Understanding Windows Media Encoder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1504 Broadcasting a Live Event. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1506 Capturing Audio or Video for Future Playback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1508 Using Other Windows Media Encoder Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1510 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1512 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1512 37 Deploying and Using Windows Virtualization 1515 Understanding Microsofts Virtualization Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1515 Integration of Hypervisor Technology in Windows Server 2008 . . . . . . . . . . 1517 Planning Your Implementation of Hyper-V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1519 Installation of the Microsoft Hyper-V Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1522 Becoming Familiar with the Hyper-V Administrative Console . . . . . . . . . . . . 1524 Installing a Guest Operating System Session. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1529 Modifying Guest Session Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1533 Launching a Hyper-V Guest Session. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1535 Using Snapshots of Guest Operating System Sessions. . . . . . . . . . . . . . . . . . . . . . . . 1538 Quick Migration and Live Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1540 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1550 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1551 Index 1553 Windows Server 2008 R2 Unleashedxvi
  17. 17. About the Authors Rand H. Morimoto, Ph.D., MVP, MCITP, CISSP, has been in the computer industry for over 30 years and has authored, coauthored, or been a contributing writer for dozens of books on Windows, Security, Exchange, BizTalk, and Remote and Mobile Computing. Rand is the president of Convergent Computing, an IT-consulting firm in the San Francisco Bay area that has been one of the key early adopter program partners with Microsoft, implementing beta versions of Microsoft Windows Server 2008 R2, Windows 7, Exchange Server 2010, and SharePoint 2010 in production environments over 18 months before the initial product releases. Michael Noel, MCITP, CISSP, MVP, is an internationally recognized technology expert, best-selling author, and well-known public speaker on a broad range of IT topics. He authored multiple major industry books that have been translated into more than a dozen languages worldwide. Significant titles include SharePoint 2010 Unleashed, Microsoft Exchange Server 2010 Unleashed, SharePoint 2007 Unleashed, Exchange Server 2007 Unleashed, ISA Server 2006 Unleashed, and many more. Currently a partner at Convergent Computing (www.cco.com) in the San Francisco Bay area, Michaels writing and extensive public- speaking experience across six continents leverage his real-world expertise in helping organizations realize business value from Information Technology infrastructure. Omar Droubi, MCSE, has been in the computer industry since 1992 and during this time has coauthored several of Sams Publishing best-selling books, including Microsoft Windows Server 2003 Unleashed and Windows Server 2008 Unleashed, and Omar has been a contributing writer and technical reviewer on several other books on Windows Server 2003, Windows Server 2008, and Exchange Server 2000, 2003, and 2007. Omar has been involved in testing, designing, and prototyping Windows Server 2008 and Windows Server 2008 R2 infrastructures for the past four years, and has primarily focused on upgrading existing networks and utilizing many of the new roles and features included in the product. Also during this time, Omar has assisted several organizations with the development of technical road maps, planning and executing domain and server consoli- dation and virtualization projects, and deploying Exchange Server 2007 for organizations of all sizes. Ross Mistry, MVP, MCITP, is a principal consultant and partner at Convergent Computing, an author, and a Microsoft MVP. With over a decade of experience, Ross focuses on designing and implementing Windows, Active Directory, Hyper-V, Exchange Server, and SQL Server solutions for Fortune 500 organizations located in the Silicon Valley. His specialties include upgrades, migrations, high availability, security, and virtual- ization. Ross has also taken on the roles of lead author, contributing writer, and technical editor for many best-selling books published by Sams. His recent works include SQL Server 2008 Management and Administration, Exchange Server 2010 Unleashed, and Windows Server 2008 Unleashed. Ross writes technical articles for many sites including TechTarget.com and frequently speaks at international conferences around the world. You can follow him on Twitter @RossMistry.
  18. 18. Chris Amaris, MCSE, CISSP/ISSAP, CHS III, is the chief technology officer and cofounder of Convergent Computing. He has more than 20 years experience consulting for Fortune 500 companies, leading companies in the technology selection, design, plan- ning, and implementation of complex Information Technology projects. Chris has worked with Microsoft Windows since version 1.0 in 1985. He specializes in messaging, security, performance tuning, systems management, and migration. A Certified Information Systems Security Professional (CISSP) with an Information System Security Architecture Professional (ISSAP) concentration, Certified Homeland Security (CHS III), Windows 2003 MCSE, Novell CNE, Banyan CBE, and a Certified Project Manager, Chris is also an author, writer, and technical editor for a number of IT books, including Network Security for Government and Corporate Executives, Microsoft Exchange Server 2010 Unleashed, and Microsoft Operations Manager 2005 Unleashed. Chris presents on messaging, operations management, security, and Information Technology topics worldwide.
  19. 19. Dedications Kelly and Chip asked that I dedicate this book to our cat Lady. Meow! Rand H. Morimoto, Ph.D., MVP, MCITP, CISSP This book is dedicated to my brother Joey, his wife Mary, and my new nephew Avery. Your love for life is an inspiration and a joy to behold. Michael Noel, MCSE+I, CISSP, MCSA, MVP This book is dedicated to my lovely wife Colby Lucretia Crews Droubi and my two boys Omar Khalil Droubi and Jamil Kingsley Droubi Love you guys. Omar Droubi I dedicate this book to my parents Aban and Keki Mistry. Thanks for constantly pushing me in the right direction. Your hard work and sacrifices throughout the years are much appreciated. And in loving memory of my uncle Minoo Mistry. Thanks for treating Sherry and me like gold when we last visited Vancouver. You will be missed. Ross Mistry, MVP, MCITP I dedicate this book to my lovely wife, Sophia, whose love and support I cherish. And to my children, Michelle, Megan, Zoe, Zachary, and Ian, for whose sake all the hard work is worthwhile. I also want to dedicate the book to my late father, Jairo Amaris, who taught me to think on many different levels. Chris Amaris, MCSE, MVP, CISSP/ISSAP, CHS III I dedicate this book to my parents, Tsvi and Rachel, for teaching me to always do my best, starting my love for computers, kicking off a life- long addiction with a Commodore 64, and always supporting and nurturing the nerd within. Guy Yardeni, MCSE, MCITP, CISSP
  20. 20. Acknowledgments Rand H. Morimoto, Ph.D., MVP, MCITP, CISSP I want to thank Microsoft (includ- ing Kevin Lane) for allowing us the opportunity to work with the technologies months before general release so that we could put together content for this book! A big thanks goes out to the Sams Publishing team (Neil, Mark, and all the folks behind the scenes) in working with our tight time schedule as we write, edit, and produce a book of this size literally in weeks! A special thanks to Betsy Harris and Karen Annett for really thinking through our writing and editing our content to catch stuff that we would otherwise never catch! I also want to thank the consultants at Convergent Computing and our early adopter clients who fiddle with these new technologies really early on and then take the leap of faith in putting the products into production to experience (and at times feel) the pain as we work through best practices. The early adopter experiences give us the knowledge and experience we need to share with all who use this book as their guide in their production environments based on the lessons learned. To Kelly and Chip, okay, two 1300+ page books back-to-back in 7 months, I might actu- ally not be asleep on my laptop keyboard on the kitchen table in the morning when you wake up! And thank you, Mom, for your constant love and support! For all those after- noons and evenings that you struggled to help me get my homework done because I couldnt string together words into a sentence to write a book report; I guess after all these years and several books later, I can finally say I figured it out. Michael Noel, MCITP, MVP Youd think that after the amount of writing it takes to finish a book like this that writing the acknowledgments would be relatively easy, but the reality is that there are so many people who are involved with the process of getting a book on the shelves (or in your e-reader) that it is impossible to thank them all. Book publishing is a messy, exhaustive business, and Im eternally grateful to the folks at Sams Publishing for their years of hard work turning the scatterbrained ideas of a handful of technical authors into something that is of real value to our readers. A big thanks espe- cially to Neil Rowe, our editor, for putting up with us yet again. I couldnt do any of this without the help of my fellow authors, notably lead author Rand Morimoto. The expertise and cumulative years of experience in this book is mind- boggling, especially when you add in the efforts of the additional contributing writers and of Guy Yardeni, the highly proficient technical editor. And of course, thanks once again to my familyMarina, Julia, Val, and Lizafor putting up with what is now the fifteenth time that I have disappeared into my lab to furiously write another of these books. Your love and devotion is the fuel that keeps me going.
  21. 21. Omar Droubi There are many people I would like to thank and acknowledge. Many of the customers, colleagues, and business associates I currently work with and have done business with in the past have inspired me and assisted me in my career as an Information Technology consultant and in my writing career. First, without question, I would like to thank Rand Morimoto, Sams Publishing, and the other coauthors and contributing writers of this book and my previous books. Without them, my book-writing achievements would not be possible. Next, I would like to personally thank Jim McBee, Ricardo Hernandez, Marcus Bradford, Hadi Droubi, Stefan Garaygay, Ray Wan, Raul Alcaraz, Domenic Pacini, and Roberto Alcantar. Thank you all for your support over the years. Ross Mistry, MVP, MCITP I would like to thank my wife Sherry for doing an excep- tional job raising our children in my absence. I know it is not easy with my long hours, clients, conferences, and writing back-to-back books. For this I am very grateful and recognize all the hard work and dedication you devote to our children Kyanna and Kaden. Many thanks to Rand Morimoto, my fellow coauthors, and the team at Sams Publishing. It has been great working together on another title. A special thinks to my children. I am so proud of both of you. Live life to the fullest chase happiness and good health, not money. Finally, to my long-time mentor Rustom Saddiq, thank you for guiding me through. The time is now Chris Amaris, MCSE, MVP, CISSP Thanks, Rand, for the opportunity to work with you again on another book. The books keep getting bigger, the chapters longer, and the technologies more complicated, all of which Im sure helps keep my brain young. Your guidance and example is invaluable. Id also like to thank Microsoft for developing the sophisticated virtualization technolo- gies like Hyper-V and Remote Desktop, which make developing and working with the complicated virtual lab environments for the book incredibly easier. And, as always, a huge thanks to my children for their hard work and efforts to do well in school while Im lost in those virtual labs.
  22. 22. We Want to Hear from You! As the reader of this book, you are our most important critic and commentator. We value your opinion and want to know what were doing right, what we could do better, what areas youd like to see us publish in, and any other words of wisdom youre willing to pass our way. You can email or write me directly to let me know what you did or didnt like about this bookas well as what we can do to make our books stronger. Please note that I cannot help you with technical problems related to the topic of this book, and that due to the high volume of mail I receive, I might not be able to reply to every message. When you write, please be sure to include this books title and author as well as your name and phone or email address. I will carefully review your comments and share them with the author and editors who worked on the book. Email: [email protected] Mail: Neil Rowe Executive Editor Sams Publishing 800 East 96th Street Indianapolis, IN 46240 USA Reader Services Visit our website and register this book at informit.com/register for convenient access to any updates, downloads, or errata that might be available for this book.
  23. 23. Introduction Windows Server 2008 R2 is the latest release of the Windows Server operating system. Over the years, it has evolved quite dramatically from the early days of Windows NT Server, Windows 2000, Windows 2003, or even Windows 2008. With the release of Windows Server 2008 R2, Microsoft again has introduced a number of new technologies intended to help IT professionals improve their ability to provide network services to the clients they serve. Weve had the opportunity to write a book on every version of Windows Server over the past two decades, and when we set out to write this book, we wanted to once again provide you, the reader, with a lot of really valuable information. Instead of just market- ing fluff that talks about features and functions, we wanted to really dig down into the product and share with you best practices on planning, preparing, implementing, migrat- ing, and supporting a Windows Server 2008 R2 environment. Even though the original Windows Server 2008 released in early 2008 and Windows 2008 R2 released late in the summer of 2009, weve been fortunate enough to work with these operating system releases for more than 2 years in priority early adopter programs. The thing about being involved with a product so early on is that our first experiences with these products were without any documentation, Help files that provided guidance, or any shared experiences from others. We had to learn Windows Server 2008 R2 from expe- rience, usually the hard way, but that has given us a distinct advantage of knowing the product forward and backward better than anyone could ever imagine. And we started to implement Windows Server 2008 R2 in production environments for a select group of our enterprise customers more than a year before the product releasewhere organizations were depending on the server operating system to run key areas of their business. So the pages of this book are filled with years of experience with Windows Server 2008 and 2008 R2, live production environment best practices, and fully updated with RTM code specifics that will hopefully help you design, plan, prototype, implement, migrate, administer, and support your Windows Server 2008 R2 environment! This book is organized into 11 parts, each part focusing on core Windows Server 2008 R2 areas, with several chapters making up each part. The parts of the book are as follows: . Part I: Windows Server 2008 R2 OverviewThis part provides an introduction to Windows Server 2008 R2 not only to give a general technology overview, but also to note what is truly new in Windows Server 2008 R2 that made it compelling enough for organizations to implement the technology in beta in production envi- ronments. We also cover basic planning, prototype testing, and migration tech- niques, as well as provide a full chapter on the installation of Windows Server 2008 R2 as well as the GUI-less Windows Server Core.
  24. 24. 2 Windows Server 2008 R2 Unleashed . Part II: Windows Server 2008 R2 Active DirectoryThis part covers Active Directory planning and design. If you have already designed and implemented your Active Directory, you will likely not read through this section of the book in detail. However, you might want to look through the Notes and Tips throughout the chapter, and the best practices at the end of each chapter because we highlight some of the tips and tricks new to Windows Server 2008 R2 that are different from Windows 2000, 2003, and 2008. You might find that limitations or restrictions you faced when designing and implementing Active Directory 2003 and 2008 have now been revised. Topics such as federated forests, lightweight directory services, and identity lifecycle management capabilities might be of interest. . Part III: Networking ServicesThis part covers DNS, DHCP, domain controllers, IPv6, and IIS from the perspective of planning, integrating, migrating, and coexist- ing. Again, just like in Part II, you might find the Notes, Tips, and best practices to have valuable information on features that are new in Windows Server 2008 R2; you might find yourself perusing these chapters to understand whats new and different that you can leverage after a migration to Windows Server 2008 R2. . Part IV: SecuritySecurity is on everyones mind these days, so it was a major enhancement to Windows Server 2008 R2. We actually dedicated three chapters of the book to security, breaking the information into server-level security such as Public Key Infrastructure (PKI) certificate services; transport-level security such as IPSec and NAT traversal; and security policies, Network Access Protection (NAP), and Network Policy Server (NPS) that have been updated in Windows Server 2008 R2. . Part V: Migrating to Windows Server 2008 R2This part is dedicated to the migrations from Windows 2003 and 2008 to Windows Server 2008 R2. We provide a chapter specifically on tips, tricks, best practices, and lessons learned on the plan- ning and migration process to Windows Server 2008 R2. We also have a chapter on application-compatibility testing of applications currently running on earlier versions of Windows Server and how to test and migrate applications to a Windows Server 2008 R2 platform. . Part VI: Windows Server 2008 R2 Administration and ManagementAfter you get Windows Server 2008 R2 in place, you end up spending the rest of your time managing and administering the new operating system platform, so weve dedicated six chapters to administration and management. This section covers the administra- tion and management of users, sites, organizational units, domains, and forests typical of a Windows Server 2008 R2 environment. Although you can continue to perform tasks the way you did in Windows 2000, 2003, and 2008, because of signifi- cant changes in replication, background transaction processing, secured communica- tions, Group Policy management, and Windows PowerShell management tools, there are better ways to work with Windows Server 2008 R2. These chapters drill down into specialty areas helpful to administrators of varying levels of responsibility. This part of the book also has a chapter on managing Windows Server 2008 R2 using System Center Operations Manager 2007.
  25. 25. 3Introduction . Part VII: Remote and Mobile TechnologiesMobility is a key improvement in Windows Server 2008 R2, so this part focuses on enhancements made to Routing and Remote Access Service (RRAS), significant improvements in Remote Desktop Services (formerly Terminal Services), and the introduction of a new remote access technology called DirectAccess. Instead of just providing a remote node connection, Windows Server 2008 R2 provides true end-to-end secured anytime/anywhere access functionality. The chapters in this part highlight best practices on implementing and leveraging these technologies. . Part VIII: Desktop AdministrationAnother major enhancement in Windows Server 2008 R2 is the variety of new tools provided to support better desktop admin- istration, so this part is focused on desktop administration. The chapters in this part go in depth on client-specific group policies, the Group Policy Management Console, Active Directory Administrative Center, Windows PowerShell-based group policies, Windows Deployment Services (WDS), and desktop administration tools in Windows Server 2008 R2. . Part IX: Fault-Tolerance TechnologiesAs networks have become the backbone for information and communications, Windows Server 2008 R2 needed to be reliable and more manageable, and sure enough, Microsoft included several new enhance- ments in fault-tolerant technologies. The four chapters in this part address file system management and file-level fault tolerance in Distributed File System (DFS), clustering, Network Load Balancing, and backup and restore procedures. When these new technologies are implemented in a networking environment, an organization can truly achieve enterprise-level reliability and recoverability. . Part X: Optimizing, Tuning, Debugging, and Problem SolvingThis part of the book covers performance optimization, capacity analysis, logging, and debug- ging to help optimize and solve problems in a Windows Server 2008 R2 networking environment. . Part XI: Integrated Windows Application ServicesThe last part of this book covers core application services integrated in Windows Server 2008 R2, including updates to Windows SharePoint Services and the Windows Media Services compo- nent. It is our hope that the real-world experience we have had in working with Windows Server 2008 R2 and our commitment to relaying to you information that will be valuable in your planning, implementation, and migration to a Windows Server 2008 R2 environment will help you get up to speed on the latest in the Windows Server operating system software!
  26. 26. This page intentionally left blank
  27. 27. CHAPTER 1 Windows Server 2008 R2 Technology Primer IN THIS CHAPTER . Windows Server 2008 R2 Defined . When Is the Right Time to Migrate? . Versions of Windows Server 2008 R2 . Whats New and Whats the Same About Windows Server 2008 R2? . Changes in Active Directory . Windows Server 2008 R2 Benefits for Administration . Improvements in Security in Windows Server 2008 R2 . Improvements in Mobile Computing in Windows Server 2008 R2 . Improvements in Windows Server 2008 R2 for Better Branch Office Support . Improvements for Thin Client Remote Desktop Services . Improvements in Clustering and Storage Area Network Support . Addition of Migration Tools . Improvements in Server Roles in Windows Server 2008 R2 . Identifying Which Windows Server 2008 R2 Service to Install or Migrate to First Windows Server 2008 R2 became available in the summer of 2009. In many ways, it is just the next-genera- tion server operating system update to Windows Server 2008, but in other ways, it is more than just a service pack type update with significant feature enhancements intro- duced in the version release. To the authors of this book, we see the similarities that Windows Server 2008 R2 has in terms of usability and common graphical user interfaces (GUIs) with previous versions of Windows Server that make it easy to jump in and start implementing the new tech- nologies. However, after over two years of early adopter experience with Windows Server 2008 R2 and the Windows 7 client operating system, when properly implemented, the new features and technologies built in to Windows Server 2008 R2 really address shortcomings of previous versions of Windows Server and truly allow IT organizations to help organizations meet their business initiatives through the implementation of key technologies now included in Windows Server 2008 R2. This chapter provides an overview of whats in Windows Server 2008 R2, explains how IT professionals have lever- aged the technologies to improve IT services to their organi- zation, and acts as a guide on where to find more information on these core technology solutions in the various chapters of this book. Windows Server 2008 R2 Defined Windows Server 2008 R2 is effectively the seventh genera- tion of the Windows Server operating system. Upon initial boot, shown in Figure 1.1, Windows Server 2008 R2 looks
  28. 28. 6 CHAPTER 1 Windows Server 2008 R2 Technology Primer like Windows 7 relative to icons, toolbars, and menus. However, because Windows Server 2008 R2 is more of a business functional operating system than a consumer or user operat- ing system, things like the cute Windows Aero 3D interface are not installed by default, and the multimedia features found in the Windows 7 Home or Ultimate versions of the operating system are also not installed and enabled by default. Under the surface, though, and covered through the pages of this chapter are the new technologies and capabilities built in to Windows Server 2008 R2. Windows Server 2008 and Windows Server 2008 R2 Under the Hood Although there are a lot of new features and functions added in to Windows Server 2008 and Windows Server 2008 R2 that are covered in chapters throughout this book, one of the first places I like to start is around the things in Windows Server 2008/2008 R2 that you dont see that make up some of the core capabilities of the new operating system. These are technologies that make the new operating system faster, more reliable, and do more thingsbut they arent features that you have to install or configure. Self-Healing NTFS One of the new embedded technologies in Windows Server 2008 and Windows Server 2008 R2 is self-healing NTFS. Effectively, the operating system has a worker thread that runs in the background, which makes corrections to the file system when NTFS detects a FIGURE 1.1 Windows Server 2008 R2 deskt

System Center Operations Manager 2007 R2 Unleashed ...€¦ · i Kerrie Meyler Cameron Fuller John Joyner Andy Dominey SAMS 800 East 96th Street, Indianapolis, Indiana 46240 USA System

System Center Operations Manager 2007 R2 Unleashed ...€¦ · i Kerrie Meyler Cameron Fuller John Joyner Andy Dominey SAMS 800 East 96th Street, Indianapolis, Indiana 46240 USA System

Metsploit Unleashed

Metsploit Unleashed

Christ Unleashed

Christ Unleashed

Sams Silverlight 4 Unleashed

Sams Silverlight 4 Unleashed

About Unleashed

About Unleashed

Azure unleashed

Azure unleashed

Freestanding TXLC 11960 Dickinson Flyer · Foot Locker kids Finisytine Foot Locker ANNA'S LINENS O SITE Genoa Elementary Fuqua St 45 CHEVROLET CHAMPS dds Sams Sears FOžDARAMA unleashed

Freestanding TXLC 11960 Dickinson Flyer · Foot Locker kids Finisytine Foot Locker ANNA'S LINENS O SITE Genoa Elementary Fuqua St 45 CHEVROLET CHAMPS dds Sams Sears FOžDARAMA unleashed

UNleashed Magazine

UNleashed Magazine

Mind Unleashed

Mind Unleashed

Metasploit Unleashed

Metasploit Unleashed

1 Sams Microsoft Xna Unleashed Jul 2007 Ebook

1 Sams Microsoft Xna Unleashed Jul 2007 Ebook

02 0672330148 ch01 - DZone€¦ · Silverlight 2 Unleashed, published by SAMS, ... The next big step forward in the quest for rich content was the addition of a JavaScript engine

02 0672330148 ch01 - DZone€¦ · Silverlight 2 Unleashed, published by SAMS, ... The next big step forward in the quest for rich content was the addition of a JavaScript engine

Intuition unleashed

Intuition unleashed

India unleashed

India unleashed

Hummingbird unleashed

Hummingbird unleashed

Ditko Unleashed

Ditko Unleashed

System Center 2012 R2 - pearsoncmg.com · System Center 2012 R2 Configuration Manager Supplement to System Center 2012 Configuration Manager (SCCM) UNLEASHED 800 East 96th Street,

System Center 2012 R2 - pearsoncmg.com · System Center 2012 R2 Configuration Manager Supplement to System Center 2012 Configuration Manager (SCCM) UNLEASHED 800 East 96th Street,

Engineering Unleashed

Engineering Unleashed

Songwriting Unleashed

Songwriting Unleashed

Groovy unleashed

Groovy unleashed