Sams windows server 2008 r2 unleashed (2010) (at ti-ca)
Preview:
Citation preview
- 1. Windows Server 2008 R2 UNLEASHED 800 East 96th Street,
Indianapolis, Indiana 46240 USA Rand Morimoto, Ph.D., MCITP Michael
Noel, MVP, MCITP Omar Droubi, MCSE Ross Mistry, MVP, MCITP Chris
Amaris, MCSE, CISSP Technical Edit by Guy Yardeni
- 2. Windows Server 2008 R2 Unleashed Copyright 2010 by Pearson
Education, Inc. All rights reserved. No part of this book shall be
reproduced, stored in a retrieval system, or transmitted by any
means, electronic, mechanical, photocopying, recording, or
otherwise, without written permission from the publisher. No patent
liability is assumed with respect to the use of the information
contained herein. Although every precaution has been taken in the
preparation of this book, the publisher and author assume no
responsibility for errors or omissions. Nor is any liability
assumed for damages resulting from the use of the information
contained herein. ISBN-13: 978-0-672-33092-6 ISBN-10: 0-672-33092-X
The Library of Congress Cataloging-in-Publication Data is on file.
Printed in the United States of America First Printing January 2010
Trademarks All terms mentioned in this book that are known to be
trademarks or service marks have been appropriately capitalized.
Sams Publishing cannot attest to the accuracy of this information.
Use of a term in this book should not be regarded as affecting the
validity of any trademark or service mark. Warning and Disclaimer
Every effort has been made to make this book as complete and as
accurate as possi- ble, but no warranty or fitness is implied. The
information provided is on an as is basis. The authors and the
publisher shall have neither liability nor responsibility to any
person or entity with respect to any loss or damages arising from
the information contained in this book or from the use of it. Bulk
Sales Sams Publishing offers excellent discounts on this book when
ordered in quantity for bulk purchases or special sales. For more
information, please contact U.S. Corporate and Government Sales
1-800-382-3419 corpsales@pearsontechgroup.com For sales outside of
the U.S., please contact International Sales
international@pearson.com Editor-in-Chief Karen Gettman Executive
Editor Neil Rowe Development Editor Mark Renfrow Managing Editor
Kristy Hart Project Editor Betsy Harris Copy Editor Karen Annett
Indexer WordWise Publishing Services Proofreaders Water Crest
Publishing Williams Woods Publishing Technical Editor Guy Yardeni
Publishing Coordinator Cindy Teeters Book Designer Gary Adair
Compositor Jake McFarland Contributing Writers Alex Lewis, CISSP,
MVP Colin Spence, MCP, MCTS Jeff Guillet, MVP, MCITP, CISSP Jon
Skoog, MCSE, CISSP Stefan Garaygay, MCSE Tyson Kopczynski, CISSP,
GSEC, GCIH, MCTS
- 3. Contents at a Glance Introduction . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 1 Part I Windows Server 2008 R2 Overview 1 Windows Server 2008
R2 Technology Primer . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 5 2 Planning, Prototyping,
Migrating, and Deploying Windows Server 2008 R2 Best Practices. . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3 Installing Windows Server 2008 R2 and Server Core. . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 83 Part II Windows Server
2008 R2 Active Directory 4 Active Directory Domain Services Primer.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 113 5 Designing a Windows Server 2008 R2 Active
Directory . . . . . . . . . . . . . . . . . . . . . . . 149 6
Designing Organizational Unit and Group Structure. . . . . . . . .
. . . . . . . . . . . . . . . . . . 175 7 Active Directory
Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 8
Creating Federated Forests and Lightweight Directories. . . . . . .
. . . . . . . . . . . . . . . . 227 9 Integrating Active Directory
in a UNIX Environment . . . . . . . . . . . . . . . . . . . . . . .
. . 245 Part III Networking Services 10 Domain Name System and
IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 259 11 DHCP/WINS/Domain
Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 325 12 Internet
Information Services . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
377 Part IV Security 13 Server-Level Security . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 419 14
Transport-Level Security . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 441 15 Security Policies, Network Policy Server,
and Network Access Protection . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Part V Migrating to Windows Server 2008 R2 16 Migrating from
Windows Server 2003/2008 to Windows Server 2008 R2. . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
483 17 Compatibility Testing. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 525
- 4. Part VI Windows Server 2008 R2 Administration and Management
18 Windows Server 2008 R2 Administration. . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 549 19
Windows Server 2008 R2 Group Policies and Policy Management. . . .
. . . . . 585 20 Windows Server 2008 R2 Management and Maintenance
Practices . . . . . . . 639 21 Automating Tasks Using PowerShell
Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 699 22 Documenting a Windows Server 2008 R2 Environment
. . . . . . . . . . . . . . . . . . . . . . 763 23 Integrating
System Center Operations Manager 2007 R2 with Windows Server 2008
R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793
Part VII Remote and Mobile Technologies 24 Server-to-Client Remote
Access and DirectAccess . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 849 25 Remote Desktop Services . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 921 Part VIII Desktop
Administration 26 Windows Server 2008 R2 Administration Tools for
Desktops. . . . . . . . . . . . . . . . 987 27 Group Policy
Management for Network Clients . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 1023 Part IX Fault-Tolerance Technologies
28 File System Management and Fault Tolerance. . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1097 29 System-Level
Fault Tolerance (Clustering/Network Load Balancing). . . . . 1173
30 Backing Up the Windows Server 2008 R2 Environment. . . . . . . .
. . . . . . . . . . . . . 1227 31 Recovering from a Disaster . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 1267 Part X Optimizing,
Tuning, Debugging, and Problem Solving 32 Optimizing Windows Server
2008 R2 for Branch Office Communications. . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 1305 33 Logging and
Debugging. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1345 34 Capacity Analysis and Performance Optimization . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 1391 Part XI Integrated
Windows Application Services 35 Windows SharePoint Services. . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 1433 36 Windows Media Services.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 1483 37
Deploying and Using Windows Virtualization . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 1515 Index. . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 1553
- 5. Table of Contents Introduction 1 Part I Windows Server 2008
R2 Overview 1 Windows Server 2008 R2 Technology Primer 5 Windows
Server 2008 R2 Defined. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
When Is the Right Time to Migrate?. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10 Versions of Windows Server 2008 R2 . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12 Whats New and Whats the Same About Windows Server 2008 R2? . . .
. . . . 16 Changes in Active Directory . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 20 Windows Server 2008 R2 Benefits for
Administration. . . . . . . . . . . . . . . . . . . . . . . . . . .
22 Improvements in Security in Windows Server 2008 R2 . . . . . . .
. . . . . . . . . . . . . . . . . . 26 Improvements in Mobile
Computing in Windows Server 2008 R2. . . . . . . . . . 28
Improvements in Windows Server 2008 R2 for Better Branch Office
Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 30 Improvements for
Thin Client Remote Desktop Services. . . . . . . . . . . . . . . .
. . . . . . . 33 Improvements in Clustering and Storage Area
Network Support. . . . . . . . . . . . . 37 Addition of Migration
Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Improvements in Server Roles in Windows Server 2008 R2. . . . . . .
. . . . . . . . . . . . . 40 Identifying Which Windows Server 2008
R2 Service to Install or Migrate to First . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 46 Best Practices. . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 47 2 Planning, Prototyping, Migrating, and
Deploying Windows Server 2008 R2 Best Practices 49 Determining the
Scope of Your Project . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 50 Identifying the
Business Goals and Objectives to Implement Windows Server 2008 R2.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 50 Identifying the Technical Goals and Objectives
to Implement Windows Server 2008 R2. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 53 The
Discovery Phase: Understanding the Existing Environment. . . . . .
. . . . . . . 59 The Design Phase: Documenting the Vision and the
Plan . . . . . . . . . . . . . . . . . . . . . 63 The Migration
Planning Phase: Documenting the Process for Migration . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 67 The Prototype Phase: Creating and Testing the
Plan. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
73
- 6. The Pilot Phase: Validating the Plan to a Limited Number of
Users. . . . . . . . . 75 The Migration/Implementation Phase:
Conducting the Migration or Installation. . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 79 Best Practices. . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 80 3 Installing Windows Server 2008 R2 and
Server Core 83 Preplanning and Preparing a Server Installation . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Installing a Clean Version of Windows Server 2008 R2 Operating
System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 89 Upgrading to
Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 98 Understanding
Server Core Installation . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 103 Managing and
Configuring a Server Core Installation. . . . . . . . . . . . . . .
. . . . . . . . . . 105 Performing an Unattended Windows Server
2008 R2 Installation . . . . . . . . . 111 Summary . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 111 Best Practices . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Part
II Windows Server 2008 R2 Active Directory 4 Active Directory
Domain Services Primer 113 Examining the Evolution of Directory
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 114 Understanding the Development of AD DS. . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Examining AD DSs Structure. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 116 Outlining AD DSs Components. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 119 Understanding Domain Trusts . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 124 Defining Organizational Units. . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 126 Outlining the Role of Groups in an
AD DS Environment . . . . . . . . . . . . . . . . . . . . 127
Explaining AD DS Replication . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 129 Outlining the Role of DNS in AD DS. . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 131 Outlining AD DS Security . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 133 Outlining AD DS Changes in Windows Server
2008 R2. . . . . . . . . . . . . . . . . . . . . . . 134 Summary .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 146 Best Practices . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 146 5 Designing a Windows Server 2008 R2 Active Directory 149
Understanding AD DS Domain Design. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Choosing a Domain Namespace. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
151 Examining Domain Design Features . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
153 Choosing a Domain Structure. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 154 Understanding the Single Domain Model . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
155 Windows Server 2008 R2 Unleashedvi
- 7. Understanding the Multiple Domain Model. . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Understanding the Multiple Trees in a Single Forest Model. . . . .
. . . . . . . . . . . . . 160 Understanding the Federated Forests
Design Model. . . . . . . . . . . . . . . . . . . . . . . . . . . .
162 Understanding the Empty-Root Domain Model . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 165 Understanding the
Placeholder Domain Model . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 167 Understanding the Special-Purpose
Domain Design Model . . . . . . . . . . . . . . . . . . 169
Renaming an AD DS Domain . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 170 Summary . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 173 Best Practices
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 173 6 Designing Organizational Unit and Group
Structure 175 Defining Organizational Units in AD DS . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 176 Defining AD Groups . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 178 Examining OU and Group Design . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 182 Starting an OU Design. . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 182 Using OUs
to Delegate Administration. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 184 Group Policies
and OU Design. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Understanding Group Design . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 186 Exploring Sample Design Models . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 188 Summary . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Best
Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 193 7 Active Directory
Infrastructure 195 Understanding AD DS Replication in Depth. . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
195 Understanding Active Directory Sites . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
200 Planning Replication Topology . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 207 Outlining Windows Server 2008 R2 IPv6 Support. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 213 Detailing
Real-World Replication Designs . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 216 Deploying
Read-Only Domain Controllers (RODCs) . . . . . . . . . . . . . . .
. . . . . . . . . . . . 220 Summary . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
224 Best Practices . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 225 8 Creating Federated
Forests and Lightweight Directories 227 Keeping a Distributed
Environment in Sync. . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 227 Active Directory Federation
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 232 Synchronizing Directory
Information with Forefront Identity Manager (FIM) . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Harnessing the Power and Potential of FIM. . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 240 Summary . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 243 Best Practices . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 243 Contents vii
- 8. 9 Integrating Active Directory in a UNIX Environment 245
Understanding and Using Windows Server 2008 R2 UNIX Integration
Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 245 Reviewing the Subsystem for
UNIX-Based Applications (SUA) . . . . . . . . . . . . . . 252
Understanding the Identity Management for UNIX Components . . . . .
. . . . 253 Administrative Improvements with Windows Server 2008 R2
. . . . . . . . . . . . . . 256 Summary . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 258 Best Practices . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 258 Part III
Networking Services 10 Domain Name System and IPv6 259
Understanding the Need for DNS . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
260 Getting Started with DNS on Windows Server 2008 R2 . . . . . .
. . . . . . . . . . . . . . . . . 263 Resource Records. . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
266 Understanding DNS Zones . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 270 Performing Zone Transfers . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 274 Understanding DNS Queries. . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 276 Other DNS Components.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Understanding the Evolution of Microsoft DNS. . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 285 DNS in Windows Server
2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 286 DNS in an Active
Directory Domain Services Environment. . . . . . . . . . . . . . .
. . . 288 Troubleshooting DNS. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 292 IPv6 Introduction. . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
How to Configure IPv6 on Windows Server 2008 R2 . . . . . . . . . .
. . . . . . . . . . . . . . . . 311 Secure DNS with DNSSEC . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 316 Summary . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 323 Best Practices . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
323 11 DHCP/WINS/Domain Controllers 325 Understanding the Key
Components of an Enterprise Network . . . . . . . . . . . . 326
Exploring the Dynamic Host Configuration Protocol (DHCP) . . . . .
. . . . . . . . . 328 Exploring DHCP Changes in Windows Server 2008
R2. . . . . . . . . . . . . . . . . . . . . . . . 336 Enhancing
DHCP Reliability. . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
345 Implementing Redundant DHCP Services . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Exploring Advanced DHCP Concepts. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Securing DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 359 Reviewing the Windows Internet
Naming Service (WINS) . . . . . . . . . . . . . . . . . . . 361
Installing and Configuring WINS . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
364 Planning, Migrating, and Maintaining WINS . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 368 Exploring
Global Catalog Domain Controller Placement. . . . . . . . . . . . .
. . . . . . . . 370 Summary . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 374 Windows Server 2008 R2
Unleashedviii
- 9. 12 Internet Information Services 377 Understanding Internet
Information Services (IIS) 7.5 . . . . . . . . . . . . . . . . . .
. . . . . . 377 Planning and Designing Internet Information
Services 7.5 . . . . . . . . . . . . . . . . . . 382 Installing and
Upgrading IIS 7.5. . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Installing and Configuring Websites . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Installing and Configuring FTP Services . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Securing Internet Information Services 7.5. . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Summary .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 416 Best Practices . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 417 Part IV Security 13 Server-Level Security 419 Defining
Windows Server 2008 R2 Security. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 419 Deploying Physical
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Using the Integrated Windows Firewall with Advanced Security . . .
. . . . . . . . 424 Hardening Server Security. . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 427 Examining File-Level Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 429 Additional
Security Mechanisms . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 Using
Windows Server Update Services . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 434 Summary . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 440 Best Practices . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 440 14 Transport-Level Security 441 Introduction to
Transport-Level Security in Windows Server 2008 R2. . . . 442
Deploying a Public Key Infrastructure with Windows Server 2008 R2 .
. . . 443 Understanding Active Directory Certificate Services (AD
CS) in Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 444 Active Directory Rights Management Services . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
451 Using IPSec Encryption with Windows Server 2008 R2 . . . . . .
. . . . . . . . . . . . . . . . . 454 Summary . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 456 Best Practices . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 456 15 Security
Policies, Network Policy Server, and Network Access Protection 459
Understanding Network Access Protection (NAP) in Windows Server
2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Deploying a Windows Server 2008 R2 Network Policy Server . . . . .
. . . . . . . . . . 462 Enforcing Policy Settings with a Network
Policy Server . . . . . . . . . . . . . . . . . . . . . . . 465
Deploying and Enforcing a Virtual Private Network (VPN) Using an
RRAS Server. . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 473 Summary . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 480 Best
Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 481 Contents ix
- 10. Part V Migrating to Windows Server 2008 R2 16 Migrating
from Windows Server 2003/2008 to Windows Server 2008 R2 483
Beginning the Migration Process. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 484 Big Bang Migration. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 487 Phased Migration . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Multiple Domain Consolidation Migration . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 505 Summary . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 522 Best Practices . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
523 17 Compatibility Testing 525 The Importance of Compatibility
Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 526 Preparing for Compatibility Testing . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 527 Researching Products and Applications .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 534 Verifying Compatibility with Vendors. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 537 Microsoft Assessment and Planning (MAP) Toolkit.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
Lab-Testing Existing Applications . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 543 Documenting the Results of the Compatibility Testing . . . .
. . . . . . . . . . . . . . . . . . . 546 Determining Whether a
Prototype Phase Is Required. . . . . . . . . . . . . . . . . . . .
. . . . . . 546 Summary . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 Best
Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 548 Part VI Windows Server 2008 R2
Administration and Management 18 Windows Server 2008 R2
Administration 549 Defining the Administrative Model . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 550 Examining Active Directory Site Administration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
Configuring Sites. . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 554 Examining Windows Server 2008 R2
Active Directory Groups. . . . . . . . . . . . . . 562 Creating
Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 564 Managing Users with Local Security and
Group Policies. . . . . . . . . . . . . . . . . . . . . . 568
Managing Printers with the Print Management Console . . . . . . . .
. . . . . . . . . . . . . 576 Summary . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 582 Best Practices . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 583 19 Windows Server
2008 R2 Group Policies and Policy Management 585 Group Policy
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 585 Group Policy ProcessingHow Does It Work? . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 586 Local Group
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 588 Security Templates. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 590 Elements of Group
Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
Windows Server 2008 R2 Unleashedx
- 11. Group Policy Administrative Templates Explained . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 603 Policy Management
Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
Designing a Group Policy Infrastructure . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616 GPO
Administrative Tasks. . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 619 Summary . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 637 Best
Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 637 20 Windows Server 2008 R2
Management and Maintenance Practices 639 Going Green with Windows
Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 640 Initial Configuration Tasks. . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 641 Managing Windows Server
2008 R2 Roles and Features. . . . . . . . . . . . . . . . . . . . .
. . 643 Server Manager . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 647 Server Manager
Diagnostics Page. . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 652 Server
Manager Configuration Page . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657
Server Manager Storage Page . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 661 Auditing the Environment . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 665 Managing Windows Server 2008 R2
Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 674 Using Common Practices for Securing and Managing
Windows Server 2008 R2 . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 679 Keeping Up with Service
Packs and Updates. . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 681 Maintaining Windows Server 2008 R2. .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 685 Summary . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696
Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 696 21 Automating Tasks Using
PowerShell Scripting 699 Understanding Shells . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 700 Introduction to
PowerShell . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702
Understanding the PowerShell Basics. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
Using Windows PowerShell. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 732 Summary . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 762 Best
Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 762 22 Documenting a Windows Server
2008 R2 Environment 763 Benefits of Documentation . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 764 Types of Documents . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765
Planning to Document the Windows Server 2008 R2 Environment. . . .
. . . 766 Knowledge Sharing and Knowledge Management . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 766 Windows Server
2008 R2 Project Documents. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 767 Administration and Maintenance
Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 780 Network Infrastructure . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 784 Disaster Recovery
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 785 Change
Management Procedures . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 788
Contents xi
- 12. Performance Documentation. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 788 Baselining Records for Documentation Comparisons.
. . . . . . . . . . . . . . . . . . . . . . . . . 789 Routine
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 789 Security Documentation . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 790 Summary . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 791 Best Practices . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 791 23
Integrating System Center Operations Manager 2007 R2 with Windows
Server 2008 R2 793 Windows Server 2008 R2 Monitoring. . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 794 Whats New in OpsMgr R2 . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 796 Explaining How OpsMgr Works . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 796 Outlining OpsMgr Architecture. . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 798 Understanding How to Use
OpsMgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 802 Understanding OpsMgr
Component Requirements . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 805 Understanding Advanced OpsMgr Concepts . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807
Securing OpsMgr. . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 811 Installing Operations Manager 2007
R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 814 Configuring Operations Manager 2007 R2 .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 822 Monitoring DMZ Servers with Certificates . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
831 Using Operations Manager 2007 R2. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
837 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 846 Best Practices . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 846 Part VII Remote and Mobile Technologies 24
Server-to-Client Remote Access and DirectAccess 849 VPN in Windows
Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 850
Authentication Options to an RRAS System . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 856 VPN
Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 858 DirectAccess in Windows Server
2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 863 Choosing Between Traditional VPN
Technologies and DirectAccess. . . . . . . 873 Traditional VPN
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
876 DirectAccess Scenario . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 898 Connection Manager . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 916 Summary . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 919 Best Practices . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
919 25 Remote Desktop Services 921 Why Implement Remote Desktop
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 922 How Remote Desktop Works . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 925 Understanding the Name Change .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 928 Windows Server 2008 R2
Unleashedxii
- 13. Understanding Remote Desktop Services . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 928
Planning for Remote Desktop Services . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 947
Deploying Remote Desktop Services . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953
Securing Remote Desktop Services. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
979 Supporting Remote Desktop Services . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
981 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 984 Best Practices . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 985 Part VIII Desktop Administration 26 Windows
Server 2008 R2 Administration Tools for Desktops 987 Managing
Desktops and Servers . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 988
Operating System Deployment Options . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 989 Windows
Server 2008 R2 Windows Deployment Services . . . . . . . . . . . .
. . . . . . . . 991 Installing Windows Deployment Services (WDS). .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 994
Creating Discover Images. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 1005 Creating Custom Installations Using Capture Images.
. . . . . . . . . . . . . . . . . . . . . . . 1016 General Desktop
Administration Tasks . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 1020 Summary . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 1021 Best Practices . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 1021 27 Group
Policy Management for Network Clients 1023 The Need for Group
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024
Windows Group Policies . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 1025 Group Policy Feature Set . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 1028 Planning Workgroup and
Standalone Local Group Policy Configuration . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033
Planning Domain Group Policy Objects. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 1036 Managing
Computers with Domain Policies. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 1045 Managing Users with
Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 1070 Managing
Active Directory with Policies. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 1076 Summary . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 1095 Best Practices . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1096 Part
IX Fault-Tolerance Technologies 28 File System Management and Fault
Tolerance 1097 Windows Server 2008 R2 File System
Overview/Technologies . . . . . . . . . . . . . 1097 File System
Access Services and Technologies. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 1102 Windows Server 2008 R2
Disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1105 Utilizing
External Disk Subsystems . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 1109 Managing
Windows Server 2008 R2 Disks . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 1109 Contents xiii
- 14. System File Reliability. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 1118 Adding the File Services Role . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 1120 Managing Data Access
Using Windows Server 2008 R2 Shares . . . . . . . . . . . . 1122
Volume-Based NTFS Quota Management . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 1128 File Server
Resource Manager (FSRM). . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 1130 The
Distributed File System . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 1147 Planning a DFS Deployment. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 1152 Installing DFS . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 1155 Managing and
Troubleshooting DFS. . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1163 Backing Up DFS.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 1166 Using the Volume Shadow Copy Service. . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1167 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 1170 Best Practices . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 1170 29 System-Level Fault Tolerance
(Clustering/Network Load Balancing) 1173 Building Fault-Tolerant
Windows Server 2008 R2 Systems. . . . . . . . . . . . . . . . . .
1174 Windows Server 2008 R2 Clustering Technologies . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 1177 Determining the
Correct Clustering Technology . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 1182 Overview of Failover Clusters. . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 1184 Deploying Failover Clusters .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1191 Backing Up and
Restoring Failover Clusters. . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 1211 Deploying Network Load
Balancing Clusters . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 1215 Managing NLB Clusters . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 1223 Summary . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 1225 Best Practices . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 1225 30 Backing
Up the Windows Server 2008 R2 Environment 1227 Understanding Your
Backup and Recovery Needs and Options . . . . . . . . . . . 1228
Creating the Disaster Recovery Solution . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 1232
Documenting the Enterprise. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 1234 Developing a Backup Strategy . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 1234 Windows Server Backup Overview . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 1235 Using Windows Server Backup . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 1239 Managing Backups Using the Command-Line
Utility wbadmin.exe and PowerShell Cmdlets . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 1246 Backing Up Windows Server 2008 R2
Role Services. . . . . . . . . . . . . . . . . . . . . . . . . . .
1248 Volume Shadow Copy Service (VSS) . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1262 Windows Server 2008 R2 Startup Options . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 1264 Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 1265 Best Practices . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1265 Windows Server 2008 R2 Unleashedxiv
- 15. 31 Recovering from a Disaster 1267 Ongoing Backup and
Recovery Preparedness . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 1267 When Disasters Strike. . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1271 Disaster
Scenario Troubleshooting . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1274
Recovering from a Server or System Failure . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 1277 Managing and
Accessing Windows Server Backup Media . . . . . . . . . . . . . . .
. . . . 1285 Windows Server Backup Volume Recovery . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1287
Recovering Role Services and Features . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1291
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 1302 Best Practices . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 1302 Part X Optimizing, Tuning, Debugging, and Problem
Solving 32 Optimizing Windows Server 2008 R2 for Branch Office
Communications 1305 Understanding Read-Only Domain Controllers
(RODCs) . . . . . . . . . . . . . . . . . . . 1306 Installing a
Read-Only Domain Controller . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 1310 Understanding BitLocker
Drive Encryption . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 1323 Configuring BitLocker Drive Encryption
on a Windows Server 2008 R2 Branch Office Domain Controller. . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1326 Understanding and Deploying BranchCache . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 1333 Enhancing
Replication and WAN Utilization at the Branch Office. . . . . . .
1339 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 1342 Best Practices . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 1342 33 Logging and Debugging 1345 Using the Task
Manager for Logging and Debugging. . . . . . . . . . . . . . . . .
. . . . . . . . 1345 Using Event Viewer for Logging and Debugging.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1350
Performance and Reliability Monitoring . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 1359 Setting
Baseline Values . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 1369 Using the Debugging Tools Available in Windows Server
2008 R2. . . . . . . 1371 Task Scheduler. . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1382
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 1388 Best Practices . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 1389 34 Capacity Analysis and Performance Optimization 1391
Defining Capacity Analysis. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 1391 Using Capacity-Analysis Tools. . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 1395 Monitoring System Performance . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 1415 Optimizing Performance by Server Roles. . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 1423 Summary . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 1430 Best
Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 1430 Contents xv
- 16. Part XI Integrated Windows Application Services 35 Windows
SharePoint Services 1433 Understanding the History of SharePoint
Technologies . . . . . . . . . . . . . . . . . . . . . 1434 What
Are the Differences Between Windows SharePoint Services 3.0 and
SharePoint Server 2007?. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1436
Identifying the Need for Windows SharePoint Services. . . . . . . .
. . . . . . . . . . . . . . 1439 Installing Windows SharePoint
Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 1440 Lists and Libraries in Windows
SharePoint Services 3.0 . . . . . . . . . . . . . . . . . . . . .
1453 Integrating Office 2007 Applications with Windows SharePoint
Services 3.0. . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 1469 Managing the Site Collection.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 1475 Summary . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 1479 Best Practices . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 1481 36
Windows Media Services 1483 Understanding Windows Media Services. .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 1484 Installing Windows Media Services . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 1489 Using Windows Media Services for Real-Time Live
Broadcasts . . . . . . . . . . . . 1492 Broadcasting Stored Single
Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 1495 Hosting a
Directory of Videos for On-Demand Playback. . . . . . . . . . . . .
. . . . . . . 1498 Combining Multiple Files for a Combined Single
Broadcast . . . . . . . . . . . . . . . 1501 Understanding Windows
Media Encoder . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 1504 Broadcasting a Live Event. . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 1506 Capturing Audio or
Video for Future Playback . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 1508 Using Other Windows Media Encoder
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 1510 Summary . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1512 Best Practices .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 1512 37 Deploying and Using Windows Virtualization
1515 Understanding Microsofts Virtualization Strategy . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 1515 Integration of
Hypervisor Technology in Windows Server 2008 . . . . . . . . . .
1517 Planning Your Implementation of Hyper-V . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 1519
Installation of the Microsoft Hyper-V Role . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 1522 Becoming
Familiar with the Hyper-V Administrative Console . . . . . . . . .
. . . 1524 Installing a Guest Operating System Session. . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1529
Modifying Guest Session Configuration Settings . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 1533 Launching a Hyper-V
Guest Session. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 1535 Using Snapshots of
Guest Operating System Sessions. . . . . . . . . . . . . . . . . .
. . . . . . 1538 Quick Migration and Live Migration . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 1540 Summary . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 1550 Best
Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 1551 Index 1553 Windows Server 2008 R2
Unleashedxvi
- 17. About the Authors Rand H. Morimoto, Ph.D., MVP, MCITP,
CISSP, has been in the computer industry for over 30 years and has
authored, coauthored, or been a contributing writer for dozens of
books on Windows, Security, Exchange, BizTalk, and Remote and
Mobile Computing. Rand is the president of Convergent Computing, an
IT-consulting firm in the San Francisco Bay area that has been one
of the key early adopter program partners with Microsoft,
implementing beta versions of Microsoft Windows Server 2008 R2,
Windows 7, Exchange Server 2010, and SharePoint 2010 in production
environments over 18 months before the initial product releases.
Michael Noel, MCITP, CISSP, MVP, is an internationally recognized
technology expert, best-selling author, and well-known public
speaker on a broad range of IT topics. He authored multiple major
industry books that have been translated into more than a dozen
languages worldwide. Significant titles include SharePoint 2010
Unleashed, Microsoft Exchange Server 2010 Unleashed, SharePoint
2007 Unleashed, Exchange Server 2007 Unleashed, ISA Server 2006
Unleashed, and many more. Currently a partner at Convergent
Computing (www.cco.com) in the San Francisco Bay area, Michaels
writing and extensive public- speaking experience across six
continents leverage his real-world expertise in helping
organizations realize business value from Information Technology
infrastructure. Omar Droubi, MCSE, has been in the computer
industry since 1992 and during this time has coauthored several of
Sams Publishing best-selling books, including Microsoft Windows
Server 2003 Unleashed and Windows Server 2008 Unleashed, and Omar
has been a contributing writer and technical reviewer on several
other books on Windows Server 2003, Windows Server 2008, and
Exchange Server 2000, 2003, and 2007. Omar has been involved in
testing, designing, and prototyping Windows Server 2008 and Windows
Server 2008 R2 infrastructures for the past four years, and has
primarily focused on upgrading existing networks and utilizing many
of the new roles and features included in the product. Also during
this time, Omar has assisted several organizations with the
development of technical road maps, planning and executing domain
and server consoli- dation and virtualization projects, and
deploying Exchange Server 2007 for organizations of all sizes. Ross
Mistry, MVP, MCITP, is a principal consultant and partner at
Convergent Computing, an author, and a Microsoft MVP. With over a
decade of experience, Ross focuses on designing and implementing
Windows, Active Directory, Hyper-V, Exchange Server, and SQL Server
solutions for Fortune 500 organizations located in the Silicon
Valley. His specialties include upgrades, migrations, high
availability, security, and virtual- ization. Ross has also taken
on the roles of lead author, contributing writer, and technical
editor for many best-selling books published by Sams. His recent
works include SQL Server 2008 Management and Administration,
Exchange Server 2010 Unleashed, and Windows Server 2008 Unleashed.
Ross writes technical articles for many sites including
TechTarget.com and frequently speaks at international conferences
around the world. You can follow him on Twitter @RossMistry.
- 18. Chris Amaris, MCSE, CISSP/ISSAP, CHS III, is the chief
technology officer and cofounder of Convergent Computing. He has
more than 20 years experience consulting for Fortune 500 companies,
leading companies in the technology selection, design, plan- ning,
and implementation of complex Information Technology projects.
Chris has worked with Microsoft Windows since version 1.0 in 1985.
He specializes in messaging, security, performance tuning, systems
management, and migration. A Certified Information Systems Security
Professional (CISSP) with an Information System Security
Architecture Professional (ISSAP) concentration, Certified Homeland
Security (CHS III), Windows 2003 MCSE, Novell CNE, Banyan CBE, and
a Certified Project Manager, Chris is also an author, writer, and
technical editor for a number of IT books, including Network
Security for Government and Corporate Executives, Microsoft
Exchange Server 2010 Unleashed, and Microsoft Operations Manager
2005 Unleashed. Chris presents on messaging, operations management,
security, and Information Technology topics worldwide.
- 19. Dedications Kelly and Chip asked that I dedicate this book
to our cat Lady. Meow! Rand H. Morimoto, Ph.D., MVP, MCITP, CISSP
This book is dedicated to my brother Joey, his wife Mary, and my
new nephew Avery. Your love for life is an inspiration and a joy to
behold. Michael Noel, MCSE+I, CISSP, MCSA, MVP This book is
dedicated to my lovely wife Colby Lucretia Crews Droubi and my two
boys Omar Khalil Droubi and Jamil Kingsley Droubi Love you guys.
Omar Droubi I dedicate this book to my parents Aban and Keki
Mistry. Thanks for constantly pushing me in the right direction.
Your hard work and sacrifices throughout the years are much
appreciated. And in loving memory of my uncle Minoo Mistry. Thanks
for treating Sherry and me like gold when we last visited
Vancouver. You will be missed. Ross Mistry, MVP, MCITP I dedicate
this book to my lovely wife, Sophia, whose love and support I
cherish. And to my children, Michelle, Megan, Zoe, Zachary, and
Ian, for whose sake all the hard work is worthwhile. I also want to
dedicate the book to my late father, Jairo Amaris, who taught me to
think on many different levels. Chris Amaris, MCSE, MVP,
CISSP/ISSAP, CHS III I dedicate this book to my parents, Tsvi and
Rachel, for teaching me to always do my best, starting my love for
computers, kicking off a life- long addiction with a Commodore 64,
and always supporting and nurturing the nerd within. Guy Yardeni,
MCSE, MCITP, CISSP
- 20. Acknowledgments Rand H. Morimoto, Ph.D., MVP, MCITP, CISSP
I want to thank Microsoft (includ- ing Kevin Lane) for allowing us
the opportunity to work with the technologies months before general
release so that we could put together content for this book! A big
thanks goes out to the Sams Publishing team (Neil, Mark, and all
the folks behind the scenes) in working with our tight time
schedule as we write, edit, and produce a book of this size
literally in weeks! A special thanks to Betsy Harris and Karen
Annett for really thinking through our writing and editing our
content to catch stuff that we would otherwise never catch! I also
want to thank the consultants at Convergent Computing and our early
adopter clients who fiddle with these new technologies really early
on and then take the leap of faith in putting the products into
production to experience (and at times feel) the pain as we work
through best practices. The early adopter experiences give us the
knowledge and experience we need to share with all who use this
book as their guide in their production environments based on the
lessons learned. To Kelly and Chip, okay, two 1300+ page books
back-to-back in 7 months, I might actu- ally not be asleep on my
laptop keyboard on the kitchen table in the morning when you wake
up! And thank you, Mom, for your constant love and support! For all
those after- noons and evenings that you struggled to help me get
my homework done because I couldnt string together words into a
sentence to write a book report; I guess after all these years and
several books later, I can finally say I figured it out. Michael
Noel, MCITP, MVP Youd think that after the amount of writing it
takes to finish a book like this that writing the acknowledgments
would be relatively easy, but the reality is that there are so many
people who are involved with the process of getting a book on the
shelves (or in your e-reader) that it is impossible to thank them
all. Book publishing is a messy, exhaustive business, and Im
eternally grateful to the folks at Sams Publishing for their years
of hard work turning the scatterbrained ideas of a handful of
technical authors into something that is of real value to our
readers. A big thanks espe- cially to Neil Rowe, our editor, for
putting up with us yet again. I couldnt do any of this without the
help of my fellow authors, notably lead author Rand Morimoto. The
expertise and cumulative years of experience in this book is mind-
boggling, especially when you add in the efforts of the additional
contributing writers and of Guy Yardeni, the highly proficient
technical editor. And of course, thanks once again to my
familyMarina, Julia, Val, and Lizafor putting up with what is now
the fifteenth time that I have disappeared into my lab to furiously
write another of these books. Your love and devotion is the fuel
that keeps me going.
- 21. Omar Droubi There are many people I would like to thank and
acknowledge. Many of the customers, colleagues, and business
associates I currently work with and have done business with in the
past have inspired me and assisted me in my career as an
Information Technology consultant and in my writing career. First,
without question, I would like to thank Rand Morimoto, Sams
Publishing, and the other coauthors and contributing writers of
this book and my previous books. Without them, my book-writing
achievements would not be possible. Next, I would like to
personally thank Jim McBee, Ricardo Hernandez, Marcus Bradford,
Hadi Droubi, Stefan Garaygay, Ray Wan, Raul Alcaraz, Domenic
Pacini, and Roberto Alcantar. Thank you all for your support over
the years. Ross Mistry, MVP, MCITP I would like to thank my wife
Sherry for doing an excep- tional job raising our children in my
absence. I know it is not easy with my long hours, clients,
conferences, and writing back-to-back books. For this I am very
grateful and recognize all the hard work and dedication you devote
to our children Kyanna and Kaden. Many thanks to Rand Morimoto, my
fellow coauthors, and the team at Sams Publishing. It has been
great working together on another title. A special thinks to my
children. I am so proud of both of you. Live life to the fullest
chase happiness and good health, not money. Finally, to my
long-time mentor Rustom Saddiq, thank you for guiding me through.
The time is now Chris Amaris, MCSE, MVP, CISSP Thanks, Rand, for
the opportunity to work with you again on another book. The books
keep getting bigger, the chapters longer, and the technologies more
complicated, all of which Im sure helps keep my brain young. Your
guidance and example is invaluable. Id also like to thank Microsoft
for developing the sophisticated virtualization technolo- gies like
Hyper-V and Remote Desktop, which make developing and working with
the complicated virtual lab environments for the book incredibly
easier. And, as always, a huge thanks to my children for their hard
work and efforts to do well in school while Im lost in those
virtual labs.
- 22. We Want to Hear from You! As the reader of this book, you
are our most important critic and commentator. We value your
opinion and want to know what were doing right, what we could do
better, what areas youd like to see us publish in, and any other
words of wisdom youre willing to pass our way. You can email or
write me directly to let me know what you did or didnt like about
this bookas well as what we can do to make our books stronger.
Please note that I cannot help you with technical problems related
to the topic of this book, and that due to the high volume of mail
I receive, I might not be able to reply to every message. When you
write, please be sure to include this books title and author as
well as your name and phone or email address. I will carefully
review your comments and share them with the author and editors who
worked on the book. Email: feedback@samspublishing.com Mail: Neil
Rowe Executive Editor Sams Publishing 800 East 96th Street
Indianapolis, IN 46240 USA Reader Services Visit our website and
register this book at informit.com/register for convenient access
to any updates, downloads, or errata that might be available for
this book.
- 23. Introduction Windows Server 2008 R2 is the latest release
of the Windows Server operating system. Over the years, it has
evolved quite dramatically from the early days of Windows NT
Server, Windows 2000, Windows 2003, or even Windows 2008. With the
release of Windows Server 2008 R2, Microsoft again has introduced a
number of new technologies intended to help IT professionals
improve their ability to provide network services to the clients
they serve. Weve had the opportunity to write a book on every
version of Windows Server over the past two decades, and when we
set out to write this book, we wanted to once again provide you,
the reader, with a lot of really valuable information. Instead of
just market- ing fluff that talks about features and functions, we
wanted to really dig down into the product and share with you best
practices on planning, preparing, implementing, migrat- ing, and
supporting a Windows Server 2008 R2 environment. Even though the
original Windows Server 2008 released in early 2008 and Windows
2008 R2 released late in the summer of 2009, weve been fortunate
enough to work with these operating system releases for more than 2
years in priority early adopter programs. The thing about being
involved with a product so early on is that our first experiences
with these products were without any documentation, Help files that
provided guidance, or any shared experiences from others. We had to
learn Windows Server 2008 R2 from expe- rience, usually the hard
way, but that has given us a distinct advantage of knowing the
product forward and backward better than anyone could ever imagine.
And we started to implement Windows Server 2008 R2 in production
environments for a select group of our enterprise customers more
than a year before the product releasewhere organizations were
depending on the server operating system to run key areas of their
business. So the pages of this book are filled with years of
experience with Windows Server 2008 and 2008 R2, live production
environment best practices, and fully updated with RTM code
specifics that will hopefully help you design, plan, prototype,
implement, migrate, administer, and support your Windows Server
2008 R2 environment! This book is organized into 11 parts, each
part focusing on core Windows Server 2008 R2 areas, with several
chapters making up each part. The parts of the book are as follows:
. Part I: Windows Server 2008 R2 OverviewThis part provides an
introduction to Windows Server 2008 R2 not only to give a general
technology overview, but also to note what is truly new in Windows
Server 2008 R2 that made it compelling enough for organizations to
implement the technology in beta in production envi- ronments. We
also cover basic planning, prototype testing, and migration tech-
niques, as well as provide a full chapter on the installation of
Windows Server 2008 R2 as well as the GUI-less Windows Server
Core.
- 24. 2 Windows Server 2008 R2 Unleashed . Part II: Windows
Server 2008 R2 Active DirectoryThis part covers Active Directory
planning and design. If you have already designed and implemented
your Active Directory, you will likely not read through this
section of the book in detail. However, you might want to look
through the Notes and Tips throughout the chapter, and the best
practices at the end of each chapter because we highlight some of
the tips and tricks new to Windows Server 2008 R2 that are
different from Windows 2000, 2003, and 2008. You might find that
limitations or restrictions you faced when designing and
implementing Active Directory 2003 and 2008 have now been revised.
Topics such as federated forests, lightweight directory services,
and identity lifecycle management capabilities might be of
interest. . Part III: Networking ServicesThis part covers DNS,
DHCP, domain controllers, IPv6, and IIS from the perspective of
planning, integrating, migrating, and coexist- ing. Again, just
like in Part II, you might find the Notes, Tips, and best practices
to have valuable information on features that are new in Windows
Server 2008 R2; you might find yourself perusing these chapters to
understand whats new and different that you can leverage after a
migration to Windows Server 2008 R2. . Part IV: SecuritySecurity is
on everyones mind these days, so it was a major enhancement to
Windows Server 2008 R2. We actually dedicated three chapters of the
book to security, breaking the information into server-level
security such as Public Key Infrastructure (PKI) certificate
services; transport-level security such as IPSec and NAT traversal;
and security policies, Network Access Protection (NAP), and Network
Policy Server (NPS) that have been updated in Windows Server 2008
R2. . Part V: Migrating to Windows Server 2008 R2This part is
dedicated to the migrations from Windows 2003 and 2008 to Windows
Server 2008 R2. We provide a chapter specifically on tips, tricks,
best practices, and lessons learned on the plan- ning and migration
process to Windows Server 2008 R2. We also have a chapter on
application-compatibility testing of applications currently running
on earlier versions of Windows Server and how to test and migrate
applications to a Windows Server 2008 R2 platform. . Part VI:
Windows Server 2008 R2 Administration and ManagementAfter you get
Windows Server 2008 R2 in place, you end up spending the rest of
your time managing and administering the new operating system
platform, so weve dedicated six chapters to administration and
management. This section covers the administra- tion and management
of users, sites, organizational units, domains, and forests typical
of a Windows Server 2008 R2 environment. Although you can continue
to perform tasks the way you did in Windows 2000, 2003, and 2008,
because of signifi- cant changes in replication, background
transaction processing, secured communica- tions, Group Policy
management, and Windows PowerShell management tools, there are
better ways to work with Windows Server 2008 R2. These chapters
drill down into specialty areas helpful to administrators of
varying levels of responsibility. This part of the book also has a
chapter on managing Windows Server 2008 R2 using System Center
Operations Manager 2007.
- 25. 3Introduction . Part VII: Remote and Mobile
TechnologiesMobility is a key improvement in Windows Server 2008
R2, so this part focuses on enhancements made to Routing and Remote
Access Service (RRAS), significant improvements in Remote Desktop
Services (formerly Terminal Services), and the introduction of a
new remote access technology called DirectAccess. Instead of just
providing a remote node connection, Windows Server 2008 R2 provides
true end-to-end secured anytime/anywhere access functionality. The
chapters in this part highlight best practices on implementing and
leveraging these technologies. . Part VIII: Desktop
AdministrationAnother major enhancement in Windows Server 2008 R2
is the variety of new tools provided to support better desktop
admin- istration, so this part is focused on desktop
administration. The chapters in this part go in depth on
client-specific group policies, the Group Policy Management
Console, Active Directory Administrative Center, Windows
PowerShell-based group policies, Windows Deployment Services (WDS),
and desktop administration tools in Windows Server 2008 R2. . Part
IX: Fault-Tolerance TechnologiesAs networks have become the
backbone for information and communications, Windows Server 2008 R2
needed to be reliable and more manageable, and sure enough,
Microsoft included several new enhance- ments in fault-tolerant
technologies. The four chapters in this part address file system
management and file-level fault tolerance in Distributed File
System (DFS), clustering, Network Load Balancing, and backup and
restore procedures. When these new technologies are implemented in
a networking environment, an organization can truly achieve
enterprise-level reliability and recoverability. . Part X:
Optimizing, Tuning, Debugging, and Problem SolvingThis part of the
book covers performance optimization, capacity analysis, logging,
and debug- ging to help optimize and solve problems in a Windows
Server 2008 R2 networking environment. . Part XI: Integrated
Windows Application ServicesThe last part of this book covers core
application services integrated in Windows Server 2008 R2,
including updates to Windows SharePoint Services and the Windows
Media Services compo- nent. It is our hope that the real-world
experience we have had in working with Windows Server 2008 R2 and
our commitment to relaying to you information that will be valuable
in your planning, implementation, and migration to a Windows Server
2008 R2 environment will help you get up to speed on the latest in
the Windows Server operating system software!
- 26. This page intentionally left blank
- 27. CHAPTER 1 Windows Server 2008 R2 Technology Primer IN THIS
CHAPTER . Windows Server 2008 R2 Defined . When Is the Right Time
to Migrate? . Versions of Windows Server 2008 R2 . Whats New and
Whats the Same About Windows Server 2008 R2? . Changes in Active
Directory . Windows Server 2008 R2 Benefits for Administration .
Improvements in Security in Windows Server 2008 R2 . Improvements
in Mobile Computing in Windows Server 2008 R2 . Improvements in
Windows Server 2008 R2 for Better Branch Office Support .
Improvements for Thin Client Remote Desktop Services . Improvements
in Clustering and Storage Area Network Support . Addition of
Migration Tools . Improvements in Server Roles in Windows Server
2008 R2 . Identifying Which Windows Server 2008 R2 Service to
Install or Migrate to First Windows Server 2008 R2 became available
in the summer of 2009. In many ways, it is just the next-genera-
tion server operating system update to Windows Server 2008, but in
other ways, it is more than just a service pack type update with
significant feature enhancements intro- duced in the version
release. To the authors of this book, we see the similarities that
Windows Server 2008 R2 has in terms of usability and common
graphical user interfaces (GUIs) with previous versions of Windows
Server that make it easy to jump in and start implementing the new
tech- nologies. However, after over two years of early adopter
experience with Windows Server 2008 R2 and the Windows 7 client
operating system, when properly implemented, the new features and
technologies built in to Windows Server 2008 R2 really address
shortcomings of previous versions of Windows Server and truly allow
IT organizations to help organizations meet their business
initiatives through the implementation of key technologies now
included in Windows Server 2008 R2. This chapter provides an
overview of whats in Windows Server 2008 R2, explains how IT
professionals have lever- aged the technologies to improve IT
services to their organi- zation, and acts as a guide on where to
find more information on these core technology solutions in the
various chapters of this book. Windows Server 2008 R2 Defined
Windows Server 2008 R2 is effectively the seventh genera- tion of
the Windows Server operating system. Upon initial boot, shown in
Figure 1.1, Windows Server 2008 R2 looks
- 28. 6 CHAPTER 1 Windows Server 2008 R2 Technology Primer like
Windows 7 relative to icons, toolbars, and menus. However, because
Windows Server 2008 R2 is more of a business functional operating
system than a consumer or user operat- ing system, things like the
cute Windows Aero 3D interface are not installed by default, and
the multimedia features found in the Windows 7 Home or Ultimate
versions of the operating system are also not installed and enabled
by default. Under the surface, though, and covered through the
pages of this chapter are the new technologies and capabilities
built in to Windows Server 2008 R2. Windows Server 2008 and Windows
Server 2008 R2 Under the Hood Although there are a lot of new
features and functions added in to Windows Server 2008 and Windows
Server 2008 R2 that are covered in chapters throughout this book,
one of the first places I like to start is around the things in
Windows Server 2008/2008 R2 that you dont see that make up some of
the core capabilities of the new operating system. These are
technologies that make the new operating system faster, more
reliable, and do more thingsbut they arent features that you have
to install or configure. Self-Healing NTFS One of the new embedded
technologies in Windows Server 2008 and Windows Server 2008 R2 is
self-healing NTFS. Effectively, the operating system has a worker
thread that runs in the background, which makes corrections to the
file system when NTFS detects a FIGURE 1.1 Windows Server 2008 R2
deskt