Train Signal Notes

1

© Train Signal, Inc., 2002-2007

Windows Server 2008 Training Essentials

By Coach Culbertson


Windows Server 2008 Installation

and DC Role Installation


Windows Server 2008 Installation and DC

Role Installation

• About Your Instructor and Train Signal • What's Covered in This Course • The Verde Petra Perks and Publishing

Network Scenario • Quick Editions and Requirements Check • Installation • Initial Configuration Tasks • Role Installation for Domain Controller • What We Covered

2


About Your Instructor and Train Signal

• Coach Culbertson– 10 Years of IT and Training Experience– MCTS: SharePoint Server 2007, MCSA, MCDBA, MCT, A+,

Net+, CIW, and a few others – 2 Year Tour of Duty as an Inner City High School Teacher in

Chicago – Launched a couple hundred careers

• About Train Signal– Casual Training Method that teaches real skills first – Scenario-Based Training to answer the question "Why does this

change my life?"


What's Covered In This Course

• Windows Server 2008 Full Installation and Domain Controller Installation

• Active Directory Users and Groups • Server Core Installation and DHCP Role Installation • File and Print Server Role Installation • Read Only Domain Controllers • IIS Installation and Basic Modularization • Terminal Services Remote Application Set Up • Client Imaging and Deployment • Server 2008 Certification and More Cool Toys


Verde Petra Perks and Publishing

Scenario – Part 1

• As a consultant, you've recently been retained by a new startup company, Verde Petra Perks and Publishing, a coffee shop chain that not only serves coffee, but also uses pr int-on-demand (POD) technology to deliver soft cover books from a library of the most recent 2500-3000 best sellers. Each coffee shop franchise and corporate owned location will be fully equipped with the standard coffee-espresso-iced lat te equipment, but will also have touch screen kiosks a t each table that will allow customers to order their drinks as well as orderbooks that will be printed right in the coffee shop itself in about 5 minutes using the new Espresso Book Machine (basi cally a really big print device).

3



Scenario – Part 2

• The web application software that will be used for ordering coffee, snacks, and books is still in development b y another agency. It's your job to build out the network infr astructure for the pilot coffee shop which will also serve as the initial headquarters for the chain. The owners, tech savvy coffee gurus, have opted to go with Server 2008 as the pla tform of choice, largely due to: – Enhanced IIS 7.0 capabilities and modularization to support their

internal ASP Web application for ordering – Branch Office support and security through Server Core Installation,

Read Only Domain Controllers, and Web Access to Remote Apps – Print Server Capabilities for book printing – File Server Capabilities for book storage – Windows Deployment Services (WDS)for easy installation of servers

and clients for new franchise locations



Scenario – Part 3



Scenario – Part 4

• The initial build out will consist of: 1. A Server 2008 Enterprise domain controller with Active Directory2. A Server 2008 Standard Server Core installation for DHCP 3. A Server 2008 Read Only Domain Controller for replication at franchises 4. A Server 2008 Standard Full Installation with File Server and Print Server Roles 5. A Server 2008 Standard Full Installation with Windows Deployment Services Server Role -

Mobile Machine that will not always be in the same place 6. A Server 2008 Standard Full Installation with Application Server Role for the forthcoming

Web Application 7. A Server 2008 Standard Full Installation for Terminal Services for Remote Apps and Web

Access for centralized administration of Espresso print device and everything else. 8. 12 Flat Panel Touch screen Vista clients - 10 for the floor, 2 reserved for behind the counter

• A main focus for this pilot installation is to make the network replicable and scalable for future franchises. Thus, image creatio n for Windows Deployment Services will be an important element.

• You're not an expert in 2008 as you approach this pr oject—but you're about to become one.

4


Quick Edition and Requirements Check – Part 1

• Windows Server 2008 Standard Edition (x86 and x86-6 4) • Windows Server 2008 Enterprise Edition (x86 and x86 -64) • Windows Server 2008 Datacenter Edition (x86 and x86 -64) • Windows Web Server 2008 (x86 and x86-64) • Windows Storage Server 2008 (x86 and x86-64) • Windows Small Business Server 2008 (Codenamed Couga r)

(x86-64) • Windows Server Codenamed "Centro" (for mid-markets) (x86-

64) • Windows Server 2008 for Itanium-based Systems (IA-6 4)


Quick Edition and Requirements Check – Part 2


What We Covered

• Describe the different editions of Server 2008• Describe the requirements for a full

installation• Perform a Full Installation of Server 2008• Complete the Initial Configuration Tasks• Install the Active Directory Domain Services

Role (includes DNS)

5



Active Directory Users and Groups


Active Directory Users and

Groups

• A Quick Review of AD and Some New Toys

• User and Group Creation • What We Covered

6


A Quick Review of AD and Some

New Toys• A Quick Review

– Active Directory is a database that provides the foundation of your network

– It holds User Accounts, provides Group Policy for control, and a whole lot more

– When you log in to a Windows Network, you authenticate against an Active Directory

• New Toys!– Active Directory Domain Services is now a restartable service! No more

rebooting! – Directory Service Auditing - See exactly who changed what, what it

used to be, and what it now is! – Read Only Domain Controllers - that can be installed in Server Core! – And much, much more!


User and Group Creation – Part 1

• The Verde Petra Perks and Publishing AD Structure– Since you've successfully

installed the DC and DNS, it's time to build out the basic Groups and Users for the coffee shop. The Web Application being built will use User Names to manage orders per table.

– Here's the initial structure:


User and Group Creation – Part 2

• Since this is a new environment, you'll enable AD DS Auditing as well, to ensure that as you make changes, if something blows up, you know what you altered. Also, you need to rename the primary Administrator Account for Server Hardening.

7


What We Covered

• Describe three of the new features of AD DS• Rename the Administrator Account for

Server Hardening• Enable AD DS Auditing• View AD DS Auditing Events• Create Groups in AD Users and Groups• Create Users in AD Users and Groups• Add Users to Groups


DHCP Server Core


DHCP Server Core

• What is Server Core and Why It's Cool • Server Core Roles • Server Core Installation and Domain Joining • DHCP Role Installation • Server Core and the MMC: Friends 4-Ever • What We Covered

8


What is Server Core and Why

It's Cool• Server Core is a stripped down version that only re quires 1GB

of HDD space • Local Command Line Interface Only • Use MMC's to manage it remotely • Bare Minimum Functionality - only supports 8 server roles

• It's cool because: – Less "Moving Parts" = Less Maintenance – Smaller Attack Surface – Reduced Hardware Requirements (Depending on Roles) – 1 Trick Ponies are easier to manage


Server Core Roles

• Active Directory Domain Services (AD DS) (including RODC)

• Active Directory Lightweight Directory Services (AD LDS)

• DHCP Server• DNS Server• File Services• Print Services• Streaming Media Services• Web Server (IIS)


Installation and Domain Joining

– The Installation is pretty standard- just select one of the Core options

– Only CLEAN installations are supported - no upgrade or downgrade options

• Fun and Valuable Command List for Joining a Domain: – To get system information -- systeminfo– To rename the machine - netdom renamecomputer

<currentcomputername>/NewName:<newcomputername>– To join a domain: netdom join %computername%

/Domain:<domain> /UserD:<UserName> /PasswordD:*

9


DHCP Role Installation –

Part 1• As more VPPP coffee franchises come into existence, an easy

method of connecting machines to the network is nec essary, as not all owners will be super savvy tech gurus li ke the VP owners. A DHCP Server Core machine will be an easy, cheaper, and manageable method of getting new shops up and r unning faster. Eventually, the Server Core will run as a v irtual machine, allowing for hardware consolidation, but the initia l DHCP serverwill be created for imaging purposes and initial op eration. You're going to install a Server Core server, renam e the machine, join it to a domain, and then install the DHCP Role. Then, you'll configure the Server Core to be remote ly managed via an MMC.


DHCP Role Installation –

Part 2

• Critical Commands– To install DHCP: start /w ocsetup

DHCPServerCore– To configure DHCP to start automatically: sc

config dhcpserver start= auto– To start the DHCP service: net start

dhcpserver


Server Core and the MMC:

Friends 4-ever

• Run the following on the Server Core: netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

• Just open up an MMC of your choosing and connect to the Server Core machine by IP

• You may need to install Remote Server Administration Tools (RSAT) to include the MMC Snap-in for a particular role

10


What We Covered

• Describe Server Core and it's supported roles• Install Server Core • Add and activate DHCP Server Role using Command

Line Interface• Configure Windows Firewall for Remote

Administration of Server Core• Install RSAT on a member server for additional

MMC's• Connect to a Server Core using an MMC


File and Print Server Roles


File and Print Server Roles

• A Quick Review of New Toys • Distributed File Systems, Namespaces,

and Replication • What We Covered

11


A Quick Review of New Toys

• Distributed File Services: Namespaces and Replication

• Easy Shared Folder Provisioning for SMB or NFS (UNIX/LINUX)

• Enhanced Support for Storage Area Networks (SANs)

• Self Healing NTFS (No more CHKDSK??) • Easier Back Up Experience • Print Management Snap-In for Centralized

Administration of Network Printers


Distributed File Services,

Namespaces, and Replication – Part 1


Distributed File Services,

Namespaces, and Replication – Part 2

• The owners of Verde Petra Perks and Publishing need an easy way to push book files that will be used by the Esp resso Book Machines to all of their franchise locations. As th eir library will increase and decrease daily due to licensing agreem ents, you decide to implement Distributed File Systems (DFS) Namespaces and DFS Replication on the File Server. These two technologies together will allow Larry and Latisha to be able toput a file on the File Server in a Shared Folder, a nd it will automatically be pushed out to any and all other Fi le Servers that are included in the Namespace. You'll also ins tall Print Services for Print Management capabilities, and add a test printer.

12


What We Covered

• Perform an installation of the File Services Role

• Install DFS• Configure a DFS Namespace• Add Servers to a DFS Namespace• Perform an installation of the Print Services

Role• Add a network printer using the Server

Manager Integration of Print Management


Read-Only Domain Controllers


Read-Only Domain

Controllers

• What's an RODC and Why It's Cool • Requirements and Steps to Deploy an

RODC • The Verde Petra RODC Scenario • What We Covered

13


What's an RODC and Why It's Cool – Part 1

• Read-Only Domain Controllers allow for users to aut henticate against a read-only copy of the Active Directory in a remote location


What's an RODC and Why It's Cool – Part 2

• Great for Low Physical Security Locations with few users

• Local Administrator functionality still allows for onsite administration

• Can be installed on a Server Core for less overhead

• Bit Locker Drive Encryption can be installed for extra protection


Requirements and Steps to Deploy an

RODC – Part 1

• What You Need: – A Full Working Windows Server 2008 Domain

Controller already in place – At least Windows Server 2003 Functional

Level • You can have Server 2003 Machines on the

network

– A User Account that's part of the Domain Administrators group

14


Requirements and Steps to Deploy an

RODC – Part 2

• What You Do (Full Installation): 1. Install Server 2K8, join to the domain, and rename the machine 2. Add the Active Directory Domain Services (AD DS) Role 3. When running the DCPromo wizard, select Use advanced mode

installation4. Select Existing Forest and Add a domain controller to an existing

domain5. Hit Next three times, and then make sure you select Read-Only

Domain Controller6. Specify Groups for Password Replication 7. Set Up Local Administrators Group or Accounts 8. Keep hitting next for defaults and let 'er spin! 9. After installation, you can Pre-Populate accounts to the RODC to

avoid delays at first login


The Verde Petra RODC Scenario

• Part of the value-added franchise package of Verde Petra Perks and Publishing is network management and assistance . Since not all VPPP franchise owners will be MCSE's, Larry and Latisha will be managing much of the network functi onality at first for the franchise locations. While the Web Ap plication being built for VPPP will allow for a large amount of autonomy for each store, issues like account management and library maintenance for Espresso Book Machine files still r equire centralization. A Read-Only Domain Controller will e asily handle this and provide some security as well. You' ll be building an initial RODC for use in the pilot store as well as for imaging for Windows Deployment Services. You'll als o pre-populate the RODC with a user account to avoid dela ys at first login.


What We Covered

• Describe what an RODC is and its advantages in a Branch Office scenario

• Describe Requirements for an RODC • Install an RODC through the DCPromo

Wizard• Configure initial Password Replication• Pre-populate the RODC with passwords of

individual accounts

15


IIS Installation and Basic Modularization


IIS Installation and Basic

Modularization

• New Features of IIS 7.0 • Modularization • What We Covered


New Features of IIS 7.0

• Support for PHP, Perl, and Ruby applications through FastCGI module

• Complete Modularization - Build Your Own Web Server

• Nicer IIS Manager Interface • No more Metabase - All configuration info is in

shareable XML files • FTP Server with SSL Support • Terminal Services Web Access Integration • And much, much more!

16


Modularization –Part 1

• There are 40 different modules that come with IIS 7

• Write your own • Easily plug-in third party modules • Keep your site more secure by only

installing the modules you need


Modularization –Part 2

• The Verde Petra Placeholder Site– While waiting for the Web Application for ordering to

be finished, you've been asked by Larry and Latisha to go ahead and set up a Web Server with a static site. The site will hold a basic static page with some pretty graphics, and will be used for investor and "future franchisee" walkthroughs while waiting for the Web App to be completed. The site will be on a box named PerksAndPublishing, and the URL to reach the static pages should be http://perksandpublishing/, as this is an internal site only.

– Now go set it up.


What We Covered

• Describe seven new features of IIS 7.0• Install the Web Server Role in Windows

Server 2K8• Install and uninstall IIS modules as

needed• Create a static web site using the

Default Website as a starting place for internal site creation

17


Terminal Services-Remote Application Setup


Terminal Services-Remote

Application Setup

• New Features and Advantages of Terminal Services

• Remote Applications • What We Covered


New Features and Advantages of

Terminal Services

• TS Remote App - Allows users to run a program on the server like it was on their desktop - no need to use the full Remote Desktop

• TS Web Access - A Web method to access Remote Apps

• Terminal Services Gateway - Access a Remote App from behind a firewall without needing a VPN

• Better Resolution for Remote Desktop- now supports wide-screen, font smoothing, and the Vista Desktop Experience enhancements

18


Remote Applications –

Part 1– A Server 2K8 box that is not a Domain Controller – Network/Internet Connections – Do not install applications that you want served up until after

the role installation• What You Do:

1. Install the Terminal Services Role 2. Populate the TS Web Access Computers Group inside of

Computer Management --> Local Users and Groups 3. Set up your Applications to be served as Remote Apps 4. Create RDP Shortcuts or Windows Installer Packages for the

App 5. Copy the RDP Shortcuts or Installer over to the remote

machine


Remote Applications –

Part 2

• The Verde Petra Print Scenario– The software for the Espresso Book Machine has arrived ahead

of the machine. The software allows for Remote Management of the printer, but has to be installed somewhere. Larry asks you to set up a Terminal Services box for the printer software, which will later be imaged and virtualized to consolidate hardware, sothat the printer can be managed remotely from any machine in the coffee shop. Other applications that will be served up by Terminal Services will follow later. You need to install the Terminal Services Role, install the printer software, and then set up a Shortcut to copy over to the other machines.


What We Covered

• Describe four new features of Terminal Services in Server 2K8

• Install the Terminal Services Role• Populate the TS Web Access Computers Group• Add an Application to the Remote Apps List• Create a Shortcut to the Remote App• Use a Remote App Shortcut to access an application

running on a Terminal Services server

19


Client Imaging and Deployment


Client Imaging and Deployment

• Quick Introduction to Windows Deployment Services and Imaging

• Initial WDS Server Configuration • How to Capture a Vista/Server 2K8

Image • What We Covered


Quick Introduction to Windows Deployment

Services and Imaging

• Images are copies of hard drives

• Images can be created from the Windows Installation disk or existing hard drives and then easily pushed down to PXE-enabled machines

• Server 2K8 and Vista are now image-based installations for easy deployment - no 3rd party software needed

• WDS Supports Unattended Installations and Multicast

20


Initial WDS Server

Configuration• On a Server 2K8 machine joined to a Domain with DHC P and

DNS: 1. Install the WDS Role. 2. Import boot.wim and install.wim files from the /sources folder on a

Server 2K8 install disk or ISO and/or a Vista disk. 3. In the WDS MMC, expand the Boot images folder. 4. Right click the boot image and select Create Capture Boot Image and

follow the wizard to create a capture boot for grabbing images. 5. Right click the Boot folder and select Add Boot Image. When asked

for the location of the image, select the Capture Boot Image you just created.

• If you want to use all the features of WDS, only im port the boot.wim from the Server 2K8 disk. The Vista boot.w im does not support multicasting, but you can still use the Server 2K8 boot.wim to multicast a Vista install.wim.


2-Initial WDS Server

Configuration –Part 1

1. Installation Images - Specific to an OS (Vista or Server2K8) - Created by either importing the standard installation images from the Windows install disk or by capturing an image from an existing hard drive

2. Boot Images - Created from a Server 2K8 disk -Can be used to deploy Vista or Server 2K8

3. Capture Boot Images - Created from a regular Boot Image - Used for capturing and uploading an image of a hard drive to the WDS

• Make sure you have lots o' space on your WDS Server!


2-Initial WDS Server

Configuration –Part 2

• The Verde Petra Picture– So you've built several different servers, and since all of them

are going to be duplicated in some form or another in franchise coffee shops and such, you recommend to Larry and Latisha that they use WDS instead of a third party solution to save money on licensing. You need to set up a WDS role on a separate server, create installation images for Vista Client machines and the File and Print Server, and then demonstrate to the Verde Petra Owners how easy installing new machines and OS's really is. You'll use the installation disk for Server 2K8 to create the Boot image, the Vista Installation disk to create the initial client image, and then use the current File and Print Server as a Reference Computer to capture an image for future File and Print servers.

21


How to Capture a Vista or Server

2K8 Image• On a Vista or Server 2K8 machine that has been set up the

way you want: 1. Open up your command line prompt 2. Go to C:/Windows/system32/sysprep 3. Run Sysprep.exe 4. Set sysprep to use OOBE and to Reboot 5. Make sure that your BIOS is set to use Network Boot first 6. As soon as it reboots, hit F12 to go into Network Boot 7. Select your Capture Boot Image (not your deployment image!!!) 8. Pick your location to save the image 9. Go home, have dinner, sleep, come back 10. If you saved the image to the reference machine's HDD, import the

image to the WDS server 11. Your image is now ready to deploy


What We Covered

• Describe the basics of imaging• Install the WDS Role on a Server 2K8• Import boot and install images from a Windows

installation CD• Create a Capture Boot Image from a standard Server

2K8 Boot Image• Capture an Install Image from a Reference Computer • Deploy a Vista installation using WDS and PXE


Server 2008 Certification and Other Cool Features of

Server 2008

22


Server 2008 Certification and

Other Cool Features of Server 2008

• The New Certifications • Upgrade Paths for MCSA's and MCSE's • Cool New Features of Server 2008 • What We Covered


The New Certifications –

Part 1



Part 2

• The Three New Server Certification Blocks for Network Admins– MCTS – MCITP: Server Administrator – MCITP: Enterprise Administrator

23



Part 3• MCTS - Take any one exam from a large selection• MCTIP: Server Administrator Exams (From Scratch - Th ree

Exams)– 70-642: TS Network Infrastructure – 70-640: TS Active Directory – 70-646 Pro: Server Administrator

• MCITP: Enterprise Administrator (From Scratch - Five Exams) – 70-620: Vista – 70-643: TS Server 2008 Application Infrastructure, Configuring – 70-642: TS Network Infrastructure – 70-640: TS Active Directory – 70-647 Pro: Enterprise Administrator


Upgrade Paths for MCSA's and MCSE's – Part 1

• MCSA to MCTS– Take Exam 70-648 and Receive two MCTS

Certifications• TS: Active Directory Configuration • TS: Networking Infrastructure

• MCSE to MCTS– Take Exam 70-649 and Receive Three MCTS

Certifications• TS: Active Directory Configuration • TS: Networking Infrastructure • TS: Server 2008 Application Platform, Configuring


Upgrade Paths for MCSA's and MCSE's – Part 2• MCSA to MCITP: Server Administrator

– Take two exams: • 70-648: Upgrade to the two MCTS Certs • 70-646 Pro: Server Administrator

Upgrade to Enterprise Admin: Add two exams --70-620: Vista Config and 70-643: Applications Infrastructure, and take 70-647 Pro: Enterprise Admin exam instead of the 70-646

• MCSE to MCITP: Enterprise Administrator– Take Three Exams:

• 70-649: Upgrade for your three MCTS Certs • 70-620 or 70-624: Vista • 70-647 Pro: Enterprise Administrator

Downgrade to Server Admin: Skip the 70-620, take 70-646 instead of the 70-647 for your Server Admin cert

24


Cool New Features of Server 2008

• Virtualization • Multicasting and Unattended Installations in WDS • Failover Clustering • More Server Core features • Bit Locker Drive Encryption • Next Generation TCP/IP • Active Directory Federation Services • Active Directory Snapshots • Network Access Protection • and more!


What We Covered

• Describe the new generation of Microsoft certifications

• Describe the upgrade paths for MCSA's and MCSE's to MCTS, MCITP: Server Administrator, and MCITP: Enterprise Administrator

• Describe a few new features of Server 2008 that will be covered in Train Signal's upcoming extended series of Server 2008 training

Documents

Train Signal Notes