You are previewing Learning Windows Server 2003.
O'Reilly logo
Learning Windows Server 2003

Book Description

With Windows Server 2003, Microsoft has the right server for a world now dominated by enterprise networks and web-based server applications. A number of significant improvements make this a more reliable server than Windows 2000, and those who switched have seen notable performance gains. Server 2003 is, in fact, a very competitive solution to Unix in terms of cost, performance, and application development productivity. But getting this server up and running, either as a stand-alone or as part of a multi-site, multi-server network, is a formidable task even for the most experienced system administrators. Our no-fluff guide gives you exactly what you need: all the nuts and bolts for installing, configuring, securing, and managing Server 2003. This focused and practical book clearly documents the complexities of this server, and offers hands-on advice for planning, implementing and growing Windows networks without trying to teach you how to be a system administrator. Learning Windows Server 2003 shows you how to create and manage user accounts (with particular attention to Active Directory), how to manage access to system resources such as printers and files, and how to configure and manage the server s plethora of major subsystems. The book goes into considerable detail about:

  • Windows file and print services

  • Active Directory

  • IIS6 web server

  • Group Policy and other security tools

  • Patch management

  • .NET Framework application server

  • Windows Terminal Services (including their use in conjunction with Microsoft Office and the Small Business Edition)

  • Various networking subsystems that ship with Server 2003

This highly instructive book also provides an introduction to clustering services, and thoroughly documents steps that should be taken to ensure the security of the server and its resources. Windows Server 2003 was designed to meet the needs of companies or organizations that rely on one or more internal computer networks, and our comprehensive reference is the ideal companion.

Table of Contents

  1. Learning Windows Server 2003
    1. Preface
      1. Audience
      2. Organization and Structure
      3. Conventions Used in This Book
      4. Using Code Examples
      5. We’d Like to Hear from You
      6. Acknowledgments
    2. 1. Introducing Windows Server 2003
      1. Changes in This Release
        1. Security
        2. Performance and Scalability
        3. Management Tool Enhancements
        4. Trans-Forest Active Directory Trusts
        5. Remote Office Domain Controller Creation Improvements
        6. Replication Control
        7. Domain Renaming
        8. Volume Shadow Copies and Shadow Copy Restore
        9. Terminal Services and Remote Administration
        10. The .NET Framework
        11. IIS 6
        12. Command-Line Integration
        13. DNS Improvements
        14. Licensing
      2. Windows Server 2003 Editions
      3. Hardware Requirements
      4. Assessing the Release
    3. 2. Installation and Deployment
      1. Preparing to Install Windows Server 2003
      2. Choosing Windows Components
        1. Partitioning Disks and Allotting Disk Space
        2. Assigning Licenses
        3. Joining Domains Versus Joining Workgroups
      3. Installing Windows Server 2003
        1. Understanding Product Activation
      4. Upgrading Previous and Existing Installations
        1. Upgrading Windows NT
          1. Evaluating NT-based Windows Server 2003 interoperability issues
        2. Upgrading Windows 2000 Server
      5. Troubleshooting an Installation
        1. Starting Over
        2. Using the Recovery Console
          1. Setting up the Recovery Console
          2. Working with the Recovery Console
      6. Running an Unattended Installation
        1. Using Scripts
          1. Constructing unattended setup scripts
          2. Privatizing the dynamic update process
          3. Understanding and creating UDF files
        2. Using RIS
          1. RIS limitations
          2. Activating an RIS server
          3. Deploying an image to a client
          4. Slipstreaming service packs
          5. Using the OEM option for further customization
        3. Deploying a System Image: RIPrep and Sysprep
          1. Sysprep: the system preparation tool
    4. 3. File and Print Services
      1. New File and Print Server Features
      2. Setting Up File Sharing Services
        1. Creating a Share Manually
        2. Default Shares
        3. Publishing Shares to Active Directory
        4. Using Shares from the Command-Line
      3. NTFS File and Folder Permissions
        1. Standard and Special Permissions
        2. Setting Permissions
        3. Inheritance and Ownership
        4. Determining Effective Permissions
        5. Auditing
      4. Limiting Use of Disk Space with Quotas
        1. Setting Default Quotas
        2. Managing Quotas from the Command-Line
        3. Configuring Individual Quota Entries
      5. Using Offline Files and Folders
        1. Enabling Offline Files
        2. Command-Line Functions
        3. Points to Remember
      6. Using Shadow Copies
        1. Enabling Shadow Copies
        2. Altering the Shadow Copy Schedule
        3. Managing Shadow Copies from the command-line
      7. Backing Up Your Machines
        1. Using Backup from the GUI
        2. The Command-Line: NTBACKUP
        3. Sample Command-Line Scenarios
      8. Using the Encrypting File System
        1. Encrypting Files and Folders
        2. Recovering Encrypted Objects
        3. Protecting User Certificate Integrity
      9. The Distributed File System
        1. Adding a Dfs Root and Link
        2. Adding Dfs Links and Targets
        3. The Basics of Dfs Replication
        4. Managing Dfs Systems
          1. Connecting to different roots
          2. Checking Dfs node status
          3. Removing child nodes
          4. Downing replica members
      10. Understanding Print Sharing Services
        1. Internet Printing
        2. Setting Up Print Sharing
        3. Custom Printing Configurations
          1. Controlling the print spooler service
          2. Configuring default printer settings
          3. Choosing a separator page
          4. Adding printer drivers for other operating systems
          5. Publishing shared printers into Active Directory
          6. Setting up alternate/restricted printing times
          7. Controlling print priority between groups
          8. Using PostScript and PCL
          9. Retaining all print jobs
          10. Configuring printing to multiple physical printers
          11. Adding color profiles
          12. Tracking the location of printers
          13. Advanced command-line printing features
    5. 4. Domain Name System
      1. Nuts and Bolts
      2. Zones Versus Domains
        1. Zone Files
        2. Forward and Reverse Lookup Zones
      3. Resource Records
        1. Host (A) Records
        2. Canonical Name (CNAME) Records
        3. Mail Exchanger (MX) Records
        4. Nameserver (NS) Records
        5. Start of Authority (SOA) Records
        6. Pointer (PTR) Records
        7. Service (SRV) Records
      4. Using Primary and Secondary Nameservers
        1. Full and Incremental Zone Transfers
      5. Building a Nameserver
        1. Enabling Incremental Transfers
        2. Creating a Forward Lookup Zone
        3. Entering A Records into a Zone
        4. Controlling Round-Robin Balancing
        5. Entering and Editing SOA Records
        6. Creating and Editing NS Records
        7. Creating and Editing CNAME Records
        8. Creating and Editing MX Records
        9. Generating a Reverse Lookup Zone
        10. Creating and Editing PTR Records
        11. Configuring a Secondary Nameserver
        12. Upgrading a Secondary Nameserver to Primary
        13. Manually Editing Zone Files
        14. Controlling the Zone Transfer Process
      6. Subdomains and Delegation
        1. Delegating a Domain
        2. Creating the Subdomain
      7. Dynamic DNS
        1. Scavenging
        2. Preventing Dynamic DNS Registration
      8. Active Directory-Integrated Zones
        1. Replication Among Domain Controllers
      9. Forwarding
        1. Slaving
        2. Conditional Forwarding
      10. The Split DNS Architecture
        1. Stub Zones
        2. Security Considerations
      11. Backup and Recovery
      12. Next Steps
    6. 5. Active Directory
      1. Active Directory Objects and Concepts
        1. Domains
        2. Organizational Units
        3. Sites
        4. Groups
          1. Nesting
        5. Trees
        6. Forests
          1. New to Windows Server 2003: transitive forest root trusts
          2. The dedicated forest root model
        7. Shared Folders and Printers
        8. Contacts
        9. Global Catalog
      2. Building an Active Directory Structure
        1. The First Domain
        2. Using Active Directory Tools
        3. Adding Another Domain Controller to a Domain
        4. Adding Another Domain
        5. Managing Users and Groups
          1. Creating users and groups
          2. Performing common administrative tasks
          3. Using LDAP to create users
          4. Delegation
      3. Understanding Operations Master Roles
        1. Schema Master
        2. Domain Naming Master
        3. RID Master
        4. PDC Emulator
        5. Infrastructure Master
        6. Transferring and Seizing Roles Manually
      4. Understanding Directory Replication
        1. Within a Site: Loops and Meshes
        2. Time Synchronization
        3. Replication Topologies
        4. Handling Update Conflicts
        5. Update Sequence Numbers
          1. Breaking the loop: originating USNs and UTD vectors
        6. Managing Replication Using REPADMIN
          1. Running the KCC
          2. Viewing up-to-date vectors
          3. Viewing replication partners
          4. Viewing highest USNs
          5. Pressing the “Big Red Button”
        7. Among Sites: Spanning Trees and Site Links
          1. Site links
      5. Migrating to Active Directory in Windows Server 2003
        1. Moving from Windows NT Domains
          1. Items to consider before migrating
          2. Migration strategies
          3. Performing the move
          4. Moving domains to Active Directory
        2. Moving from Windows 2000 Server
          1. About forest and domain functional levels
          2. Preparing existing forests and domains
          3. Raising the forest and domain functional levels
          4. Tips for a smooth upgrade
      6. Active Directory Maintenance
        1. Offline Defragmenting of NTDS Database
        2. Cleaning Directory Metadata
      7. Conclusion
    7. 6. Group Policy and IntelliMirror
      1. An Introduction to Group Policy
        1. A Comparison: Group Policies and System Policies
      2. Group Policy Implementation
        1. Creating and Editing Group Policy Objects
          1. Administrative templates
          2. Disabling portions of policies
          3. Refreshing policies
          4. Policy enforcement over slow network connections
        2. The Scope of Group Policy Objects
        3. Inheritance and Overriding
        4. Resultant Set of Policy
      3. Group Policy Management Tools
        1. Group Policy Management Console
          1. Searching for GPOs
          2. Backing up, copying, importing, and exporting GPOs using the GPMC
          3. Managing GP across multiple forests
          4. Using RSoP planning mode with the GPMC
          5. Using RSoP logging mode with the GPMC
          6. WMI filters
          7. Delegating administration of GPs
      4. Local Group Policy
        1. Security Templates
        2. Creating a Custom Security Template
        3. Compiling the Security Database
      5. Domain Group Policy
        1. Security Settings
          1. Restricted groups
          2. Filesystem and registry policy
        2. IntelliMirror: Software Installation
          1. Packaging software
          2. An example deployment
          3. Deployment properties
          4. Redeploying and removing software
          5. Deploying service packs using GP
        3. IntelliMirror: Folder Redirection
          1. Redirecting folders based on group membership
          2. Removing a redirection policy
        4. Software Restriction Policies
        5. Scripts
      6. Deployment Considerations
      7. Troubleshooting Group Policy
        1. Resolving DNS Problems
        2. Analyzing Inheritance
        3. GPO Distribution and Synchronization
        4. Getting More Detailed Logs
        5. Identifying Client Side Extension GUIDs
        6. Locating GPT Files on Domain Controllers
      8. Conclusion
    8. 7. Windows Security and Patch Management
      1. Understanding Security Considerations
        1. Principles of Server Security
      2. Creating and Enforcing Security Policies
        1. Using Security Policy Templates
          1. Creating a custom security template
          2. Importing a template into a GPO
        2. Security Configuration and Analysis
          1. Creating and using template databases with SCA
          2. Scanning system security
          3. Correcting system security
        3. Microsoft Baseline Security Analyzer
          1. Using the MBSA
      3. Locking Down Windows
        1. Password Requirements
        2. Account Lockout Policies
        3. Local Options
          1. Anonymous access
          2. Shutdown without logon
          3. Automatic logoff
          4. Digitally signing communication
          5. Requiring the three-keystroke salute at logon
          6. Last username display
          7. Password expiration prompt
        4. Network Options Via GP
          1. Viewing the default domain policy
          2. Viewing the default domain controller security policies
          3. Viewing a domain controller’s effective security policy
          4. Final words: organizing policy layout
      4. Using Auditing and the Event Log
        1. Recommended Items to Audit
        2. Event Logs
          1. The Event Viewer
      5. About Software Update Services
        1. Using SUS: On the Server Side
          1. Synchronizing and approving content
          2. Pushing out the Automated Updates client
          3. Configuring the Automatic Updates client from a server perspective
        2. Using SUS: On the Client Side
          1. Update download and installation
          2. Monitoring the client-side system
        3. Common Problems and Workarounds
    9. 8. Internet Information Services
      1. IIS Architecture
      2. IIS Components
        1. The Web Server
        2. The FTP Server
        3. The SMTP Server and POP3 Server
        4. The NNTP Server
      3. What’s New in IIS 6
      4. Installing IIS
        1. IIS Management Console
      5. Managing Web Services
        1. Creating a Site
        2. Adjusting Server-wide Site Properties
        3. Hosting Multiple Sites on One Physical Machine
        4. Adjusting Individual Site Properties
          1. Web Site
          2. Performance
          3. ISAPI Filters
          4. Home Directory
          5. Documents
          6. Directory Security
          7. HTTP Headers
          8. Custom Errors
        5. Virtual Directories
        6. FrontPage Server Extensions
        7. Using Application Pools
          1. Recycling
          2. Performance
          3. Health
          4. Identity
          5. Creating a new application pool
        8. Using the Web Services Extensions Node
      6. File Transfer Protocol Services
        1. Creating FTP Sites
        2. Master FTP Site Properties
        3. Individual FTP Site Properties
          1. FTP Site
          2. Security Accounts
          3. Messages
          4. Home Directory
          5. Directory Security
        4. Virtual FTP Directories
        5. FTP User Isolation
          1. Integrating Active Directory into user isolation
      7. SMTP Services
        1. Creating a New SMTP Virtual Server
        2. SMTP Properties
          1. General
          2. Access
          3. Messages
          4. Delivery
          5. LDAP Routing
          6. Security
        3. Delivering for Multiple Internet Domains
      8. The POP3 Server
        1. Installing the POP3 Server
        2. POP3 Properties
        3. Creating Domains and Mailboxes
      9. Network News Services
        1. Creating a Newsgroup Server
        2. Modifying NNTP Server Properties
          1. General
          2. Access
          3. Settings
          4. Security
        3. Virtual NNTP Directories
          1. Modifying news directory properties
        4. Creating Newsgroups and Hierarchies
        5. Article Expiration
      10. Backing Up Your IIS Configuration
      11. Automating IIS Administration
        1. iisreset
        2. iisweb
        3. iisvdir
        4. iisapp
        5. iisftp
        6. iisftpdr
        7. winpop
        8. Remote Administration
      12. Securing it All
        1. Enable IIS Only if You Use It
        2. Query All IIS Machines for Their Update Level
        3. Keep IIS Updated
          1. Using Windows Update
          2. Using network-based hotfix installation
        4. Use Both IIS and NTFS Security
        5. Evaluate the Indexing Service
        6. Kill Unused Ports
        7. Delete Default Directories
        8. The Ins and Outs of ISAPI
    10. 9. .NET Framework
      1. What Is .NET?
        1. Language
        2. Libraries
        3. Tools
        4. Runtime
      2. What’s New in .NET
      3. Application Types
      4. XML-Based Configuration
        1. Configuration Types
          1. Security Policy
          2. Settings
        2. Configuration Scopes
          1. Enterprise
          2. Machine
          3. User
          4. Application
      5. Security
        1. Role-Based Security
      6. Assemblies
        1. Private Assemblies
        2. Strong-Named Assemblies
      7. Deployment Models
        1. XCopy Deployment
        2. No-Touch Deployment
        3. Windows Installer
      8. Diagnostics
        1. Debugging and Tracing
        2. Performance Counters
          1. Framework counters
          2. Custom counters
        3. Event Logs
      9. Management Tools
        1. GUI Tools
          1. The .NET Framework Configuration MMC
          2. The .NET Framework Wizards tool
        2. Command-Line Tools
      10. Reference
    11. 10. Windows Terminal Services
      1. The Remote Desktop Protocol
      2. Requirements for Terminal Services
        1. CPU Requirements
        2. Amount of RAM
        3. Network Interface Card
        4. Disk Space
      3. Adding the Terminal Server Role
      4. Enabling Remote Desktop
      5. On the User’s Side
        1. Using the RDP Client
          1. General
          2. Display
          3. Local Resources
          4. Programs
          5. Experience
        2. Configuring a User’s Environment
      6. Installing an Application
      7. Configuring Terminal Services Licensing
      8. Terminal Services Administration
        1. Terminal Services Manager
          1. Connecting to a session
          2. Disconnecting a session
          3. Logging off a session
          4. Resetting a session
          5. Viewing session information
          6. Sending a message to a user
          7. Taking control of a session
        2. Terminal Services Configuration
          1. Creating a new connection
          2. Capping Terminal Services connections
          3. Encryption levels
          4. Remote control permissions
          5. Connecting to drives and printers
          6. Session device mapping
          7. Default Terminal Services permissions
          8. Ensuring RPC-based security
      9. Command-Line Management
    12. 11. Communications and Networking
      1. Dynamic Host Configuration Protocol
        1. How It Works
        2. Installing a DHCP Server
        3. Creating a New DHCP Scope
        4. Authorizing a DHCP Server
        5. Reservations
        6. Understanding Classes
        7. Superscopes
        8. Conflict Detection
        9. DHCP Implications for DNS
      2. Virtual Private Networks
        1. How It Works
        2. Configuring the Routing and Remote Access Server
          1. Granting access to users
        3. Authentication and Encryption Methods
      3. IP Security
        1. How IPSec Policies Work
          1. Deconstructing an IPSec policy
        2. Creating an IPSec Policy
        3. IPSec Caveats
      4. Network Access Quarantine Control
        1. How It Works
        2. A Step-by-Step Overview of NAQC
        3. Deploying NAQC
          1. Creating quarantined resources
          2. Writing the baselining script
          3. Installing the listening components
          4. Creating a quarantined connection profile
          5. Distributing the profile to remote users
          6. Configuring the quarantine policy
          7. Creating exceptions to the rule
      5. Conclusion
    13. 12. Clustering Technologies
      1. Network Load-Balancing Clusters
        1. NLB Terminology
        2. NLB Operation Styles and Modes
          1. Single card in each server in unicast mode
          2. Multiple cards in each server in unicast mode
          3. Single card in each server in multicast mode
          4. Multiple cards in each server in multicast mode
        3. Port Rules
        4. Creating an NLB Cluster
        5. Adding Other Nodes to the Cluster
        6. Removing Nodes from the Cluster
        7. Performance Optimization
      2. True Server Clusters
        1. Cluster Terminology
        2. Types of Resources
        3. Planning a Cluster Setup
        4. Creating a True Server Cluster
        5. Adding a Node to an Existing Cluster
        6. Creating a New Cluster Group
        7. Adding a Resource to a Group
        8. Using the Cluster Application Wizard
        9. Configuring Failover and Failback
          1. Failover
          2. Failback
      3. Conclusion
    14. 13. Other Windows Server 2003 Services
      1. The Indexing Service
        1. How the Indexing Service Works
        2. Performance Considerations
        3. Common Administrative Tasks
          1. Administering a catalog
            1. Creating a catalog
            2. Configuring a catalog
            3. Selecting a directory and location
            4. The property cache
            5. Initiating scans
            6. Indexing new web sites
            7. Indexing PDF files
          2. Controlling merges
          3. Running and configuring queries
          4. Adjusting performance options
            1. Configuring performance within the Indexing Service
            2. Monitoring performance using the Performance Monitor
      2. The Microsoft Message Queue
        1. Communications with MSMQ
        2. MSMQ Administration
          1. Installing MSMQ
          2. Finding an MSMQ server
          3. Setting a maximum message size
          4. Enabling and disabling journals
          5. Limiting journal size
          6. Finding a queue
          7. Deleting a queue
          8. Viewing the properties of a message
          9. Deleting all messages
          10. Creating routing links
          11. Configuring routing links
          12. Creating foreign sites
        3. Issues with MSMQ and Firewalls
        4. More Resources
      3. Feature Packs and Add-Ons
        1. Active Directory Application Mode
        2. Automated Deployment Services
        3. DSML Services for Windows
        4. Identity Integration Feature Pack
        5. Remote Control Add-On for Active Directory Users and Computers
        6. Windows Rights Management Services
        7. Microsoft Services for NetWare 5.03a
        8. Windows SharePoint Services
        9. Windows System Resource Manager
    15. A. The Future of Windows Server 2003
      1. Service Pack 1
        1. The Security Configuration Wizard
          1. Installing the SCW
          2. Creating a security policy with the SCW
      2. Windows Server 2003 “R2”
    16. Index
    17. Colophon