Windows server 2008 R2 unleashed - GBV

5 downloads 1711 Views 465KB Size Report
What's New and What's the Same About Windows Server 2008 R2? 16. Changes ... Improvements in Windows Server 2008 R2 for Better Branch Office. Support.
Rand Morimoto, Ph.D., MCITP Michael

Noel, MVF? MCITP

Omar Droubi, MCSE Ross

Mistry, MVF? MCITP

Chris Amaris, MCSE, CISSP Technical Edit by Guy Yardeni

Windows Server 2008 R2 U

800 East 96th

Street, Indianapolis, Indiana 46240 USA

Table of Contents

Introduction

Part I 1

1

Windows Server 2008 R2 Overview

Windows Server 2008 R2 Technology Primer

5

Windows Server 2008 R2 Defined When Is the

Right

Time to

5

Migrate?

10

Versions of Windows Server 2008 R2

What's

Changes

12

What's the Same About

New and

in Active

Windows Server 2008 R2?

Directory

Windows Server 2008 R2 Benefits for Administration

Improvements

in

Improvements

in Mobile

Improvements

in

Security

22

in Windows Server 2008 R2

Computing

26

in Windows Server 2008 R2

Windows Server 2008 R2 for Better

28

Branch Office

Support

30

Improvements for Thin Client Remote Desktop Services Improvements in Clustering and Storage Area Network Support

33

Addition of

38

Migration

Improvements Identifying Migrate

2

16 20

Tools

in Server Roles in Windows Server 2008 R2

37

40

Which Windows Server 2008 R2 Service to Install

or

to First

43

Summary

46

Best Practices

47

Planning, Prototyping, Migrating,

and

Deploying

Windows Server

2008 R2 Best Practices

Determining

Identifying

the

Scope

49 of Your

Project

the Business Goals and

50

Objectives

to

Implement

Windows

Server 2008 R2

Identifying

SO

the Technical Goals and

Objectives

to

Implement

Windows

Server 2008 R2 The

Discovery

53

Phase:

Phase:

Understanding

the

Existing

The

Design

The

Migration Planning Phase: Documenting

Documenting

Environment

the Vision and the Plan

Prototype

63

the Process for

67

Migration The

59

Phase:

Creating

and

Testing

the Plan

73

vi

Windows Server 2008 R2 Unleashed

The Pilot Phase: The or

3

Validating the Plan to a Limited Number of Users Migration/Implementation Phase: Conducting the Migration

75

Installation

78

Summary

79

Best Practices

80

Installing Windows Server 2008

Preplanning Installing

a

and

Preparing

a

R2 and Server Core

83

Server Installation

Clean Version of Windows Server 2008 R2

83

Operating

System

89

Upgrading to

Windows Server 2008 R2

98

Server Core Installation

103

Understanding and

Managing

Performing

Part II 4

Configuring

a

Server Core Installation

Unattended Windows Server 2008 R2 Installation

an

111

Summary

111

Best Practices

112

Windows Server 2008 R2 Active

Directory

Active Directory Domain Services Primer

113

the Evolution of

114

Examining

Understanding Examining Outlining

Directory Services Development of AD DS

the

AD DS's Structure

AD DS's

Understanding Outlining

Components

the Role of

Explaining

AD DS

Outlining the

Outlining Outlining Summary

119 124

Units

Groups

126 in

an

AD DS Environment

Replication

Role of DNS in AD DS

AD DS AD DS

Security Changes

129

131

134 146

a

146

Windows Server 2008 R2 Active Directory

Understanding AD DS Domain Design Choosing a Domain Namespace Examining Choosing

127

133 in Windows Server 2008 R2

Best Practices

Designing

115 116

Domain Trusts

Defining Organizational

5

105

a

Domain

Design Features

Domain Structure

Understanding

the Single Domain Model

149 149 151 153 154 155

Contents

Understanding

the

Understanding

the

Multiple

Domain Model

Multiple

Trees in

Understanding

the Federated Forests

Design

157 Forest Model Model

Understanding

the Placeholder Domain Model

Understanding

the

Renaming

an

Special-Purpose

Domain

Design

165 167 Model

AD DS Domain

170 173

Best Practices

173

Unit and Group Structure

Designing Organizational

175

Units in AD DS

176 178

Examining OU and Group Design

182

OU Design

182

Starting Using

Group

an

OUs to

Delegate Administration

Policies and OU

184 186

Design

186

Understanding Group Design Exploring Sample Design

Models

188

Summary

193

Best Practices

193

Active Directory Infrastructure

195

Understanding

AD DS

Replication

Understanding Active Directory

in

195

Depth

200

Sites

207

Planning Replication Topology

Outlining

Windows Server 2008 R2 IPv6

213

Support

216

Detailing Real-World Replication Designs Deploying Read-Only

8

169

Summary

Defining Organizational Defining AD Groups

7

160 162

Domain Model

Understanding the Empty-Root

6

Single

a

vii

Domain Controllers

220

(RODCs)

Summary

224

Best Practices

225

Creating

Federated Forests and

Keeping

a

Active

Lightweight Directories

Distributed Environment in

Directory

Synchronizing Directory Manager (FIM) Harnessing

227

Sync

Federation Services Information with Forefront

the Power and Potential of FIM

227

232

Identity 236 240

Summary

243

Best Practices

243

viii

Windows Server 2008 R2 Unleashed

9

Integrating Active Directory

Understanding

Part III 10

and

in a UNIX Environment

Using Windows

245

Server 2008 R2 UNIX

Integration

Components

245

the

Reviewing Subsystem for UNIX-Based Applications (SUA) Understanding the Identity Management for UNIX Components

252

Administrative Improvements with Windows Server 2008 R2

256

Summary

258

Best Practices

258

Networking Services Domain Name

System

and IPv6

259

Understanding the Need for DNS Getting Started with DNS on Windows

260 Server 2008 R2

263

Resource Records

266

Understanding

DNS Zones

270

Zone Transfers

274

Performing

Understanding Other DNS

DNS Queries

276

Components

Understanding the

278

Evolution of Microsoft DNS

285

DNS in Windows Server 2008 R2

286

DNS in

288

Active

an

Troubleshooting

Directory

Domain Services Environment

DNS

292

IPv6 Introduction How to

297

Configure

Secure DNS with

11

253

IPv6

on

Windows Server 2008 R2

311

DNSSEC

316

Summary

323

Best Practices

323

DHCP/WINS/Domain Controllers

325

Understanding the Key Components the

Exploring

Host

Dynamic Exploring DHCP Changes

of

Enterprise

an

Configuration

Protocol

Network

(DHCP)

in Windows Server 2008 R2

Enhancing DHCP Reliability Implementing Redundant DHCP

358 359

the Windows Internet

Naming

Service (WINS)

Installing Configuring Planning, Migrating, and Maintaining WINS Exploring Global Catalog Domain Controller Summary and

Best Practices

336

350

DHCP

Reviewing

328

345 Services

Exploring Advanced DHCP Concepts Securing

326

WINS

361 364

368 Placement

370 374

374

Contents

12

Internet Information Services

Understanding

Planning Installing Installing Installing Securing

Part IV 13

377

Internet Information Services

and

(IIS)

7.5

377

Internet Information Services 7.5

382

Designing Upgrading IIS 7.5 and Configuring Websites and Configuring FTP Services and

383 389 397

Internet Information Services 7.5

407

Summary

416

Best Practices

417

Security Server-Level

Defining

Security

419

Windows Server 2008 R2

Security

419

Deploying Physical Security Using

the

Server

Additional

Firewall with

Advanced Security

Security

Security

429

Mechanisms

433

Windows Server

Update

Services

434

Summary

440

Best Practices

440

Transport-Level

Security

Introduction to

Deploying

a

441 in Windows Server 2008 R2

442

Public Key Infrastructure with Windows Server 2008 R2

443

Understanding

Transport-Level Security Active

Directory

Certificate Services

(AD CS)

in

Windows Server 2008 R2 Active

Using

15

424 427

Security

File-Level

Examining Using

420

Integrated Windows

Hardening

14

ix

444

Directory Rights Management IPSec

Encryption

Services

451

with Windows Server 2008 R2

454

Summary

456

Best Practices

456

Security Policies, Network Policy Server,

Understanding

and Network Access Protection

Network Access Protection

(NAP)

in

Windows Server 2008 R2

Deploying

a

Using

an

459

Windows Server 2008 R2 Network

Enforcing Policy Settings Deploying and Enforcing RRAS Server

with a

459

a

Network

Policy

Policy

Server

Server

Virtual Private Network

462 465

(VPN) 473

Summary

480

Best Practices

481

X

Windows Server 2008 R2 Unleashed

Part V

Migrating

to Windows Server 2008 R2

16

Migrating

from Windows Server

2003/2008 to

Windows 483

Server 2008 R2

Beginning

484

Process

Migration

Big Bang Migration

487

Phased

491

Migration Domain Consolidation

Multiple

17

the

505

Migration

Summary

522

Best Practices

523

Compatibility Testing

525

The Importance of

526

for

Preparing

Researching

Compatibility Testing

527

Compatibility Testing

Products and

Verifying Compatibility

534

Applications

with Vendors

Microsoft Assessment and

537

Planning (MAP) Toolkit

543

Lab-Testing Existing Applications Documenting Determining

Part VI 18

the Results of the

Whether

a

Compatibility Testing

Prototype

Phase Is

Required

546 546

Summary

547

Best Practices

548

Windows Server 2008 R2 Administration and

Management

Windows Server 2008 R2 Administration

549

the Administrative Model

Defining

550 551

Examining Active Directory Site Administration

Configuring Examining

Sites

554

Windows Server 2008 R2 Active

Directory Groups

562

564

Creating Groups

19

542

Managing

Users with Local

Managing

Printers with the Print

Group

Policies

568

Management

Console

576

Security

and

Summary

582

Best Practices

583

Windows Server 2008 R2

Group Policy

Group

Overview

Group Policy Processing—How Local

Group

Security

Policies

Templates

Elements of

Policies and Policy Management

Group Policy

585

585 Does It Work?

586 588 590 591

Contents

Administrative

Group Policy

Templates Explained

603

Policy Management Tools Designing

20

a

607

Group Policy Infrastructure

616

GPO Administrative Tasks

619

Summary

637

Best Practices

637

Windows Server 2008 R2

Management

and Maintenance Practices

Going

Green with Windows Server 2008 R2

Initial

Configuration

Managing

641

Windows Server 2008 R2 Roles and Features

643

Server

Manager

647

Server

Manager Diagnostics Page Configuration Page

652

Server Manager

Storage Page

Managing Windows Using

657 661

the Environment

Auditing

665

Server 2008 R2

Common Practices for

674

Remotely

Securing

and

Managing

Windows

Server 2008 R2

Keeping Up

679

with Service Packs and

Maintaining

Updates

Windows Server 2008 R2

681 685

Summary

696

Best Practices

696

Automating

Tasks

Understanding

Using

PowerSheil

Scripting

Shells

Understanding Using

699 700

Introduction to PowerSheil

22

639 640

Tasks

Server Manager

21

xi

702

the PowerSheil Basics

Windows PowerSheil

705 732

Summary

762

Best Practices.

762

Documenting

a

Windows Server 2008 R2 Environment

763

Benefits of Documentation

764

of Documents

765

Types

Planning

to Document

the Windows Server 2008 R2 Environment

766

Knowledge Sharing and Knowledge Management

766

Windows Server 2008 R2

767

Project

Documents

Administration and Maintenance Documents

780

Network Infrastructure

784

Disaster

785

Recovery

Documentation

Change Management

Procedures

788

xii

Windows Server 2008 R2 Unleashed

Performance Documentation

23

788

Records for Documentation

Baselining

789

Comparisons

Routine

Reporting

789

Security

Documentation

790

Summary

791

Best Practices

791

Integrating System Center Operations Manager 2007

R2 with

Windows Server 2008 R2

793

Windows Server 2008 R2 Monitoring

794

What's

796

New in

Explaining

OpsMgr

How

OpsMgr

Outlining OpsMgr

Understanding

R2

Works

796

Architecture

How to Use

798 802

OpsMgr

Understanding OpsMgr Component Requirements Understanding

Advanced

OpsMgr Concepts

807

2007 R2

814

811

Securing OpsMgr Installing Operations Manager

Configuring Operations Manager Monitoring

24

2007 R2

822 831 837

Summary

846

Best Practices

846

Remote and Mobile

Technologies

Server-to-Client Remote Access and DirectAccess

849

VPN in Windows Server 2008 R2

850

Authentication

Options

.

to an RRAS

System

856

VPN Protocols.

858

DirectAccess in Windows Server 2008 R2

863

Choosing

25

2007 R2

DMZ Servers with Certificates

Using Operations Manager

Part VII

805

Between Traditional VPN Technologies and DirectAccess

873

Traditional VPN Scenario

876

DirectAccess Scenario

898

Connection Manager

916

Summary

919

Best Practices

919

Remote Desktop Services

921

Why Implement How Remote

Remote

Desktop

Understanding

Desktop

Works

the Name

Change

Services

922 925 928

Contents

Understanding

for Remote

Planning

Deploying

Remote

Remote

Securing

26

Desktop Services

Desktop

Desktop

Desktop

Remote

Supporting

Part VIII

Remote

928

Services

947

Services

953

Services

Desktop

979

Services

981

Summary

984

Best Practices

985

Desktop Administration Windows Server 2008 R2 Administration Tools for

Managing Desktops

Desktops

and Servers

989

Operating System Deployment Options Windows

Installing

Deployment

Creating

Discover

Creating

Custom Installations

General

Desktop

Deployment

Services

Services (WDS)

994 1005

Images Using Capture Images

Administration Tasks

1016 1020 1021

Best Practices

1021

Group Policy Management

for Network Clients

The Need

for Group Policies

Windows

Group

1024 1025

Feature Set

1028

and Standalone Local

Group Policy 1033

Configuration Planning

1023

Policies

Planning Workgroup Domain

Group Policy Objects

Managing Computers

28

991

Summary

Group Policy

Part IX

987 988

Windows Server 2008 R2 Windows

27

xiii

with Domain Policies

1036 1045

Managing

Users with Policies

1070

Managing

Active

1076

Directory

with Policies

Summary

1095

Best Practice

1096

Fault-Tolerance File

Technologies

System Management

and Fault Tolerance

Windows Server 2008 R2 File File

System

System Overview/Technologies

Access Services and

Technologies

Windows Server 2008 R2 Disks

Utilizing

External Disk

Managing

Subsystems

Windows Server 2008 R2 Disks

1097 1097 1102 1105 1109 1109

xiv

Windows Server 2008 R2 Unleashed

System

File

Adding

the File Services Role

1120

Data Access Using Windows Server 2008 R2 Shares

Managing

Management Manager (FSRM)

1128

File Server Resource

1130

The Distributed File

System

1147

DFS

a

1155

and

Backing Up Using

1152

Deployment

DFS

Managing

Troubleshooting

DFS

1163

DFS

1166

the Volume Shadow

Copy

Service

1167

Summary

1170

Best Practices

1170

System-Level

Building

Fault Tolerance

(Clustering/Network Load Balancing)

Fault-Tolerant Windows Server 2008 R2

Windows Server 2008 R2

Determining

the Correct

Systems

Backing Up

Clustering Technology

1182 1184

Deploying Managing

NLB Clusters

1191

Failover Clusters

Restoring

Network Load

1174 1177

Failover Clusters and

1173

Clustering Technologies

Overview of Failover Clusters

Deploying

30

1122

Volume-Based NTFS Quota

Planning Installing

29

1118

Reliability

Balancing

1211

Clusters

1215

1223

Summary

1225

Best Practices

1225

Backing Up

the Windows Server 2008 R2 Environment

Understanding

Your

Backup

Creating the Disaster

Documenting

Developing

a

the

and

Recovery

Recovery

Needs and

1227

Options

Solution

1232 1234

Enterprise

1234

Backup Strategy

Windows Server Backup Overview

Using

Windows Server

1235

Backup

1239

the Command-Line

Managing Backups Using

Utility

and PowerShell Cmdlets

Backing Up

Copy

Service

Windows Server 2008 R2

wbadmin.exe 1246

Windows Server 2008 R2 Role Services

Volume Shadow

1228

(VSS)

Startup Options

1248 1262 1264

Summary

1265

Best Practices

1265

Contents

31

Disaster

1267

Ongoing Backup and Recovery Preparedness

1267

When Disasters Strike

1271

Recovering from

a

Troubleshooting

Disaster Scenario

Recovering Managing

from a Server or

and

Accessing

Windows Server

32

Backup

1274

System

Failure

Windows Server Volume

1277

Backup

Media

1291

Summary

1302

Best Practices

1302

Optimizing, Tuning, Debugging, Optimizing

and Problem

Solving

Windows Server 2008 R2 for Branch Office

Communications

1305

Understanding Read-Only Installing

a

Read-Only

Understanding Configuring

Domain Controllers

(RODCs)

Domain Controller

BitLocker Drive

BitLocker Drive

1323

Encryption

Encryption

on a

Understanding

and

Deploying

Enhancing Replication

Windows Server

BranchCache

and WAN Utilization at the Branch Office

1326 1333 1339

Summary

1342

Best Practices

1342

Logging

and

1345

Debugging

Using the Task Manager for Logging and Debugging

1345

Using Event Viewer for Logging and Debugging

1350

Performance and

1359

Setting Using

34

1306 1310

2008 R2 Branch Office Domain Controller

33

1285

1287

Recovery

Role Services and Features.

Recovering

Part X

xv

Reliability Monitoring

Baseline Values

the

Debugging

1369

Tools Available in Windows Server 2008 R2

1371

Task Scheduler

1382

Summary

1388

Best Practices

1389

Capacity Analysis

and Performance

Optimization

1391

Defining Capacity Analysis

1391

Using Capacity-Analysis Tools

1395

Monitoring

System Performance

1415

Optimizing

Performance

1423

by

Server Roles

Summary

1430

Best Practices

1430

xvi

Windows Server 2008 R2 Unleashed

Part XI 35

Windows

Integrated

Application

Services

Windows SharePoint Services

Understanding

the

1433

History of SharePoint Technologies

1434

What Are the Differences Between Windows SharePoint Services 3.0 and SharePoint Server 2007?

Identifying

the Need

1436

for Windows SharePoint Services

1440

Lists and Libraries in Windows SharePoint Services 3.0

1453

Office 2007

Integrating

with Windows SharePoint

Applications

Services 3.0

1469

the Site Collection

Managing

36

1475

Summary

1479

Best Practices

1481

Windows Media Services

Understanding

1483

Windows Media Services

1484

Installing Windows Media Services

Using

1489

Windows Media Services for Real-Time Live Broadcasts

Broadcasting Hosting

Stored

Directory

a

Single

Files

Files for

a

1492 1495

of Videos for On-Demand

Combining Multiple

Combined

Playback

Single

Broadcast

1498 1501

Understanding

Windows Media Encoder

1504

Broadcasting

Live Event

1506

Using

a

Audio

Capturing

37

1439

Installing Windows SharePoint Services

or

Video for Future

Playback

Other Windows Media Encoder

Options

1508 1510

Summary

1512

Best Practices

1512

and

Deploying

Using Windows Virtualization

Understanding of

Integration Planning

Your

Microsoft's Virtualization

Hypervisor Technology Implementation

Installation of the Microsoft Familiar with the

Becoming Installing

a

Guest

Guest Session

Launching

a

Hyper-V

Strategy

in Windows Server 2008

Hyper-V

1517

1519

Role

1522

Hyper-V

Administrative Console

1524

Session

1529

Configuration Settings

Guest Session

of Guest

1515

Hyper-V

Operating System

Modifying

Using Snapshots

of

1515

Operating System

1533 1535

Sessions

1538

Quick Migration and Live Migration

1540

Summary

1550

Best Practices

1551

Index

1553