Learning Windows Server 2003, Second Edition

Learning Windows Server 2003, Second Edition

by Jonathan Hassell
Released February 2006
Publisher(s): O'Reilly Media, Inc.
ISBN: 9780596101237

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon
Start your free trial

Book description

Getting Microsoft Windows Server 2003 up and running, either as a standalone or as part of a multi-site, multi-server network is a formidable task for anyone. O'Reilly's no-nonsense guide, Learning Windows Server 2003, 2nd Edition, gives you just what you need to get the job done. It provides you with the nuts and bolts for installing, configuring, securing, and managing Windows Server 2003-plus, it has been completely updated for Service Pack 1 and release R2.

Learning Windows Server 2003, 2nd Edition includes just enough theory for you to understand how the different features and systems work in this latest version of Windows. You'll come away with a firm understanding of what's happening under the hood of the system, but without feeling like you're taking a graduate course in OS theory. After its high-level overview, the book offers complete discussions and treatments of all of Server 2003's major components. You'll learn how to:

  • install Windows Server 2003

  • create and manage user accounts (with particular attention to Active Directory)

  • manage access to system resources, such as printers and files

  • configure and manage its numerous major subsystems

The book also features step-by-step procedures and discussions of complex concepts such as patch management, Active Directory replication, DFS namespaces and replication, network access quarantining, server clustering, Group Policy and other security tools, and IIS6 web server.

Whether you're an experienced system administrator or one who's just beginning, you'll turn to this practical guide again and again when you need to understand the massive product that is Windows Server 2003.

Table of contents

  1. Table of Contents
  2. Preface
    1. Audience
    2. Organization and Structure
    3. Conventions Used in This Book
    4. Using Code Examples
    5. We’d Like to Hear from You
    6. Safari® Enabled
    7. Acknowledgments
  3. Introducing Windows Server 2003
    1. Changes from Windows 2000 Server
      1. Security
      2. Performance and Scalability
      3. Management Tool Enhancements
      4. Trans-Forest Active Directory Trusts
      5. Remote Office Domain Controller Creation Improvements
      6. Replication Control
      7. Domain Renaming
      8. Volume Shadow Copies and Shadow Copy Restore
      9. Terminal Services and Remote Administration
      10. The .NET Framework
      11. IIS 6
      12. Command-Line Integration
      13. DNS Improvements
      14. Licensing
    2. What Service Pack 1 Adds
    3. What R2 Adds
    4. Windows Server 2003 Editions
    5. Hardware Requirements
    6. The Last Word: Assessing the Release
  4. Installation and Deployment
    1. Preparing to Install Windows Server 2003
      1. Choosing Windows Components
      2. Partitioning Disks and Allotting Disk Space
      3. Assigning Licenses
      4. Joining Domains Versus Joining Workgroups
    2. Installing Windows Server 2003
      1. Understanding Product Activation
      2. Default Post-Installation Behavior
    3. Upgrading Previous and Existing Installations
      1. Upgrading Windows NT
        1. Evaluating NT-based Windows Server 2003 interoperability issues
      2. Upgrading Windows 2000 Server
    4. Installing the R2 Components
    5. Troubleshooting an Installation
      1. Starting Over
      2. Using the Recovery Console
        1. Setting up the Recovery Console
        2. Working with the Recovery Console
    6. Running an Unattended Installation
      1. Using Scripts (1/2)
      2. Using Scripts (2/2)
        1. Constructing unattended setup scripts
        2. Privatizing the dynamic update process
        3. Understanding and creating UDF files
      3. Using RIS (1/2)
      4. Using RIS (2/2)
        1. RIS limitations
        2. Activating an RIS server
        3. Deploying an image to a client
        4. Slipstreaming service packs
        5. Using the OEM option for further customization
      5. Deploying a System Image: RIPrep and Sysprep
        1. Sysprep: the system preparation tool
    7. The Last Word
  5. File, Print, and User Services
    1. New File and Print Server Features
    2. Setting Up File-Sharing Services
      1. Creating a Share Manually
      2. Default Shares
      3. Publishing Shares to Active Directory
    3. NTFS File and Folder Permissions
      1. Standard and Special Permissions
      2. Setting Permissions
      3. Inheritance and Ownership
      4. Determining Effective Permissions
      5. Access-Based Enumeration
      6. Auditing
    4. Limiting Use of Disk Space with Quotas
      1. Setting Default Quotas
      2. Configuring Individual Quota Entries
    5. The File Server Resource Manager
      1. Configuring the FSRM
      2. Configuring Quotas with the FSRM
      3. Screening for File Types
        1. Defining a File Group
        2. Creating a File Screen
        3. Creating an exception to a screen
      4. Generating Storage Reports
    6. Using Offline Files and Folders
      1. Enabling Offline Files
      2. Points to Remember
    7. Using Shadow Copies
      1. Enabling Shadow Copies
      2. Altering the Shadow Copy Schedule
    8. Backing Up Your Machines
      1. Using Backup from the GUI
    9. Using the Encrypting File System
      1. Encrypting Files and Folders
      2. Recovering Encrypted Objects
      3. Protecting User Certificate Integrity
    10. The Distributed File System
      1. Adding a DFS Root and Link
      2. Adding DFS Links and Targets
      3. The Basics of DFS Replication
      4. Managing DFS Systems
        1. Connecting to different roots
        2. Checking DFS node status
        3. Removing child nodes
        4. Downing replica members
      5. DFS in Windows Server 2003 R2 (1/3)
      6. DFS in Windows Server 2003 R2 (2/3)
      7. DFS in Windows Server 2003 R2 (3/3)
        1. Creating a namespace
        2. Adding and managing folders and folder targets in a namespace
        3. Creating a replication group for a folder
    11. Understanding Print Sharing Services
      1. Internet Printing
      2. Setting Up Print Sharing
      3. The Print Management Console
        1. Adding and viewing printers
        2. Performing mass administration tasks
        3. Device drivers
      4. Custom Printing Configurations (1/2)
      5. Custom Printing Configurations (2/2)
        1. Controlling the print spooler service
        2. Configuring default printer settings
        3. Choosing a separator page
        4. Adding printer drivers for other operating systems
        5. Publishing shared printers into Active Directory
        6. Setting up alternate/restricted printing times
        7. Controlling print priority between groups
        8. Using PostScript and PCL
        9. Retaining all print jobs
        10. Configuring printing to multiple physical printers
        11. Adding color profiles
        12. Tracking the location of printers
    12. Roaming User Profiles
      1. Creating a Basic Profile
      2. Making Profiles Available on the Server
      3. On Deploying Profiles En Masse
    13. Command Line Utilities
      1. Using Shares
      2. FSUTIL
      3. ABECMD
      4. Managing Offline Folders
      5. VSSADMIN
      6. NTBACKUP
        1. Sample scenarios
      7. CIPHER
      8. Printing from the Command Line
    14. The Last Word
  6. Domain Name System
    1. Nuts and Bolts
    2. Zones Versus Domains
      1. Zone Files
      2. Forward and Reverse Lookup Zones
    3. Resource Records
      1. Host (A) Records
      2. Canonical Name (CNAME) Records
      3. Mail Exchanger (MX) Records
      4. Nameserver (NS) Records
      5. Start of Authority (SOA) Records
      6. Pointer (PTR) Records
      7. Service (SRV) Records
    4. Using Primary and Secondary Nameservers
      1. Full and Incremental Zone Transfers
    5. Building a Nameserver
      1. Enabling Incremental Transfers
      2. Creating a Forward Lookup Zone
      3. Entering A Records into a Zone
      4. Controlling Round-Robin Balancing
      5. Entering and Editing SOA Records
      6. Creating and Editing NS Records
      7. Creating and Editing CNAME Records
      8. Creating and Editing MX Records
      9. Generating a Reverse Lookup Zone
      10. Creating and Editing PTR Records
      11. Configuring a Secondary Nameserver
      12. Upgrading a Secondary Nameserver to Primary
      13. Manually Editing Zone Files
      14. Controlling the Zone Transfer Process
    6. Subdomains and Delegation
      1. Delegating a Domain
      2. Creating the Subdomain
    7. Dynamic DNS
      1. Scavenging
      2. Preventing Dynamic DNS Registration
    8. Active Directory–Integrated Zones
      1. Replication Among Domain Controllers
    9. Forwarding
      1. Slaving
      2. Conditional Forwarding
    10. The Split DNS Architecture
      1. Stub Zones
      2. Security Considerations
    11. Backup and Recovery
    12. Command-Line Utilities
      1. DNSCmd
      2. DNSLint
    13. The Last Word
  7. Active Directory
    1. Active Directory Objects and Concepts
      1. Domains
      2. Organizational Units
      3. Sites
      4. Groups
        1. Nesting
      5. Trees
      6. Forests
        1. Transitive forest root trusts
        2. The dedicated forest root model
      7. Shared Folders and Printers
      8. Contacts
      9. Global Catalog
    2. Building an Active Directory Structure
      1. The First Domain (1/2)
      2. The First Domain (2/2)
      3. Using Active Directory Tools
      4. Adding Another Domain Controller to a Domain
      5. Adding Another Domain
      6. Managing Users and Groups (1/4)
      7. Managing Users and Groups (2/4)
      8. Managing Users and Groups (3/4)
      9. Managing Users and Groups (4/4)
        1. Creating users and groups
        2. Performing common administrative tasks
        3. Using LDAP to create users
        4. Delegation
    3. Understanding Operations Master Roles
      1. Schema Master
      2. Domain-Naming Master
      3. RID Master
      4. PDC Emulator
      5. Infrastructure Master
      6. Transferring and Seizing Roles Manually
    4. Understanding Directory Replication
      1. Within a Site: Loops and Meshes
      2. Time Synchronization
      3. Replication Topologies
      4. Handling Update Conflicts
      5. Update Sequence Numbers
        1. Breaking the loop: originating USNs and UTD vectors
      6. Managing Replication Using REPADMIN
        1. Running the KCC
        2. Viewing up-to-date vectors
        3. Viewing replication partners
        4. Viewing highest USNs
        5. Pressing the “Big Red Button”
      7. Among Sites: Spanning Trees and Site Links
        1. Site links
    5. Migrating to Active Directory in Windows Server 2003
      1. Moving from Windows NT Domains
        1. Items to consider before migrating
        2. Migration strategies
        3. Performing the move
        4. Moving domains to Active Directory
      2. Moving from Windows 2000 Server (1/2)
      3. Moving from Windows 2000 Server (2/2)
        1. About forest and domain functional levels
        2. Preparing existing forests and domains
        3. Raising the forest and domain functional levels
        4. Tips for a smooth upgrade
    6. Active Directory Federation Services
      1. Scenarios
      2. Architecture
      3. The Flow of Applications and Claims
        1. Claims Transformation
      4. Demo: Collaboration with Windows SharePoint Services
      5. More Information
    7. Active Directory Troubleshooting and Maintenance
      1. Troubleshooting AD with DNSLint
      2. Offline Defragmenting of NTDS Database
      3. Cleaning Directory Metadata
    8. Conclusion
  8. Group Policy and IntelliMirror
    1. An Introduction to Group Policy
      1. A Comparison: Group Policies and System Policies
    2. Group Policy Implementation
      1. Introducing the Group Policy Management Console (1/2)
      2. Introducing the Group Policy Management Console (2/2)
        1. Creating and editing Group Policy Objects
        2. Administrative templates
        3. Disabling portions of policies
        4. Refreshing computer policies
        5. Policy enforcement over slow network connections
      3. The Scope of Group Policy Objects
      4. Enforcement and Inheritance
      5. WMI Filters
      6. Resultant Set of Policy (1/2)
      7. Resultant Set of Policy (2/2)
        1. Planning mode
        2. Logging mode
        3. Using RSoP without the GUI
      8. Other Administrative Tasks (1/2)
      9. Other Administrative Tasks (2/2)
        1. Searching for GPOs
        2. Backing up, copying, importing, and exporting GPOs
        3. Managing GP across multiple forests
        4. Delegating administration of GPs
    3. Local Group Policy
      1. Security Templates
      2. Creating a Custom Security Template
      3. Compiling the Security Database
    4. Domain Group Policy
      1. Security Settings
        1. Restricted groups
        2. File system and registry policy
      2. IntelliMirror: Software Installation (1/3)
      3. IntelliMirror: Software Installation (2/3)
      4. IntelliMirror: Software Installation (3/3)
        1. Packaging software
        2. An example deployment
        3. Deployment properties
        4. Redeploying and removing software
        5. Deploying service packs using GP
      5. IntelliMirror: Folder Redirection
        1. Redirecting folders based on group membership
        2. Removing a redirection policy
      6. Software Restriction Policies
      7. Scripts
    5. Deployment Considerations
    6. Troubleshooting Group Policy
      1. Resolving DNS Problems
      2. Analyzing Inheritance
      3. GPO Distribution and Synchronization
      4. Getting More Detailed Logs
      5. Identifying Client Side Extension GUIDs
      6. Locating GPT Files on Domain Controllers
    7. Other Group Policy Management Tools
    8. Command-Line Utilities
      1. GPUpdate
      2. GPResult
    9. The Last Word
  9. Windows Security and Patch Management
    1. Understanding Security Considerations
      1. Principles of Server Security
    2. Enhancements to Security in Service Pack 1
      1. The Security Configuration Wizard (1/2)
      2. The Security Configuration Wizard (2/2)
        1. Installing the SCW
        2. Creating a Security Policy with the SCW
        3. The rollback feature
        4. Best practices
    3. Creating and Enforcing Security Policies
      1. Using Security Policy Templates
        1. Creating a custom security template
        2. Importing a template into a GPO
      2. Security Configuration and Analysis
        1. Creating and using template databases with SCA
        2. Scanning system security
        3. Correcting system security
      3. Microsoft Baseline Security Analyzer
        1. Using the MBSA
    4. Locking Down Windows
      1. Password Requirements
      2. Account Lockout Policies
      3. Local Options
        1. Anonymous access
        2. Shutdown without logon
        3. Automatic logoff
        4. Digitally signing communication
        5. Requiring the three-keystroke salute at logon
        6. Last username display
        7. Password expiration prompt
      4. Network Options Via Group Policy
        1. Viewing the default domain policy
        2. Viewing the default domain controller security policies
        3. Viewing a domain controller’s effective security policy
        4. Final words: organizing policy layout
    5. Using Auditing and the Event Log
      1. Recommended Items to Audit
      2. Event Logs
        1. The Event Viewer
    6. Windows Server Update Services
      1. About Windows Server Update Services
      2. Using Windows Server Update Services: On the Server Side (1/3)
      3. Using Windows Server Update Services: On the Server Side (2/3)
      4. Using Windows Server Update Services: On the Server Side (3/3)
        1. The administrative console
        2. Synchronizing content
        3. Creating a computer group
        4. Approving content
        5. Checking the status of update deployments
        6. Pushing out the automated updates client
        7. Configuring the automatic updates client
      5. Using WSUS: On the Client Side
        1. Update download and installation
        2. Monitoring the client-side system
    7. Command-Line Utilities
      1. SCWCMD
        1. Configuring servers with a policy
        2. Analyzing machines for policy compliance
        3. Roll back SCW policies
        4. Viewing analysis results
      2. MBSACLI
    8. The Last Word
  10. Internet Information Services
    1. IIS Architecture
    2. IIS Components
      1. The Web Server
      2. The FTP Server
      3. The SMTP Server and POP3 Server
      4. The NNTP Server
    3. What’s New in IIS 6
      1. New in Windows Server 2003 Service Pack 1
    4. Installing IIS
      1. IIS Management Console
    5. Managing Web Services
      1. Creating a Site
      2. Adjusting Server-Wide Site Properties
      3. Hosting Multiple Sites on One Physical Machine
      4. Adjusting Individual Site Properties (1/4)
      5. Adjusting Individual Site Properties (2/4)
      6. Adjusting Individual Site Properties (3/4)
      7. Adjusting Individual Site Properties (4/4)
        1. Web Site
        2. Performance
        3. ISAPI Filters
        4. Home Directory
        5. Documents
        6. Directory Security
        7. HTTP Headers
        8. Custom Errors
      8. Virtual Directories
      9. FrontPage Server Extensions
      10. Using Application Pools
        1. Recycling
        2. Performance
        3. Health
        4. Identity
        5. Creating a new application pool
      11. Using the Web Services Extensions Node
    6. File Transfer Protocol Services
      1. Creating FTP Sites
      2. Master FTP Site Properties
      3. Individual FTP Site Properties (1/2)
      4. Individual FTP Site Properties (2/2)
        1. FTP Site
        2. Security Accounts
        3. Messages
        4. Home Directory
        5. Directory Security
      5. Virtual FTP Directories
      6. FTP User Isolation
        1. Integrating Active Directory into user isolation
    7. SMTP Services
      1. Creating a New SMTP Virtual Server
      2. SMTP Properties (1/2)
      3. SMTP Properties (2/2)
        1. General
        2. Access
        3. Messages
        4. Delivery
        5. LDAP Routing
        6. Security
      4. Delivering for Multiple Internet Domains
    8. The POP3 Server
      1. Installing the POP3 Server
      2. POP3 Properties
      3. Creating Domains and Mailboxes
    9. Network News Services
      1. Creating a Newsgroup Server
      2. Modifying NNTP Server Properties
        1. General
        2. Access
        3. Settings
        4. Security
      3. Virtual NNTP Directories
        1. Modifying news directory properties
      4. Creating Newsgroups and Hierarchies
      5. Article Expiration
    10. Backing Up Your IIS Configuration
    11. Remote Administration
    12. Securing It All
      1. Enable IIS Only if You Use It
      2. Query All IIS Machines for Their Update Level
      3. Keep IIS Updated
        1. Using Windows Update
        2. Using network-based hotfix installation
      4. Use Both IIS and NTFS Security
      5. Evaluate the Indexing Service
      6. Kill Unused Ports
      7. Delete Default Directories
      8. The Ins and Outs of ISAPI
    13. Command-Line Utilities
      1. iisreset
      2. iisweb
      3. iisvdir
      4. iisapp
      5. iisftp
      6. iisftpdr
      7. winpop
    14. The Last Word
  11. .NET Framework
    1. What Is .NET?
      1. Language
      2. Libraries
      3. Tools
      4. Runtime
    2. What’s New in .NET
    3. Application Types
    4. XML-Based Configuration
      1. Configuration Types
        1. Security Policy
        2. Settings
      2. Configuration Scopes
        1. Enterprise
        2. Machine
        3. User
        4. Application
    5. Security
      1. Role-Based Security
    6. Assemblies
      1. Private Assemblies
      2. Strong-Named Assemblies
    7. Deployment Models
      1. XCopy Deployment
      2. No-Touch Deployment
      3. Windows Installer
    8. Diagnostics
      1. Debugging and Tracing
      2. Performance Counters
        1. Framework counters
        2. Custom counters
      3. Event Logs
    9. Management Tools
      1. GUI Tools
        1. The .NET Framework Configuration MMC
        2. The .NET Framework Wizards tool
      2. Command-Line Tools
    10. Reference
    11. The Last Word
  12. Windows Terminal Services
    1. The Remote Desktop Protocol
    2. Requirements for Terminal Services
      1. CPU Requirements
      2. Amount of RAM
      3. Network Interface Card
      4. Disk Space
      5. Sizing for Scaling
    3. Adding the Terminal Server Role
    4. Enabling Remote Desktop
    5. On the User’s Side
      1. Using the RDP Client
        1. General
        2. Display
        3. Local Resources
        4. Programs
        5. Experience
      2. Configuring a User’s Environment
      3. Alternative RDP Clients
    6. Installing an Application
    7. Configuring Terminal Services Licensing
    8. Terminal Services Administration
      1. Terminal Services Manager
        1. Connecting to a session
        2. Disconnecting a session
        3. Logging off a session
        4. Resetting a session
        5. Viewing session information
        6. Sending a message to a user
        7. Taking control of a session
      2. Terminal Services Configuration (1/2)
      3. Terminal Services Configuration (2/2)
        1. Creating a new connection listener
        2. Restricting Terminal Services connections
        3. Encryption levels
        4. Remote control permissions
        5. Connecting to drives and printers
        6. Session device mapping
        7. Default Terminal Services permissions
        8. Ensuring RPC-based security
    9. Command-Line Utilities
    10. The Last Word
  13. Communications and Networking
    1. Dynamic Host Configuration Protocol
      1. How It Works
      2. Installing a DHCP Server
      3. Creating a New DHCP Scope
      4. Authorizing a DHCP Server
      5. Reservations
      6. Understanding Classes
      7. Superscopes
      8. Conflict Detection
      9. DHCP Implications for DNS
    2. Virtual Private Networks
      1. How It Works
      2. Configuring the Routing and Remote Access Server
        1. Granting access to users
      3. Authentication and Encryption Methods
    3. Certificate Services
      1. Keys
      2. Certificates
        1. Certificate Stores
      3. Creating a Certificate Authority in Windows Server 2003 (1/2)
      4. Creating a Certificate Authority in Windows Server 2003 (2/2)
      5. Implications to Specific Services
        1. IPsec
        2. EFS
      6. Certificate Revocation
    4. IP Security
      1. How IPSec Policies Work
        1. Deconstructing an IPSec policy
      2. Creating an IPSec Policy
      3. IPSec Caveats
    5. Network Access Quarantine Control
      1. How It Works
      2. A Step-by-Step Overview of NAQC
      3. Deploying NAQC (1/3)
      4. Deploying NAQC (2/3)
      5. Deploying NAQC (3/3)
        1. Creating quarantined resources
        2. Writing the baselining script
        3. Installing the listening components
        4. Creating a quarantined connection profile
        5. Distributing the profile to remote users
        6. Configuring the quarantine policy
        7. Creating exceptions to the rule
    6. The Last Word
  14. Clustering Technologies
    1. Network Load-Balancing Clusters
      1. NLB Terminology
      2. NLB Operation Styles and Modes
        1. Single card in each server in unicast mode
        2. Multiple cards in each server in unicast mode
        3. Single card in each server in multicast mode
        4. Multiple cards in each server in multicast mode
      3. Port Rules
      4. Creating an NLB Cluster
      5. Adding Other Nodes to the Cluster
      6. Removing Nodes from the Cluster
      7. Performance Optimization
    2. Server Clustering
      1. Cluster Terminology
      2. Types of Resources
      3. Planning a Cluster Setup
      4. Creating a True Server Cluster
      5. Adding a Node to an Existing Cluster
      6. Creating a New Cluster Group
      7. Adding a Resource to a Group
      8. Using the Cluster Application Wizard
      9. Configuring Failover and Failback
        1. Failover
        2. Failback
    3. Command-Line Utilities
      1. Managing Individual Nodes
      2. Managing the Cluster Service Itself
    4. The Last Word
  15. Other Windows Server 2003 Services
    1. The Indexing Service
      1. How the Indexing Service Works
      2. Performance Considerations
      3. Common Administrative Tasks (1/4)
      4. Common Administrative Tasks (2/4)
      5. Common Administrative Tasks (3/4)
      6. Common Administrative Tasks (4/4)
        1. Administering a catalog
        2. Controlling merges
        3. Running and configuring queries
        4. Adjusting performance options
    2. The Microsoft Message Queue
      1. Communications with MSMQ
      2. MSMQ Administration
        1. Installing MSMQ
        2. Finding an MSMQ server
        3. Setting a maximum message size
        4. Enabling and disabling journals
        5. Limiting journal size
        6. Finding a queue
        7. Deleting a queue
        8. Viewing the properties of a message
        9. Deleting all messages
        10. Creating routing links
        11. Configuring routing links
        12. Creating foreign sites
      3. Issues with MSMQ and Firewalls
      4. More Resources
    3. Extending Functionality
      1. Automated Deployment Services
      2. DSML Services for Windows
      3. Identity Integration Feature Pack
      4. Remote Control Add-on for Active Directory Users and Computers
      5. Windows Rights Management Services and Client
      6. Microsoft Services for NetWare 5.03a
      7. Windows SharePoint Services
      8. Windows Subsystem for Unix Applications
      9. Windows System Resource Manager
    4. The Last Word
  16. The Future of Windows Server
    1. General Notes
    2. The Feature Roster
    3. Current Progress
  17. Index (1/5)
  18. Index (2/5)
  19. Index (3/5)
  20. Index (4/5)
  21. Index (5/5)

Product information

  • Title: Learning Windows Server 2003, Second Edition
  • Author(s): Jonathan Hassell
  • Release date: February 2006
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9780596101237