Windows ® Server 2003:

(1)

(2)

Windows ^® Server 2003:

The Complete Reference

Kathy Ivens with Rich Benack, Christian Branson, Kenton Gardinier, John Green, David Heinz, Tim Kelly, John Linkous, Christopher McKettrick, Patrick J. Santry, Mitch Tulloch

McGraw-Hill/Osborne

New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Complete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 Blind Folioi

Color profile: Generic CMYK printer profile Composite Default screen

(3)

Copyright © 2003 by The McGraw-Hill Companies, Inc. All rights reserved. Manufactured in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher.

0-07-223028-2

The material in this eBook also appears in the print version of this title: 0-07-219484-7

All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps.

McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw- hill.com or (212) 904-4069.

TERMS OF USE

This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms.

THE WORK IS PROVIDED “AS IS”. McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WAR- RANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PAR- TICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work.

Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, con- sequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.

DOI: 10.1036/0072230282

(4)

Want to learn more?

We hope you enjoy this McGraw-Hill eBook! If you d like more information about this book, its author, or related books and websites, please click here.

,

(5)

I’d like to thank all the talented people at McGraw-Hill/Osborne who worked so hard to bring this book to you, with special homage to Tracy Dunkelberger and Athena Honore, who were directly involved in every step of this book’s creation.

Picture me delivering a loud and enthusiastic round of applause as I give special thanks to the technical editor, David Heinz, for his expertise, and a standing ovation

for copy editor Bill McManus for his extremely skillful work.

I owe Chris Cannon, Microsoft’s Product Manager for Servers, more than I can ever repay, for providing explanations, information, and an incredible amount of patience (all delivered with a much appreciated sense of humor). Brandi Muller

of Waggener Edstrom Strategic Communications was a life saver whenever I needed information.

—Kathy Ivens

This chapter is dedicated to my loving wife, Connie, for all her support in my career and in our marriage.

—Rich Benack

This is dedicated to my wife, Tanya. You always thought I'd reach the stars.

—Christian Branson

For my wife, Deborah, whose patience and support are neverending sources of strength; and for my sons Andrew and Brandon, who never cease to inspire me.

—John Green

Dedicated to all the technology workers who have helped create the fantastic com- puting environments we enjoy today; who endure the pain and complex learning

curves of new technologies in extremely short timeframes and apply them to business problems we face today.

—Tim Kelly To my parents.

—John Linkous

Dedicated to my wife, Karyn Santry, and children, Katie, Karleigh, and P.J.

—Patrick J. Santry

(6)

About the Author

Kathy Ivenshas been a computer consultant and author since 1985. She has written and contributed to more than forty books, and hundreds of magazine articles. She also writes the Reader Challenge forWindows 2000 Magazine(formerly known asWindows NT Magazine).

Expert Contributors

I owe a deep debt of gratitude to a number of experts who shared their knowledge and writing skills to make this book accurate and useful to readers.

Rich Benackis a security support engineer with Microsoft Product Support and Services (PSS). He provides virus and computer intrusion support to Microsoft customers as well as technical support in securing Microsoft products. He is also a Major in the United States Air Force Reserve working for the Department of Defense CyberCrime Center (DCCC). At the DCCC, Rich provides forensics support and technical analysis on Microsoft-related forensics issues. Rich has a B.S. in Mathematics from the University of Illinois at Urbana as well as a B.S. in Computer Information Management from the College of St Mary in Nebraska. He has earned an M.S. in Geography with a specialization in Remote Sensing and computer mapping from the University of Nebraska at Omaha. Rich also has advanced blackbelts in Tae Kwon Do and Hap Ki Do.

Christian Bransonhas been a Systems Engineer for 12 years. He worked for Microsoft Product Support Services for six years as a support professional and a lab engineer. He has also been a network administrator in San Antonio's largest hospital system, and a field support engineer as a contractor to the Army. He lives in Dallas with Tanya, his wife of 24 years, and their son, Ian.

Kenton Gardinier, MCSA, MCSE, and CISSP, is a senior consultant with Convergent Computing. He has designed and implemented technical and business driven solutions for organizations of all sizes for over 10 years. He is an author of numerous books (his latest isWindows Server 2003 Unleashed), print magazine articles, and online articles on computer technology. In addition, he speaks on technology issues at conferences nationwide.

John Green, MCSE and MCDBA, is a former member of the Windows and .NET Magazine lab and author of numerous magazine articles. He is president of Nereus Computer Consulting.

David Heinzhas been involved in computer systems management for eight years.

He has worked for several small businesses and for Micron Technology as a systems manager. He is a columnist at www.myitforum.com. He lives in Las Vegas with his family and can be reached at dheinz99@yahoo.com.

Tim Kellyis a technology leader for a major credit card processing company. He leads the development and implementation of a new process management web application for customers in multiple vertical industries, based on the Microsoft .NET

Complete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 Blind Folioiv

(7)

development environment and Windows 2000/Windows 2003 platforms. He worked for three years with Microsoft (1998-2001), at the time of the rollout of Windows 2000 and assisted multiple corporate customers with Active Directory implementations, Exchange 2000 implementations, and transitions from Windows NT 4.0 to Windows 2000 technologies. He has worked extensively in the electronic commerce and highly available web applications space for the last five years, and counts as his specialties IIS, Microsoft Clustering Technologies, Microsoft SQL Server availability, Active Directory, and core networking technologies. He is a graduate of the University of Idaho (B.S.), and Auburn University (M.B.A.) and has 10 years experience in the technology field.

When not having fun losing hair to new technology, Tim enjoys family time with his wonderful wife, Lynn, and sons Russell and Jackson. He also enjoys jumping out of perfectly safe airplanes.

John Linkousis president of Technology Workflow Solutions, LLC (www.

techworkflow.com), an end-to-end technology integration vendor. He specializes in integrating a broad range of technologies, including operating systems, messaging products, relational and object-oriented database systems, vertical market products, and enterprise management solutions across multiple platforms. His company’s clients include organizations in the financial services, healthcare, aerospace, and food service industries. When John’s not in a plane, train, automobile, or data center, he lives in suburban Philadelphia, PA. He can be reached at jlinkous@techworkflow.com.

Christopher McKitterickreceived his M.A. in writing from the University of Kansas. He has a B.A. in English, with minor concentrations in writing, astronomy, and psychology. He has been a technical writer, developmental editor, and documentation manager at Microsoft in the Windows Division for nearly five years, and also has numerous fiction, poetry, essay, nonfiction, and miscellaneous publications to his name.

Chris is currently teaching technical communications at the University of Kansas, has taught astronomy and fiction writing, directed observatory and planetarium programs, built nearly 100 telescopes, and is an expert on restoring automobiles. Chris chairs the Theodore Sturgeon Memorial Award for best short science fiction of the year; has served as a juror for the John W. Campbell Memorial Award for best science fiction novel of the year; and works with the Center for the Study of Science Fiction (http://www.ku .edu/~sfcenter/index.html).

Patrick J. Santry,MCT, MCSE, MCSA, MCP+SB, A+, i-Net+, CIW CI, is an independent consultant specializing in Web-based solutions using Microsoft .NET technologies. Patrick is a contributing author and technical editor of several books and magazine articles on Microsoft technologies.

Mitch Tulloch, MCSE, Cert.Ed., is a consultant, trainer and author of more than a dozen computing books includingAdministering IIS4, Administering IIS5, Administering Exchange Server 5.5, andAdministering Exchange 2000 Server, all from McGraw-Hill/

Osborne. He is also the author of theMicrosoft Encyclopedia of Networking, now in its second edition, and the upcomingMicrosoft Encyclopedia of Security, both from Microsoft Press. Mitch has also developed university-level IT courses and written feature articles for industry magazines like NetworkWorld. He can be reached through his website, www.mtit.com.

(8)

This page intentionally left blank.

(9)

1

Introducing Windows Server 2003 . . . 1

Windows Server 2003 Editions . . . . 2

Standard Edition . . . . 2

Enterprise Edition . . . . 2

Datacenter Edition . . . . 3

Web Edition . . . . 3

Brand New in Windows Server 2003! . . . . 3

New Remote Administration Tools . . . . 3

New Active Directory Features . . . . 8

Availability and Reliability Improvements . . . . 12

Resultant Set of Policies . . . . 14

2

Installation . . . 15

Hardware Requirements . . . . 16

Hardware Compatibility List . . . . 16

Symmetric Multiprocessing Hardware . . . . 16

Clustering Hardware . . . . 16

Plug and Play Support . . . . 18

ACPI Issues . . . . 18

Developing a Deployment Plan . . . . 19

Document the Hardware . . . . 19

Document the Network . . . . 20

Document the Software . . . . 21

Document the Legacy Components . . . . 21

Prepare for Problems . . . . 22

For more information about this title, click here.

(10)

Complete the Preinstallation Tasks . . . . 22

Understanding Installation Models . . . . 25

Winnt.exe vs. Winnt32.exe . . . . 26

Installing from CD . . . . 29

Booting to the Windows Server 2003 CD . . . . 29

Running Setup.exe from CD . . . . 30

Installing from an MS-DOS Boot Disk . . . . 30

Using Network Sharepoints . . . . 31

Using Logon Scripts and Batch Files . . . . 31

Automated Installations . . . . 32

Choosing an Automated Installation Type . . . . 32

Unattended Installation . . . . 37

SYSPREP . . . . 40

Remote Installation Services (RIS) . . . . 53

3

System Basics for Servers . . . 63

Manage Your Server . . . . 64

Configure Your Server Wizards . . . . 64

Removing Server Roles . . . . 70

Configure Your Server Log . . . . 72

Set Up Server Roles Manually . . . . 72

Remote Desktop . . . . 72

Enable Remote Desktop on the Server . . . . 73

Client Remote Connection Software . . . . 76

Starting a Remote Desktop Session . . . . 80

Running a Remote Desktop Session . . . . 82

Leaving a Remote Desktop Session . . . . 83

Managing the Connections from the Server . . . . 85

Joining the Console Session . . . . 86

Using a Snap-in for Remote Desktop . . . . 87

Changes in IIS . . . . 88

Use Web Edition for IIS . . . . 89

Installing IIS . . . . 89

Preventing IIS Installation . . . . 90

Activation . . . . 91

Do You Need to Activate Your Copy? . . . . 92

How Activation Works . . . . 92

Activating Your Installation . . . . 92

Activating after the Grace Period . . . . 93

Software Compatibility Tools . . . . 93

Test Compatibility with the Wizard . . . . 94

Set Compatibility Options Manually . . . . 97

4

The Windows Server 2003 Registry . . . 99

Overview of the Registry . . . . 100

Registry Structure . . . . 102

Hives and Hive Files . . . . 103

viii

W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c e

Complete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter

(11)

Registry Data Items . . . . 104

HKEY_CLASSES_ROOT . . . . 106

HKEY_CURRENT_USER . . . . 109

HKEY_LOCAL_MACHINE . . . . 116

HKEY_USERS . . . . 117

HKEY_CURRENT_CONFIG . . . . 117

Regedit.exe . . . . 117

Prevent Regedit from Displaying the Last Accessed Key . . . . 117

Accessing Remote Registries . . . . 118

Searching the Registry . . . . 120

Creating Favorites . . . . 121

Tweak and Troubleshoot with the Registry . . . . 122

Exporting Keys . . . . 122

Adding Items to the Registry . . . . 123

Deleting Registry Items . . . . 124

Changing Registry Item Values . . . . 124

Using Registration Files . . . . 124

Registry Security . . . . 128

Understanding Permissions . . . . 128

Working with Permissions . . . . 129

Change Ownership of a Key . . . . 132

Auditing the Registry . . . . 133

Reg.exe . . . . 136

General Guidelines for Reg.exe . . . . 137

Reg Add . . . . 137

Reg Delete . . . . 138

Reg Copy . . . . 139

Reg Compare . . . . 139

Reg Export . . . . 140

Reg Import . . . . 140

Reg Save . . . . 140

Reg Restore . . . . 141

Reg Load . . . . 141

Reg Unload . . . . 141

Reg Query . . . . 142

Regmon . . . . 142

5

Booting . . . 143

Hardware Bootup . . . . 144

POST . . . . 145

Memory Errors . . . . 145

Drive Errors . . . . 146

SCSI Errors . . . . 147

Operating System Boot . . . . 147

MBR Code Executes . . . . 148

Windows Server 2003 Startup Files Execute . . . . 149

Boot Selection Menu Displays . . . . 149

Ntdetect Launches . . . . 150

(12)

Ntoskrnl Runs and HAL Is Loaded . . . . 150

Drivers and Services Load . . . . 150

Operating System Loads . . . . 151

The Computer Logs On . . . . 151

Logon Services Load . . . . 156

About Boot.ini . . . . 156

Boot.ini Contents . . . . 156

x86 ARC Path Statements . . . . 158

Tweaking Boot.ini . . . . 161

The Advanced Options Menu. . . . 165

Safe Mode . . . . 165

Enable Boot Logging . . . . 166

Enable VGA Mode . . . . 167

Last Known Good Configuration . . . . 167

Directory Services Restore Mode . . . . 169

Debugging Mode . . . . 169

Creating a Bootable Floppy Disk . . . . 169

Creating a Bootable Floppy Disk from Your Own System . . . . 169

Creating a Bootable Floppy Disk on Another Windows Server 2003 Computer . . . . 170

Creating a Bootable Floppy Disk on a Computer Running a Different Version of Windows . . . . 170

Creating a Quick Boot.ini File . . . . 171

6

Windows Server 2003 User Interface . . . 173

First Boot . . . . 174

First Logon . . . . 174

Joining a Domain . . . . 174

Local vs. Domain Logon Names and the Interface . . . . 175

Manage Your Server . . . . 175

Video Settings . . . . 176

The Desktop . . . . 176

Enabling the Themes Service . . . . 177

Switching Themes . . . . 177

Modifying Themes . . . . 177

Deleting Themes . . . . 178

Start Menu. . . . 178

Start Menu Left Pane . . . . 178

Right Pane of the Start Menu. . . . 181

Enabling the Classic Start Menu. . . . 181

Taskbar . . . . 182

Notification Area . . . . 182

Grouping Taskbar Buttons . . . . 185

Locking the Taskbar . . . . 186

Taskbar Toolbars . . . . 186

Folder Behavior and Views . . . . 186

Folder Opening Behavior . . . . 186

Viewing Folders and Files . . . . 188

x

(13)

Show File Extensions to Avoid Danger . . . . 189

File Associations . . . . 190

Help and Support Services . . . . 190

Using the Index . . . . 190

Searching for Topics . . . . 192

Working with Help Pages . . . . 193

Customizing the Help System . . . . 194

7

The Command Prompt . . . 197

Tricks and Tips for the Command Prompt . . . . 198

Finding the Command Prompt Menu Item . . . . 198

Quick Access to a Command Prompt from the GUI . . . . 198

Quick Tricks for Keystrokes . . . . 199

Use Doskey to Recall and Edit Commands . . . . 199

The Command Prompt Window . . . . 201

Change the Properties of the Command Prompt Window . . . . 201

Options Tab . . . . 202

Font Tab . . . . 203

Layout Tab . . . . 204

Window Colors Tab . . . . 205

Copy and Paste in the Command Prompt Window . . . . 206

Command Extensions . . . . 206

Commands with Extensions . . . . 207

Disabling Command Extensions . . . . 207

Managing Conflicts in Command Extensions Configuration . . . . 208

Folder and Filename Completion . . . . 208

Enable Folder and Filename Completion for a Command Session . . . . 208

Enable Folder and Filename Completion Permanently . . . . 209

Wildcard Shortcuts . . . . 210

Windows Server 2003 Commands . . . . 210

Commands Not Supported in Windows Server 2003 . . . . 211

Commands Not Supported in Enterprise or Data Center Server . . . . 213

Commands That Have Changed . . . . 213

Using UNCs on the Command Line . . . . 217

Viewing and Manipulating Files via UNCs . . . . 217

Using Pushd and Popd to Access Remote Computers . . . . 217

Pushd and Net Use . . . . 218

Use Subst for Local Virtual Drives . . . . 219

Help for Commands . . . . 220

8

System Maintenance Tools . . . 221

Defragmentation . . . . 222

Disk Defragmenter Snap-in . . . . 222

Analyze the Drive . . . . 223

(14)

Defragment the Drive . . . . 224

Limitations of the Disk Defragmenter . . . . 225

Defrag.exe . . . . 226

Troubleshooting Defragmentation . . . . 227

Optimize Disk Defragmenter Performance . . . . 230

Scheduled Tasks . . . . 230

Scheduled Tasks Execution File . . . . 231

Use the Scheduled Task Wizard . . . . 231

Create a Scheduled Task Manually . . . . 232

Modify or Delete Scheduled Tasks . . . . 236

Run and Stop Scheduled Tasks . . . . 237

Check the Status of Scheduled Tasks . . . . 237

Set Global Options for Scheduled Tasks . . . . 238

Work with Tasks on Remote Computers . . . . 238

AT.exe . . . . 240

Schtasks.exe . . . . 241

Create Tasks with Schtasks.exe. . . . 242

Manage Existing Tasks with Schtasks.exe . . . . 243

Disk Cleanup . . . . 244

Run Disk Cleanup . . . . 245

Decide What to Delete . . . . 245

Compress Old Files . . . . 246

Additional Options for Disk Cleanup . . . . 246

Using Cleanmgr.exe . . . . 247

System Information . . . . 247

Navigating the System Information Window . . . . 248

Save System Data to a File . . . . 249

Export System Data . . . . 249

Run a System Tool from the System Information Window . . . . . 249

Connect to a Remote Computer . . . . 250

Use Msinfo32.exe . . . . 250

Local Computer Management Snap-in . . . . 253

System Tools Tree . . . . 254

Storage . . . . 265

Removable Storage . . . . 265

Services and Applications . . . . 274

9

Printing . . . 275

New Printing Features . . . . 276

Printing Basics . . . . 277

Printing Processes . . . . 277

Create the Output File . . . . 277

Process the Output File . . . . 278

Route the Print Job . . . . 278

Send the Print Job . . . . 278

Printing Components . . . . 278

Spooler . . . . 278

Spool Files . . . . 280

Printer Drivers . . . . 280

xii

(15)

Windows Server 2003 Print Processor . . . . 282

Other Print Processors . . . . 283

Print Router . . . . 283

Print Monitors . . . . 284

Language Monitors . . . . 292

Print Providers . . . . 292

Installing Local Printers . . . . 293

Plug and Play Printer Installation . . . . 293

Manual Installation of Printers . . . . 294

Installing USB Printers and IEEE Printers . . . . 295

Installing Infrared Printers . . . . 295

Install a Network-ready Printer . . . . 295

Sharing Printers . . . . 297

Create a Printer Share . . . . 297

Set Printer Permissions . . . . 298

Audit Printer Access . . . . 300

Add Drivers for Other Windows Versions . . . . 304

Using Printer Location Tracking . . . . 306

Printer Location Tracking Requirements . . . . 306

Printer Location Naming Requirements . . . . 306

Installing Remote Printers . . . . 308

Connect to Remote Printers . . . . 308

Search Active Directory . . . . 309

Browse the Network . . . . 312

Planning Printer Deployment . . . . 312

One-to-One Printer Drivers . . . . 313

Printer Pools . . . . 313

Many-to-One Printer Drivers . . . . 314

Configuring Print Servers . . . . 315

Print Server Forms . . . . 316

Print Server Ports . . . . 316

Print Server Drivers . . . . 316

Server Spooler Options . . . . 317

Configuring Printers . . . . 318

Printing Preferences . . . . 318

Printer Properties . . . . 320

Administering Printers . . . . 326

Managing Remote Printers . . . . 326

Redirecting Print Jobs . . . . 326

Manipulate Print Jobs in the Queue . . . . 327

Printing to a File . . . . 327

Printing from DOS . . . . 328

10

Networking with TCP/IP . . . 329

The Ins and Outs of TCP/IP . . . . 330

Microsoft’s TCP/IP Rollout . . . . 331

Windows Server 2003 TCP/IP Enhancements . . . . 332

TCP/IP Enhancements . . . . 339

(16)

TCP/IP and the Windows Server 2003 Networking Model . . . . 341

The TCP/IP Protocol Stack . . . . 342

Anatomy of a TCP Session . . . . 349

Installing and Configuring TCP/IP . . . . 351

IP Address . . . . 352

Subnet Mask . . . . 353

IP Address Types . . . . 354

Understanding a Subnet . . . . 355

Default Gateway . . . . 356

Advanced IP Addressing . . . . 356

Preferred and Alternate DNS Servers . . . . 356

Understanding Name Registration and Resolution . . . . 357

Using a HOSTS File . . . . 358

Using the Domain Name System . . . . 358

NetBIOS Names . . . . 359

Node Types . . . . 360

NetBIOS Name Registration . . . . 361

NetBIOS Name Resolution . . . . 362

When to Stop Relying on NetBIOS . . . . 365

TCP/IP Tools . . . . 366

Ping . . . . 366

Tracert . . . . 368

Pathping . . . . 369

Ipconfig . . . . 370

Netstat . . . . 371

ARP . . . . 372

Route . . . . 372

11

DHCP and IP addressing . . . 377

Public IP Addresses . . . . 378

Private IP Addresses . . . . 379

Understanding DHCP . . . . 379

Origins of DHCP . . . . 379

IP Address Allocation . . . . 380

Other DHCP Capabilities . . . . 381

DHCP Communications . . . . 384

Running the Microsoft DHCP Server . . . . 386

DHCP and Name Resolution . . . . 391

12

Understanding DNS . . . 393

Introduction to the Domain Name System . . . . 394

How Did This Begin? . . . . 394

The Domains . . . . 396

FQDN (Fully Qualified Domain Name) . . . . 398

The Zones . . . . 398

Primary Zone . . . . 398

Secondary Zone . . . . 398

xiv

(17)

Active Directory Integrated . . . . 398

Stub Zone . . . . 399

Delegation . . . . 399

The Records . . . . 399

Zone Transfer/Replication . . . . 401

The Files . . . . 402

Windows Server 2003 DNS . . . . 402

Client-Side Registry Entries . . . . 405

DNS Tools . . . . 410

Installing DNS Manually . . . . 412

Installing DNS Using the Manage Your Server Wizard . . . . 412

Setting a Forward Lookup Zone . . . . 413

Security Options . . . . 414

DHCP Integration . . . . 414

RFCs . . . . 414

WINS . . . . 415

LMHOSTS . . . . 418

13

Routing and Remote Access Service . . . 423

Changes in Routing and Remote Access for Windows Server 2003 . . . . 424

IP Routing Overview . . . . 424

Routing Algorithms . . . . 427

Routing Protocols . . . . 429

Routing and Remote Access Service Fundamentals . . . . 433

Remote Connectivity vs. Remote Control . . . . 433

Network Protocols . . . . 434

Access Protocols . . . . 437

Access Methods . . . . 442

Internet Connection Sharing . . . . 444

Securing RRAS . . . . 445

Authentication Methods . . . . 445

Callback . . . . 448

Caller ID . . . . 449

Virtual Private Networking Fundamentals . . . . 449

Authentication . . . . 450

Tunneling . . . . 450

Encryption . . . . 450

VPN Implementation Considerations . . . . 452

Choosing a VPN Solution . . . . 453

Installing RRAS . . . . 453

Enabling RRAS . . . . 454

Configuring RRAS . . . . 455

Configuring Remote Access (Dial-up or VPN) . . . . 456

Configuring a Router with Network Address Translation . . . . 458

Configuring VPN Access and NAT . . . . 462

Configuring a Secure Connection Between Two Private Networks . . . . 463

Configuring a Custom RRAS Configuration . . . . 465

(18)

Configuring Internet Connection Sharing . . . . 466

Configuring RRAS Clients . . . . 470

Configuring Remote Access Policies . . . . 474

Managing and Troubleshooting RRAS . . . . 480

Managing Multiple RRAS Servers . . . . 480

Monitoring Connections . . . . 482

Viewing Routing Tables . . . . 482

Adding Static Routes . . . . 483

Event Logging . . . . 485

Where Did My Options Go? . . . . 487

RRAS and 64-bit Versions of Windows Server 2003 . . . . 487

14

Client Networking Services . . . 489

Windows Client Networking Service . . . . 490

Client for Microsoft Networks . . . . 490

File and Printer Sharing for Microsoft Networks . . . . 491

Browser Service . . . . 492

Novell NetWare Services . . . . 493

Windows vs. NetWare Communications . . . . 493

NWLink . . . . 494

Client Service for NetWare . . . . 496

Services for NetWare . . . . 497

Services for Macintosh . . . . 499

Macintosh Network Protocols . . . . 499

Authenticating Macintosh Clients . . . . 503

File Services for Macintosh . . . . 505

Print Services for Macintosh . . . . 508

UNIX Integration Services . . . . 509

POSIX . . . . 509

Print Services for UNIX . . . . 510

UNIX Network Connectivity . . . . 512

Telnet . . . . 513

15

File Systems and Functions . . . 519

FAT and FAT32 . . . . 520

NTFS . . . . 521

NTFS Master File Table . . . . 522

NTFS Fragmentation . . . . 523

NTFS Compression . . . . 525

Upgrading to NTFS . . . . 527

Deciding on a File System . . . . 528

Converting to NTFS . . . . 529

Formatting a Volume for NTFS . . . . 530

NTFS Permissions . . . . 532

NTFS Permissions vs. Share Permissions . . . . 532

Default Permissions . . . . 533

Inherited Permissions . . . . 535

Tweaking Permissions . . . . 538

xvi

(19)

Effective Permissions . . . . 540

Understanding the Deny Permission . . . . 541

16

Disk and File Management . . . 543

Distributed File System . . . . 544

When to Use DFS . . . . 544

DFS Terminology . . . . 545

Stand-alone vs. Domain DFS . . . . 545

Creating a DFS Root . . . . 546

Adding a Link to the Root . . . . 550

Mapping Drives to the Root for Users . . . . 552

Managing DFS . . . . 552

Shadow Copies of Shared Folders . . . . 553

Enabling Shadow Copies . . . . 553

Configuring Shadow Copies . . . . 555

Disabling Shadow Copies . . . . 556

Installing Client Software for Shadow Copies . . . . 557

Accessing Previous Versions of Files . . . . 558

Disk Quotas . . . . 561

Requirements for Disk Quotas . . . . 562

Planning Default Quotas . . . . 563

Enabling and Applying Quotas . . . . 564

Set Individual Quota Entries . . . . 565

Quota Reports . . . . 566

Moving Quota Entries to Another Volume . . . . 567

Remote Storage Service . . . . 568

Quick Overview of RSS . . . . 568

Installing RSS . . . . 569

Tweaking RSS Settings . . . . 570

Using the Files Managed by RSS . . . . 572

RSS Backups . . . . 573

Removing RSS . . . . 573

Removable Storage Management . . . . 574

Configuring Removable Storage . . . . 574

Libraries . . . . 575

Media Pools . . . . 576

Media Identification . . . . 577

Media States . . . . 577

Managing Media Pools . . . . 578

Managing Media . . . . 581

Managing the Work Queue . . . . 581

Managing Operator Requests . . . . 583

RSM Tricks and Tips . . . . 583

17

Windows Server 2003 Security . . . 585

Windows Server 2003 Authentication . . . . 586

NTLM Authentication . . . . 586

NTLM Telnet Authentication . . . . 586

(20)

Kerberos Overview . . . . 587

Public Key Infrastructure and Windows Server 2003 Authentication . . . . 589

Protecting Data Using Windows Server 2003 Encrypting File System . . . . 591

Administrative Issues with EFS . . . . 592

Using the System Key . . . . 594

Use of SYSKEY in the Domain . . . . 596

Password-Protected Screensavers . . . . 596

Internet Protocol Security . . . . 599

IPSec Monitor Snap-In . . . . 602

Local Security Policies . . . . 603

Local Security Account Policies . . . . 603

Account Lockout Policies . . . . 604

Local Policies . . . . 605

Implementing Auditing . . . . 607

Detecting Security Breaches Through Auditing of Logs . . . . 611

Protecting Event Logs . . . . 612

Trust Relationships Between Domains . . . . 613

Patch Management . . . . 615

Microsoft Network Security Hotfix Checker (HFNETCHK) . . . . 615

Microsoft Baseline Security Analyzer (MBSA) . . . . 616

Checklist . . . . 619

18

Domain Controllers . . . 621

Creating a New Domain . . . . 622

Planning DC Deployment . . . . 623

Installing Active Directory . . . . 623

Active Directory and DNS . . . . 623

Installing the First DC in a New Domain . . . . 624

Installing Additional DCs in a New Domain . . . . 625

Creating Additional DCs by Restoring a Backup . . . . 626

Upgrading Windows 2000 Domains . . . . 628

Preparing the Forest and Domain . . . . 628

Upgrade the Windows 2000 DCs . . . . 630

Upgrading Windows NT 4 Domains . . . . 630

DNS Decisions . . . . 630

Domain and Forest Functionality . . . . 631

Upgrading the DCs . . . . 632

Understanding DC Roles . . . . 633

Replication: The Motivation for Roles . . . . 634

Assigning Roles . . . . 635

Schema Master . . . . 635

Domain Naming Master . . . . 638

Relative ID Master . . . . 640

PDC Emulator Master . . . . 642

Infrastructure Master . . . . 644

xviii

(21)

W32Time . . . . 646

Understanding the Time Synchronization Hierarchy . . . . 646

Understanding the Synchronization Process . . . . 647

Using an External Time Server . . . . 648

W32Time Event Log Entries . . . . 650

Global Catalog . . . . 651

Global Catalog Searches . . . . 651

Global Catalog Authentication Tasks . . . . 652

Global Catalogs Maintain Universal Groups . . . . 652

Universal Group Membership Caching . . . . 652

Enabling/Disabling Global Catalog on a DC . . . . 653

19

Understanding Active Directory . . . 655

Active Directory Structure . . . . 656

Active Directory Users and Computers . . . . 656

LDAP and Active Directory . . . . 659

Distinguished Names . . . . 659

Relative Distinguished Names . . . . 660

Planning Your Active Directory Structure . . . . 660

Centralized or Decentralized Administrative Control . . . . 660

Geographical Location . . . . 664

Organizational Structure . . . . 664

Mixed Organizational Structure . . . . 664

Searching Active Directory . . . . 665

Active Directory Users and Computers . . . . 665

Using Windows Search . . . . 666

Maintaining Active Directory . . . . 666

Active Directory Sites and Services . . . . 670

Creating a Site Structure . . . . 670

Inter-Site Transports . . . . 671

Subnets . . . . 672

Services . . . . 672

Tools for Maintaining and Troubleshooting Sites and Services . . . . 673

Active Directory Domains and Trusts . . . . 676

20

Managing Groups and OUs . . . 679

Windows Server 2003 Groups . . . . 680

Local Groups . . . . 680

Domain Groups . . . . 686

Understanding Group Scopes . . . . 687

Default Domain Groups . . . . 689

Special Identities . . . . 691

Using Groups for Permissions . . . . 692

Organizational Units . . . . 694

Create an OU . . . . 695

Locate Objects in an OU . . . . 696

(22)

Delegate Administration of an OU . . . . 696 Managing Delegations . . . . 698

21

Managing Users and Logons . . . 701 Understanding User Accounts . . . . 702 Local Accounts . . . . 702 Domain Accounts . . . . 702 Groups . . . . 703 Managing Domain Accounts . . . . 703 Built-in Domain Accounts . . . . 703 Domain User Accounts . . . . 704 Managing UPNs . . . . 710 Managing Local User Accounts . . . . 711 Creating Local User Accounts . . . . 712 Configuring Local User Accounts . . . . 712 Overview of the Logon Process . . . . 714 Local Logon . . . . 714 Domain Logon . . . . 715 Logon to Trusted Domains . . . . 715 Remote Logon . . . . 715 Authentication . . . . 716 Kerberos . . . . 716 NTLM . . . . 716 Passwords . . . . 717 New Password Requirements . . . . 717 Strong Passwords . . . . 718 Domain Password Policies . . . . 718 Bad Password Lockouts . . . . 720 Password Reset Disks . . . . 722 User Profiles . . . . 723 Local Profiles . . . . 724 Configuring the Default User Profile . . . . 724 Roaming Profiles . . . . 726 Mandatory Profiles . . . . 729 Home Folders . . . . 730 Adding Home Folders to Profiles . . . . 730 Redirecting Documents to the Home Folder . . . . 731 Logon Scripts . . . . 735 Enable Logon Scripts in User Properties . . . . 735 Enable Logon Scripts with a Group Policy . . . . 735

22

Using Group Policy to Manage Server and

Client Machines . . . 737 Group Policy Basics . . . . 738 Requirements for Using Group Policy . . . . 740 Interoperability with Older Operating Systems . . . . 742 Group Policy Processing and Inheritance . . . . 743 Filtering Group Policy . . . . 746

xx

(23)

Group Policy Objects . . . . 746 Editing Group Policy Objects . . . . 747 Group Policy Settings . . . . 748 Computer Configuration . . . . 748 User Configuration . . . . 753 Custom Templates . . . . 759 Using GPMC to Manage Group Policy . . . . 760 Creating Group Policy Objects . . . . 760 Linking Group Policy Objects to Active Directory

Containers . . . . 761 Delegating Group Policy Management . . . . 762 Group Policy Modeling . . . . 762 Group Policy Results . . . . 763 Backing Up Group Policy Objects . . . . 763 Importing GPO Settings . . . . 764 Restoring Backed-Up Group Policy Objects . . . . 764 Copying Group Policy Objects . . . . 764 Migrating GPO Settings . . . . 764 Scripting GPMC Operations . . . . 764

23

Network Software Installation . . . 767 Remote Installation Services . . . . 769 Setup of Remote Installation Software . . . . 770 RIS for Managing Your Windows 2003 Environment . . . . 775 Intellimirror and Active Directory Software Installation and

Maintenance . . . . 777 Intellimirror . . . . 778 Software Restriction Policies . . . . 783

24

Clustering . . . 785 Network Load Balancing Clusters . . . . 786 Network Load Balancing Advantages . . . . 787 NLB Architecture . . . . 788 Installing and Configuring Network Load Balancing . . . . 790 Using Nlbmgr.exe to Configure Clusters and Nodes . . . . 800 Administering Network Load Balancing . . . . 803 Server Clusters . . . . 807 Server Cluster Architecture . . . . 807 Using Server Clusters in Your Environment. . . . 815 Installing Cluster Service . . . . 818

25

Tweaking and Optimizing Performance . . . 827 Examining Performance Optimization . . . . 828 Establishing Service Levels and Goals . . . . 829 Establishing Policies and Procedures . . . . 830 Establishing Baseline Values . . . . 831 Workload Characterization . . . . 831

(24)

Benchmarks and Vendor-supplied Information . . . . 831 Data Collection: What Is Being Monitored . . . . 832 Performance Monitoring Tools . . . . 833 Task Manager . . . . 834 Network Monitor . . . . 835 Performance Snap-in . . . . 836 Third-Party Utilities . . . . 849 Monitoring and Optimizing System Resources . . . . 850 Monitoring Memory . . . . 851 Monitoring the Processor . . . . 852 Monitoring the Disk Subsystem . . . . 853 Monitoring Network Performance . . . . 853 Controlling System Resources . . . . 854 Windows System Resource Monitor . . . . 854

26

Disaster Planning and Recovery . . . 857 Backup . . . . 858 New Backup Features . . . . 858 Backup Permissions Issues . . . . 861 Disk Quotas and Backup Files . . . . 861 Backup Types . . . . 861 Backing Up . . . . 862 Configure the Backup Software . . . . 862 Create a Backup Job . . . . 865 Schedule a Backup . . . . 869 Use Backup Batch Files . . . . 869 Working with Removable Storage Manager . . . . 872 Restore . . . . 873 Restore Files and Folders . . . . 873 Set Restore Options . . . . 873 Restoring Domain Controllers . . . . 877 Choosing a Restore Type for a DC . . . . 878 Recovery Console . . . . 880 Access the Recovery Console from the CD . . . . 880 Preinstall the Recovery Console . . . . 881 Using the Recovery Console . . . . 881 Changing the Rules for Recovery Console . . . . 888 Uninstalling the Recovery Console . . . . 890 Automated System Recovery (ASR) . . . . 891 Create an ASR Recovery System . . . . 891 Recover a System with ASR . . . . 892 Creating Boot Disks . . . . 893 STOP Errors: Blue Screen of Death . . . . 893 What Causes a BSOD? . . . . 894 Preparing for BSODs . . . . 894 Configure System Recovery Options . . . . 894 Configuring the Dump File Type . . . . 896 Configuring Administrative Alerts . . . . 897

xxii

(25)

Testing the Configuration with a BSOD . . . . 901 Understanding Crashes . . . . 901 Forcing a BSOD . . . . 903 Investigating a BSOD . . . . 904 Common STOP Errors . . . . 906 Windows Error Reporting . . . . 911 Enable Error Reporting in System Properties . . . . 912 Enable Error Reporting in Group Policies . . . . 915 Sending Reports . . . . 918 Collecting and Viewing Reports . . . . 918 Chkdsk . . . . 920 Chkdsk . . . . 920 Autochk.exe . . . . 922 Chkntfs.exe . . . . 923

A

Internet Information Services 6 (II 6) . . . 925 New Features of IIS 6 . . . . 926 Enhanced Architecture . . . . 926 Enhanced Security. . . . 929 Enhanced Manageability . . . . 930 Common Administration Tasks . . . . 930 Install IIS. . . . 930 Manage IIS . . . . 931 Enable Web Service Extensions . . . . 932 Create a Web Site. . . . 932 Configure a Web Site . . . . 934 Create an Application. . . . 934 Create an Application Pool . . . . 936 Configure Recycling . . . . 937 Configure Idle Time Out . . . . 939 Create a Web Garden . . . . 940 Configure Health Monitoring . . . . 940 Configure Application Pool Identity . . . . 940 Configure Application Settings. . . . 940 Enable Direct Metabase Edit . . . . 942 Back Up the Metabase . . . . 944 Restore the Metabase . . . . 946 Export the Metabase . . . . 947 Import the Metabase. . . . 948

Index . . . 951

(26)

This page intentionally left blank.

(27)

Acknowledgments

S

pecial thanks to Andy Erlandson, the director of PSS Security, for his support in allowing me to work on this book. Thanks to my coworkers on the PSS Security team for all your technical help. I would also like to thank Dave Poole, Director of the DoD Cyber Crime Institute (DCCI), for his support while I was with the DCCC.

—Rich Benack First and foremost, I would like to thank Kathy Ivens. This opportunity would not have come my way without her. My thanks to my wife, Tanya, and son, Ian, for their support. I love you both. This would not be complete without naming those who allowed it to happen: Thanks to Sean Johnson, Dallas Lab group manager, and Matt Loschen, National Lab Manager.

—Christian Branson Over the years I have been extremely lucky to work with a great group of people who allowed me to grow and become better in my field. While I know I may forget many, those that loom large are Thomas Stewart for forcing me to learn to program, Dave Spray for trusting me to catch on when I was not too sure I would, and Jean for pushing when I needed to be pushed. I love you.

—David Heinz

(28)

Thanks to the extremely professional McGraw Hill/Osborne staff, especially Athena Honore, and Dave Heinz.

—Tim Kelly I’d like to thank Kathy Ivens for her fantastic help, and for mentoring me throughout the development of this book. I’d also like to thank VMWare Corporation for their excellent Workstation and GSX Server products, without which this book would have been tremendously more difficult to write.

—John Linkous

Introduction

Windows Server 2003 is the new and improved version of Windows 2000, offering new features and functions that make administration of your network efficient and easier. If you’re moving to Windows Server 2003

from Windows NT, learning about Active Directory, Group Policies, and the other management features may seem overwhelming at first, and in fact, the learning curve can be quite consuming. This book helps you put the concepts and tasks you need to understand into an orderly pattern, which will shorten your learning curve.

Is This Book for You?

This book is written for network administrators, IT professionals, and power users.

Throughout the book, the authors assume that the reader is familiar with basic networking issues and jargon. In addition, all directions for performing tasks assume you’re logged on to your network with administrative permissions.

We wrote this book for the people who bear the responsibilities for managing Windows networks. You can translate “managing” to include deployment, configuration, and day to day administration.

xxvi

(29)

Chapter 1

Introducing Windows Server 2003

1

(30)

W

indows Server 2003 is an evolutionary step from Windows 2000, and it offers a lot of features that were on my “wish list” as I worked with Windows 2000.

For administrators currently running Windows 2000 networks, deploying this new version of Windows won’t present an onerous learning curve, because the basics haven’t changed very much. For administrators currently running Windows NT networks, this fine-tuned version of Microsoft’s corporate operating system is so filled with administrative tools and controls that you’ve run out of reasons to stay with NT.

Windows Server 2003 Editions

Windows Server 2003 is available in the following four editions:

■ Windows 2003 Standard Server

■ Windows 2003 Enterprise Server (32-bit and 64-bit versions)

■ Windows 2003 Datacenter Server (32-bit and 64-bit versions)

■ Windows 2003 Web Server

In this section, I’ll present an overview of the distinguishing features for each version.

Standard Edition

Windows Server 2003 Standard edition is suitable for most network chores. It supports four-way symmetric multiprocessing (SMP), and 4GB of RAM. You can use Standard edition for Network Load Balancing (but not for Cluster Services) and for Terminal Server hosting.

In a large organization, this edition is perfect for file services, supporting Distributed File System (DFS), Encrypting File System (EFS), and Shadow Copies. You can also use Standard edition for Remote Installation Services (RIS), and for web services. This edition can run all network management services, .NET application services, and multimedia. You can use Standard edition as an all-purpose server for departmental and small-site locations. For small organizations, Standard edition works well in any role, from providing file and print services, to acting as a domain controller.

Enterprise Edition

Enterprise edition is “muscled up” to meet all the needs of businesses of all sizes.

It supports eight-way SMP, 32GB of RAM in the 32-bit version, and 64GB of RAM in the 64-bit version. It supports server clusters, handling up to eight nodes.

Its ability to scale makes it a good choice for any role in a large organization, offering a solid base for applications, web services (especially if you need web clusters), and infrastructure management.

2

Complete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Chapter 1