Windows ® Server 2003:
The Complete Reference
Kathy Ivens with Rich Benack, Christian Branson, Kenton Gardinier, John Green, David Heinz, Tim Kelly, John Linkous, Christopher McKettrick, Patrick J. Santry, Mitch Tulloch
McGraw-Hill/Osborne
New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Complete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 Blind Folioi
Color profile: Generic CMYK printer profile Composite Default screen
Copyright © 2003 by The McGraw-Hill Companies, Inc. All rights reserved. Manufactured in the United States of America. Except as per- mitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher.
0-07-223028-2
The material in this eBook also appears in the print version of this title: 0-07-219484-7
All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps.
McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in cor- porate training programs. For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw- hill.com or (212) 904-4069.
TERMS OF USE
This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS”. McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WAR- RANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PAR- TICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any dam- ages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work.
Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, con- sequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.
DOI: 10.1036/0072230282
Want to learn more?
We hope you enjoy this McGraw-Hill eBook! If you d like more information about this book, its author, or related books and websites, please click here.
,
I’d like to thank all the talented people at McGraw-Hill/Osborne who worked so hard to bring this book to you, with special homage to Tracy Dunkelberger and Athena Honore, who were directly involved in every step of this book’s creation.
Picture me delivering a loud and enthusiastic round of applause as I give special thanks to the technical editor, David Heinz, for his expertise, and a standing ovation
for copy editor Bill McManus for his extremely skillful work.
I owe Chris Cannon, Microsoft’s Product Manager for Servers, more than I can ever repay, for providing explanations, information, and an incredible amount of patience (all delivered with a much appreciated sense of humor). Brandi Muller
of Waggener Edstrom Strategic Communications was a life saver whenever I needed information.
—Kathy Ivens
This chapter is dedicated to my loving wife, Connie, for all her support in my career and in our marriage.
—Rich Benack
This is dedicated to my wife, Tanya. You always thought I'd reach the stars.
—Christian Branson
For my wife, Deborah, whose patience and support are neverending sources of strength; and for my sons Andrew and Brandon, who never cease to inspire me.
—John Green
Dedicated to all the technology workers who have helped create the fantastic com- puting environments we enjoy today; who endure the pain and complex learning
curves of new technologies in extremely short timeframes and apply them to business problems we face today.
—Tim Kelly To my parents.
—John Linkous
Dedicated to my wife, Karyn Santry, and children, Katie, Karleigh, and P.J.
—Patrick J. Santry
About the Author
Kathy Ivenshas been a computer consultant and author since 1985. She has written and contributed to more than forty books, and hundreds of magazine articles. She also writes the Reader Challenge forWindows 2000 Magazine(formerly known asWindows NT Magazine).
Expert Contributors
I owe a deep debt of gratitude to a number of experts who shared their knowledge and writing skills to make this book accurate and useful to readers.
Rich Benackis a security support engineer with Microsoft Product Support and Services (PSS). He provides virus and computer intrusion support to Microsoft customers as well as technical support in securing Microsoft products. He is also a Major in the United States Air Force Reserve working for the Department of Defense CyberCrime Center (DCCC). At the DCCC, Rich provides forensics support and technical analysis on Microsoft-related forensics issues. Rich has a B.S. in Mathematics from the University of Illinois at Urbana as well as a B.S. in Computer Information Management from the College of St Mary in Nebraska. He has earned an M.S. in Geography with a specialization in Remote Sensing and computer mapping from the University of Nebraska at Omaha. Rich also has advanced blackbelts in Tae Kwon Do and Hap Ki Do.
Christian Bransonhas been a Systems Engineer for 12 years. He worked for Microsoft Product Support Services for six years as a support professional and a lab engineer. He has also been a network administrator in San Antonio's largest hospital system, and a field support engineer as a contractor to the Army. He lives in Dallas with Tanya, his wife of 24 years, and their son, Ian.
Kenton Gardinier, MCSA, MCSE, and CISSP, is a senior consultant with Convergent Computing. He has designed and implemented technical and business driven solutions for organizations of all sizes for over 10 years. He is an author of numerous books (his latest isWindows Server 2003 Unleashed), print magazine articles, and online articles on computer technology. In addition, he speaks on technology issues at conferences nationwide.
John Green, MCSE and MCDBA, is a former member of the Windows and .NET Magazine lab and author of numerous magazine articles. He is president of Nereus Computer Consulting.
David Heinzhas been involved in computer systems management for eight years.
He has worked for several small businesses and for Micron Technology as a systems manager. He is a columnist at www.myitforum.com. He lives in Las Vegas with his family and can be reached at dheinz99@yahoo.com.
Tim Kellyis a technology leader for a major credit card processing company. He leads the development and implementation of a new process management web application for customers in multiple vertical industries, based on the Microsoft .NET
Complete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 Blind Folioiv
Color profile: Generic CMYK printer profile Composite Default screen
development environment and Windows 2000/Windows 2003 platforms. He worked for three years with Microsoft (1998-2001), at the time of the rollout of Windows 2000 and assisted multiple corporate customers with Active Directory implementations, Exchange 2000 implementations, and transitions from Windows NT 4.0 to Windows 2000 technologies. He has worked extensively in the electronic commerce and highly available web applications space for the last five years, and counts as his specialties IIS, Microsoft Clustering Technologies, Microsoft SQL Server availability, Active Directory, and core networking technologies. He is a graduate of the University of Idaho (B.S.), and Auburn University (M.B.A.) and has 10 years experience in the technology field.
When not having fun losing hair to new technology, Tim enjoys family time with his wonderful wife, Lynn, and sons Russell and Jackson. He also enjoys jumping out of perfectly safe airplanes.
John Linkousis president of Technology Workflow Solutions, LLC (www.
techworkflow.com), an end-to-end technology integration vendor. He specializes in integrating a broad range of technologies, including operating systems, messaging products, relational and object-oriented database systems, vertical market products, and enterprise management solutions across multiple platforms. His company’s clients include organizations in the financial services, healthcare, aerospace, and food service industries. When John’s not in a plane, train, automobile, or data center, he lives in suburban Philadelphia, PA. He can be reached at jlinkous@techworkflow.com.
Christopher McKitterickreceived his M.A. in writing from the University of Kansas. He has a B.A. in English, with minor concentrations in writing, astronomy, and psychology. He has been a technical writer, developmental editor, and documentation manager at Microsoft in the Windows Division for nearly five years, and also has numerous fiction, poetry, essay, nonfiction, and miscellaneous publications to his name.
Chris is currently teaching technical communications at the University of Kansas, has taught astronomy and fiction writing, directed observatory and planetarium programs, built nearly 100 telescopes, and is an expert on restoring automobiles. Chris chairs the Theodore Sturgeon Memorial Award for best short science fiction of the year; has served as a juror for the John W. Campbell Memorial Award for best science fiction novel of the year; and works with the Center for the Study of Science Fiction (http://www.ku .edu/~sfcenter/index.html).
Patrick J. Santry,MCT, MCSE, MCSA, MCP+SB, A+, i-Net+, CIW CI, is an independent consultant specializing in Web-based solutions using Microsoft .NET technologies. Patrick is a contributing author and technical editor of several books and magazine articles on Microsoft technologies.
Mitch Tulloch, MCSE, Cert.Ed., is a consultant, trainer and author of more than a dozen computing books includingAdministering IIS4, Administering IIS5, Administering Exchange Server 5.5, andAdministering Exchange 2000 Server, all from McGraw-Hill/
Osborne. He is also the author of theMicrosoft Encyclopedia of Networking, now in its second edition, and the upcomingMicrosoft Encyclopedia of Security, both from Microsoft Press. Mitch has also developed university-level IT courses and written feature articles for industry magazines like NetworkWorld. He can be reached through his website, www.mtit.com.
This page intentionally left blank.
Contents
Acknowledgments . . . . xxv
Introduction . . . . xxvi
1
Introducing Windows Server 2003 . . . 1Windows Server 2003 Editions . . . . 2
Standard Edition . . . . 2
Enterprise Edition . . . . 2
Datacenter Edition . . . . 3
Web Edition . . . . 3
Brand New in Windows Server 2003! . . . . 3
New Remote Administration Tools . . . . 3
New Active Directory Features . . . . 8
Availability and Reliability Improvements . . . . 12
Resultant Set of Policies . . . . 14
2
Installation . . . 15Hardware Requirements . . . . 16
Hardware Compatibility List . . . . 16
Symmetric Multiprocessing Hardware . . . . 16
Clustering Hardware . . . . 16
Plug and Play Support . . . . 18
ACPI Issues . . . . 18
Developing a Deployment Plan . . . . 19
Document the Hardware . . . . 19
Document the Network . . . . 20
Document the Software . . . . 21
Document the Legacy Components . . . . 21
Prepare for Problems . . . . 22
For more information about this title, click here.
Complete the Preinstallation Tasks . . . . 22
Understanding Installation Models . . . . 25
Winnt.exe vs. Winnt32.exe . . . . 26
Installing from CD . . . . 29
Booting to the Windows Server 2003 CD . . . . 29
Running Setup.exe from CD . . . . 30
Installing from an MS-DOS Boot Disk . . . . 30
Using Network Sharepoints . . . . 31
Using Logon Scripts and Batch Files . . . . 31
Automated Installations . . . . 32
Choosing an Automated Installation Type . . . . 32
Unattended Installation . . . . 37
SYSPREP . . . . 40
Remote Installation Services (RIS) . . . . 53
3
System Basics for Servers . . . 63Manage Your Server . . . . 64
Configure Your Server Wizards . . . . 64
Removing Server Roles . . . . 70
Configure Your Server Log . . . . 72
Set Up Server Roles Manually . . . . 72
Remote Desktop . . . . 72
Enable Remote Desktop on the Server . . . . 73
Client Remote Connection Software . . . . 76
Starting a Remote Desktop Session . . . . 80
Running a Remote Desktop Session . . . . 82
Leaving a Remote Desktop Session . . . . 83
Managing the Connections from the Server . . . . 85
Joining the Console Session . . . . 86
Using a Snap-in for Remote Desktop . . . . 87
Changes in IIS . . . . 88
Use Web Edition for IIS . . . . 89
Installing IIS . . . . 89
Preventing IIS Installation . . . . 90
Activation . . . . 91
Do You Need to Activate Your Copy? . . . . 92
How Activation Works . . . . 92
Activating Your Installation . . . . 92
Activating after the Grace Period . . . . 93
Software Compatibility Tools . . . . 93
Test Compatibility with the Wizard . . . . 94
Set Compatibility Options Manually . . . . 97
4
The Windows Server 2003 Registry . . . 99Overview of the Registry . . . . 100
Registry Structure . . . . 102
Hives and Hive Files . . . . 103
viii
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter
Color profile: Generic CMYK printer profile Composite Default screen
Registry Data Items . . . . 104
HKEY_CLASSES_ROOT . . . . 106
HKEY_CURRENT_USER . . . . 109
HKEY_LOCAL_MACHINE . . . . 116
HKEY_USERS . . . . 117
HKEY_CURRENT_CONFIG . . . . 117
Regedit.exe . . . . 117
Prevent Regedit from Displaying the Last Accessed Key . . . . 117
Accessing Remote Registries . . . . 118
Searching the Registry . . . . 120
Creating Favorites . . . . 121
Tweak and Troubleshoot with the Registry . . . . 122
Exporting Keys . . . . 122
Adding Items to the Registry . . . . 123
Deleting Registry Items . . . . 124
Changing Registry Item Values . . . . 124
Using Registration Files . . . . 124
Registry Security . . . . 128
Understanding Permissions . . . . 128
Working with Permissions . . . . 129
Change Ownership of a Key . . . . 132
Auditing the Registry . . . . 133
Reg.exe . . . . 136
General Guidelines for Reg.exe . . . . 137
Reg Add . . . . 137
Reg Delete . . . . 138
Reg Copy . . . . 139
Reg Compare . . . . 139
Reg Export . . . . 140
Reg Import . . . . 140
Reg Save . . . . 140
Reg Restore . . . . 141
Reg Load . . . . 141
Reg Unload . . . . 141
Reg Query . . . . 142
Regmon . . . . 142
5
Booting . . . 143Hardware Bootup . . . . 144
POST . . . . 145
Memory Errors . . . . 145
Drive Errors . . . . 146
SCSI Errors . . . . 147
Operating System Boot . . . . 147
MBR Code Executes . . . . 148
Windows Server 2003 Startup Files Execute . . . . 149
Boot Selection Menu Displays . . . . 149
Ntdetect Launches . . . . 150
Ntoskrnl Runs and HAL Is Loaded . . . . 150
Drivers and Services Load . . . . 150
Operating System Loads . . . . 151
The Computer Logs On . . . . 151
Logon Services Load . . . . 156
About Boot.ini . . . . 156
Boot.ini Contents . . . . 156
x86 ARC Path Statements . . . . 158
Tweaking Boot.ini . . . . 161
The Advanced Options Menu. . . . 165
Safe Mode . . . . 165
Enable Boot Logging . . . . 166
Enable VGA Mode . . . . 167
Last Known Good Configuration . . . . 167
Directory Services Restore Mode . . . . 169
Debugging Mode . . . . 169
Creating a Bootable Floppy Disk . . . . 169
Creating a Bootable Floppy Disk from Your Own System . . . . 169
Creating a Bootable Floppy Disk on Another Windows Server 2003 Computer . . . . 170
Creating a Bootable Floppy Disk on a Computer Running a Different Version of Windows . . . . 170
Creating a Quick Boot.ini File . . . . 171
6
Windows Server 2003 User Interface . . . 173First Boot . . . . 174
First Logon . . . . 174
Joining a Domain . . . . 174
Local vs. Domain Logon Names and the Interface . . . . 175
Manage Your Server . . . . 175
Video Settings . . . . 176
The Desktop . . . . 176
Enabling the Themes Service . . . . 177
Switching Themes . . . . 177
Modifying Themes . . . . 177
Deleting Themes . . . . 178
Start Menu. . . . 178
Start Menu Left Pane . . . . 178
Right Pane of the Start Menu. . . . 181
Enabling the Classic Start Menu. . . . 181
Taskbar . . . . 182
Notification Area . . . . 182
Grouping Taskbar Buttons . . . . 185
Locking the Taskbar . . . . 186
Taskbar Toolbars . . . . 186
Folder Behavior and Views . . . . 186
Folder Opening Behavior . . . . 186
Viewing Folders and Files . . . . 188
x
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter
Color profile: Generic CMYK printer profile Composite Default screen
Show File Extensions to Avoid Danger . . . . 189
File Associations . . . . 190
Help and Support Services . . . . 190
Using the Index . . . . 190
Searching for Topics . . . . 192
Working with Help Pages . . . . 193
Customizing the Help System . . . . 194
7
The Command Prompt . . . 197Tricks and Tips for the Command Prompt . . . . 198
Finding the Command Prompt Menu Item . . . . 198
Quick Access to a Command Prompt from the GUI . . . . 198
Quick Tricks for Keystrokes . . . . 199
Use Doskey to Recall and Edit Commands . . . . 199
The Command Prompt Window . . . . 201
Change the Properties of the Command Prompt Window . . . . 201
Options Tab . . . . 202
Font Tab . . . . 203
Layout Tab . . . . 204
Window Colors Tab . . . . 205
Copy and Paste in the Command Prompt Window . . . . 206
Command Extensions . . . . 206
Commands with Extensions . . . . 207
Disabling Command Extensions . . . . 207
Managing Conflicts in Command Extensions Configuration . . . . 208
Folder and Filename Completion . . . . 208
Enable Folder and Filename Completion for a Command Session . . . . 208
Enable Folder and Filename Completion Permanently . . . . 209
Wildcard Shortcuts . . . . 210
Windows Server 2003 Commands . . . . 210
Commands Not Supported in Windows Server 2003 . . . . 211
Commands Not Supported in Enterprise or Data Center Server . . . . 213
Commands That Have Changed . . . . 213
Using UNCs on the Command Line . . . . 217
Viewing and Manipulating Files via UNCs . . . . 217
Using Pushd and Popd to Access Remote Computers . . . . 217
Pushd and Net Use . . . . 218
Use Subst for Local Virtual Drives . . . . 219
Help for Commands . . . . 220
8
System Maintenance Tools . . . 221Defragmentation . . . . 222
Disk Defragmenter Snap-in . . . . 222
Analyze the Drive . . . . 223
Defragment the Drive . . . . 224
Limitations of the Disk Defragmenter . . . . 225
Defrag.exe . . . . 226
Troubleshooting Defragmentation . . . . 227
Optimize Disk Defragmenter Performance . . . . 230
Scheduled Tasks . . . . 230
Scheduled Tasks Execution File . . . . 231
Use the Scheduled Task Wizard . . . . 231
Create a Scheduled Task Manually . . . . 232
Modify or Delete Scheduled Tasks . . . . 236
Run and Stop Scheduled Tasks . . . . 237
Check the Status of Scheduled Tasks . . . . 237
Set Global Options for Scheduled Tasks . . . . 238
Work with Tasks on Remote Computers . . . . 238
AT.exe . . . . 240
Schtasks.exe . . . . 241
Create Tasks with Schtasks.exe. . . . 242
Manage Existing Tasks with Schtasks.exe . . . . 243
Disk Cleanup . . . . 244
Run Disk Cleanup . . . . 245
Decide What to Delete . . . . 245
Compress Old Files . . . . 246
Additional Options for Disk Cleanup . . . . 246
Using Cleanmgr.exe . . . . 247
System Information . . . . 247
Navigating the System Information Window . . . . 248
Save System Data to a File . . . . 249
Export System Data . . . . 249
Run a System Tool from the System Information Window . . . . . 249
Connect to a Remote Computer . . . . 250
Use Msinfo32.exe . . . . 250
Local Computer Management Snap-in . . . . 253
System Tools Tree . . . . 254
Storage . . . . 265
Removable Storage . . . . 265
Services and Applications . . . . 274
9
Printing . . . 275New Printing Features . . . . 276
Printing Basics . . . . 277
Printing Processes . . . . 277
Create the Output File . . . . 277
Process the Output File . . . . 278
Route the Print Job . . . . 278
Send the Print Job . . . . 278
Printing Components . . . . 278
Spooler . . . . 278
Spool Files . . . . 280
Printer Drivers . . . . 280
xii
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter
Color profile: Generic CMYK printer profile Composite Default screen
Windows Server 2003 Print Processor . . . . 282
Other Print Processors . . . . 283
Print Router . . . . 283
Print Monitors . . . . 284
Language Monitors . . . . 292
Print Providers . . . . 292
Installing Local Printers . . . . 293
Plug and Play Printer Installation . . . . 293
Manual Installation of Printers . . . . 294
Installing USB Printers and IEEE Printers . . . . 295
Installing Infrared Printers . . . . 295
Install a Network-ready Printer . . . . 295
Sharing Printers . . . . 297
Create a Printer Share . . . . 297
Set Printer Permissions . . . . 298
Audit Printer Access . . . . 300
Add Drivers for Other Windows Versions . . . . 304
Using Printer Location Tracking . . . . 306
Printer Location Tracking Requirements . . . . 306
Printer Location Naming Requirements . . . . 306
Installing Remote Printers . . . . 308
Connect to Remote Printers . . . . 308
Search Active Directory . . . . 309
Browse the Network . . . . 312
Planning Printer Deployment . . . . 312
One-to-One Printer Drivers . . . . 313
Printer Pools . . . . 313
Many-to-One Printer Drivers . . . . 314
Configuring Print Servers . . . . 315
Print Server Forms . . . . 316
Print Server Ports . . . . 316
Print Server Drivers . . . . 316
Server Spooler Options . . . . 317
Configuring Printers . . . . 318
Printing Preferences . . . . 318
Printer Properties . . . . 320
Administering Printers . . . . 326
Managing Remote Printers . . . . 326
Redirecting Print Jobs . . . . 326
Manipulate Print Jobs in the Queue . . . . 327
Printing to a File . . . . 327
Printing from DOS . . . . 328
10
Networking with TCP/IP . . . 329The Ins and Outs of TCP/IP . . . . 330
Microsoft’s TCP/IP Rollout . . . . 331
Windows Server 2003 TCP/IP Enhancements . . . . 332
TCP/IP Enhancements . . . . 339
TCP/IP and the Windows Server 2003 Networking Model . . . . 341
The TCP/IP Protocol Stack . . . . 342
Anatomy of a TCP Session . . . . 349
Installing and Configuring TCP/IP . . . . 351
IP Address . . . . 352
Subnet Mask . . . . 353
IP Address Types . . . . 354
Understanding a Subnet . . . . 355
Default Gateway . . . . 356
Advanced IP Addressing . . . . 356
Preferred and Alternate DNS Servers . . . . 356
Understanding Name Registration and Resolution . . . . 357
Using a HOSTS File . . . . 358
Using the Domain Name System . . . . 358
NetBIOS Names . . . . 359
Node Types . . . . 360
NetBIOS Name Registration . . . . 361
NetBIOS Name Resolution . . . . 362
When to Stop Relying on NetBIOS . . . . 365
TCP/IP Tools . . . . 366
Ping . . . . 366
Tracert . . . . 368
Pathping . . . . 369
Ipconfig . . . . 370
Netstat . . . . 371
ARP . . . . 372
Route . . . . 372
11
DHCP and IP addressing . . . 377Public IP Addresses . . . . 378
Private IP Addresses . . . . 379
Understanding DHCP . . . . 379
Origins of DHCP . . . . 379
IP Address Allocation . . . . 380
Other DHCP Capabilities . . . . 381
DHCP Communications . . . . 384
Running the Microsoft DHCP Server . . . . 386
DHCP and Name Resolution . . . . 391
12
Understanding DNS . . . 393Introduction to the Domain Name System . . . . 394
How Did This Begin? . . . . 394
The Domains . . . . 396
FQDN (Fully Qualified Domain Name) . . . . 398
The Zones . . . . 398
Primary Zone . . . . 398
Secondary Zone . . . . 398
xiv
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter
Color profile: Generic CMYK printer profile Composite Default screen
Active Directory Integrated . . . . 398
Stub Zone . . . . 399
Delegation . . . . 399
The Records . . . . 399
Zone Transfer/Replication . . . . 401
The Files . . . . 402
Windows Server 2003 DNS . . . . 402
Client-Side Registry Entries . . . . 405
DNS Tools . . . . 410
Installing DNS Manually . . . . 412
Installing DNS Using the Manage Your Server Wizard . . . . 412
Setting a Forward Lookup Zone . . . . 413
Security Options . . . . 414
DHCP Integration . . . . 414
RFCs . . . . 414
WINS . . . . 415
LMHOSTS . . . . 418
13
Routing and Remote Access Service . . . 423Changes in Routing and Remote Access for Windows Server 2003 . . . . 424
IP Routing Overview . . . . 424
Routing Algorithms . . . . 427
Routing Protocols . . . . 429
Routing and Remote Access Service Fundamentals . . . . 433
Remote Connectivity vs. Remote Control . . . . 433
Network Protocols . . . . 434
Access Protocols . . . . 437
Access Methods . . . . 442
Internet Connection Sharing . . . . 444
Securing RRAS . . . . 445
Authentication Methods . . . . 445
Callback . . . . 448
Caller ID . . . . 449
Virtual Private Networking Fundamentals . . . . 449
Authentication . . . . 450
Tunneling . . . . 450
Encryption . . . . 450
VPN Implementation Considerations . . . . 452
Choosing a VPN Solution . . . . 453
Installing RRAS . . . . 453
Enabling RRAS . . . . 454
Configuring RRAS . . . . 455
Configuring Remote Access (Dial-up or VPN) . . . . 456
Configuring a Router with Network Address Translation . . . . 458
Configuring VPN Access and NAT . . . . 462
Configuring a Secure Connection Between Two Private Networks . . . . 463
Configuring a Custom RRAS Configuration . . . . 465
Configuring Internet Connection Sharing . . . . 466
Configuring RRAS Clients . . . . 470
Configuring Remote Access Policies . . . . 474
Managing and Troubleshooting RRAS . . . . 480
Managing Multiple RRAS Servers . . . . 480
Monitoring Connections . . . . 482
Viewing Routing Tables . . . . 482
Adding Static Routes . . . . 483
Event Logging . . . . 485
Where Did My Options Go? . . . . 487
RRAS and 64-bit Versions of Windows Server 2003 . . . . 487
14
Client Networking Services . . . 489Windows Client Networking Service . . . . 490
Client for Microsoft Networks . . . . 490
File and Printer Sharing for Microsoft Networks . . . . 491
Browser Service . . . . 492
Novell NetWare Services . . . . 493
Windows vs. NetWare Communications . . . . 493
NWLink . . . . 494
Client Service for NetWare . . . . 496
Services for NetWare . . . . 497
Services for Macintosh . . . . 499
Macintosh Network Protocols . . . . 499
Authenticating Macintosh Clients . . . . 503
File Services for Macintosh . . . . 505
Print Services for Macintosh . . . . 508
UNIX Integration Services . . . . 509
POSIX . . . . 509
Print Services for UNIX . . . . 510
UNIX Network Connectivity . . . . 512
Telnet . . . . 513
15
File Systems and Functions . . . 519FAT and FAT32 . . . . 520
NTFS . . . . 521
NTFS Master File Table . . . . 522
NTFS Fragmentation . . . . 523
NTFS Compression . . . . 525
Upgrading to NTFS . . . . 527
Deciding on a File System . . . . 528
Converting to NTFS . . . . 529
Formatting a Volume for NTFS . . . . 530
NTFS Permissions . . . . 532
NTFS Permissions vs. Share Permissions . . . . 532
Default Permissions . . . . 533
Inherited Permissions . . . . 535
Tweaking Permissions . . . . 538
xvi
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter
Color profile: Generic CMYK printer profile Composite Default screen
Effective Permissions . . . . 540
Understanding the Deny Permission . . . . 541
16
Disk and File Management . . . 543Distributed File System . . . . 544
When to Use DFS . . . . 544
DFS Terminology . . . . 545
Stand-alone vs. Domain DFS . . . . 545
Creating a DFS Root . . . . 546
Adding a Link to the Root . . . . 550
Mapping Drives to the Root for Users . . . . 552
Managing DFS . . . . 552
Shadow Copies of Shared Folders . . . . 553
Enabling Shadow Copies . . . . 553
Configuring Shadow Copies . . . . 555
Disabling Shadow Copies . . . . 556
Installing Client Software for Shadow Copies . . . . 557
Accessing Previous Versions of Files . . . . 558
Disk Quotas . . . . 561
Requirements for Disk Quotas . . . . 562
Planning Default Quotas . . . . 563
Enabling and Applying Quotas . . . . 564
Set Individual Quota Entries . . . . 565
Quota Reports . . . . 566
Moving Quota Entries to Another Volume . . . . 567
Remote Storage Service . . . . 568
Quick Overview of RSS . . . . 568
Installing RSS . . . . 569
Tweaking RSS Settings . . . . 570
Using the Files Managed by RSS . . . . 572
RSS Backups . . . . 573
Removing RSS . . . . 573
Removable Storage Management . . . . 574
Configuring Removable Storage . . . . 574
Libraries . . . . 575
Media Pools . . . . 576
Media Identification . . . . 577
Media States . . . . 577
Managing Media Pools . . . . 578
Managing Media . . . . 581
Managing the Work Queue . . . . 581
Managing Operator Requests . . . . 583
RSM Tricks and Tips . . . . 583
17
Windows Server 2003 Security . . . 585Windows Server 2003 Authentication . . . . 586
NTLM Authentication . . . . 586
NTLM Telnet Authentication . . . . 586
Kerberos Overview . . . . 587
Public Key Infrastructure and Windows Server 2003 Authentication . . . . 589
Protecting Data Using Windows Server 2003 Encrypting File System . . . . 591
Administrative Issues with EFS . . . . 592
Using the System Key . . . . 594
Use of SYSKEY in the Domain . . . . 596
Password-Protected Screensavers . . . . 596
Internet Protocol Security . . . . 599
IPSec Monitor Snap-In . . . . 602
Local Security Policies . . . . 603
Local Security Account Policies . . . . 603
Account Lockout Policies . . . . 604
Local Policies . . . . 605
Implementing Auditing . . . . 607
Detecting Security Breaches Through Auditing of Logs . . . . 611
Protecting Event Logs . . . . 612
Trust Relationships Between Domains . . . . 613
Patch Management . . . . 615
Microsoft Network Security Hotfix Checker (HFNETCHK) . . . . 615
Microsoft Baseline Security Analyzer (MBSA) . . . . 616
Checklist . . . . 619
18
Domain Controllers . . . 621Creating a New Domain . . . . 622
Planning DC Deployment . . . . 623
Installing Active Directory . . . . 623
Active Directory and DNS . . . . 623
Installing the First DC in a New Domain . . . . 624
Installing Additional DCs in a New Domain . . . . 625
Creating Additional DCs by Restoring a Backup . . . . 626
Upgrading Windows 2000 Domains . . . . 628
Preparing the Forest and Domain . . . . 628
Upgrade the Windows 2000 DCs . . . . 630
Upgrading Windows NT 4 Domains . . . . 630
DNS Decisions . . . . 630
Domain and Forest Functionality . . . . 631
Upgrading the DCs . . . . 632
Understanding DC Roles . . . . 633
Replication: The Motivation for Roles . . . . 634
Assigning Roles . . . . 635
Schema Master . . . . 635
Domain Naming Master . . . . 638
Relative ID Master . . . . 640
PDC Emulator Master . . . . 642
Infrastructure Master . . . . 644
xviii
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter
Color profile: Generic CMYK printer profile Composite Default screen
W32Time . . . . 646
Understanding the Time Synchronization Hierarchy . . . . 646
Understanding the Synchronization Process . . . . 647
Using an External Time Server . . . . 648
W32Time Event Log Entries . . . . 650
Global Catalog . . . . 651
Global Catalog Searches . . . . 651
Global Catalog Authentication Tasks . . . . 652
Global Catalogs Maintain Universal Groups . . . . 652
Universal Group Membership Caching . . . . 652
Enabling/Disabling Global Catalog on a DC . . . . 653
19
Understanding Active Directory . . . 655Active Directory Structure . . . . 656
Active Directory Users and Computers . . . . 656
LDAP and Active Directory . . . . 659
Distinguished Names . . . . 659
Relative Distinguished Names . . . . 660
Planning Your Active Directory Structure . . . . 660
Centralized or Decentralized Administrative Control . . . . 660
Geographical Location . . . . 664
Organizational Structure . . . . 664
Mixed Organizational Structure . . . . 664
Searching Active Directory . . . . 665
Active Directory Users and Computers . . . . 665
Using Windows Search . . . . 666
Maintaining Active Directory . . . . 666
Active Directory Sites and Services . . . . 670
Creating a Site Structure . . . . 670
Inter-Site Transports . . . . 671
Subnets . . . . 672
Services . . . . 672
Tools for Maintaining and Troubleshooting Sites and Services . . . . 673
Active Directory Domains and Trusts . . . . 676
20
Managing Groups and OUs . . . 679Windows Server 2003 Groups . . . . 680
Local Groups . . . . 680
Domain Groups . . . . 686
Understanding Group Scopes . . . . 687
Default Domain Groups . . . . 689
Special Identities . . . . 691
Using Groups for Permissions . . . . 692
Organizational Units . . . . 694
Create an OU . . . . 695
Locate Objects in an OU . . . . 696
Delegate Administration of an OU . . . . 696 Managing Delegations . . . . 698
21
Managing Users and Logons . . . 701 Understanding User Accounts . . . . 702 Local Accounts . . . . 702 Domain Accounts . . . . 702 Groups . . . . 703 Managing Domain Accounts . . . . 703 Built-in Domain Accounts . . . . 703 Domain User Accounts . . . . 704 Managing UPNs . . . . 710 Managing Local User Accounts . . . . 711 Creating Local User Accounts . . . . 712 Configuring Local User Accounts . . . . 712 Overview of the Logon Process . . . . 714 Local Logon . . . . 714 Domain Logon . . . . 715 Logon to Trusted Domains . . . . 715 Remote Logon . . . . 715 Authentication . . . . 716 Kerberos . . . . 716 NTLM . . . . 716 Passwords . . . . 717 New Password Requirements . . . . 717 Strong Passwords . . . . 718 Domain Password Policies . . . . 718 Bad Password Lockouts . . . . 720 Password Reset Disks . . . . 722 User Profiles . . . . 723 Local Profiles . . . . 724 Configuring the Default User Profile . . . . 724 Roaming Profiles . . . . 726 Mandatory Profiles . . . . 729 Home Folders . . . . 730 Adding Home Folders to Profiles . . . . 730 Redirecting Documents to the Home Folder . . . . 731 Logon Scripts . . . . 735 Enable Logon Scripts in User Properties . . . . 735 Enable Logon Scripts with a Group Policy . . . . 73522
Using Group Policy to Manage Server andClient Machines . . . 737 Group Policy Basics . . . . 738 Requirements for Using Group Policy . . . . 740 Interoperability with Older Operating Systems . . . . 742 Group Policy Processing and Inheritance . . . . 743 Filtering Group Policy . . . . 746
xx
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter
Color profile: Generic CMYK printer profile Composite Default screen
Group Policy Objects . . . . 746 Editing Group Policy Objects . . . . 747 Group Policy Settings . . . . 748 Computer Configuration . . . . 748 User Configuration . . . . 753 Custom Templates . . . . 759 Using GPMC to Manage Group Policy . . . . 760 Creating Group Policy Objects . . . . 760 Linking Group Policy Objects to Active Directory
Containers . . . . 761 Delegating Group Policy Management . . . . 762 Group Policy Modeling . . . . 762 Group Policy Results . . . . 763 Backing Up Group Policy Objects . . . . 763 Importing GPO Settings . . . . 764 Restoring Backed-Up Group Policy Objects . . . . 764 Copying Group Policy Objects . . . . 764 Migrating GPO Settings . . . . 764 Scripting GPMC Operations . . . . 764
23
Network Software Installation . . . 767 Remote Installation Services . . . . 769 Setup of Remote Installation Software . . . . 770 RIS for Managing Your Windows 2003 Environment . . . . 775 Intellimirror and Active Directory Software Installation andMaintenance . . . . 777 Intellimirror . . . . 778 Software Restriction Policies . . . . 783
24
Clustering . . . 785 Network Load Balancing Clusters . . . . 786 Network Load Balancing Advantages . . . . 787 NLB Architecture . . . . 788 Installing and Configuring Network Load Balancing . . . . 790 Using Nlbmgr.exe to Configure Clusters and Nodes . . . . 800 Administering Network Load Balancing . . . . 803 Server Clusters . . . . 807 Server Cluster Architecture . . . . 807 Using Server Clusters in Your Environment. . . . 815 Installing Cluster Service . . . . 81825
Tweaking and Optimizing Performance . . . 827 Examining Performance Optimization . . . . 828 Establishing Service Levels and Goals . . . . 829 Establishing Policies and Procedures . . . . 830 Establishing Baseline Values . . . . 831 Workload Characterization . . . . 831Benchmarks and Vendor-supplied Information . . . . 831 Data Collection: What Is Being Monitored . . . . 832 Performance Monitoring Tools . . . . 833 Task Manager . . . . 834 Network Monitor . . . . 835 Performance Snap-in . . . . 836 Third-Party Utilities . . . . 849 Monitoring and Optimizing System Resources . . . . 850 Monitoring Memory . . . . 851 Monitoring the Processor . . . . 852 Monitoring the Disk Subsystem . . . . 853 Monitoring Network Performance . . . . 853 Controlling System Resources . . . . 854 Windows System Resource Monitor . . . . 854
26
Disaster Planning and Recovery . . . 857 Backup . . . . 858 New Backup Features . . . . 858 Backup Permissions Issues . . . . 861 Disk Quotas and Backup Files . . . . 861 Backup Types . . . . 861 Backing Up . . . . 862 Configure the Backup Software . . . . 862 Create a Backup Job . . . . 865 Schedule a Backup . . . . 869 Use Backup Batch Files . . . . 869 Working with Removable Storage Manager . . . . 872 Restore . . . . 873 Restore Files and Folders . . . . 873 Set Restore Options . . . . 873 Restoring Domain Controllers . . . . 877 Choosing a Restore Type for a DC . . . . 878 Recovery Console . . . . 880 Access the Recovery Console from the CD . . . . 880 Preinstall the Recovery Console . . . . 881 Using the Recovery Console . . . . 881 Changing the Rules for Recovery Console . . . . 888 Uninstalling the Recovery Console . . . . 890 Automated System Recovery (ASR) . . . . 891 Create an ASR Recovery System . . . . 891 Recover a System with ASR . . . . 892 Creating Boot Disks . . . . 893 STOP Errors: Blue Screen of Death . . . . 893 What Causes a BSOD? . . . . 894 Preparing for BSODs . . . . 894 Configure System Recovery Options . . . . 894 Configuring the Dump File Type . . . . 896 Configuring Administrative Alerts . . . . 897xxii
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter
Color profile: Generic CMYK printer profile Composite Default screen
Testing the Configuration with a BSOD . . . . 901 Understanding Crashes . . . . 901 Forcing a BSOD . . . . 903 Investigating a BSOD . . . . 904 Common STOP Errors . . . . 906 Windows Error Reporting . . . . 911 Enable Error Reporting in System Properties . . . . 912 Enable Error Reporting in Group Policies . . . . 915 Sending Reports . . . . 918 Collecting and Viewing Reports . . . . 918 Chkdsk . . . . 920 Chkdsk . . . . 920 Autochk.exe . . . . 922 Chkntfs.exe . . . . 923
A
Internet Information Services 6 (II 6) . . . 925 New Features of IIS 6 . . . . 926 Enhanced Architecture . . . . 926 Enhanced Security. . . . 929 Enhanced Manageability . . . . 930 Common Administration Tasks . . . . 930 Install IIS. . . . 930 Manage IIS . . . . 931 Enable Web Service Extensions . . . . 932 Create a Web Site. . . . 932 Configure a Web Site . . . . 934 Create an Application. . . . 934 Create an Application Pool . . . . 936 Configure Recycling . . . . 937 Configure Idle Time Out . . . . 939 Create a Web Garden . . . . 940 Configure Health Monitoring . . . . 940 Configure Application Pool Identity . . . . 940 Configure Application Settings. . . . 940 Enable Direct Metabase Edit . . . . 942 Back Up the Metabase . . . . 944 Restore the Metabase . . . . 946 Export the Metabase . . . . 947 Import the Metabase. . . . 948Index . . . 951
This page intentionally left blank.
Acknowledgments
S
pecial thanks to Andy Erlandson, the director of PSS Security, for his support in allowing me to work on this book. Thanks to my coworkers on the PSS Security team for all your technical help. I would also like to thank Dave Poole, Director of the DoD Cyber Crime Institute (DCCI), for his support while I was with the DCCC.—Rich Benack First and foremost, I would like to thank Kathy Ivens. This opportunity would not have come my way without her. My thanks to my wife, Tanya, and son, Ian, for their support. I love you both. This would not be complete without naming those who allowed it to happen: Thanks to Sean Johnson, Dallas Lab group manager, and Matt Loschen, National Lab Manager.
—Christian Branson Over the years I have been extremely lucky to work with a great group of people who allowed me to grow and become better in my field. While I know I may forget many, those that loom large are Thomas Stewart for forcing me to learn to program, Dave Spray for trusting me to catch on when I was not too sure I would, and Jean for pushing when I needed to be pushed. I love you.
—David Heinz
Thanks to the extremely professional McGraw Hill/Osborne staff, especially Athena Honore, and Dave Heinz.
—Tim Kelly I’d like to thank Kathy Ivens for her fantastic help, and for mentoring me throughout the development of this book. I’d also like to thank VMWare Corporation for their excellent Workstation and GSX Server products, without which this book would have been tremendously more difficult to write.
—John Linkous
Introduction
Windows Server 2003 is the new and improved version of Windows 2000, offering new features and functions that make administration of your network efficient and easier. If you’re moving to Windows Server 2003
from Windows NT, learning about Active Directory, Group Policies, and the other management features may seem overwhelming at first, and in fact, the learning curve can be quite consuming. This book helps you put the concepts and tasks you need to understand into an orderly pattern, which will shorten your learning curve.
Is This Book for You?
This book is written for network administrators, IT professionals, and power users.
Throughout the book, the authors assume that the reader is familiar with basic networking issues and jargon. In addition, all directions for performing tasks assume you’re logged on to your network with administrative permissions.
We wrote this book for the people who bear the responsibilities for managing Windows networks. You can translate “managing” to include deployment, configuration, and day to day administration.
xxvi
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Front Matter
Color profile: Generic CMYK printer profile Composite Default screen
Chapter 1
Introducing Windows Server 2003
1
W
indows Server 2003 is an evolutionary step from Windows 2000, and it offers a lot of features that were on my “wish list” as I worked with Windows 2000.For administrators currently running Windows 2000 networks, deploying this new version of Windows won’t present an onerous learning curve, because the basics haven’t changed very much. For administrators currently running Windows NT networks, this fine-tuned version of Microsoft’s corporate operating system is so filled with administrative tools and controls that you’ve run out of reasons to stay with NT.
Windows Server 2003 Editions
Windows Server 2003 is available in the following four editions:
■ Windows 2003 Standard Server
■ Windows 2003 Enterprise Server (32-bit and 64-bit versions)
■ Windows 2003 Datacenter Server (32-bit and 64-bit versions)
■ Windows 2003 Web Server
In this section, I’ll present an overview of the distinguishing features for each version.
Standard Edition
Windows Server 2003 Standard edition is suitable for most network chores. It supports four-way symmetric multiprocessing (SMP), and 4GB of RAM. You can use Standard edition for Network Load Balancing (but not for Cluster Services) and for Terminal Server hosting.
In a large organization, this edition is perfect for file services, supporting Distributed File System (DFS), Encrypting File System (EFS), and Shadow Copies. You can also use Standard edition for Remote Installation Services (RIS), and for web services. This edition can run all network management services, .NET application services, and multimedia. You can use Standard edition as an all-purpose server for departmental and small-site locations. For small organizations, Standard edition works well in any role, from providing file and print services, to acting as a domain controller.
Enterprise Edition
Enterprise edition is “muscled up” to meet all the needs of businesses of all sizes.
It supports eight-way SMP, 32GB of RAM in the 32-bit version, and 64GB of RAM in the 64-bit version. It supports server clusters, handling up to eight nodes.
Its ability to scale makes it a good choice for any role in a large organization, offering a solid base for applications, web services (especially if you need web clusters), and infrastructure management.
2
W i n d o w s S e r v e r 2 0 0 3 : T h e C o m p l e t e R e f e r e n c eComplete Reference/ Windows Ser ver 2003: TCR / Ivens / 219484-7 / Chapter 1
Color profile: Generic CMYK printer profile Composite Default screen