Comprehensive, practical reference to the new version of Microsoft's flagship server operating system
* Provides insight into the new virtualization tools, Web resources, management enhancements, and Windows 7 integration
* Authors have been on the early adopter TAP program for Windows 2008 R2 for the past 2 years, more than 18 months before the public ever 'saw' R2
* Loaded with practical, independent advice that will save IT Pros time, effort, and money
Table of Contents
top
Introduction
1
Part I Windows Server 2008 R2 Overview
Chapter 1 Windows Server 2008 R2 Technology Primer
5
Windows Server 2008 R2 Defined
5
When Is the Right Time to Migrate?
10
Versions of Windows Server 2008 R2
12
What's New and What's the Same About Windows Server 2008 R2?
16
Changes in Active Directory
20
Windows Server 2008 R2 Benefits for Administration
22
Improvements in Security in Windows Server 2008 R2
26
Improvements in Mobile Computing in Windows Server 2008 R2
28
Improvements in Windows Server 2008 R2 for Better Branch Office Support
30
Improvements for Thin Client Remote Desktop Services
33
Improvements in Clustering and Storage Area Network Support
37
Addition of Migration Tools
38
Improvements in Server Roles in Windows Server 2008 R2
40
Identifying Which Windows Server 2008 R2 Service to Install or Migrate to First
43
Summary
46
Best Practices
47
Chapter 2 Planning, Prototyping, Migrating, and Deploying Windows Server 2008 R2 Best Practices
49
Determining the Scope of Your Project
50
Identifying the Business Goals and Objectives to Implement Windows Server 2008 R2
50
Identifying the Technical Goals and Objectives to Implement Windows Server 2008 R2
53
The Discovery Phase: Understanding the Existing Environment
59
The Design Phase: Documenting the Vision and the Plan
3
The Migration Planning Phase: Documenting the Process for Migration
67
The Prototype Phase: Creating and Testing the Plan
73
The Pilot Phase: Validating the Plan to a Limited Number of Users
75
The Migration/Implementation Phase: Conducting the Migration or Installation
78
Summary
79
Best Practices
80
Chapter 3 Installing Windows Server 2008 R2 and Server Core
83
Preplanning and Preparing a Server Installation
.83
Installing a Clean Version of Windows Server 2008 R2 Operating System
89
Upgrading to Windows Server 2008 R2
98
Understanding Server Core Installation
103
Managing and Configuring a Server Core Installation
105
Performing an Unattended Windows Server 2008 R2 Installation
111
Summary
111
Best Practices
112
Part II Windows Server 2008 R2 Active Directory
Chapter 4 Active Directory Domain Services Primer
113
Examining the Evolution of Directory Services
.114
Understanding the Development of AD DS
115
Examining AD DS's Structure
116
Outlining AD DS's Components
119
Understanding Domain Trusts
124
Defining Organizational Units
126
Outlining the Role of Groups in an AD DS Environment
127
Explaining AD DS Replication
129
Outlining the Role of DNS in AD DS
131
Outlining AD DS Security
133
Outlining AD DS Changes in Windows Server 2008 R2
134
Summary
146
Best Practices
146
Chapter 5 Designing a Windows Server 2008 R2 Active Directory
149
Understanding AD DS Domain Design
149
Choosing a Domain Namespace
151
Examining Domain Design Features
153
Choosing a Domain Structure
154
Understanding the Single Domain Model
155
Understanding the Multiple Domain Model
157
Understanding the Multiple Trees in a Single Forest Model
160
Understanding the Federated Forests Design Model
162
Understanding the Empty-Root Domain Model
165
Understanding the Placeholder Domain Model
167
Understanding the Special-Purpose Domain Design Model
169
Renaming an AD DS Domain
170
Summary
173
Best Practices
173
Chapter 6 Designing Organizational Unit and Group Structure
175
Defining Organizational Units in AD DS
176
Defining AD Groups
178
Examining OU and Group Design
182
Starting an OU Design
182
Using OUs to Delegate Administration
184
Group Policies and OU Design
186
Understanding Group Design
186
Exploring Sample Design Models
188
Summary
193
Best Practices
193
Chapter 7 Active Directory Infrastructure
195
Understanding AD DS Replication in Depth
195
Understanding Active Directory Sites
200
Planning Replication Topology
207
Outlining Windows Server 2008 R2 IPv6 Support
213
Detailing Real-World Replication Designs
216
Deploying Read-Only Domain Controllers (RODCs)
220
Summary
224
Best Practices
225
Chapter 8 Creating Federated Forests and Lightweight Directories
227
Keeping a Distributed Environment in Sync
227
Active Directory Federation Services
232
Synchronizing Directory Information with Forefront Identity Manager (FIM)
236
Harnessing the Power and Potential of FIM
240
Summary
243
Best Practices
243
Chapter 9 Integrating Active Directory in a UNIX Environment
245
Understanding and Using Windows Server 2008 R2 UNIX Integration Components
245
Reviewing the Subsystem for UNIX-Based Applications (SUA)
252
Understanding the Identity Management for UNIX Components
253
Administrative Improvements with Windows Server 2008 R2
256
Summary
258
Best Practices
258
Part III Networking Services
Chapter 10 Domain Name System and IPv6
259
Understanding the Need for DNS
260
Getting Started with DNS on Windows Server 2008 R2
263
Resource Records
266
Understanding DNS Zones
270
Performing Zone Transfers
274
Understanding DNS Queries
276
Other DNS Components
278
Understanding the Evolution of Microsoft DNS
285
DNS in Windows Server 2008 R2
286
DNS in an Active Directory Domain Services Environment
288
Troubleshooting DNS
292
IPv6 Introduction
297
How to Configure IPv6 on Windows Server 2008 R2
311
Secure DNS with DNSSEC
316
Summary
323
Best Practices
323
Chapter 11 DHCP/WINS/Domain Controllers
325
Understanding the Key Components of an Enterprise Network
326
Exploring the Dynamic Host Configuration Protocol (DHCP)
328
Exploring DHCP Changes in Windows Server 2008 R2
336
Enhancing DHCP Reliability
.345
Implementing Redundant DHCP Services
350
Exploring Advanced DHCP Concepts
358
Securing DHCP
359
Reviewing the Windows Internet Naming Service (WINS)
361
Installing and Configuring WINS
364
Planning, Migrating, and Maintaining WINS
368
Exploring Global Catalog Domain Controller Placement
370
Summary
374
Best Practices
374
Chapter 12 Internet Information Services
377
Understanding Internet Information Services (IIS) 7.5
377
Planning and Designing Internet Information Services 7.5
382
Installing and Upgrading IIS 7.5
383
Installing and Configuring Websites
389
Installing and Configuring FTP Services
397
Securing Internet Information Services 7.5
407
Summary
416
Best Practices
417
Part IV Security
Chapter 13 Server-Level Security
419
Defining Windows Server 2008 R2 Security
419
Deploying Physical Security
420
Using the Integrated Windows Firewall with Advanced Security
424
Hardening Server Security
427
Examining File-Level Security
429
Additional Security Mechanisms
433
Using Windows Server Update Services
434
Summary
440
Best Practices
440
Chapter 14 Transport-Level Security
441
Introduction to Transport-Level Security in Windows Server 2008 R2
442
Deploying a Public Key Infrastructure with Windows Server 2008 R2
443
Understanding Active Directory Certificate Services (AD CS) in Windows Server 2008 R2
444
Active Directory Rights Management Services
451
Using IPSec Encryption with Windows Server 2008 R2
454
Summary
456
Best Practices
456
Chapter 15 Security Policies, Network Policy Server, and Network Access Protection
459
Understanding Network Access Protection (NAP) in Windows Server 2008 R2
459
Deploying a Windows Server 2008 R2 Network Policy Server
462
Enforcing Policy Settings with a Network Policy Server
465
Deploying and Enforcing a Virtual Private Network (VPN) Using an RRAS Server
473
Summary
480
Best Practices
481
Part V Migrating to Windows Server 2008 R2
Chapter 16 Migrating from Windows Server 2003/2008 to Windows Server 2008 R2
483
Beginning the Migration Process
484
Big Bang Migration
487
Phased Migration
491
Multiple Domain Consolidation Migration
505
Summary
522
Best Practices
523
Chapter 17 Compatibility Testing
525
The Importance of Compatibility Testing
526
Preparing for Compatibility Testing
527
Researching Products and Applications
534
Verifying Compatibility with Vendors
537
Microsoft Assessment and Planning (MAP) Toolkit
542
Lab-Testing Existing Applications
543
Documenting the Results of the Compatibility Testing
546
Determining Whether a Prototype Phase Is Required
546
Summary
547
Best Practices
548
Part VI Windows Server 2008 R2 Administration and Management
Chapter 18 Windows Server 2008 R2 Administration
549
Defining the Administrative Model
550
Examining Active Directory Site Administration
551
Configuring Sites
554
Examining Windows Server 2008 R2 Active Directory Groups
562
Creating Groups
564
Managing Users with Local Security and Group Policies
568
Managing Printers with the Print Management Console
576
Summary
582
Best Practices
583
Chapter 19 Windows Server 2008 R2 Group Policies and Policy Management
585
Group Policy Overview
585
Group Policy Processing--How Does It Work?
586
Local Group Policies
588
Security Templates
590
Elements of Group Policy
591
Group Policy Administrative Templates Explained
603
Policy Management Tools
607
Designing a Group Policy Infrastructure
616
GPO Administrative Tasks
619
Summary
637
Best Practices
637
Chapter 20 Windows Server 2008 R2 Management and Maintenance Practices
639
Going Green with Windows Server 2008 R2
640
Initial Configuration Tasks
641
Managing Windows Server 2008 R2 Roles and Features
643
Server Manager
647
Server Manager Diagnostics Page
652
Server Manager Configuration Page
657
Server Manager Storage Page
661
Auditing the Environment
665
Managing Windows Server 2008 R2 Remotely
674
Using Common Practices for Securing and Managing Windows Server 2008 R2
679
Keeping Up with Service Packs and Updates
681
Maintaining Windows Server 2008 R2
685
Summary
696
Best Practices
696
Chapter 21 Automating Tasks Using PowerShell Scripting
699
Understanding Shells
700
Introduction to PowerShell
702
Understanding the PowerShell Basics
705
Using Windows PowerShell
732
Summary
762
Best Practices
762
Chapter 22 Documenting a Windows Server 2008 R2 Environment
763
Benefits of Documentation
764
Types of Documents
765
Planning to Document the Windows Server 2008 R2 Environment
766
Knowledge Sharing and Knowledge Management
766
Windows Server 2008 R2 Project Documents
767
Administration and Maintenance Documents
780
Network Infrastructure
784
Disaster Recovery Documentation
785
Change Management Procedures
788
Performance Documentation
788
Baselining Records for Documentation Comparisons
789
Routine Reporting
789
Security Documentation
790
Summary
791
Best Practices
791
Chapter 23 Integrating System Center Operations Manager 2007 R2 with Windows Server 2008 R2
793
Windows Server 2008 R2 Monitoring
794
What's New in OpsMgr R2
796
Explaining How OpsMgr Works
796
Outlining OpsMgr Architecture
798
Understanding How to Use OpsMgr
802
Understanding OpsMgr Component Requirements
805
Understanding Advanced OpsMgr Concepts
807
Securing OpsMgr
811
Installing Operations Manager 2007 R2
814
Configuring Operations Manager 2007 R2
822
Monitoring DMZ Servers with Certificates
831
Using Operations Manager 2007 R2
837
Summary
846
Best Practices
846
Part VII Remote and Mobile Technologies
Chapter 24 Server-to-Client Remote Access and DirectAccess
849
VPN in Windows Server 2008 R2
850
Authentication Options to an RRAS System
856
VPN Protocols
858
DirectAccess in Windows Server 2008 R2
863
Choosing Between Traditional VPN Technologies and DirectAccess
873
Traditional VPN Scenario
876
DirectAccess Scenario
898
Connection Manager
.916
Summary
919
Best Practices
919
Chapter 25 Remote Desktop Services
921
Why Implement Remote Desktop Services
922
How Remote Desktop Works
925
Understanding the Name Change
928
Understanding Remote Desktop Services
928
Planning for Remote Desktop Services
947
Deploying Remote Desktop Services
953
Securing Remote Desktop Services
979
Supporting Remote Desktop Services
981
Summary
984
Best Practices
985
Part VIII Desktop Administration
Chapter 26 Windows Server 2008 R2 Administration Tools for Desktops
987
Managing Desktops and Servers
988
Operating System Deployment Options
989
Windows Server 2008 R2 Windows Deployment Services
991
Installing Windows Deployment Services (WDS)
994
Creating Discover Images
1005
Creating Custom Installations Using Capture Images
1016
General Desktop Administration Tasks
1020
Summary
1021
Best Practices
1021
Chapter 27 Group Policy Management for Network Clients
1023
The Need for Group Policies
1024
Windows Group Policies
1025
Group Policy Feature Set
1028
Planning Workgroup and Standalone Local Group Policy Configuration
1033
Planning Domain Group Policy Objects
1036
Managing Computers with Domain Policies
1045
Managing Users with Policies
1070
Managing Active Directory with Policies
1076
Summary
1095
Best Practices
1096
Part IX Fault-Tolerance Technologies
Chapter 28 File System Management and Fault Tolerance
1097
Windows Server 2008 R2 File System Overview/Technologies
1097
File System Access Services and Technologies
1102
Windows Server 2008 R2 Disks
1105
Utilizing External Disk Subsystems
1109
Managing Windows Server 2008 R2 Disks
1109
System File Reliability
1118
Adding the File Services Role
1120
Managing Data Access Using Windows Server 2008 R2 Shares
1122
Volume-Based NTFS Quota Management
1128
File Server Resource Manager (FSRM)
1130
The Distributed File System
1147
Planning a DFS Deployment
1152
Installing DFS
1155
Managing and Troubleshooting DFS
1163
Backing Up DFS
1166
Using the Volume Shadow Copy Service
1167
Summary
1170
Best Practices
1170
Chapter 29 System-Level Fault Tolerance (Clustering/Network Load Balancing)
1173
Building Fault-Tolerant Windows Server 2008 R2 Systems
1174
Windows Server 2008 R2 Clustering Technologies
1177
Determining the Correct Clustering Technology
1182
Overview of Failover Clusters
1184
Deploying Failover Clusters
1191
Backing Up and Restoring Failover Clusters
1211
Deploying Network Load Balancing Clusters
1215
Managing NLB Clusters
1223
Summary
1225
Best Practices
1225
Chapter 30 Backing Up the Windows Server 2008 R2 Environment
1227
Understanding Your Backup and Recovery Needs and Options
.1228
Creating the Disaster Recovery Solution
1232
Documenting the Enterprise
1234
Developing a Backup Strategy
1234
Windows Server Backup Overview
1235
Using Windows Server Backup
1239
Managing Backups Using the Command-Line Utility wbadmin.exe and PowerShell Cmdlets
1246
Backing Up Windows Server 2008 R2 Role Services
1248
Volume Shadow Copy Service (VSS)
1262
Windows Server 2008 R2 Startup Options
1264
Summary
1265
Best Practices
1265
Chapter 31 Recovering from a Disaster
1267
Ongoing Backup and Recovery Preparedness
1267
When Disasters Strike
1271
Disaster Scenario Troubleshooting
1274
Recovering from a Server or System Failure
1277
Managing and Accessing Windows Server Backup Media
1285
Windows Server Backup Volume Recovery
1287
Recovering Role Services and Features
1291
Summary
1302
Best Practices
1302
Part X Optimizing, Tuning, Debugging, and Problem Solving
Chapter 32 Optimizing Windows Server 2008 R2 for Branch Office Communications
1305
Understanding Read-Only Domain Controllers (RODCs)
1306
Installing a Read-Only Domain Controller
1310
Understanding BitLocker Drive Encryption
1323
Configuring BitLocker Drive Encryption on a Windows Server 2008 R2 Branch Office Domain Controller
1326
Understanding and Deploying BranchCache
1333
Enhancing Replication and WAN Utilization at the Branch Office
1339
Summary
1342
Best Practices
1342
Chapter 33 Logging and Debugging
1345
Using the Task Manager for Logging and Debugging
1345
Using Event Viewer for Logging and Debugging
1350
Performance and Reliability Monitoring
1359
Setting Baseline Values
1369
Using the Debugging Tools Available in Windows Server 2008 R2
1371
Task Scheduler
1382
Summary
1388
Best Practices
1389
Chapter 34 Capacity Analysis and Performance Optimization
1391
Defining Capacity Analysis
1391
Using Capacity-Analysis Tools
1395
Monitoring System Performance
1415
Optimizing Performance by Server Roles
1423
Summary
1430
Best Practices
1430
Part XI Integrated Windows Application Services
Chapter 35 Windows SharePoint Services
1433
Understanding the History of SharePoint Technologies
1434
What Are the Differences Between Windows SharePoint Services 3.0 and SharePoint Server 2007?
1436
Identifying the Need for Windows SharePoint Services
1439
Installing Windows SharePoint Services
1440
Lists and Libraries in Windows SharePoint Services 3.0
1453
Integrating Office 2007 Applications with Windows SharePoint Services 3.0
1469
Managing the Site Collection
1475
Summary
1479
Best Practices
1481
Chapter 36 Windows Media Services
1483
Understanding Windows Media Services
1484
Installing Windows Media Services
1489
Using Windows Media Services for Real-Time Live Broadcasts
1492
Broadcasting Stored Single Files
1495
Hosting a Directory of Videos for On-Demand Playback
1498
Combining Multiple Files for a Combined Single Broadcast
1501
Understanding Windows Media Encoder
1504
Broadcasting a Live Event
1506
Capturing Audio or Video for Future Playback
1508
Using Other Windows Media Encoder Options
1510
Summary
1512
Best Practices
1512
Chapter 37 Deploying and Using Windows Virtualization
1515
Understanding Microsoft's Virtualization Strategy
1515
Integration of Hypervisor Technology in Windows Server 2008
1517
Planning Your Implementation of Hyper-V
1519
Installation of the Microsoft Hyper-V Role
1522
Becoming Familiar with the Hyper-V Administrative Console
1524
Installing a Guest Operating System Session
1529
Modifying Guest Session Configuration Settings
1533
Launching a Hyper-V Guest Session
1535
Using Snapshots of Guest Operating System Sessions
1538
Quick Migration and Live Migration
1540
Summary
1550
Best Practices
1551
Index
1553
About the Authors
top
Rand H. Morimoto, Ph.D., MVP, MCITP, CISSP, has been in the computer industry for over 30 years and has authored, coauthored, or been a contributing writer for dozens of books on Windows, Security, Exchange, BizTalk, and Remote and Mobile Computing. Rand is the president of Convergent Computing, an IT-consulting firm in the San Francisco Bay area that has been one of the key early adopter program partners with Microsoft, implementing beta versions of Microsoft Windows Server 2008 R2, Windows 7, Exchange Server 2010, and SharePoint 2010 in production environments over 18 months before the initial product releases.
Michael Noel, MCITP, CISSP, MVP, is an internationally recognized technology expert, best-selling author, and well-known public speaker on a broad range of IT topics. He authored multiple major industry books that have been translated into more than a dozen languages worldwide. Significant titles include SharePoint 2010 Unleashed, Microsoft Exchange Server 2010 Unleashed, SharePoint 2007 Unleashed, Exchange Server 2007 Unleashed, ISA Server 2006 Unleashed, and many more. Currently a partner at Convergent Computing (www.cco.com) in the San Francisco Bay area, Michael's writing and extensive public speaking experience across six continents leverage his real-world expertise in helping organizations realize business value from Information Technology infrastructure.
Omar Droubi, MCSE, has been in the computer industry since 1992 and during this time has coauthored several of Sams Publishing best-selling books, including Microsoft Windows Server 2003 Unleashed and Windows Server 2008 Unleashed, and Omar has been a contributing writer and technical reviewer on several other books on Windows Server 2003, Windows Server 2008, and Exchange Server 2000, 2003, and 2007. Omar has been involved in testing, designing, and prototyping Windows Server 2008 and Windows Server 2008 R2 infrastructures for the past four years, and has primarily focused on upgrading existing networks and utilizing many of the new roles and features included in the product. Also during this time, Omar has assisted several organizations with the development of technical road maps, planning and executing domain and server consolidation and virtualization projects, and deploying Exchange Server 2007 for organizations of all sizes.
Ross Mistry, MVP, MCITP, is a principal consultant and partner at Convergent Computing, an author, and a Microsoft MVP. With over a decade of experience, Ross focuses on designing and implementing Windows, Active Directory, Hyper-V, Exchange Server, and SQL Server solutions for Fortune 500 organizations located in the Silicon Valley. His specialties include upgrades, migrations, high availability, security, and virtualization. Ross has also taken on the roles of lead author, contributing writer, and technical editor for many best-selling books published by Sams. His recent works include SQL Server 2008 Management and Administration, Exchange Server 2010 Unleashed, and Windows Server 2008 Unleashed. Ross writes technical articles for many sites including TechTarget.com and frequently speaks at international conferences around the world.
Chris Amaris, MCSE, CISSP/ISSAP, CHS III, is the chief technology officer and cofounder of Convergent Computing. He has more than 20 years experience consulting for Fortune 500 companies, leading companies in the technology selection, design, planning, and implementation of complex Information Technology projects. Chris has worked with Microsoft Windows since version 1.0 in 1985. He specializes in messaging, security, performance tuning, systems management, and migration. A Certified Information Systems Security Professional (CISSP) with an Information System Security Architecture Professional (ISSAP) concentration, Certified Homeland Security (CHS III), Windows 2003 MCSE, Novell CNE, Banyan CBE, and a Certified Project Manager, Chris is also an author, writer, and technical editor for a number of IT books, including Network Security for Government and Corporate Executives, Microsoft Exchange Server 2010 Unleashed, and Microsoft Operations Manager 2005 Unleashed. Chris presents on messaging, operations management, security, and Information Technology topics worldwide.
