The ultimate guide to the new Windows .NET Server 2003 for experienced system administrators.
° Not only explains the new features of Windows .NET Server 2003, but also provides continued support for Windows 2000 administration
° Covers changes in security, Active Directory, Microsoft Management Console, and integration with the .NET Framework 1.1, among many others changes
° Foreword from Brian Valentine, VP of Windows Platforms at Microsoft
Windows .NET Server 2003 is the first Microsoft product that is innately affected by the company's recent Trustworthy Computing initiative. If this is successful, this will be the most stable, reliable, and dependable server OS that Microsoft has ever released. It will also feature an integrated environment with the .NET Framework and the Common Language Runtime. The Ultimate Windows .NET Server 2003 System Administrator's Guide is an essential resource for planning, deploying, and administering a Windows .NET enterprise system. The authors draw on years of experience designing and administering Windows NT and UNIX systems in order to guide you through the varied tasks involved in real-world system administration. There are detailed discussions of key Windows .NET Server administrative functions, and descriptions of many advanced tools and optional components. In addition the authors have included a comprehensive and convenient command reference.
Download the Sample Chapter related to this title.
1. Administrative Overview.
Windows .NET—A Historical Perspective.
Understanding the .NET.
Windows .NET Administrative Roles.
Scope of Responsibility.
Windows .NET Features and Administration Implications.
Structural Modes, Subsystems, and Managers.
Windows .NET Processes.
Stored and Virtual Memory.
The Boot Process.
Viewing Application Dependencies.
IntelliMirror and Other Innovations.
Logical and Physical Structures.
Planning for Windows 2000 and NT Upgrades.
Device Driver Management.
Windows Product Activation.
Automatic Product Update.
File Transfer Wizard.
Uninstall Windows XP Operating System.
Help and Support.
Internet Connectivity and Internet Explorer 6.0.
Winkey Quick Keys.
Internationalization and Localization.
ClearType Mobile Computer/Liquid Crystal Display Enhancements.
Active Directory Structural Components.
Open Standards Support and Naming Conventions.
Migration and Backward Compatibility.
Administrative Interface Snap-Ins.
Administrative Security and Trust Relationships.
Planning for the Active Directory.
Installing the Active Directory.
Active Directory MMC Snap-In Tools.
Creating Organizational Units.
Active Directory Administrative Delegation.
Global Catalog Refinement.
The Active Directory Connector.
Understanding Group Policies.
PDC Operations Manager.
esultant Set of Policy.
Group Policy WMI Filtering.
Permissions Security, Folder Sharing, and DFS.
Reviewing NTFS Permissions.
Distributed File System Sharing.
The Public Key Infrastructure.
Security Authorization Manager.
Windows .NET System Lockdown.
Secure Network Services and Architecture.
The End User's Responsibility.
Naming Services and IP Assignments.
Real Time Communications.
TAPI Streaming Support.
DNS Configuration Through Group Polcy.
Support for Broadband PPPoE Connections.
Virtual Private Networks.
Backup and Restoration.
Installing Terminal Services.
Configuring Terminal Services.
Terminal Services Administration.
Terminal Services from a User's Perspective.
Understanding the IIS Web Server.
Working with the SMTP Server.
Understanding the NNTP Server.
Understanding the FTP Server.
Understanding Cluster Services.
Message Queuing Services.
System Management Server.
Microsoft Operations Manager.
Windows Scripting Host.
Command Line Tools New Under Windows .NET.
File Management Commands.
File Manipulation Commands.
System Management Commands.
Resource Kit Support Tools.
Windows .NET is more an update of Windows 2000 than it is a new operating system. This latest version of the base Windows NT technology now expands to support Microsoft's .NET infrastructure and new security initiatives. This book reflects these changes by expanding the authors' previous The Ultimate Windows 2000 System Administrator's Guide. Mindful that Windows 2000 will continue to be deployed, this book not only reflects the new features of Windows .NET but also provides continued support for Windows 2000 administration.
Windows 2000 and Windows .NET are complex, feature-rich operating systems whose deployment in an enterprise requires highly skilled individuals to support its installation, maintenance, and optimization. These individuals are aided by the abundance of tools and wizards for effective operating system management that Microsoft has provided. Indeed, many of the enhanced tools should shift the traditional role of administrator to that of proactive manager of computing environments. Thus, the depth of function, flexibility, and granularity of Windows 2000/.NET ultimately represents both opportunity and challenge for system administration.
This book is written to help you succeed in the administration of the Windows .NET and Windows 2000 Server family. Much of the information it provides is also applicable to the desktop Professional versions of the software. Although the use and management of client software is incorporated, the server side is clearly our primary focus. In this preface, we provide a framework for the primary topics covered, define the target audience, and describe how to use this book.
Windows .NET will not eliminate the system administrator. To the contrary, features, such as the Active Directory and the Microsoft Management Console (MMC), will vastly broaden this role. Rather than spend time on mundane tasks and the management of dozens of disjointed tools, the consolidated approach provided by Windows .NET will free the administrator to concentrate on more mission-critical activities.
The functions of the Windows .NET system administrator are generally those that support the user population and those that support the system. The following list summarizes some of the most common responsibilities:
Obviously, this list only scratches the surface of system administration and IT management. However, as a means of setting the reader's expectations, it does underscore the types of activities for which this book can be used as a guide.
In preparing this book, we used three primary sources of information. First, we relied heavily on our combined professional experience in application development, system administration, and IT management. Unlike so many books written on theory by technical writers, our recommendations did not emerge from a vacuum but are based on reality and experiences. We hope the experience we bring to this book will assist fellow IT professionals to better manage an enterprise.
Second, we used observations from system administrators in the field to provide "reality checks" to our conclusions. Theoretical understanding of Windows .NET is a nice beginning, but it is no substitute for the actual experience of system administrators. Because Windows .NET is a new product, one of our primary sources was participants in Microsoft's Beta Program and their experience with final beta and final release versions of the operating system.
Finally, we performed extensive tests and simulated real-world environments in an extensive laboratory environment. The tests centered primarily on the Standard Server and Enterprise Server versions; however, Windows .NET Web Server edition and Windows XP was also tested and is periodically referenced as client software within the broader enterprise framework. Windows .NET DataCenter was not available for testing at the time this book was written, so references to it are based on published Microsoft specifications. Where differences exist in the version levels, we call attention to them.
The Ultimate Windows .NET Server System Administrator's Guide was written for system administrators and other IT professionals who manage a Windows .NET environment. Administrators coming from other operating system environments like UNIX will find many significant conceptual differences and numerous familiar technologies. Seasoned Windows 2000 and NT administrators will find many familiar aspects, but many significant differences as well, that will require a general updating of their technical skills. The addition of the Active Directory, a new domain model, advanced authentication technologies, and the enhanced MMC are just a few examples of entirely new or expanded operating system features.
Our aim was to produce an intermediate reference guide for administrators, leaving out specialized architectural or programming topics. Thus, this book should be used for an understanding of key concepts and for common "how-to" walkthrough support. Experienced professionals should find the discussions on operating system migration and the use of the new enhanced tools valuable. Those with moderate system administration experience can also benefit, but we assume these readers already have hands-on operating system experience. Novices will need to learn network and operating system fundamentals.
Attempting to provide useful information to an audience of system administrators was a challenge. Inevitably, some of the book's material may appear either overly basic or too advanced, and depending on a reader's level of experience, some discussions will be more helpful than others. To accommodate this wide variance in prior knowledge, we first cover each major topic from a conceptual basis and then expand this foundation with discussions on applying specific advanced Windows .NET functions.
System administrators coming from UNIX might find helpful our sister publication Windows NT and UNIX: Administration, Coexistence, Integration, and Migration (Addison-Wesley, 1998). For Windows 2000 administrators, look at The Ultimate Windows 2000 System Administrator's Guide (Addison-Wesley, 2000).
The book is organized into three parts and an appendix:
A Glossary of common terms is also provided.
There is a wealth of information that should be used by system administrators to supplement this book. The Windows .NET operating system provides extensive online help available from the Start → Help facility. Microsoft also regularly posts white papers on its Web site, which should be regularly checked for updated information.
Trade magazines can also be an excellent source of information. We recommend Computer World, WindowsAdvantage.com, InformIT.COM, Windows 2000 Magazine (formerly Windows NT), ENT, MS Journal, and Dr. Dobb's Journal. As for online services, we strongly recommend Microsoft's security and patch e-mail service at www.microsoft.com/security/.Finally, we will be posting updated information about Windows 2000 and Windows .NET on our Web site at http://www.EnterpriseCertified.com/WinNetbook.htm.
When I'm not managing the Windows engineering team, I like to play hockey. This helps me understand the mentality of IT managers and systems administrators because, like you, I play defense. As a matter of fact, I'm a goaltender, which means I'm the last one standing when my defensive line fails. If we're down a few goals at the end of a period, you'll find me ranting and raging in the locker room, "Where's my defense?" You know how this feels. It's often you defending your system against hackers, you resetting the client machines after an application or configuration "accident," you dealing with a bogged-down network, you trying to stay one step ahead of threats that change speed and direction and seem to shoot toward you at 100 miles per hour. And if the "opponent" scores, it shows up on your record.
Wouldn't it be great if you weren't the last line of defense? Wouldn't you rather be the offense, focusing on adding value for your users, making them more productive, making the tools they need easier to access, getting crucial data to them faster--basically getting (and keeping) them connected to everything they need to do their jobs well? With Windows Server 2003, we've worked to build something as fast, solid, and smooth as the ice on a hockey rink.
We've made file server and web server performance at least twice as fast as Windows 2000; file system performance is 140 percent better; and Active Directory searches are more than four times faster. A range of new and improved features, including memory mirroring, Hot Add Memory, and health detection in Internet Information Services (IIS) 6.0, enhances reliability. Clustering for up to 8 nodes and network load balancing is built in, and, as with Windows 2000, several major OEMs will guarantee 99.9 to 100 percent availability. Configuration wizards install and set up services automatically based on the server roles you choose; settings are securely locked down by default.
During this product cycle, we stopped the development machine to dedicate every Windows employee to an intense security review of every line of Windows Server 2003 code to identify and eliminate possible fail points and exploitable weaknesses so that your Windows server won't go down unless you turn it off.
Windows Server 2003 will help you get more done faster. The .NET Framework is fully integrated and saves developers from writing "plumbing" code so that they can focus their efforts immediately on writing code. Group Policy Management Console (GPMC) has a new user interface that dramatically simplifies policy administration. The addition of Resultant Set of Policy reporting and scripting means that now you're able to model settings in a test domain before copying the policy objects to production domains in your enterprise. With the new volume shadow copy service, users can retrieve previous versions of files from servers instantly, without requiring you to dig through backup tapes. We've greatly enhanced the command-line functionality in the Windows Server 2003 family and added "headless server" capabilities that allow IT administrators to install and manage a computer without a monitor, VGA display adaptor, keyboard, or mouse. And we ship it with ready-to-use scripts. Software Update Services collects new updates from Microsoft as they are released and automatically deploys the ones you approve to clients and servers. And this is just a sample of what Windows Server 2003 offers to clear the way for you to add more value for users.
Deploying Windows Server 2003 is like drafting the right players, suiting themup with the right equipment, and giving them the home rink advantage. Now all you need to maintain a winning style is a great coach and playbook to guide you through using the tools and resources in the right combination at the right times. In The Ultimate Windows Server 2003 System Administrator's Guide, coaches Williams and Walla describe best practices for designing and deploying the Active Directory, sharing and securing network resources, getting users connected no matter where they are, and managing and maintaining Windows Server 2003 servers in your enterprise. This book will be a supportive resource to help you know how to use the tools and features Microsoft shipped, but even better, it guides you through enough of the product internals to approach administration more strategically. A good coach tells you what to do to win; a great coach helps you develop the skills to win on your own. Enjoy this great book.
Senior Vice President,
Microsoft Windows Division
Download the Index
file related to this title.
Chapter 1: Admin Overview
Page 2, first paragraph, first two sentences please replace them as follows:
The fundamental differences between Windows Server 2003 and its predecessor Windows 2000 reside in its embrace of the Microsoft .NET framework, tightened security features, improved scalability, and enhanced administrative tools. While explored later, the .NET framework deserves special mention since it propels the Windows environment into a transparent Internet services-based operating system.
Page 7, Table 1.3
DataCenter Edition Column
Maximum Ram change 64 GB and 128 GB to 128GB and 512 GB respectively
Multiprocessor Support change Maximum 32 to Maximum 64
Chapter 3: Planning and Installation
Page 101 Figure 3.4
Page 118 Figure 4.2
Page 145 First full paragraph starting with "With each
second sentence and replace with
Windows 2003 Server shipped with IE6 configured with enhanced security settings together with other features to reduce administrative headache.
Page 145 before subsection Contacts and Instant Messaging Integration add a new subsection (note: we should be able to get this in with much pagination issues but I could cut some verbiage if necessary)
ENHANCED SECURITY CONFIGURATION
The standard configuration for IE6 assumes heightened security settings and thereby reducing threats. A conscious decision must be made to lower predefined settings. The assumption is that access to Internet and intranet sites are achieved on a zone basis in which Trusted sites are added by the administrator or the client user. You should add the Web page that hosts the application to the Trusted sites zone when you want to run a browser-based client application over the Internet. Running a browser-based client application over a protected and secure local intranet requires adding the Web page that hosts the application to the Local intranet zone. Security Configuration is achieved by launching Internet Explore à select tools à select the Security Tab.
Page 148 before the Postscript Section need to add another section (again, if we need to edit out some language to fit for pagination reasons, let me know)
A new usability feature is Shadow Copies of Shared Folders that provides for the remote storage and retrieval of files that may be damaged or lost on a local system. Shadow Copies of Shared Folders allow a user to access shared files and folders as they existed in the past. This affords not only an ability to compare earlier documents but it provides an excellent means for file recovery. The client software for Shadow Copies of Shared Folders is located on the server and requires client deployment through the Disk Properties MMC Snap-in. The client software for Shadow Copies of Shared Folders is installed on the server in the \\%systemroot%\system32\clients\twclient directory. Group Policy tools are commonly used for deployment. Client views of shadow copies are accessed through the Previous Versions tab of the Properties dialog box of the shared file or folder. The minimum amount of storage space that can be specified is 100 megabytes (MB). Older versions when the storage limit is reached. There is a limit of 64 shadow copies that can be stored on a volume.
Chapter 5: Active Directory
Page 180 after Note add another Note (Because of the room in the last page of this chapter, you should be able to get this in with pagination problems)
NOTE: When connecting to domain controllers running Windows 2000 precautions must be taken to insure that signing LDAP traffic guarantees packaged data comes from a known source. By default, Windows 2000 Active Directory does not sign and encrypt all LDAP traffic. We strongly recommended that all Windows 2000 domain controllers be upgraded to Service Pack 3 or later in order to add these security functions. Alternately, although not recommended, signed and encrypted LDAP traffic can be disabled on Windows Server 2003.