Administering Windows Server 2008

Installing, Managing and Troubleshooting Windows Server 2008	"Server 2008 from top to bottom, delivered with a lot of insight... and a little bit of humor"
*a two-day course by Mark Minasi, author of the Mastering Windows Server 2008* series from Sybex/Wiley**
Schedule of dates and cities • Course Objectives • Course Outline • Course Materials • Bring a Class to Your Site • About the Instructor
Course Objectives It's been five years since Microsoft delivered Windows Server 2003. On 27 February 2008, Redmond broke the long "Server drought" with Windows Server 2008 — so it's time to get up to speed on it! Whether you intend to roll out Server 2008 immediately or in three years, you need to know exactly what benefits, challenges, and opportunities this latest version of Server offers. In two days, Windows expert, journalist, consultant and best-selling author Mark Minasi shows you what's changed from Server 2003 to Server 2008 — the good, the bad, the wonderful and the awful... with a chuckle or two thrown in. In just two days, you'll know how 2008 is or isn't right for you, and how to get the most out of it! Key Seminar Benefits This is a "delta" course that only covers what's new in Windows Server 2008. You won't have to sit through long explanations of Windows elements that you've known about since Windows 2000! Learn what changes your network will require to implement Server 2008 Quickly know what Microsoft's new Hyper-V virtual machine manager offers over existing VMMs, what it requires, and how to get the most out of it Grasp the changes to terminal services and remote desktop, and how they can save you money See demonstrations of many new Server 2008 technologies Delve into how Server 2008's Read-Only Domain Controller (RODC) role works, and how it can make your security guys breathe a bit easier Discover how Server 2008 makes Active Directory disaster recovery a lot easier in some ways, and a bit tougher in others Check out the flexibility that 2008's new fine-grained passwords offer Find out about Server 2008's secure and inexpensive to run "Server Core" option, and save days trying to figure out how to manage it See how group policies change with the new "Group Policy Preferences" tool that lets you create your own group policies in seconds Course Outline Introduction: Upgrading to 2008 Adding Server 2008 to your network will probably be an easier move than was the path from NT to 2000, or 2000 to 2003. But the upgrade and installation considerations aren't trivial. This section introduces Server 2008's versions, upgrade tools and reviews the choices that you'll need to make. Hardware issues: 32/64 bit Server versions Upgrade paths Virtual licensing considerations 2008 setup Controlling Server 2008: New Management Tools Windows 2000 Server brought new management tools in the form of the Microsoft Management Console (MMC), Windows Server 2003 built upon that with the Manage Your Server wizard, and Windows Server 2008 comes with its own management suite via a new application called Server Manager. Meet Server Manager Features versus roles Command-line management with servermanagercmd.exe Automating Server Manager: unlock the XMLs! Server 2008's Almost-New Improvements When comparing Server 2003 to Server 2008, you'll see a lot improvements that are quite useful, but that did not originate in Server 2008... instead, they debuted in Windows Vista. This section quickly reviews what Vista technologies comprise part of the reasons to upgrade. Even if you think you know Vista, this section may surprise you, as it's all about the under-the-hood Vista technologies that comprise a major part of "what's new" in Server 2008. "New" Server features... that appeared in May of 2003 "New" Server 2008 items that appeared in Server 2003 R2 Vista security carry-overs Vista system management changes used in Server 2008 Vista networking changes affecting Server 2008 Server Core: Overview and Setup Possibly 2008's most significant new technology is Server Core, a version of server that follows old notion that dictum "less is more." This section introduces you to this newest member of the Windows family. Server Core structural differences Controlling a Windows OS with a graphical user interface What Server Core can and can't do: setup with OCSETUP and OCLIST Initial set tasks: system name, IP stack, Windows Update, remote control, loading drivers and more Dealing with VBS/WSF tools What about PowerShell on Server Core? Managing Server Core What's that you say, no one in their right mind would try to manage DNS, Active Directory, WINS, DHCP and more from the command line? After this section (based in part on a talk that ranked in the top ten out of 450 talks at TechEd US 2008), you'll see how easy it can be. DNS setup and management DHCP installation, management and scope configuration WINS server setup and client configuration in Server Core Adjusting the Server Core TCP stack to solve compatibility problems Creating and managing local accounts in Server Core Managing product activation in Server Core Windows Remote Shell: a better alternative to Remote Desktop Viewing and managing event logs in Server Core Securing Server Core systems with BitLocker New Security: A new VPN and a Network Quarantine Tool With Server Core out of the way, we take up two new security tools. The first is easy, a quick overview of a new VPN, and then... quarantine! Many computers want to get onto your network: consultant's laptops, employee machines that they've taken home and brought back, salespeople's machines... and you just know that they're all infested with worms, Trojans, and spyware, all waiting to pounce on your network. But what if you could make your network a bit smarter, and a bit more suspicious of new hardware? NAP lets you do that. Whenever a system tries to acquire an IP address from your network, the network requires that system to first undergo a series of "health checks," like "what Service Pack are you running?," "When did you last scan for malware?" and the like and, depending on the results of the checks, your network then may choose to refuse to issue an IP address to the new system. A new SSL-based VPN How NAP works: the bits and pieces How it can work better: new System Health Agents and System Health Validators What servers need to run NAP What clients need to participate in NAP Options for setup -- monitor or isolate Networking 2008: New TCP and New IPv6 No major revision of Windows Server comes along without some correspondingly major rework on the network side. Some are small, like its support for congestion avoidance, and at least one's huge -- IPv6. If you've been avoiding IPv6, then this section may put your mind at ease about it, and that's a good thing because your job just may depend on IPv6 in the next year or so... Changes to IP and TCP Block size changes Implications Controlling them with netsh Problems with old hardware: how to recognize it and what to do Support for new RFCs IPv6 Motivation: why you'll probably need IPv6 sooner than you think Major changes New address concepts Changes in configuration Neighbors and links, not subnets Finding routers in v6 DHCP and v6 The Revolution of 3041 and your IPv6 address Co-existence: making v4 work with v6 Does v6 make sense for you? What requires v6 in Windows Hyper-V: Virtualization Comes to Server For years, Microsoft's been trying to offer a worthy competitor to virtualization giant VMWare. Virtual Server 2005 R2 SP1 good (particularly for the price), but not great... so Hyper-V is a pleasant surprise. Hyper-V's an all-new, darned fast and built-with-security-in-mind tool for hosting virtual servers, is available with either Standard, Enterprise or Datacenter server, and costs just $28. But does it deliver? Well, we were impressed, but come find out if it'll work for you in this essential section! Virtualization overview: why bother and what the Microsoft technology can do The enabling technologies: Intel's Vanderpool and AMD's Pacifica How Hyper-V's architecture improves (massively) over Virtual Server's Backup, disaster recovery and patching technologies in Hyper-V (what Windows Backup can and can't do) Hyper-V parameters and limitations Virtually paranoid: Hyper-V's odd security structure Installing Hyper-V Creating Hyper-V virtual machines Tuning a virtual machine to Hyper-V: there are different "classes" of VMs! "Unenlightened" operating systems "Enlightened" operating systems Integration Services VM configuration What Hyper-V's missing 2008 Backups and Disaster Recovery Backing up Server systems has not changed since NT 3.1, to a certain extent. But Server 2008 changes all the rules with a completely new backup and restore system that's mostly good but a bit lacking in the offsite backup department. As is so often true with new versions of Windows, "everything that you know is wrong" in this area. New image-based system Only backs up entire drives and can back up to network shares with limitations, but no tapes Good news: much better for disaster recovery Backup types The GUI way... ... and the CLI way Types of restores Scheduling backups SYSVOL and SMB 2.0: File Sharing News in 2008 Windows Server 2003 R2 brought a replacement for the File Replication Service in a tool called DFS-R. (According to Microsoft, "DFS-R" doesn't stand for anything.) Vista brought a replacement for the engine that's allowed file sharing in Microsoft networking since 1985 -- Server Message Block 2.0 or SMB v2. Put 'em together and Server 2008 shakes things up just a trifle. (How'd you like to replace one of the most important and fragile replication engines in AD... while your AD's running? It's not as scary as it sounds, and it's an upgrade that you won't want to miss.) DFS-R features and concepts SMB 2.0 features and concepts The big story: Sysvol moves from FRS to DFS-R Migrating Sysvol, Step by Step Name Resolution Changes The two big players in the operating system market, Windows and Unix in its many flavors (Sun, Linux, Mac OS, etc) are alike in many ways, but how they handle names is different. Windows supports an enterprise-level naming system in DNS, but is hobbled by the seemingly-inescapable limitations of WINS and NetBIOS. How does Server 2008 change this? NetBIOS news How is Server 2008 without NetBIOS? DNS help for de-NetBIOSing: DNAMEs De-WINS-ing with the GLOBALNAMES zone... and the undocumented stuff you need to know to make it work Setting Up a Server 2008 Active Directory Finally, it's time to move to the largest part of the course: AD changes. How to set up a 2008 based AD? Isn't it just DCPROMO? Well, yes, but... What isn't fixed in AD in 2008 DCPROMO's New Face Over two dozen new command-line options One irritating new bug / design choice... and how to sidestep it No more waiting to reboot DCPROMO, usually Scripting DCPROMO Server Core considerations Upgrading your AD to 2008: green field, in-place upgrade, clean & pristine, or swing? Meet the latest ADPREP Installation from Media (IFM) Debuted in 2003 Faster way to create a new DC Procedure is completely changed in 2008 Building Your Third DC: Read-Only Domain Controllers At this Not only does 2008 deal a new sort of server in the form of Server Core, it also delivers a new and very interesting sort of domain controller -- a "Read-Only Domain Controller," or RODC. As their name implies, RODCs are domain controllers, but they're limited in two ways: first, they cannot make changes to the Active Directory database (so for example password changes and new account creation cannot happen on RODCs) and, second, they don't contain all of the domain database -- in fact, by default RODCs cannot perform any logons. What the heck good is a DC that by default can't do authentications? Join us for this section and find out why an RODC would be your third domain controller... How RODCs work How RODCs differ from NT 4 Backup DCs Creating the basic RODC Tricking out your RODC: password caching RODCs and security Making the choice: creating the perfect mix of DCs and RODCs Cleaning up after a stolen or damaged DC gets easier Better Password Control: Server 2008's Fine-Grained Password Control Ask an administrator what he or she would most like to do with AD, but can't, and you'll often hear, "more flexible password policies." 2008 answers that request with something that Microsoft calls "fine-grained password policies." Now you can require that Group A use complex passwords that they have to change every week, while letting Group B use five-character passwords that they needn't change more often than once a year. Neat, eh? Yes, it is, except actually creating those policies gets a little tricky... Password policy pieces: components and requirements Creating password settings objects (PSOs) Conflicting PSOs: who wins? AD Backup, Maintenance and Recovery: What's new We've already seen the everything's changed with Server 2008 backup in general. Well, it's the same story -- and more. Not only does Active Directory use the new CompletePC backup tool, Server 2008 also offers another two new technologies (well, one and a half). 2008 also adds a new, easier-to-maintain approach to AD databases, as you'll see in this section. Restartable AD An AD that you can stop without rebooting a DC What it can and can't do AD snapshots Online copies of an AD... but that can't be restored Accessing and using snapshots Restoring AD backups The new Sysvol restore option -- much better than BURFLAGS Deletion protection: by default, no one can delete an OU! Group Policies in 2008 Vista brought quite a number of changes to group policy, but Microsoft didn't get them all done in time for Vista... and so Server 2008 brings us some neat new group policy goodies, as you'll learn in this section. Even better, Microsoft surprised us by adding the Desktop Standard PolicyMaker tool built right into Server 2008! The new Group Policy Management Console GPO comments Starter GPOs Searching group policy options Group Policy Preferences: the big store Former Desktop Standard tool "Policy Maker" Simple methods of creating your own group policy settings Increased power of control over who gets the policy The down-side of GP Preferences: what to know Terminal Services in 2008 Terminal Services offers remote control, application serving and centralizing computer resources. But there's always been a feeling of a sort of incompleteness in Windows Terminal Services, inasmuch as, well, Citrix has always done a better job at application servers. Server 2008 takes some large strides, however, and, um, "borrows" some great ideas from Citrix, as you'll learn in this chapter. Improved TS client Terminal Services bandwidth allocation options: send the bits to the printer or the screen? Printing made easy with -- you guessed it -- EasyPrint Single sign-on comes to Terminal Services Terminal Services Gateway: skip the VPN to get to your servers and stay secure anyway Remote Applications: delivering applications as terminal services sessions RDP over SSL: Internet Explorer, Terminal Services and security, all in an easy package Course Materials and Course Format The class works from PowerPoint presentations. Every attendee gets a printed copy of the PowerPoints. To make it possible to run this course in just two days, this runs in mainly lecture/demo format. You'll see Server 2008 run through its paces in a series of interesting and explanatory demonstrations. Arranging a Course At Your Location We offer this class as a public seminar occasionally; you can view the current schedule www.minasi.com/pubsems.htm. But you needn't wait — Mark can come to your organization to teach it on-site. On-site classes offer you the flexibility to lengthen or shorten the class, add hands-on labs, modify the course's focus and zero in on your group's specific needs. Please contact our office at (757) 426-1431 between 12 Noon-5 Eastern time or email Assistant@Minasi.com to discuss scheduling and fees.