Server 2008 Preview: Good News, Bad News

A first look and analysis of the newest version of Windows Server


... Rounds up Longhorn, from horns to hooves...

a one-day course by Mark Minasi, author of the upcoming Mastering Windows Server 2008 from Sybex/Wiley

Schedule of dates and cities   Course Objectives     Course Outline     Course Materials    Bring a Class to Your Site  About the Instructor

Course Objectives

It's been five years since Microsoft delivered Windows Server 2003.  Soon, however, things will all change again when they release what has been known as Longhorn, but is now officially named "Windows Server 2008."  Whether you intend to roll out Server 2008 immediately or in three years, you need to know exactly what benefits, challenges, and opportunities this latest version of Server offers.  In one day, Windows expert, journalist, consultant and best-selling author Mark Minasi shows you what's on the horizon the good, the bad, the wonderful and the awful, and all in one day... with a chuckle or two thrown in. 

Key Seminar Benefits

  • Learn what changes your network will require to implement Server 2008
  • See demonstrations of many new Server 2008 technologies
  • Delve into how Server 2008's Read-Only Domain Controller (RODC) role works, and how it can make your security guys breathe a bit easier
  • Discover how Server 2008 makes Active Directory disaster recovery a lot easier in some ways, and a bit tougher in others
  • Check out the flexibility that 2008's new fine-grained passwords offer
  • Find out Server 2008's trimmed-down "Server Core" option, a very secure system that you control mostly from the command line

Course Outline

  1. Introduction:  Upgrading to 2008

    Adding Server 2008 to your network will probably be an easier move than was the path from NT to 2000, or 2000 to 2003.  But the upgrade and installation considerations aren't trivial.  This section introduces Server 2008's versions, upgrade tools and reviews the choices that you'll need to make.

    1. Hardware issues:  32/64 bit
    2. Server versions
    3. Upgrade paths
    4. Virtual licensing considerations
    5. 2008 setup

  2. Controlling Server 2008:  New Management Tools

    Windows 2000 Server brought new management tools in the form of the Microsoft Management Console (MMC), Windows Server 2003 built upon that with the Manage Your Server wizard, and Windows Server 2008 comes with its own management suite via a new application called Server Manager.

    1. Meet Server Manager
    2. Features versus roles
    3. Command-line management with servermanagercmd.exe

  3. Server 2008's Almost-New Improvements

    When comparing Server 2003 to Server 2008, you'll see a lot improvements that are quite useful, but that did not originate in Server 2008... instead, they debuted in Windows Vista.  This section quickly reviews what Vista technologies comprise part of the reasons to upgrade.

    1. Vista security carry-overs
    2. Vista system management changes used in Server 2008
    3. Vista networking changes affecting Server 2008

  4. Server Core:  Server Gets (Less) Graphic

    Possibly 2008's most significant new technology is Server Core, a version of server that follows old notion that dictum "less is more."  This section introduces you to this newest member of the Windows family.

    1. Server Core structural differences
    2. Controlling a Windows OS with a graphical user interface
    3. What Server Core can and can't do
    4. When is it right for you?
    5. Getting things done in Server Core

  5. Name Resolution Changes

    The two big players in the operating system market, Windows and Unix in its many flavors (Sun, Linux, Mac OS, etc) are alike in many ways, but how they handle names is different.  Windows supports an enterprise-level naming system in DNS, but is hobbled by the seemingly-inescapable limitations of WINS and NetBIOS.  How does Server 2008 change this?

    1. NetBIOS news
    2. How is Server 2008 without NetBIOS?
    3. DNS help for de-NetBIOSing:  DNAMEs

  6. Setting Up a Server 2008 Active Directory

    How to set up a 2008 based AD?  Isn't it just DCPROMO?  Well, yes, but...

    1. What isn't fixed in AD in 2008
    2. DCPROMO's New Face
    3. Scripting DCPROMO
    4. Server Core considerations
    5. Installation from Media (IFM)
      1. Debuted in 2003
      2. Faster way to create a new DC
      3. Procedure is completely changed in 2008

  7. Building Your Third DC:  Read-Only Domain Controllers

    Not only does 2008 deal a new sort of server in the form of Server Core, it also delivers a new and very interesting sort of domain controller -- a "Read-Only Domain Controller," or RODC.  As their name implies, RODCs are domain controllers, but they're limited in two ways:  first, they cannot make changes to the Active Directory database (so for example password changes and new account creation cannot happen on RODCs) and, second, they don't contain all of the domain database -- in fact, by default RODCs cannot perform any logons.  What the heck good is a DC that by default can't do authentications?  Join us for this section and find out why an RODC would be your third domain controller...

    1. How RODCs work
    2. How RODCs differ from NT 4 Backup DCs
    3. Creating the basic RODC
    4. Tricking out your RODC:  password caching
    5. RODCs and security
    6. Creating the perfect mix of DCs and RODCs
    7. Cleaning up after a stolen or damaged DC gets easier

  8. Better Password Control:  Server 2008's Fine-Grained Password Control

    Ask an administrator what he or she would most like to do with AD, but can't, and you'll often hear, "more flexible password policies."  2008 answers that request with something that Microsoft calls "fine-grained password policies."  Now you can require that Group A use complex passwords that they have to change every week, while letting Group B use five-character passwords that they needn't change more often than once a year.  Neat, eh?  Yes, it is, except actually creating those policies gets a little tricky...

    1. Password policy pieces:  components and requirements
    2. Creating password settings objects (PSOs)
    3. Conflicting PSOs:  who wins?

  9. AD Backups and Disaster Recovery

    Backing up domain databases has not changed since NT 3.1, to a certain extent.  But Server 2008 changes all the rules with two new technologies (well, two and a half).  2008 also adds a new, easier-to-maintain approach to AD databases, as you'll see in this section.

    1. AD snapshots
      1. Online copies of an AD... but that can't be restored
      2. Accessing and using snapshots
    2. AD backups, 2008 style
      1. VHD formats
      2. Implications for DC design... you'll want a few more drives
      3. Restoring AD backups
    3. Deletion protection:  by default, no one can delete an OU!
    4. Restartable AD
      1. An AD that you can stop without rebooting a DC
      2. What it can and can't do
  10. Network Quarantine with Network Access Protection (NAP)

    Many computers want to get onto your network:  consultant's laptops, employee machines that they've taken home and brought back, salespeople's machines... and you just know that they're all infested with worms, Trojans, and spyware, all waiting to pounce on your network.  But what if you could make your network a bit smarter, and a bit more suspicious of new hardware?  NAP lets you do that.  Whenever a system tries to acquire an IP address from your network, the network requires that system to first undergo a series of "health checks," like "what Service Pack are you running?," "When did you last scan for malware?" and the like and, depending on the results of the checks, your network then may choose to refuse to issue an IP address to the new system. 

    1. How NAP works
    2. What servers need to run NAP
    3. What clients need to participate in NAP
    4. Options for setup -- monitor or isolate

  11. Virtual Machine Technology and 2008

    While not precisely part of the product that ships as Server 2008, Microsoft's love affair with virtualization continues to blossom with some soon-to-arrive add-ons for Server 2008 that will make virtualization more and more "an offer you can't refuse"

    1. The enabling technologies:  Intel's Vanderpool and AMD's Pacifica
    2. "Viridian:"  Microsoft's hypervisor tool
    3. Virtual Server 2005 R2 SP1 improvements
    4. Comparing Viridian with VMWare's ESX and add-ons

  12. Group Policies in 2008

    Vista brought quite a number of changes to group policy, but Microsoft didn't get them all done in time for Vista... and so Server 2008 brings us some neat new group policy goodies, as you'll learn in this section

    1. The new Group Policy Management Console
    2. GPO comments
    3. Starter GPOs
    4. Searching group policy options

  13. Sharing Files in 2008

    Windows Server 2003 R2 brought a replacement for the File Replication Service in a tool called DFS-R.  (According to Microsoft, "DFS-R" doesn't stand for anything.)  Vista brought a replacement for the engine that's allowed file sharing in Microsoft networking since 1985 -- Server Message Block 2.0 or SMB v2.  Put 'em together and Server 2008 shakes things up just a trifle.

    1. DFS-R features and concepts
    2. SMB 2.0 features and concepts
    3. The big story:  Sysvol moves from FRS to DFS-R
    4. Examining the migration wizard

  14. Terminal Services in 2008

    Terminal Services offers remote control, application serving and centralizing computer resources.  But there's always been a feeling of a sort of incompleteness in Windows Terminal Services, inasmuch as, well, Citrix has always done a better job at application servers.  Server 2008 takes some large strides, however, and, um, "borrows" some great ideas from Citrix, as you'll learn in this chapter.

    1. Improved TS client
    2. Terminal Services Gateway:  skip the VPN to get to your servers and stay secure anyway
    3. Remote Applications:  delivering applications as terminal services sessions
    4. RDP over SSL:  Internet Explorer, Terminal Services and security, all in an easy package
    5. Better device support for remoting
    6. Other remote control for 2008:  winrs

  15. IIS 7.0

    One thing you can count on for every new version of Server is a bunch of big changes in Internet Information Server.  In that department Server 2008 does not disappoint, as IIS 7.0 is one very different Web server.

    1. Configuration via ASCII XML file for "xcopy deploy"
    2. Highly componentized for performance fine tuning and security
    3. Works on Server Core, although in limited fashion
    4. New CLI and GUI administration tools
    5. Completely revamped and improved FTP server

Course Materials and Course Format

The class works from PowerPoint presentations.  Every attendee gets a printed copy of the PowerPoints.  To make it possible to run this course in just one day, this runs in mainly lecture;/demo format.  You'll see Server 2008 run through its paces in a series of interesting and explanatory demonstrations.

Arranging a Course At Your Location

We offer this class as a public seminar occasionally; you can view the current schedule  But you needn't wait Mark can come to your organization to teach it on-site. On-site classes offer you the flexibility to lengthen or shorten the class, add hands-on labs, modify the course's focus and zero in on your group's specific needs.

Please contact our office at (757) 426-1431 between 12 Noon-5 Eastern time or email to discuss scheduling and fees.