Technology and Gadget For Your Life

Posts Tagged ‘2008’

Componentization with a purpose

Microsoft has absolutely rearchitected Windows Server to be functionally componentized, a major change that has wide-reaching ramifications. At a high level, componentization grants for a more easily serviceable system, both for Microsoft and its customers. It also provides for a more secure and reliable system, because communication and dependencies between individual components is kept to a minimum.

More specifically, componentization enables some of Windows Server 2008′s most exciting new functionality, such as its image-based deployment facilities, roles-based management, and Server Core.

Server Manager

While previous versions of Windows Server featured separate management consoles for all of the various roles and features in the OS and, in Windows Server 2003, a simple Manage Your Server dashboard, Windows Server 2008 provides the new Server Manager. This is a true one-stop shop for regular management needs and is the only tool that many Windows administrators will need to use on a regular basis.

The MMC-based Server Manager provides a individual interface for managing apiece installed role and feature on the system, including Active Directory Domain Services, Application Server, DHCP Server, DNS Server, File Services, Terminal Services, Web Server, and many others. It also includes numerous valuable troubleshooting tools like Event Viewer, Services, and Reliability and Performance utilities, configuration tools like Task Scheduler, Windows Firewall, WMI Control, and Device Manager, and the new Windows Server Backup.

What makes Server Manager even more useful is that apiece section of the console’s UI gets its own dedicated home page, apiece of which includes information pertinent to the role or feature at hand, along with links to fix problems, get more information, and access other tools. It’s a thoughtful, well-designed application, both logical and useful.

Server Core

Unlike previous Windows Server versions, most Windows Server 2008 product editions can be installed in two modes, the traditional GUI-based server we’ve had since Windows NT 3.1 and a lightweight new command line-based environment called Server Core. In this new installation mode, Microsoft has stripped out virtually all the GUI, so there’s no shell (Start Menu, taskbar, Explorer windows, etc.), and tiny in the way of end individual applications; such things as Windows Media Player, World wide web Explorer, and Windows Mail are all missing, though a few GUI-based applications, like Notepad and Task Manager, are still available. For the most part, the only individual interface you’ll see in Server Core is a single command line window floating over an empty blue backdrop. It’s the eventual anti-demo.

So what’s the point? Server Core is designed to reduce the attack surface of the server to be as small as possible. As such, a Server Core install is also more limited than that of a standard Windows Server 2008 installation. It supports just nine roles, including AD, AD LDS, DHCP, DNS, File, Print, Virtualization (Hyper-V), Web Server, and WMS, compared to 18 roles in the full server.

Because Server Core is still Windows Server 2008, all of the familiar GUI-based management tools will work just fine remotely against this server. What won’t work, in addition to the missing roles, is anything that requires a true GUI or the .NET Framework. This cancels out some key Windows Server 2008 functionality, unfortunately, including ASP .NET: Server Core’s Web Server role is pretty much static only, supporting only older, non-.NET technologies like ASP.

My expectation is that Server Core will establish hugely favourite as an infrastructure (AD, DNS, DHCP, file, print) server and as a low-cost, low-end Web server. It’s a product that should compete well with Linux-based solutions.

BitLocker Full-Drive Encryption

BitLocker is a full-drive encryption solution that first debuted in Windows Vista as a way to protect data stored on easily lost and stolen executive notebook computers. It requires TPM 1.2-based hardware to store encryption keys and can be configured via Group Policy.

On the server, BitLocker is particularly valuable for machines stored in branch offices, because those servers are often less well physically fortified than the machines back in the home office. If a thief walks off with a BitLocker-protected server, they won’t be healthy to access any of the data stored on the system’s hard drives. BitLocker also works really well with some of the other technologies discussed here to create a truly secure and useful branch office solution. (See the RODC section below for an example.)

Read-Only Domain Controller

Read-Only Domain Controller (RODC) is new functionality that grants administrators to optionally configure the AD database as read-only, where only locally cached individual passwords are stored on the organisation and AD replication is unidirectional, rather than bidirectional.

So why would you want to do this? Today, many organizations are installing servers in branch offices and other remote locations, and these servers often connect back to the home office using slow or unreliable WAN links. That makes AD replication–and even authentication–an arduous and lengthy process. With RODC, the server is typically set up and configured in the home office, shipped to the remote location, and then switched on. From then on, only the individual obloquy and passwords of users who hit the server locally–and not the administrator account–are cached locally on the server.

Like BitLocker, RODC is an excellent solution for physically insecure remote servers. Indeed, if you combine RODC with other new Windows Server 2008 technologies like BitLocker and Server Core, you can configure the most secure remote server possible. That way, even hackers who acquire physical control of the server can’t take over your network. And removing the stolen RODC from your AD is as simple as checking a switch: Only those users who logged on to that organisation will need to change their passwords. You won’t have to institute an organization-wide emergency, because most users’ accounts will not have been cached on that machine.

RODC is somewhat limited in that it can only support a subset of the roles and functionality normally supported on Windows Server 2008. For example, RODC-based servers can support technologies such as ADFS, DHCP, DNS, Group Policy (GP), DFS, MOM (Microsoft Operations Manager), and SMS (System Management Server).

Internet Information Services 7

The new Web server in Windows Server 2008 is driven by a major new update to World wide web Information Services (IIS). Like the server itself, IIS 7 is absolutely componentized so that only those components needed for the desired configuration are installed and, thus, need to be serviced. It sports a drastically improved management console, supports xcopy Web application deployment and delegated administration, and is backed by a new .NET-based configuration store, which replaces the previous, monolithic, configuration store.

Terminal Services

Terminal Services (TS) sees some major changes in Windows Server 2008. The new TS RemoteApp functionality grants admins to remotely deploy individual applications to desktops, instead of entire computer environments, which can be confusing to users. These applications download and run on individual desktops and, aside from the initial logon dialog box, function and look nearly exactly as they would were they installed locally. This functionality requires the new Remote Desktop client, which shipped in Windows Vista and can be downloaded for Windows XP with SP2 and above.

TS Gateway lets you tunnel TS sessions over HTTPS outside the corporate firewall, so that users can access their remote applications on the road without having to configure a VPN client. This is particularly useful because VPN connections are often blocked at wireless access points, whereas HTTPS rarely is.

TS gets a few small but useful changes as well. These include TS Simple Print, which makes it simple to print to local printers from remote sessions, 32-bit color support in TS sessions; and seamless copy and paste operations between the host OS and remote sessions.

Network Access Protection

Microsoft first planned to ship simple and easily configurable network quarantining functionality in Windows Server 2003, but it’s here at last with Network Access Protection (NAP). This feature grants you to setup security policies for your network: When a client system connects, NAP examines the device to make sure it meets the stipulations of your security policies. Those that do are granted online. Those that do not–typically machines that only connect infrequently to the network, such as those used by travelling employees–are pushed aside into a quarantined part of the network, where they can be updated. How these updates happen depends on the configuration of your environment, but once that’s complete, the system is given full access again and granted back on the network. NAP includes remediation failback to Windows Update or Microsoft Update if the local Windows Server Update Services server is unavailable, and compatibility with Cisco’s Network Admission Control (NAC) quarantining technologies.

Windows Firewall

For the first time, Windows Server ships with a firewall that is enabled by default. The new Windows Firewall is bidirectional and works seamlessly with all of the roles and features you can configure in Windows Server 2008. In fact, the Firewall is part of the new roles-based management model: As you enable and disable various roles and features, Windows Firewall is automatically configured in the background so that only the required ports are opened. This is a major change, and one that could hamper compatibility with third celebration products, so testing will be crucial.

Command line and scripting goodness

Those who like to automate their servers will rejoice at the new command line and scripting enhancements in Windows Server 2008, though I’m a bit concerned by the haphazard and temporary nature of some of these changes. In this version of Windows Server, we’re seeing the beginning of the transition from the old DOS-like command line to the new .NET-based PowerShell environment. For now, however, you’ll need to have a toe in both environments to ideal take advantage of the new capabilities. Server Core, for example, does not support PowerShell.

One the command line side, we get two major additions: A Server Core management utility called oclist.exe and a command line version of Server Manager called servermanagercmd.exe. Both are designed with the same premise, providing ways to configure and manage the roles that are doable under apiece environment.

PowerShell is a complex but technically impressive environment, with support for discoverable .NET-based objects, properties, and methods. It provides all of the power of UNIX command line environments with none of the inconsistencies. The issue, of course, is whether Windows-based administers will swiftly move to this new command line interface. Sadly, Windows Server 2008 doesn’t help matters much: It doesn’t ship with any PowerShell commandlets–fully contained scripts that can be executed from the command line–that can handle common management tasks. Microsoft tells me it will ship Windows Server 2008 commandlets on its Web site over time, however, and it anticipates a healthy community to swiftly evolve as well.

Hyper -V

One of the most important and future-looking technologies in Windows Server 2008 isn’t even acquirable in the initial shipping version of the product. Instead, Microsoft is shipping a beta version of its Hyper-V virtualization platform with Windows Server 2008 and will update it automatically when the technology is finalized sometime after mid-2008. Hyper-V is a hypervisor-based virtualization platform that brings various performance advantages when compared to application-level virtualization platforms like Virtual Server. Compared to market leader VMWare, Microsoft’s offering is immature and unproven, but its inclusion in Windows Server 2008 is sure to garner Microsoft some attention and market share. And there are advantages to this bundling: From a management perspective, Hyper-V is installed and managed as a role under Windows 2008, just like DHCP, file and print services, and other standard roles. That means it’s simple to configure, manage, and service.

Find more Data Admin articles from search form.

Windows Server 2008 R2 is the server version of Windows 7. It is built on the same Windows NT version (6.1) as Windows 7 is. Even though it is designed to be as secure as doable and focus on background processes, it can be configured to function like a desktop operating system.

The first thing you’d probably want to do is enable wireless LAN:

Open Server Manager
Select Features from the tree-view on the left
Click Add Features
Check Wireless LAN

At this stage you can also install the Desktop Experience feature but make sure you have downloaded and installed the your graphics card driver beforehand.

Check Desktop Experience (along with .NET Framework 3.5.1)
Click Next
Wait for features to be installed and configured and personal to restart

Now that you have your video card driver and desktop experience installed, you can enable the aero theme by doing the followning:

Open Services
Click on Themes and the service
Set it to Automatic and click Apply.
Right-click on the desktop and choose Personalize
Choose the Windows 7 theme

You can also download more Windows 7 themes and backgrounds from here and use one of them if you desire. Now, you might be wondering why you can’t hear any sounds. To fix this:

Open Services
Click on Windows Audio and begin the service

Set it to Automatic and click Apply.
Click on Windows Audio Endpoint Builder and begin the service
Set it to Automatic and click Apply.
Right-click on the desktop and select Personalize

Click on Sounds (along the bottom)
Change Sound Scheme to Windows Default

By default, a Windows Server operating system tells the processor to give priority to the background services since 90% of the time there is no individual using the organisation to open any applications. But to ensure your applications get all the processor power they need, follow these steps:

Open Advanced System Settings (in personal properties)
Go to the Advanced tab
Click Settings in the Performance group-box
Go to the Advanced tab
Select Programs under Processor Scheduling
Click Apply

You might have noticed that World wide web Explorer blocks many websites, this is because Internet Explorer Enchanced Security (IE ESC) is enabled. To disable it:

Open Server Manager
Go to the root of the tree-view
Scroll down to Securtiy Infomation
Click Configure IE ESC
Select Off for your desired individual group(s)
Click Apply

Server operating systems rely very much on logs so that the server administrator knows what problems have occurred and possibly why. This is why it asks you for a reason that the server’s being shutdown. If you’d rather not have this then:

Open Run (from the Start menu)
Type gpedit.msc and click OK
Expand Administrative Templates (under Computer Configuration)
Select the System folder below
In the right pane, locate then open Display Shutdown Event Tracker
Choose Disable
Click Apply

If you are fussed about having to press CTRL+ALT+DEL before you enter your password for login then do this:

Open Local Security Policy (under Administrative Tools)
Expand Local Policies
Select Security Options
In the right pane, locate Interactive logon: Do not require CTRL+ALT+DEL
Open it and choose Enabled
Click Apply

That concludes this article, I hope this has been of great help to you. If you have any problems or queries then please comment.

Until next time,

Kind Regards,

Rob Nox

Find more Query Builder articles from search form.