Mastering Windows Server 2003

Mastering Windows Server 2003\ \ By Mark Minasi \ John Wiley & Sons\ ISBN: 0-7821-4130-7 \ \ \ Chapter One\ Windows Server 2003 Overview \ If you lived through the change from NT 4 Server to Windows 2000 Server, then you might be a bit gun-shy about Windows Server 2003; how much more will you have to learn, and how hard will it be? If so, then I have good news: while Server 2003 offers a lot of new stuff, there's not nearly as much new stuff-if 2000 was a tsunami, 2003 is just a heavy storm. (If, however, you're an NT 4 guy getting ready to move to 2003, then yes, there's a whole lot of new stuff to learn. But don't worry, this is the right book, and I'll make it as easy as is possible!)\ Clearly explaining what Server 2003 does is the job of the entire book, but in this chapter I'll give you a quick overview of what's new. I'm mainly writing this chapter for those who already know Windows 2000 Server and are looking for a quick overview of what's new in 2003, so if you're just joining the Microsoft networking family then don't worry if some of this doesn't make sense. I promise, in the rest of the book I'll make it all clear.\ Four Types of Server\ Once, there was just one kind of NT Server. Under 3.1 it was called NT Advanced Server 3.1, which confused people-was there a cheaper "basic" server available?-and so Microsoft just renamed it NT Server 3.5 for its second outing, and it stayed that way through NT Server 3.51. But with NT 4 came a slightlymore powerful (and expensive) version called Enterprise Edition, which offered a different memory model and clustering but not much else, so not many chose it.\ Pre-Server 2003 Varieties\ Under Windows 2000, the basic server was just called Windows 2000 Server, and Enterprise became Windows 2000 Advanced Server. It offered a bit more incentive to buy it than Enterprise had, but not much; its most enticing feature was a new tool called Network Load Balancing Module, something that Microsoft had purchased and decided to deny to the buyers of basic Server. (But it's now shipped in the basic Server, thankfully.)\ Microsoft also started releasing a third version of Server called Datacenter Server, but you couldn't just go to the store and buy it-they only "OEMed" it, which means that they allowed vendors to buy Datacenter and tune it very specifically for their particular hardware. The only way that you're going to get a copy of Datacenter is if you spend a whole lot of money on a high-end server computer, and then you get Datacenter with it.\ Should you feel left out because you can't buy a copy of Datacenter 2000 and slap it on your TurboClone3000 no-name Web server? Probably not. Yes, there are a few things that Datacenter 2000 can do that the others can't: eight-computer clusters is the main one, but for most of us the loss isn't great. Unfortunately, that changes with Windows Server 2003.\ Windows Server 2003 Flavors: Web Edition Makes Four\ As you'd expect, Microsoft introduced a number of new features with Windows Server 2003 but didn't make them available in all of the versions. It also added a new low-cost version, Web Edition, and reshuffled the features among the four versions. There are actually a whole pile of different versions of Server 2003 if you include the 64-bit versions, the embedded versions, and so on, but the main product grouping is the four "product editions":\ * Windows Server 2003, Standard Edition\ * Windows Server 2003, Enterprise Edition\ * Windows Server 2003, Datacenter Edition\ * Windows Server 2003, Web Edition\ I'm going to focus on Standard Edition in this book, but let's take a very quick look at each edition.\ "Regular Old Server" Gets a Name\ For the first time since 1983, the basic variety of server has a name; it is now Windows Server 2003, Standard Edition. (I suspect I may have to sue Microsoft for the extra carpal tunnel damage that I'm getting writing this book-where I could once just say "NT 4," now I'm typing half a sentence just to identify the product.) In general, it has just about all of the features that it did back when it didn't have a name.\ Standard Edition comes with a bunch of new features that are new to all of 2003's editions, as you'd expect, but it also comes with a bit of quite welcome news: Standard Edition includes Network Load Balancing (NLB). NLB's not new, as it was included in Windows 2000 Advanced Server, the more expensive version of Windows 2000 Server. But where Microsoft once required you to buy the pricier version of 2000 Server to get this very useful feature, it's now included in all four editions of Windows Server 2003. (You'll learn how to set it up in Chapter 6.) But that's not all that's new in Standard Edition-for instance, how does, "You finally get a complete e-mail server free in the box" sound? But I'm getting ahead of myself.\ Web Edition Debuts\ The newest and fourth option for Server is Web Edition. The idea is that Microsoft really wants their Web server, IIS, to completely crush, overtake, and overwhelm the competition: Apache and Sun Web servers. So they ripped a bunch of things out of Server and offered it to hardware vendors as an OEM-only copy of Windows Server 2003. It can only address 2GB of RAM (NT has always been able to access 4 or more GB) and cannot\ * Be a domain controller, although it can join a domain\ * Support Macintosh clients, save as a Web server\ * Be accessed remotely via Terminal Services, although it has Remote Desktop, like XP\ * Provide Internet Connection Sharing or Net Bridging\ * Be a DHCP or fax server\ So it's unlikely that you'll actually see a copy of Web Edition, but if you do, then don't imagine that you'll be able to build a whole network around it. As its name suggests, it's pretty much intended as a platform for cheap Web servers.\ What You're Missing: Enterprise and Datacenter Features\ Back in the NT 4 days, Microsoft introduced a more expensive version of Server called NT 4 Server, Enterprise Edition. It supported clusters and a larger memory model. When Windows 2000 Server came around, Microsoft renamed it Windows 2000 Advanced Server. With Server 2003, Microsoft still offers this higher-end version of Server, but with yet another name change. Now it's called Windows Server 2003, Enterprise Edition. Yes, you read that right: once it was Enterprise Edition, then it became Advanced Server, and now it's back to Enterprise Edition. (Don't shoot me, I just report this stuff.)\ Enterprise Edition still does clusters-four-PC clusters now. It also lets you boot a server from a Storage Area Network (SAN), hot-install memory like Datacenter can, and run with four processors.\ With Windows Server 2003, Microsoft has finally made me covetous of Datacenter. It has this incredibly cool tool called Windows Resource Manager that basically lets you do the kind of system management that you could do on the mainframe years and years ago. How'd you like to say to your system, "Don't let SQL Server ever use more than 50 percent of the CPU power or 70 percent of the RAM?" WRM lets you do that, and it only ships with Datacenter. Datacenter also now supports eight-PC clusters as well as hot-installing RAM-yup, that's right, you just open the top of the server while it is running and insert a new memory module, wait a second or two and poof! the system now recognizes the new RAM, no reboot required.\ XP Support Comes to Server\ For the first time in a long time, Microsoft shipped NT in two parts, delivering NT Workstation version 5.1-that is, Windows XP Professional and its sadly eviscerated sibling, XP Home-over a year earlier than its NT Server counterpart, Windows Server 2003. I don't think that Microsoft originally intended for there to be a year and a half interregnum, but that unintended extra time let Microsoft make Windows Server 2003 much more than "XP Server"-it's NT Server version 5.2.\ XP was a nice upgrade from 2000 Professional but not a great one, not a must-upgrade for current Windows 2000 Professional systems, but a very attractive step up for those running NT 4 or Windows 9x/Me on their desktops. Okay, I might have understated things a bit there-let's go back and italicize that "very." And for people running-auggh-Wintendo (9x and Me) put that "very" in double-sized bold text. (This assumes, of course, that you have the minimum reasonable hardware to run XP-128MB RAM and a 600MHz processor.) But, again, if you're already running 2000 Pro and you want some you-are-a-fool-if-your-company-doesn't-upgrade-to-XP reasons, then I can't help.\ But that doesn't mean that XP didn't introduce some neat features, and now with the introduction of Windows Server 2003, the server side of the NT house has them as well.\ XP Integration\ Windows 2000 Server came with a file named adminpak.msi, which would let you install all of the administrative tools for a 2000 network on a 2000 Pro desktop. I loved that, as NT Workstation never really did a great job as an administrator's desktop and I always ended up running Server as my desktop OS. But 2000 Pro was a different story; get adminpak.msi on the Win2K Pro box and you could do all the server administration that you wanted. But then XP arrived.\ I was perfectly happy with my Win2K desktop, but it's kind of my job to use the latest version of NT, so I upgraded to XP, only to immediately find that none of the server administration tools worked anymore-the only way to control my DNS server, AD domain controllers, DHCP server, and the like was by either keeping a Win2K machine around somewhere, walking over to the server to work on it, or just using Terminal Services to remotely control the server. It was irritating. Microsoft soon shipped a beta version of administrative tools that worked on XP, but I'm kind of leery of running my actual commercial network with beta tools, if you know what I mean.\ So it's good news that Server 2003 brings a welcome addition: a new set of administrative tools that run fine on XP.\ Server Understands XP Group Policies\ To my mind, XP's two absolute best features from an administrator's point of view were its remote control/support and software restriction capabilities. Both of those capabilities either absolutely require or considerably benefit from group policies, but Server 2000 knew nothing about them, and so required some tweaking to support XP-specific policies on a Windows 2000-based Active Directory. That's all taken care of now.\ New Free Servers: An E-Mail Server and SQL Server "Lite"\ Thank you, Microsoft.\ Not too many people remember this, but back when Server first came out, it wasn't all that impressive in terms of performance. But over time, it took market share away from network OSes that were, in many ways, faster, more flexible, or more reliable. How'd they do it? Many reasons, but I've always thought that there were two biggies. First, NT used the Windows interface, which meant that once you'd mastered Solitaire you were well on the way to administering an NT Server.\ The second reason was that NT came with a lot of stuff free in the box. From the very beginning, NT contained software that most vendors charged for. At one time, most server OS vendors charged for the TCP/IP protocol, but NT always had it. Ditto remote access tools, or Macintosh support, or a Web server, FTP, and a dozen other things. In terms of features, Microsoft made NT an attractive proposition.\ So I could never understand why they didn't include an e-mail server. Well, okay, I understood it-they wanted to sell you MS-Mail (you in the back there, stop laughing) or Exchange, and didn't want to offer a free alternative. But I've never understood that. Exchange is a mail server that, while powerful, is complex, difficult to set up, and expensive. Why not offer an e-mail server that is nothing more than an SMTP and POP3-based system? It would serve that five-person office well, and they're probably not about to buy Exchange. Nor would it keep the 100-person (or 100,000-person) enterprise from buying Exchange, as they're probably large enough that they want support of shared calendars, IMAP, mailbox forwarding, antivirus add-ons, and so on, and a super-basic POP3 service wouldn't do it.\ I got my wish. Windows Server 2003 in all flavors includes a POP3 service. The other part, SMTP, has always existed, so between the two of them, you've got a complete low-end mail server. Again, there are no hooks for antivirus software, no way to set a mailbox to automatically forward somewhere else, and no way to create an autoresponse message for a mailbox a la, "Jack doesn't work here anymore, please don't send anymore mail here to his address," but it may still do the job for you.\ The next goodie wasn't on my wish list, but I'll bet it was on a lot of other peoples': a free database engine. Even better, it's a free database engine that is a copy of SQL Server 2000, although with a "governor" and no administrative tools.\ For years, Microsoft has offered a thing called Microsoft Database Engine or MSDE. It was never generally available to NT users, but it was available to various groups of developers. The idea with MSDE was that Microsoft took SQL Server 2000-a fairly expensive piece of software-and crippled it in three ways:\ * First, they limited the database size to 2GB. That may not sound like much, but a "real" application of any size could grow beyond that in not too much time. But it's a great size for testing and developing database-driven apps, or for managing a database that will never get very big.\ * Second, they put a "throttle" (Microsoft's word) on it so that if more than five people access it, it slows down. Again, it's a barrier to using this for member registration on a thousand-member Web site, but fine for testing and small networks.\ * Finally, they do not ship any administrative tools for MSDE. If you want to do something as simple as changing the password on the default "sa" account, you'll have to do some scripting.\ None of that is intended to sound negative, even though it's true the MSDE is a severely cut-down version of SQL Server 2000. The price is right and once you get past the basic lack of admin interface-the hard part-then you'll find that it's a pretty nice add-on.\ General Networking Pluses\ XP's new networking features made it to Windows Server 2003, with some extras as well.\ NAT Traversal\ First, XP introduced NAT Traversal. For those who don't know what that is, NAT Traversal tries to solve the problem of "how do I communicate from inside one NAT network to another?"\ More specifically: suppose you've got a cable modem or DSL connection with a connection sharing device of some kind, like a DSL router. The DSL router has two IP addresses. First, there's the honest-to-God, fully routable IP address that it got from your Internet provider, connected to the DSL or cable modem connection. Then there's the connection to a switch that you've got all of your internal machines connected to-the old Windows 9x boxes, NT machines, 2000 systems, Macintoshes, or whatever. The DSL router's job is to share the one "legal" Internet address among several devices. But every device needs a unique IP address. Lots of devices, but just one IP address-what to do?\ As you may know, DSL routers solve this problem by giving all of the internal systems-those Windows, NT, 2000, and Mac machines-IP addresses from a block of addresses set aside to be nonroutable. Anyone can use them.\ Note By the way, if you've never worked with IP, don't worry too much about this-read Chapter 6 on the basics of TCP/IP on Server 2003. (Continues...)\ \ \ \ \ Excerpted from Mastering Windows Server 2003 by Mark Minasi Excerpted by permission.\ All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.\ Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site. \ \

IntroductionCh. 1Windows Server 2003 Overview1Ch. 2The Basics: Networking Software, Servers, and Security21Ch. 3Configuring Windows Server: The Microsoft Management Console45Ch. 4Configuring Windows Server: The Windows Server 2003 Registry79Ch. 5Setting Up and Rolling Out Windows Server 200395Ch. 6Understanding and Using TCP/IP in Server 2003189Ch. 7TCP/IP Infrastructure: DHCP, WINS, and DNS303Ch. 8Active Directory473Ch. 9Managing and Creating User Accounts683Ch. 10Managing Windows Server Storage829Ch. 11Creating and Managing Shared Folders911Ch. 12Software Deployment993Ch. 13Configuring and Troubleshooting Network Print Services1059Ch. 14Connecting Microsoft Clients to the Server1129Ch. 15Macintosh and Windows Server Integration1173Ch. 16Supporting Clients with Windows Terminal Services1225Ch. 17TCP/IP Server Services (IIS, NNTP, Telnet, SMTP, POP3, and FTP)1303Ch. 18Tuning and Monitoring Your Windows Server Network1443Ch. 19Preparing for and Recovering from Server Failures1493Ch. 20Installing and Managing Remote Access Service in Windows Server 20031573Ch. 21Novell NetWare and Windows Server1661Index1677

\ From Barnes & NobleThe Barnes & Noble Review\ In this corner…weighing in at just over seven pounds (and more than 1,750 pages…the defending heavyweight champion of the Windows server universe…Mark Minasi’s Mastering Windows Server 2003. \ Since the earliest Windows NT days, admins at every level have depended on Mark Minasi as the source for rock-solid reliable, usable Windows information.\ In the early days, frankly, they didn’t have many alternatives. NT was new and challenging to test. Many authors just parroted the “official line” from Redmond. The first Mastering Windows NT was a breath of fresh air. Minasi always ran down the details. When something didn’t work as it was supposed to (which was often), he’d tell you the real deal -- in depth. The books were big but wonderfully readable: Minasi’s writing voice captured the singular humor his thousands of seminar attendees knew well.\ Well, a lot’s happened since then. There are several excellent Windows Server books now. We wondered how Mark’s new edition would stand up to them. We’re happy to report that this edition’s better than ever. A lot better.\ Recognizing that few companies are going to rip out the Windows 2000 Server investments they’ve only recently made, Minasi has written a book that’s perfect for mixed Win2K/2003 environments.\ For example, Minasi’s 200-page chapter on TCP/IP infrastructure adds an outstanding discussion of “split-brain DNS”: presenting one set of DNS names to your private intranet and a different set to the world. For security reasons, this strategy makes sense for over 90 percent of AD deployments. We’ve never seen it explained as clearly -- and this stuff is equally doable under Win2K and Windows Server 2003.\ Similarly, Windows Server 2003’s Mac client support hasn’t changed much. But the Mac has. So Minasi brought aboard “Mac geek” C. A. Callahan to completely revamp the book’s Mac chapter for OS X clients.\ Of course, in 1,750 pages, there’s plenty of room for the stuff that is new in Windows Server 2003. For instance, the Resultant Set of Policies tool, which lets you troubleshoot group policies before you unleash them on the unwitting masses. Or the solid coverage of the safer, more robust IIS6 (just one example of Microsoft’s -- and Minasi’s -- greater focus on security).\ Nor does Minasi scant the implications of all that security. (For example, domain logons from ancient Windows for Workgroups or DOS workstations aren’t supported anymore, unless you deliberately downgrade security -- but there’s a workaround that’ll get folks the data they need without a domain logon.)\ Finally, cool 21st-century stuff notwithstanding, you’ve still got to support printers and file sharing. Minasi takes you into every nook and cranny of Windows Server 2003’s file/print support.\ As you can probably tell, we admire Minasi’s work -- but we’re not alone. He recently won CertCities’ Readers Choice Award for Favorite Technical Author. That’s doubly impressive because Minasi’s books aren’t even written primarily for the certification candidates that hang out at CertCities.\ Though you sure can’t go wrong using this book to prep for your MCSA or MCSE. And if you’re responsible for a Windows network -- 2003, 2000, or both -- you’ve gotta have it. Bill Camarda\ Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.\ \ \