Visit us at w w w s y n g r e s s c o m Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our customers We are also committed to extending the utility of the book you purchase via additional materials available from our Web site SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions Once registered, you can access our solutions@syngress.com Web pages There you may find an assortment of valueadded features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s) ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form These e-books are often available weeks before hard copies, and are priced affordably SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations Contact us at sales@syngress.com for more information CUSTOM PUBLISHING Many organizations welcome the ability to combine parts of multiple Syngress books, as well as their own content, into a single volume for their own internal use Contact us at sales@syngress.com for more information.use Contact us at sales@syngress.com for more information This page intentionally left blank Brien Posey Technical Editor Colin Bowern Jeffery Martin John Karnay Arno Theron Mohan Krishnamurthy Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) not guarantee or warrant the results to be obtained from the Work There is no guarantee of any kind, expressed or implied, regarding the Work or its contents The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents Because some states not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files Syngress Media® and Syngress®, are registered trademarks of Elsevier, Inc Brands and product names mentioned in this book are trademarks or service marks of their respective companies KEY 001 002 003 004 005 006 007 008 009 010 SERIAL NUMBER HJIRTCV764 PO9873D5FG 829KM8NJH2 BPOQ48722D CVPLQ6WQ23 VBP965T5T5 HJJJ863WD3E 2987GVTWMK 629MP5SDJT IMWQ295T6T PUBLISHED BY Syngress Publishing, Inc Elsevier, Inc 30 Corporate Drive Burlington, MA 01803 The Real MCTS/MCITP Exam 70-643 Prep Kit Copyright © 2008 by Elsevier, Inc All rights reserved Printed in the United States of America Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication Printed in the United States of America ISBN 13: 978-1-59749-247-8 Publisher: Andrew Williams Acquisitions Editor: David George Technical Editor: Brien Posey Project Manager: Gary Byrne Page Layout and Art: SPI Copy Editors: Audrey Doyle and Adrienne Rebello Indexer: Nara Wood Cover Designer: Michael Kavish For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights, at Syngress Publishing; email m.pedersen@elsevier.com Technical Editor Brien Posey is a freelance technical writer who has received Microsoft’s MVP award four times Over the last 12 years, Brien has published over 4,000 articles and whitepapers, and has written or contributed to over 30 books In addition to his technical writing, Brien is the cofounder of Relevant Technologies and also serves the IT community through his own Web site Prior to becoming a freelance author, Brien served as CIO for a nationwide chain of hospitals and healthcare facilities and as a network administrator for the Department of Defense at Fort Knox He has also worked as a network administrator for some of the nation’s largest insurance companies Brien wishes to thank his wife, Taz, for her love and support throughout his writing career v Contributing Authors Colin Bowern is the vice president of technology at official COMMUNITY in Toronto, Canada Through his work with the clients, Colin and the team help recording artists build and manage an online community to connect with their fans Colin came to official COMMUNITY from Microsoft, where he was a senior consultant with the Microsoft Consulting Services unit working with enterprise customers on their adoption of Microsoft technology During his time at Microsoft, Colin worked with several product groups to incorporate customer feedback into future product releases, as well as the MCSE certification exam development Colin holds two Microsoft DeliverIt! awards for work done within the financial industry in Canada for driving the adoption of NET as a development platform and developing an SMBIOS inventory tool that was incorporated into the Windows Pre-installation Environment Colin has delivered a number of in-person and Microsoft Developer Network (MSDN) webcast sessions since the early part of the decade on topics ranging from NET Development to infrastructure deployment with the Microsoft platform In addition to technical talks, Colin participates in the community through active contributions on the MSDN and ASP.NET Forums, publishing code examples, sharing experiences through his blog, and attending local user group events Colin has been a technical reviewer for Addison-Wesley’s NET development series, the Windows Server 2003 series from Microsoft Press, and has coauthored a Windows Server 2003 MCSE study guide for Syngress Publishing In addition, he holds a Masters of Science degree from the University of Liverpool John Karnay is a freelance writer, editor, and book author living in Queens, NY John specializes in Windows server and desktop deployments utilizing Microsoft and Apple products and technology John has been working with Microsoft products since Windows 95 vi and NT 4.0 and consults for many clients in New York City and Long Island, helping them plan migrations to XP/Vista and Windows Server 2003/2008 When not working and writing, John enjoys recording and writing music as well as spending quality time with his wife, Gloria, and daughter, Aurora Jeffery A Martin, MS/IT, MS/M (MCSE, MCSE:Security, MCSE: Messaging, MCDBA, MCT, MCSA, MCSA:Security, MCSE:Messaging, MCP+I, MCNE, CNE, CNA, CCA, CTT, A+, Network+, I-Net+, Project+, Linux+, CIW, ADPM) has been working with computer networks for over 20 years He is an editor, coeditor, author, or coauthor of over 15 books and enjoys training others in the use of technology Mohan Krishnamurthy Madwachar (MCSE, CCA) is the GM – Network Security at Almoayed Group in Bahrain Mohan is a key contributor to Almoayed Group’s projects division and plays an important role in the organization’s network security initiatives Mohan has a strong networking, security, and training background His tenure with companies such as Schlumberger Omnes and Secure Network Solutions India adds to his experience and expertise in implementing large and complex network and security projects Mohan holds leading IT industry-standard and vendor certifications in systems, networking, and security He is a member of the IEEE and PMI Mohan would like to dedicate his contributions to this book to his friends: Pankaj Sehgal,V.P Ajan, Anand Raghavendra Rao,Vijendran (Vijay) Rao, Neeti (D’lima) Rodrigues, Ali Khan,Vishnu Venkataraman, Azeem Usman Bharde, Hasan Qutbi, Dharminder Dargan, Sudhir Sanil, Venkataraman Mahadevan, Amitabh Tiwari, Aswinee Kumar Rath, Rajeev Saxena, Rangan Chakravarthy, and Venkateswara Rao Yendapalli Mohan has coauthored five books published by Syngress: Designing & Building Enterprise DMZs (ISBN: 1597491004), Configuring Juniper Networks NetScreen & SSG Firewalls (ISBN: 1597491187), How to Cheat at Securing Linux (ISBN: 1597492078), How to Cheat at Administering Office Communications Server 2007 (ISBN: 1597492126), and Microsoft Forefront Security Administration Guide (ISBN: 1597492447) He also vii writes in newspaper columns on various subjects and has contributed to leading content companies as a technical writer and a subject matter expert Arno Theron (ITIL Service Foundation, MCSA, MCSE: Messaging, MCITP, MCTS, and MCT) is an independent information security professional with seven years’ network/server administration experience and six years’ IT training experience as a Microsoft Certified Trainer He is dedicated to improving training policy and implementation with high-quality technical information Arno has previously contributed to Syngress Publishing’s Microsoft Forefront Security Administration Guide (ISBN 978-1-59749-244-7) Arno is currently involved with designing and improving large-scale solutions and adapting such solutions to comply with Microsoft Operation Framework viii Contents Foreword xix Chapter Deploying Servers Introduction Installing Windows Server 2008 Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008 Installing Windows Server 2008 Enterprise Edition What Is New in the AD DS Installation? 21 Installing from Media 37 Installing Server Core 38 The Windows Deployment Service 41 What Is WDS? 42 Configuring WDS 43 Capturing WDS Images 51 Deploying WDS Images 52 Configuring Storage 54 RAID Types 55 Network Attached Storage 56 Storage Area Networks 57 Fibre Channel 59 iSCSI 60 iSCSI Initiators and Targets 60 Mount Points 62 Configuring High Availability 65 Failover Clusters 65 Installing and Validating a Failover Cluster 66 Managing the Failover Cluster 68 Network Load Balancing 69 Configuring Windows Activation 73 Using Multiple Activation Keys 74 Using Key Management Service Keys 74 License States 75 Reporting 76 Installing a KMS 76 Creating a DNS SRV Record 78 ix Index Dynamic Host Configuration Protocol (DHCP), 49 dynamically expanding virtual hard disks, 114 E editions, Windows Server 2008 differences of, 268 features, 155 e-mail incoming, SharePoint configuration, 214–221 integration with SharePoint Services, 214 outgoing, SharePoint configuration, 221–222 e-mail, incoming groups, configuring, 219–221 lists/libraries, configuring, 218–219 server-level incoming, 217–218 SharePoint configuration of, 214–215 SharePoint Services components and, 269 SMTP service, configuration of, 215–216 encoder, 152 Encrypting File System, encryption, 324–325 end users, 235 enterprise, e-mail integration in, 214 error message FTP service messages, 391 of unauthorized page access, 335–336 error pages, IIS, 300–303 event notification, Media Server, 185–187 Exchange Server, 214 exclusion policies, AD RMS application, 257–259 overview of, 255 user, 256–257 Windows Live IDs, 256 expression encoder, 152 extended validation certificate, 324–325 F fabric technology, 58 failed request tracing, 349–352 failover clusters description of, 65–66 improvements in Windows Server 2008, 84 installation/validation of, 66–68 management of, 68–69 Farm Administrators Group, 225 Feature Delegation module, 346 FEC (Forward Error Correction), 191 Fibre Channel overview of, 59–60 SAN connection via, 57, 58 Fibre Channel Host Bus Adapter (HBA), 60 Fibre Channel Protocol (FCP), 59 File Services Role, 6–7 File Transfer Protocol (FTP) server, 378–384 File Transfer Protocol (FTP) sites application pool, 393 creating, 384–387 directory browsing, 388–389 Firewall Support feature, 389–390 messages, 390–391 security for, 394–406 virtual directory, 392 Web site-bound FTP site, 387 File Transfer Protocol (FTP) sites, securing, 394–406 authentication, 400–401 authorization, 401–404 transport security, 394–400 User Isolation feature, 405–406 File Transfer Publishing Service (FTP) description of, 376–377 function of, 376 installation of, 378–384 overview of, 428–430 provisioning FTP sites, 384–393 www.syngress.com 641 642 Index File Transfer Publishing Service (FTP) (Continued) security for FTP site, 394–406 setting up, 431 filtering, request, 339–341 Firewall Support feature, 389–390 firewalls, 382 fixed virtual hard disks, 114 Flip4Mac, 152 folder access restriction, 334–335, 402–403 authentication, enabling basic, 329 conversion to application, 393 conversion to Web application, 309–310 forest installation of, 23–36 preparation for installation, 22 Forest Discovery Scope, 466–467 forms authentication module, 330 Forward Error Correction (FEC), 191 free space, 20–21 FTP See File Transfer Protocol (FTP) sites; File Transfer Publishing Service G gateway advertisements, 179 geographical cluster (geocluster), 65–66 globally unique identifier (GUID) partition table (GPT) disks, 69 grace period, licensing, 503 Group Policy Object (GPO) Terminal Services Gateway settings, 549–552 TS load balancing configuration through, 534–537 groups creating with SharePoint, 225–229 e-mail, configuring, 219–221 Super User, AD RMS, 260–261 guests, 102–103 www.syngress.com H hard disks, 113–115, 132 hardware RAID, 55 hardware requirements for Hyper-V, 111–112 for Windows Server 2008 Enterprise Edition, 10 headers custom response headers, 304–305 host headers and FTP, 385–386 host headers and SSL, 319–320 health, IIS tools for, 348–353 high availability description of, 65 failover clusters, 65–69 network load balancing, 69–73 overview of, 83 high-demand content delivery, 159–160 horizontal scaling, 521–522 HOST command, 386 host headers FTP and, 385–386 SSL and, 319–320 HTTP Redirect module, 303–304 hypercalls, 102 Hypertext Transfer Protocol (HTTP) compression settings in IIS, 358–359 vs RTSP, 163–164 Hyper-V See Windows Server Hyper-V Hyper-V Manager Window, 119 hypervisor hardware tests, 112 Hyper-V, description of, 95–96 overview of, 101–103 I IFM (install from media), 37–38 IIS See Internet Information Services IIS_IUSRS Group, 318 Image unattend file, 52 images, WDS Index capturing, 51–52 deploying, 52–54 name of, 86 inheritance, 318 initiators, iSCSI, 60–62 install from media (IFM), 37–38 install image, 51 installation of AD RMS, 246–252 of failover clusters, 66–68 of File Transfer Publishing Service (FTP), 378–384 Hyper-V, 105–108, 121 of Key Management Service, 76–78 of Network Load Balancing, 525–531 of Remote Server Administration Tools, 167–169, 290–292 of Server Core, 38–41 SharePoint Services, 198–205 of SMTP Server, 408–410 of Terminal Services Client Access Licenses, 475–485 of TS Session Broker, 522–525 Windows Media Server, 160–165 Windows Media Server on Server Core, 166–167 See also Windows Server 2008, installation of integrated Windows authentication, 425 integration components, for VMs, 95 Intel Virtualization Technology, 106 Internet Information Services (IIS) authentication modules, 327–333 deployment scenarios, 282–283 differences in Windows editions, 281–282 features in Windows Server 2008, 276–281 installation of, 284–292, 365 migrating from previous releases, 317 Net Trust Levels, 341–342 provisioning Web sites, 292–306 transport security, 318–327 Web applications, configuring, 306–317 See also File Transfer Publishing Service (FTP); Simple Message Transfer Protocol (SMTP) Server Internet Information Services (IIS), management of, 342–362 backup/restore of server configuration, 361–362 configuration, delegation, 342–346 health, diagnostics, 348–353 overview of, 366–367 remote administration, 347–348 scaling Web farm, 353–361 Internet Information Services (IIS) Manager failed request tracing, 349–352 remote administration with, 347–348 Internet Information Services (IIS) Media Pack, 149–151 Internet Small Computer System Interface (iSCSI), 60–62 IP address redirection with TS Session Broker, 531–532 in Web site creation, 294 in Windows Server 2008 forest installation, 31–32 IP authorization access restriction with, 337–338 for FTP site, 403–404 Windows Media Server, 182 WMS, enabling, 183–184 IPSec, 62 iSCSI (Internet Small Computer System Interface), 60–62 isolation, 405–406 K Kerberos, 204–205 Key Management Service (KMS) www.syngress.com 643 644 Index Key Management Service (KMS) (Continued) DNS SRV record, creation of, 78–79 enabling clients to use, 79 installation of, 76–78 reasons for, 85 Key Management Service (KMS) keys choice of, 77 for Windows activation, 73, 74–75 keys SSL/TLS certificate process, 318–319 for Windows activation, 73 L LDAP routing, 422–423 libraries, 218–219 license mode, Terminal Server, 446–448 license reporting, 76 license server, 152 license states, 75 licensing activation from command prompt, 80 DNS SRV record, creation of, 78–79 extension of evaluation copy, 85 grace period, 503 Key Management Service, 74–75 Key Management Service, installation of, 76–78 KMS, enabling clients to use, 79 license states, 75 Multiple Activation Keys, 74 Terminal Services Licensing Manager, 515 Windows activation, configuration of, 73–74 licensing role service, TS installing on existing Terminal Server, 450–452 installing on separate server, 453–454 installing/activating, 459–461 overview of, 501–502 www.syngress.com licensing server, TS activating, 454–466 installing, 449–454 recovering, 485 limits, 190–191 Linux, 104 lists incoming e-mail, configuring, 218–219 permissions, 227 live broadcast content delivery, 158–159 load balancing with Media Server, 191 scaling Web farm with NLB, 359–361 load balancing, Terminal Services, 521–537 configuration of, 522–531, 586 configuration through Group Policy, 534–537 DNS round-robin feature, 532–534 importance of, 521–522 overview of, 583 techniques for, 522 TS Session Broker redirection modes, 531–532 local group, 525 location locking, 345–346 logging activity logging in IIS, 352–353 activity logging SMTP server, 416–417 application logging with WSRM, 520–521 Media Server activity, 185–187 SharePoint diagnostics, 242–243 users off from Terminal Services, 580–581 WSRM application logging, 520–521 M Mac OS X, 97–98 machine.config file, 343 mail See e-mail; Simple Mail Transfer Protocol (SMTP) Server MAKs See Multiple Activation Keys Index Management Service module, 347–348 management tools, of Terminal Services, 512–515 many-to-many mapping, 331–332 mapping Active Directory Certificate Mapping, 369 client certificate, 331–333 Media Pack, IIS, 149–151 memory, 118 memory pool, 103 messages limits for SMTP virtual server, 417–419 SMTP server and, 407 SMTP server delivery options, 419–422 Messages feature, of FTP Publishing Service, 390–391 Microsoft, virtualization strategy of, 94–96 Microsoft Operations Framework (MOF), 2–3 Microsoft Solutions Framework (MSF), 2–3 Microsoft Windows System Resource Manager, migration, to VMs, 121–127, 137–138 MIME types, 305–306 MOF (Microsoft Operations Framework), 2–3 monitoring Terminal Services tools for, 512–515 TS sessions, 577–578 mount points, 62–64 MSF (Microsoft Solutions Framework), 2–3 Multiple Activation Keys (MAKs) choice of, 77 KMS keys and, 85 for Windows activation, 73, 74 NET Framework IIS and, 281 IIS NET Trust Levels, 341–342 NET interface for remote administration of IIS on Server Core, 292 for remote IIS administration, 383 NET Trust Levels, 341–342, 369 Network Access Protection (NAP), 84 Network Attached Storage (NAS) benefits/drawbacks of, 56–57 SAN vs., 58 network connectivity, 154 Network Load Balancing (NLB) installation of, 525–531 installation/configuration of, 70–73 scalability of, 69–70 scaling Web farm with IIS, 359–361 for TS load balancing, 522 network operating system (NOS), 2–3 Network Policy and Access Services (NPAS), network virtualization description of, 97 optimizing, 133–135 New Virtual Hard Disk Wizard differencing drive, creating with, 129 overview of, 113–115 NLB See Network Load Balancing NLB Manager, 515 nodes, 69 NOS (network operating system), 2–3 NPAS (Network Policy and Access Services), NTFS ACL authorization, 182 NTLM, 204–205 N NAP (Network Access Protection), 84 NAS See Network Attached Storage negotiate authentication, 181 O OCLIST command, 288 OEM keys, 73 on-demand, 169–173 www.syngress.com 645 646 Index on-demand content delivery, 158 one-to-many mapping, 331–332 Operating System (OS), 116 optimization virtual network, 133–135 virtual server, 138–139 origin server, 151 outbound connections, 420–421 outbound security, 420 outgoing e-mail, 221–222 output caching, 354–356 P partition hypervisor, 102–103 in Windows Server 2008 installation, 18–19 passive FTP mode, 390 password Directory Services Restore Mode Administrator Password, 33–34 SSL/TLS certificate process, 319 Windows Media Server, 181 in Windows Server 2008 forest installation, 33–34 permissions delegating for contact record creation, 216–217 FTP site authorization, 402–403 group, with SharePoint, 227–229 IIS NET Trust Levels, 341–342 levels, creating with SharePoint, 229 RDP, 568–572 session, for Terminal Services, 574–576 with URL authorization, 333–336 personal permissions, 229 PHP, 315–317 physical to virtual (P2V) migration, 121–127, 137–138 player, 152 playlists www.syngress.com publishing points and, 174–176 server-side, modifying, 177–179 Plug and Play (PnP), 490–491 policies exclusion, AD RMS, 255–259 output caching, 354–356 templates, AD RMS, 259–260 of WSRM, 516 pool, memory, 103 port binding, 416 ports for AD RMS, 270 in Fibre Channel, 59 SMTP virtual server bindings, 415–416 for TS RAP, 548–549 Print Services Role Server, process identity, 311–312 process model, 314 process orphaning, 314 processes, viewing, 576–577 producer, 152 proxy server, 196–197 public key certificates, publishing points authentication, enabling, 182 authorization, enabling, 184 broadcast, creating, 173–174 creating, overview of, 169 on-demand, creating, 169–173 PXE Server initial settings, 49–50 Q queuing theory, 135 quotas, 231–234 R RAID, 55–56 rapid-fail protection, 314 RDC See Remote Desktop Connection (RDC) utility RDP connection, 587 Index RDP permissions, 568–572 Real Time Streaming Protocol (RTSP), 163–164 recovery, TS licensing server, 485 Recycle Bin, SharePoint Services, 237–239 recycling, 314 redirection HTTP Redirect module, 303–304 modes of TS Session Broker, 531–532, 586 redirection.config file, 343 relay process of SMTP Server, 406–407 restrictions with SMTP Server, 426–427 remote administration, IIS configuration for, 347–348 Remote Desktop Connection (RDC) Client 6.1, 563 Remote Desktop Connection (RDC) utility configuring, 488–494 launching/using, 486–488 overview of, 486, 504–505 Remote Desktops (RD) Snap-in connecting/disconnecting, 497–499 installing/using, 494 new connection, adding, 495–497 new connection, configuring, 497–499 Remote Installation Services (RIS), 7, 42–43 Remote Server Administration Tools installation of, 167–169, 290–292 for server management, 289 remote storage, of Web site content, 295–296 RemoteApp See Terminal Services RemoteApp Manager reporting AD RMS, 262–263 Windows licenses, 76 request filtering configuration of, 339–341 types of, 338–339 with URLScan tool, 318 requests failed request tracing, 349–352 redirecting with HTTP Redirect module, 303–304 resetting, 579, 581 resource allocation policy, 520 Resource Authorization Policy See Terminal Services Resource Authorization Policy resources accessing with TS CAP, 543–547 accessing with TS RAP, 547–549 allocation with WSRM, 515–520 response headers, 304–305 restore backup/restore of server configuration, 361–362 site collection data with SharePoint, 241–242 retail keys, 73 RFC 2228, 377 RFC 2476, 415 RIS (Remote Installation Services), 7, 42–43 RODC, 22 role service, 288 roles Terminal Server, deploying, 439–448 WSRM, installation of, 516 routing token redirection, 532 RTSP (Real Time Streaming Protocol), 163–164 runtime environment, 315–317 S SAN See Storage Area Networks scaling load balancing servers, 521–522 www.syngress.com 647 648 Index scaling (Continued) Media Server services, 189–197 SharePoint Services, 269 Web farm, 353–361 schema file, 342, 343 SCOM (System Center Operations Manager), 133–135 SCSI controllers, 118 Secure Communication section, 424 Secure Socket Layers (SSL) certificate process, 318–319 certificates, differences between, 324–325 client certificate configuration and, 330–331 FTP site transport security with certificates, 394–400 host headers and, 319–320 security application pool and, 307 with FTP Publishing Service, 377 for FTP site, 394–406 of IIS, 281 SharePoint authentication, 223–224 SharePoint authorization, 224–229 of SMTP Server, 423–427 terminal services and, 442, 446 with TS RemoteApp, 557 Windows Media, 181–182 Windows Media content and, 154–155 security, of FTP site authentication, 400–401 authorization, 401–404 transport security, 394–400 User Isolation feature, 405–406 security, of Web sites/applications authentication, 327–333 authorization, 333–341 in general, 317–318 NET Trust Levels, 341–342 overview of, 365–366 transport security, 318–327 www.syngress.com security certificates See certificates Security Configuration Wizard, self-signed certificate, 321 Server Administrator Group, 225 Server Certificates module, 320–321, 395–396 Server Core FTP Server installation on, 381–384 function of, Hyper-V, installing/managing on, 108–109 IIS administration on, 368 installation of, 38–41 Media Center, installing on, 166–167 Media Server administration on, 268 Media Server, installing on, 166–167 remote administration of IIS on, 290–292 Web Server (IIS) role, installation on, 287–289 server farms, 200–204 server gated certificate, 324 Server Manager, server virtualization, 97 servers caching, setting up, 194–196 decommissioning, 262 distribution, setting up, 191–192 IIS backup/restore of configuration, 361–362 incoming e-mail settings configuration, 217–218 proxy, WMS, 196–197 remote, administration tools for, 167–169 virtual, optimization, 133–135 See also File Transfer Publishing Service; Internet Information Services; Simple Mail Transfer Protocol (SMTP) Server servers, deployment of AD DS, new installation options, 21–22 Index functionality changes in Windows Server 2008, 3–8 high availability, configuration of, 65–73 install from media feature, 37–38 overview of, 81–83 Server Core, installation of, 38–41 storage, configuration of, 54–64 Windows activation, configuration of, 73–80 Windows Deployment Service, 41–54 Windows Server 2008 Enterprise Edition, installation of, 8–12 Windows Server 2008 forest installation, 23–36 Windows Server 2008, installation of, 2–3 Windows Server 2008, installation steps, 12–20 Windows Server 2008, upgrading to, 20–21 servers, terminal deploying, 439 license mode, specifying after installation, 446–449 role server, installing, 439–446 See also Terminal Services server-side playlist, 176–179 server-side playlist with advertisement, 180 server-side wrapper playlist, 179 Service Packs, 200 session permissions, 574–576 sessions disconnecting in Terminal Services, 581 monitoring in Terminal Services, 577–578 time limits in Terminal Services, 573–574 TS Session Broker load balancing, 522–525 settings, 454 SFTP (SSH File Transfer Protocol), 377 Silverlight Player, 153 Simple Mail Transfer Protocol (SMTP) Server domain routing instructions, 411–414 installation of, 408–410 mail forwarding, 431 mail processing, 432 overview of, 429, 430 real-world use of, 407–408 relay process, 406–407 securing SMTP virtual server, 423–427 virtual server, configuration of, 414–423 virtual server, creating new, 411 site See Web site Site Collection Administrators, 225 site collections creating, 208–210 description of, 206 subsites, 210 SMTP See Simple Mail Transfer Protocol (SMTP) Server snapshots, 129–132 software RAID, 55 SSH File Transfer Protocol (SFTP), 377 SSL See Secure Socket Layers stand-alone SharePoint Services installation, 199 standard certificate, 324 static IP address, 31–32 storage Fibre Channel, 59–60 iSCSI, 60–62 mount points, 62–64 need for, 54 Network Attached Storage, 56–57 network storage for Web site content, 295–296 overview of, 82 RAID types, 55–56 Storage Area Networks, 57–58 Storage Area Networks (SAN) description of, 57–58 www.syngress.com 649 650 Index Storage Area Networks (SAN) (Continued) failover cluster on, 66 storage virtualization, 97 streaming Forward Error Correction, 191 with Media Server, 148–155, 268 RTSP, 163–164 Streaming Media Services new functionality of, setup, 161–162 subscription video content delivery, 160 Super User Group AD RMS, 260–261 file access and, 270 System Center Operations Manager (SCOM), 133–135 T targets, iSCSI, 60–62 Task Manager, 311–312 telephone TS CALs, installing/activating with, 483–485 TS Licensing server, activating with, 463–466 templates, AD RMS policy, 259–260 Terminal Server Role Service deploying, 439–448, 501 function of, 512 installing, 438 Terminal Service Licensing Server recovering, 485 Terminal Server, connectivity with, 466–475 Terminal Services Client Access Licenses (TS CALs) installation of, 458, 463 installing/managing, 475–485 licensing server management of, 449 Per User, 448 www.syngress.com Terminal Services Connection Authorization Policy (TS CAP) accessing resources with, 543–547 authentication modes, 587 description of, 587 Terminal Services Gateway, 537–552 accessing resource with TS RAP, 547–549 accessing resources with TS CAP, 543–547 certificate configuration, 540–542 configuration procedure, 539–540 deployment scenario, 537–539 function of, 5, 513 Group Policy settings, 549–552 overview of, 583–584 TS Gateway Manager, 515, 542–543, 587 Terminal Services Licensing features of, 515 function of, 5, 512 overview of, 501–502 Terminal Services, load balancing configuration of, 522–531 configuration through Group Policy, 534–537 DNS round-robin feature, 532–534 importance of, 521–522 techniques for, 522 TS Session Broker redirection modes, 531–532 Terminal Services Manager connection limits, 572 data prioritization, 579–580 features of, 514 logging users off, 580–581 processes, viewing, 576–577 RDP permissions, 568–572 resetting, 581 session permissions, 574–576 session time limits, 573–574 sessions, disconnecting, 581 sessions, monitoring, 577–578 Index Terminal Services RemoteApp Manager, 514–515 Terminal Services RemoteAPP (TS RemoteApp), 552–568 benefits of, 553 configuration of, 553–562 function of, 5, 552–553 overview of, 584 TS Remote Desktop Web Connection, configuration of, 566–568 TS Web Access, configuration of, 563–566 Terminal Services Resource Authorization Policy (TS RAP) accessing resource with, 547–549 description of, 587 Terminal Services Session Broker DNS round-robin feature, 532–534 function of, 6, 513 installation, configuration of, 522–525 load balancing with Group Policy, 534–537 local group, adding, 525 redirection modes, 531–532, 586 Terminal Services (TS) CALs, 475–485 client connections, establishing, 486–499 licensing, 449 licensing server, activating, 454–466 licensing server, installing, 449–454 licensing server, recovering, 485 licensing service, 503–504 load balancing, 521–537 management tools, 512–515 new functionality of, overview of, 438, 500 resources, configuring/monitoring, 583 resources allocation with WSRM, 515–520 Terminal Server Role, deploying, 439–448 Terminal Server/Terminal Services Licensing Server, connectivity between, 466–475 Terminal Services Gateway, 537–552 TS RemoteApp, 552–568 WSRM application logging, 520–521 Terminal Services (TS) Gateway Manager, 542–543 Terminal Services (TS), managing connection limits, 572 data prioritization, 579–580 logging users off, 580–581 management tools, 512–515 overview of, 582–583, 584–585 processes, viewing, 576–577 RDP permissions, 568–572 resetting, 581 session permissions, 574–576 session time limits, 573–574 sessions, disconnecting, 581 sessions, monitoring, 577–578 Terminal Services Web Access configuration of, 563–566 features of, 515 function of, 5, 512–513 terminology key item name changes, 466 SharePoint Services, 206 testing AD RMS service, 251–252 VM technology and, 100 third-party runtime environments, 315–317 throttling, 189–191 time limits, 573–574 tracing, 349–352 Transport Layer Security (TLS) certificate process, 318–319 SMTP Server security with, 423–424 transport security definition of, 317 www.syngress.com 651 652 Index transport security (Continued) enabling secure communication on Web site, 326–327 FTP SSL certificate process, 394–395 FTP SSL Settings module configuration, 398–400 host headers and SSL, 319–320 new certificate, adding, 395–398 security certificate, adding new, 321–324 Server Certificates module, 320–321 SMTP Server, 423–424 SSL certificates, differences between, 324–325 SSL/TLS certificate process, 318–319 Transport Server, 52 troubleshooting incoming e-mail, 221 report, AD RMS, 263 trust level, 341–342 trust policies, AD RMS allowing external users to receive publishing licenses, 254–255 with another AD RMS cluster, 253 federated trust, establishing, 255 managing, 252–253 Windows Live ID, 254 TS See Terminal Services TS CALs See Terminal Services Client Access Licenses TS CAP See Terminal Services Connection Authorization Policy TS RAP See Terminal Services Resource Authorization Policy TS Remote Desktop Web Connection, 566–568 TS RemoteApp See Terminal Services RemoteAPP U unattend file, 51–52 upgrade www.syngress.com to Windows Server 2008 Enterprise Edition, 10–12 to Windows Server 2008, requirements for, 20–21 URL authorization for FTP site, 402–403 native, 318 for Web application, 333–336 URLScan tool, 318 User Account Control, 7–8 User Isolation feature, 405–406, 431 users access restriction based on IP address, 337–338, 403–404 AD RMS exclusion policy for, 256–257 IIS Manager users, adding, 348 logging off Terminal Services, 580–581 Super User, AD RMS, 260–261 versioning and, 235 WMS tracking of, 185–189 V VAMAT (Volume Activation Management Tool), 74 versioning, with SharePoint, 234–237 video card, 95 VideoLAN Media Player, 153 viewing, processes in Terminal Services, 576–577 virtual channel traffic, 579 virtual directory adding to Web site, 297 creation with FTP Publishing Service, 392 Virtual Hard Disks (VHDs) attaching to VMs, 118 Hyper-V management of, 113–115 virtual hosts, 385–386 Virtual Machine Connection, 119–120 virtual machine monitor See hypervisor virtual machines (VMs) Index adding with Hyper-V, 115–121 backing up, 127–132, 138 configuring, 104–105, 137 migrating to, 121–127, 137–138 virtual networking, 109–111 Virtual PC, 97–98 Virtual Private Network (VPN), 537–538 virtual server domain routing instructions, 411–414 optimization, 133–135, 138–139 optimizing, 141 securing SMTP virtual server, 423–427 SMTP, configuration of, 414–423 SMTP, creating new, 411 SMTP, securing, 423–427 Virtual Server 2005, 97–98 Virtual Tape Libraries (VTLs), 62 virtualization benefits of, 140–141 objectives of, 121–127 overview of, 96–100 Virtualization Role, virtualization stack, 101–102 virtualized I/O model, 101–102 VMs See virtual machines Volume Activation Management Tool (VAMAT), 74 volume mount points description of, 62–63 mounting new volume to C: drive, 63–64 Volume Shadow Copy Service (VSS) backing up with, 127–128 for failover cluster, 69 VPN (Virtual Private Network), 537–538 VTLs (Virtual Tape Libraries), 62 W w3wp.exe instances, 311–312 WDS See Windows Deployment Services WDS client unattend file, 51 Web application services authentication, 327–333 authorization, 333–341 IIS, configuring Web applications, 306–317 IIS, management of, 342–362 IIS, migrating from previous releases, 317 IIS, provisioning Web sites, 292–306 IIS deployment scenarios, 282–283 IIS differences in Windows editions, 281–282 IIS features in Windows Server 2008, 276–281 IIS installation, 284–292 NET Trust Levels, 341–342 securing Web sites/applications, 317–318 transport security, 318–327 Web applications, 306–317 AD RMS exclusion policy for, 257–259 application development settings, 314–317 application pool, creation of, 308–309 application pool, functions of, 306–307 application pool settings, 313–314 creating with SharePoint Services, 207–208 folder conversion to Web application, 309–310 outgoing e-mail, SharePoint configuration, 222 w3wp.exe instances, correlating with, 311–312 Web farm, scaling, 353–361 Web browser MIME types and, 305–306 TS CALs, installing/activating with, 481–483 TS Licensing server, activating with, 461–463 Web farms IIS delegation for, 281 www.syngress.com 653 654 Index Web farms (Continued) IIS deployment scenario, 282–283 scaling, 353–361 Web infrastructure services See File Transfer Publishing Service (FTP); Simple Message Transfer Protocol (SMTP) Server Web server See Internet Information Services Web Server role FTP Server installation, 378–384 function of, IIS, installation of, 284–289 SharePoint Services and, 200 SMTP Server installation, 408–410 Web site access mappings, alternative, 212–213 central administration, creating from, 211–212 certificate, binding to, 326–327 permissions, 228–229 self-service site creation, 212 Web applications, configuring, 306–317 Web site-bound FTP site, 387–388 Web sites, provisioning with IIS, 292–306 creation of Web site, 292–296 default document, 297–298 directory browsing, 298–300 error pages, customization of, 300–303 MIME types, adding, 305–306 redirecting requests, 303–304 Response Headers, custom, 304–305 virtual directory, adding, 297 Web.config file, 343 wildcard certificate, 320, 325 Windows activation, configuration of, 73–80 from command prompt, 80 DNS SRV record, creation of, 78–79 KMS, enabling clients to use, 79 KMS, installation of, 76–78 www.syngress.com KMS keys, 74–75 license reporting, 76 license states, 75 multiple activation keys, 74 overview of, 83 process of, 73–74 Windows authentication module, 328 Windows BitLocker Drive Encryption (BitLocker), Windows Deployment Services (WDS) components of, 7, 42–43 configuration of, 43–50 finding WDS server, 86 function of, 41 images, capturing, 51–52 images, deploying, 52–54 overview of, 82 Windows Firewall with Advanced Security, 382 Windows Image (.wim) format, 51 Windows Internal Database, 200 Windows Live ID, 256 Windows Management Instrumentation (WMI) for failover cluster, 69 for IIS, 280–281 for remote IIS administration, 292, 383 Windows Media Player, 152 Windows Media SDK, 153 Windows Media Server advertising, 179–181 authorization, 182–184 broadcast publishing points, creating, 173–174 configuration overview, 148–151, 265 content security, 181–182 deployment considerations, 153–155 deployment scenarios, 158–160 DRM, 184–185 installing, 161–165 installing on Server Core, 166–167 Index installing Remote Server Administration Tools, 167–169 overview of, 264–265 platform components, 151–153 playlists, 174–176 playlists, server-side, modifying, 177–179 publishing points, creating, 169–173 scaling services, 189–197 Server 2003 vs Server 2008, 155–157 user activity, tracking, 185–189 Windows Server 2003, 155–157 Windows Server 2008 add-on components, 148 editions, feature differences, 155 Hyper-V, 111 IIS features in, 276–281 IIS on, 368 Terminal Services on, 503 TS management tools in, 586 Windows Media Server on, 155–157 Windows Server 2008 Datacenter Edition, Windows Server 2008 Enterprise Edition, 8–12 Windows Server 2008 for Itanium-based Systems, Windows Server 2008, installation of AD DS, new installation options, 21–22 Enterprise Edition, installation of, 8–12 forest installation, 23–36 functionality changes in, 3–8 install from media feature, 37–38 installation steps, 12–20 planning, preparation for, 2–3 upgrading to, 20–21 Windows Server 2008 Standard Edition, Windows Server Hyper-V components of, 101–104 hardware requirements, 111–112 installing, 105–108 migrating from physical to VMs, 121–127 overview of, 94–96, 136–137 virtual hard disks, 112–-115 virtual networking, 109–111 virtual server optimization, 133–135 virtualization overview, 96–100 VMs, adding, 115–121 VMs, backing up, 127–132 VMs, configuring, 104–105 on Windows Server Core installations, 108–109 Windows SharePoint Services antivirus, 230–231 backing up, 269 configuring, 197–198, 266 e-mail integration, enabling, 214–222 installing, 198–205 new site provisioning, 205–213 overview of, 264–265 site maintenance/protection, 231–243 site security, 222–229 WebDav, accessing through, 213–214 Windows SMTP service, 215–216 Windows System Resource Manager (WSRM) application logging, 520–521 features of, 515 function of, 586 installation of, 516–520 resource allocation with, 515–520 Windows Vista IIS features in, 276–279 IIS on, 368 RDC and, 488 Windows Web Server 2008, witness disk, 67 WMI See Windows Management Instrumentation WMS See Windows Media Server worker processes, 311–312 WSRM See Windows System Resource Manager www.syngress.com 655 ... with SP2 Windows Server 2008 Enterprise RC0 Windows Server 2008 Enterprise RC1 Windows Server 2003 R2 Datacenter Edition Full installation of Windows Server 2008 Datacenter Windows Server 2003... review of the questions that gave you trouble www .syngress. com Chapter MCTS/ MCITP Exam 643 Deploying Servers Exam objectives in this chapter: ■ Installing Windows Server 2008 ■ The Windows Deployment... RC0 Windows Server 2008 Standard RC1 Windows Server 2003 R2 Enterprise Edition Full installation of Windows Server 2008 Enterprise Windows Server 2003 Enterprise Edition with SP1 Windows Server