Archive for Windows Server 2008

I”ve always loved these spreadsheets as they allow a quick and easy way to search for Group Policies.  With Server 2008 live and Vista SP1 out Microsoft has updated their reference sheet to add all the new Group Policy settings.  There are now over 2700 settings you can apply in your environment…have fun!

After spending a bit of time on Amazon I noticed that books, movies, and other random things you can buy all had customer reviews.  I started to think, why don”t white papers and technical documents have the same?  Today I”ve decided to take action against poorly written technical papers and ensure that those companies are held accountable to what they are publishing.  OK, maybe I”m not that gun-ho about it but I do think it would be nice to give a review here and there on stuff i”ve read through.

Today”s review is on the Windows Server 2008 Reviewers Guide.  How interesting to start my reviews on a Reviewers Guide.  From what I can gather this guide has been available since early February and is in two forms, Full and Short.  The Full version weighs in at just under 11 MB while the Short version is just over 8 MB.  Not much a difference on the size.  The Full version is a whopping 250 pages while the Short version is 116 pages.  I actually thought the Short version would have been much shorter.  This review is for the Full version.

 

Usually when I download these Guides I notice that they are 100% marketing speak and 0% technical.  I was pleasantly surprised that this Guide had only a few areas littered with  marketing junk.  If you can get past the first few pages you are presented with several tables detailing which features work on which edition of Windows Server 2008.  Since this is a new OS i”m quite fond of it since i”m trying to figure out what goes where.

Section 2: Server Virtualization – I really hoped to gather a lot out of this section and quite frankly it did not deliver.  It provides a good high-level overview of Hyper-V but not much of anything when it comes to technical details.  I”m also not sure why there is even a page on Server Core here as it is really out of place.  Feel free to skip this section if you have been working with Virtualization for some time now.

Section 3: Centralized Application Access – This section was all about Terminal Services (TS).  Since there is quite a bit of changes with this service in Windows Server 2008 I again was looking forward to this section.  For me, this one delivered.  It went over all the new features and the best part of the entire section was that it gave you Group Policy locations to configure certain TS options! 

Section 4: Branch Office – All i”ve been hearing about with Sever 2008 is branch office this and branch office that.  Because of that I expected to see a lot of stuff in this section. The Read-Only Domain Controller (RODC) part was decent.  It actually gave some info that I didn”t expect to see like detailing which Active Directory Services attributes that were added to the schema to support RODCs.  I also thought a decent job was done on the BitLocker portion as it went into commands to help install it and Group Policy settings. As for the DFS portion I really wanted to see more.  This one lacked some of the details in the other products from this section.

Section 5: Security and Policy Enforcement – At over 80 pages this was the largest of all sections and covered a wide range of features within Windows Server 2008. The first few areas go over some definitions and can be used for a good reference at a later time.  There were so many in fact that I had to skip ahead because I felt I was studying for an exam. The Routing and Remote Access Service portion was very light and only highlighted some new technologies and removed ones (thanks for finally removing OSPF…it never belonged on a server).  I wanted to see more in the next section on how some of the services would work with IPv6. There was very little detail on that.  The Firewall portion of this section did a good job explaining what changed in Server 2008 from previous versions (client and server).  The Cryptography Next Generation portion provided nothing more then an overview. 

Now we began the Active Directory portion of this section.  Starting with an excellent write up of the Active Directory Certificate Services.  I felt that it was adequately covered hitting all major points of interest.  This portion was followed up by Active Directory Domain Services and the team did another good job on this area.  There isn”t a lot of technical How-To stuff here but it will inform you on what is new.  Federation Services was covered next and there was some good reading there with a nice flow chart to follow along with.  Let”s just say that the Active Directory Lightweight Directory Services was…well…light.  Finishing up Section 5 was an area that I really wanted to read up on, Active Directory Rights Management Services.  I was disappointed but only because I wanted to read more technical information on this product. Perhaps a scenario or two here with some flow charts would have been beneficial.

Section 6: Web and Application Platform – I”ve been a big fan of IIS since all the great changes that were made with IIS6.  I haven”t had time to look into IIS7 with great detail but this was about to change.  I felt empty after readying this portion.  What about FTP being completely redone?  Nothing!  The last portion is about Transactional NTFS, I think that page and a half will only confuse people and have them wondering how do I turn this on.

Section 7: Server Management –  The first three portions of this section are a very basic introduction to Server Manager.  It is nice to have a reference of all the Roles and Features in Server Manager though. The next area goes over a brief introduction to PowerShell.  As much as I would love to see more technical info here, this is the one area that I can give that a pass on.  PowerShell is not something you want people learning from a Reviewers Guide.  To my dismay there were a total of 4 pages on Server Core and all of them marketing!  I really wish there would have been some more info here.  The same marketing theme was put into the Backup portion but that is ok with me because not many mid-to-large companies use the built in backup tool.  An area I thought would have been really nice was the Windows Reliability and Performance Monitor.  Again there really lacked any details about the feature. The only thing I would have liked to seen added to the Windows Deployment Services (WDS) portion would have been some sample scripts or commands…also any Group Policy settings that apply to WDS.  The Group Policy portion finishes this section off and saves the section in my opinion.  Great job to the people that put that area together.

Section 8: High Availability Introduction – Why is it every guide I read through lacks information on clusters and network load balanced systems?  All 7 pages are marketing and nothing to get the technical person excited about high availability. 

Section 9: Better Together & Section 10: Miscellaneous – Feel free to skip these areas now.  Section 9 is a sales pitch to put Vista and Server 2008 together and Section 10 should have been put in the first section.

It”s now time for my rating.  This is 100% totally subjective to my opinion and only my opinion.  If you feel it should be different let me know by proving feedback in the comments section.  I will rate each section on a scale of 1 – 5 with 5 being the best possible.  Then I will rate the entire guide but it will not just be the average of all the scores.  I will rate it on usefulness to the community.

Brian”s Official Rating Scale
1 = Why were calories spent on this?
2 = Save some trees and don”t print this one
3 = Some areas are good but some aren”t so good
4 = Kept my technical interest and definitely printable
5 = Excellent – Print it out and keep it as a reference in your office

 

Rating on a scale of 1 – 5
Section 1 2
Section 2 2
Section 3 5
Section 4 4
Section 5 4
Section 6 1
Section 7 3
Section 8 2
Section 9 1
Section 10 1
Windows Server 2008 Reviewers Guide 3

My friend Norm asked if I could post this sample Sysprep.xml file as he couldn”t find anything online yet to really help him with Server 2008 and Sysprep.  If you have any questions or feedback just leave it in the comments and I”ll be sure to have Norm review them.


Here”s a sample sysprep.xml that you can use to get your Server 2008 build going. It has some of the basic functions you”ll need if you are deploying Server 2008 in an enterprise environment. This example is for the 64-bit version, using KMS (no product key in the sysprep). We do most of our configuration post-image and this configuration allows us to take a completely generic image and prepare it for enterprise deployment. This .xml is ready to go. It took me several days of trial and error to get this and I”m sure there are some admins that would love to have this as a starting point instead of what I had to start with.

Some of the things I”m doing in here:



  • Auto-generated computer name
  • Organization and Owner Information
  • Setting language and locale
  • Setting the initial tasks screen not to show at logon
  • Setting server manager not to show at logon
  • Configuring the Administrator password
  • Creating a 2nd administrative account and setting the password
  • Running a post-image configuration script under the administrator account at logon
  • Setting automatic updates to not configured (to be configured post-image)
  • Configuring the network location
  • Configuring screen color/resolution settings
  • Setting the time zone

  • Disables IE Enhanced Security Configuration


<?xml version=”1.0″ encoding=”utf-8″?>
<unattend xmlns=”urn:schemas-microsoft-com:unattend”>
  <settings pass=”specialize”>
    <component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
      <ComputerName>*</ComputerName>
      <RegisteredOrganization>Company Name</RegisteredOrganization>
      <RegisteredOwner>Company Name</RegisteredOwner>
      <ShowWindowsLive>false</ShowWindowsLive>
    </component>
    <component name=”Microsoft-Windows-Security-Licensing-SLC-UX” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
      <SkipAutoActivation>true</SkipAutoActivation>
    </component>


    <component name=”Microsoft-Windows-IE-ESC” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
      <IEHardenAdmin>false</IEHardenAdmin>
      <IEHardenUser>false</IEHardenUser>


    </component>
  </settings>
  <settings pass=”oobeSystem”>
    <component name=”Microsoft-Windows-International-Core” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
      <InputLocale>0409:00000409</InputLocale>
      <SystemLocale>en-us</SystemLocale>
      <UILanguage>en-us</UILanguage>
      <UserLocale>en-us</UserLocale>
    </component>


    <component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
      <RegisteredOrganization>Company Name</RegisteredOrganization>
      <RegisteredOwner>Company Name</RegisteredOwner>
      <UserAccounts>
        <AdministratorPassword>
          <Value>@bc!23</Value>
          <PlainText>true</PlainText>
        </AdministratorPassword>
        <LocalAccounts>
          <LocalAccount wcm:action=”add”>
            <Password>
              <Value>@bc!23</Value>
              <PlainText>true</PlainText>
            </Password>
            <Description>Administrative Installer</Description>
            <DisplayName>Admin2</DisplayName>
            <Group>Administrators</Group>
            <Name>Admin2</Name>
          </LocalAccount>
        </LocalAccounts>
      </UserAccounts>
      <AutoLogon>
        <Password>
          <Value>@bc!23</Value>


          <PlainText>true</PlainText>


        </Password>
        <Domain>WORKGROUP</Domain>
        <Enabled>true</Enabled>
        <LogonCount>2</LogonCount>
        <Username>Administrator</Username>
      </AutoLogon>
      <FirstLogonCommands>
        <SynchronousCommand wcm:action=”add”>


          <CommandLine>%WINDIR%POST_INSTALLERpost_installer.vbs</CommandLine>
          <Description>Post Install Script</Description>


          <Order>1</Order>
        </SynchronousCommand>
      </FirstLogonCommands>
      <OOBE>
        <HideEULAPage>true</HideEULAPage>
        <NetworkLocation>Work</NetworkLocation>
        <ProtectYourPC>3</ProtectYourPC>
      </OOBE>
      <Display>
        <ColorDepth>32</ColorDepth>
        <HorizontalResolution>1024</HorizontalResolution>
        <VerticalResolution>768</VerticalResolution>
      </Display>
      <TimeZone>Eastern Standard Time</TimeZone>
    </component>
  </settings>


  <settings pass=”generalize”>


    <component name=”Microsoft-Windows-ServerManager-SvrMgrNc” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
      <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
    </component>
    <component name=”Microsoft-Windows-OutOfBoxExperience” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
      <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
    </component>


  </settings>
</unattend>

Since today is the official launch day of Windows Server 2008, SQL Server 2008 and Visual Studio 2008 I thought it would be a good idea to check out the Heroes Happen {here} site.  Not sure how I stumbled upon it but I found a real gem.  I found 10 labs that you can “Test Drive” for Windows Server 2008, 7 for Visual Studio 2008, and 11 for SQL Server 2008.


These are excellent labs that put you on a live virtual machine environment to really play around with the technology.  Just click on the images below to be redirected to these labs.


WS08 VS SQL

Feb
27

The Virtual PC Guy blog has a great post defining some of the components and features of Hyper-V. For those that want to learn more about Hyper-V this is the blog you should be reading.

I wanted to share some details on Active Directory now that Server 2008 is about to launch. Microsoft has decided to put an emphasis on Active Directory by potentially confusing its customers. In the past if someone mentioned Active Directory someone would define by saying it provides authentication services a central repository for objects and group policies. Now Microsoft will be releasing FIVE features/products under the Active Directory name. For those that know Active Directory this really isn”t such a big deal since most of the features have been around for some time and plugged into Active Directory. But for those that are not as familiar may become confused. This purpose of this blog is to help ease some of the initial shock some may have.

Active Directory Domain Services (AD DS)
This is the Active Directory we have all grown to love, although now it includes several more features just for Server 2008”s version of Active Directory. AD DS provides us with a central authentication service, configuration, and storage of all objects. To find out more about AD DS visit TechNet. I want to hit what I think are the 3 most important features of Windows Server 2008”s Active Directory.

  1. Fine-Grained Passwords
  2. Read-Only Domain Controllers
  3. Restartable Active Directory Domain Services

Active Directory Lightweight Directory Services (AD LDS)
AD LDS used to be called Active Directory Application Mode (ADAM) and is used to provide directory enabled applications a directory. Think of it as Active Directory without the domain or domain controllers. It is a directory that applications can use and have that application data stored in a central directory. To find out more about AD LDS visit TechNet. There are several enhancements to Server 2008”s AD LDS but below is the one that I find most intriguing.

  1. Active Directory Sites and Services Support

Active Directory Certificate Services (AD CS)
Certificate Services has been around for quite some time and ever since Active Directory was released with Windows 2000 there has been some form of integration between the two services. It seems with each major release of the Windows Server OS Certificate Services becomes more and more prevalent. I”ve always been a big fan of Certificate Services especially when integrated with Active Directory. To find out more about AD CS visit TechNet. Here is a look at some of the new enhancements to AD CS in Server 2008.

  1. Network Device Enrollment Service
  2. Enterprise PKI

Active Directory Federation Services (AD FS)
Active Directory Federation Services may sound new to some folks but it has in fact been out in the wild since Server 2003 R2. AD FS provides a solution for business-to-business transactions between trusted organizations that are using web applications accessed via a browser. You know longer need secondary accounts as each organization is responsible for managing their own accounts. To find out more about AD FS visit TechNet. Here are a few new enhancements to AD FS.

  1. Integration with SharePoint 2007
  2. Integration with AD RMS

Active Directory Federation Services (AD RMS)
Finally something new! Rights management is in my opinion one of the top 3 technologies for the next 5 years. This realm not only covers the enterprise but also home environments as well. AD RMS applies specifically to the enterprise and gives you the ability to determine what that person can do with the resources. Some might get this initially confused with permissions but it is more than that. AD RMS gives us the ability to lock down resources so that someone can”t even forward it in an email or restrict printing of a document. Already being a control freak with Group Policy, AD RMS really gets me thinking of what else I”ll be able to lock down. Take the time and visit the TechNet site on this one.

  1. AD RMS Step-by-Step Guide
  2. AD RMS Step-by-Step Guide with MOSS 2007

This is been a hot topic here for a long time. Back in May I mentioned that there was going to be no AdminPak and sure enough that was confirmed. Microsoft”s decision was to create a new tool called the Remote Server Administration Tools. Back in June Microsoft said it would be released with Vista SP1.

We now finally have the ability to test the Remote Server Administration Tools out by participating in the beta. Go here to get involved and PROVIDE your feedback directly to Microsoft http://connect.microsoft.com/windows/Downloads/DownloadDetails.aspx?DownloadID=9561It appears the link is currently not working.  Keep trying to ensure you get into the beta.  I’ll update here when I confirm it works.

There will be a chat hosted by Microsoft on the 3rd of December so this would be another great time to let them know how it works:


Please join Microsoft for a live chat on Monday, December 3, 2007 at 12:00 – 1:00 pm PST and get all your questions about Remote Server Administration Tools answered:
Link: http://www.microsoft.com/communities/chats/chatrooms/beta.aspx 
Password: 43322110SAT


I haven”t had time yet to play with this so I would love to hear what you think of the new tools. Please leave comments and let the community know.

I was just doing some catching up on some blog reading and saw that Keith Combs from Microsoft has an excellent screencast on Windows Server 2008 Password Caching on Domain Controllers. In fact he just doesn”t show you how to set it up he takes it to a whole new level by first installing Server 2008 Core and installing AD on it. Then he uses that DC as a Read Only DC (RODC). AWESOME stuff to see!

Back in January of 2007 I posted that TechNet Magazine had a really cool poster that showed Active Directory as a Jigsaw puzzle. I noticed in my latest copy of TechNet Magazine that it included two new posters. One of them was another Active Directory poster that showed all the cool new stuff in Windows Server 2008 and the other was one of the Windows Server 2008 Components. I just saw that the both of these are now available to download from Microsoft. This is something you will want to get your hands on and if you don”t get TechNet the magazine this is a great way to print it out too.

Jose Barreto just informed me that he has an excellent list of what has changed between Server 2008 Beta 3 and Server 2008 June CTP. The link shows what changed with Enterprise Edition and Server Core. What I really enjoy about this list is that:

  1. It is simple to read and understand (follows the KISS rule)
  2. It shows what is new from Beta 3
  3. Shows the newly renamed features

Thanks for the update Jose this is something I have been waiting to see!