Go Back   TechArena Community > ARENA > Guides & Tutorials
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Thread Tools Search this Thread
Old 26-08-2010
Join Date: Aug 2006
Posts: 155
Windows Server 2008 - Introduction

Overview :

Microsoft's new server operating system is announced for first half of 2008. The currently available release candidate (RC1) is expected to have by and large already have all the important new features. Significant innovations have for administration, security, Active Directory, Terminal Services, Clustering and Internet Information Services (IIS 7) on the. In structural terms, there are changes. The already in Windows Server 2003 R2 on trains existing server roles are at the place of far greater importance. Also new is Server Core, an edition of Windows Server 2008, which essentially without graphical user interface manages the. The Aministration is here mainly on the command line instead. In addition, Windows 2008 provides a series of detailed improvements, such as a significantly expanded Event Viewer, the new Reliability and Performance display, or innovations in the area of Group Policy. Here's to call PowerShell also Microsoft's new command line and scripting language, which by default a Microsoft operating system is delivered with the first time. Some of these innovations were already running Windows Vista introduced, but can in combination with the new server version of Windows their full potential play only.

Server roles and features :

Already in Windows Server 2003 R2, Microsoft has introduced the so-called server roles. These are server applications that can be installed separately. In previous versions of server applications such as have been the Internet Information Services (IIS) or file sharing services for a new installation of Windows by default. With Windows Server 2008 is the concept of server roles of central importance. A newly installed Windows Server can actually still perform any function. The administrator of the server must first explicitly assign the required roles. This security will be increased because only the applications that actually are also needed, the servers are installed on. Also can thus save resources, because less disk space and memory are required. Windows Server 2008 RC0 has to offer a total of 17 different roles. These include, for example, print services, terminal services or the Active Directory Domain Services.

Besides the familiar Windows Server roles Server 2008 nor the so-called features. During deploy the server roles-based services, which features a server installation to upgrade to additional functionality. In many cases, server roles are dependent on features or supplement this by further optional features. Shall set as the Windows SharePoint Services requires, among other things, the features of Windows and Current service activation process .NET Framework. The distinction between server roles and functions they sometimes appear arbitrary. Thus, for example, the DNS service is a server role, while Windows Internet Naming Service (WINS), only the status of a function is granted.

Server Manager :

Installed and maintained the server roles with Server Manager, the new central administration tool in Windows Server 2008. for a role is the installation of certain features required, the administrator receives a notification. The server manager then sets up on request, all necessary components and configure the system if needed. For example, it will open for each application the necessary ports in Windows Firewall. The administration tools for managing the integrated roles of the installation wizard also automatically included in Server Manager.

In previous versions of Windows, it was already possible to load multiple administration tools in the Microsoft Management Console (MMC). The Server Manager, but offers a number of other interesting feature. It represents a variety of status information about the server and the installed server roles such as ready. The general server list shows system administrator at the which roles and functions are installed, will provide important computer information, such as computer name or IP address and provides safety information, such as whether the Windows Firewall is enabled or when the server time updated was the last to. For each installed role, the server manager status information from others. This includes the latest posts from the Windows Event Viewer, the status of the associated server services or tips on configuring each server role.

The folder configuration contains the Task Scheduler, Windows Firewall, WMI control and the local user and group management and the directory "Storage" is home to the disk management and backup tool. The Server Manager can manage all the important areas so a Windows server. Some administration tools such as the lack of terminal services, or features but also for all but the Server Manager. You must remain on the management folder in the Windows Start menu to be called. Apparently Microsoft has before, the tools are not part of Windows Server, Server Manager to integrate into the. It is about the RC0 possible, the Windows Software Update Services 3.0 SP1) with the Server Manager to manage (WSUS).

In addition to the GUI version has Windows 2008 also has a command-line edition of the Server Manager (ServerManagerCMD.exe). With it, administrators can install roles and functions via scripts or read but the configuration of a server. The change in the standard settings of a role or function is the command-line version does not. Currently, the Server Manager runs only on Windows Server 2008. Version for Microsoft's client operating systems are not yet a. The administrator must then connect to the server via RDP, there to start the Server Manager. The Remote Server Administration Tools, the Server Manager to install are about as functional, but can be a Windows Server and other server managed by. With Service Pack 1 for Windows Vista, Microsoft will probably also make a version for the RSAT Desktop. They will replace the familiar Admin tools.
Reply With Quote
Old 26-08-2010
Join Date: Aug 2006
Posts: 155
Re: Windows Server 2008 - Introduction

Server Core :

With Server Core Microsoft brings back the first time since MS-DOS operating system on the market, without the graphical user interface manages a large extent. It is however not a standalone product, but merely a specific installation option of Windows Server 2008th At the beginning the server installation, the administrator has the option to choose between the standard edition of Windows Server 2008 and Server Core. This reminds a little of the installation process for some Linux distributions. However, there is still a very significant difference: While in Linux X-Windows can not set up later, this is not in Server Core provides. Nor is it possible, a default installation of Windows 2008 Server Core convert.

Besides the GUI Server Core also missing device drivers that a server environment usually does not need to be in. The number of server services in comparison to the standard output approximately halved and server roles and features are all not available. After installation settings are the usual configuration work (network, domain connectivity, firewall, etc.) to carry out the command line. Even experienced Windows administrators need to learn here practiced handles brand new. Administrator from the UNIX world will feel, however, under Server Core alien. However, many commands are not as elegant as some on Linux. The reference to a DNS server is Server Core, for example, with the following long command configured under:

netsh interface ipv4 set dnsserver "Local Area Connection" static DNS IP

If the first basic configuration work completed, but Server Core is like any other Windows server remote management are also standard graphical tools with the. The configuration of Group Policy and Windows Scripting Host (WSH) is also possible. Amazingly, PowerShell is not supported by Server Core. Microsoft's powerful new shell and scripting language would have been just under Server Core very helpful. PowerShell is on .NET Framework relies, also under Server Core is not available for rumors to follow is a stripped down .NET version in the works. In the long run then what PowerShell can be used under Server Core.

Strengths and weaknesses :

Plus -
  • Reduced resource consumption. In the test made with 512MB of RAM to work well with Server Core. Server Core takes on the hard drive in comparison to the standard output after a new installation at all, only a third of the place.
  • Increased security since the attack surface is significantly lower.
  • Reduction of bureaucracy, because the operating system to be updated less frequently and are therefore less likely to also start from scratch.
  • Shorter boot times

Minus -
  • Some complicated commands that require training phase.
  • For many configurations, the administrator must directly access the Windows Registry, which paralyze the risk of the server by a misconfiguration, increased significantly.
  • Limited to a few tasks.
  • Graphical user interface can not re-install
  • Most sets available on Windows applications require an environment with a graphical interface. Not use running under Server Core. Even those applications that would be possible to manage via the network using graphical tools can, often under Server Core has accordingly not be used because the installer requires a graphical interface.

Read Only Domain Controller (RODC) :

The most interesting new feature in Active Directory RODC is the Read Only Domain Controller (), an n-type your domain controller that has a one-way link to other domain controllers is limited to. An RODC performs a copy of the directory service database, but is not able to replicate changes to other DCs. Applications that write access to the Active Directory must be expelled from the RODC to a domain controller with write permission. Most read requests to the directory service can work independently of the RODC. Used to be RODCs in locations where physical access to a server by unauthorized persons can not be prevented without further. Such servers are particularly vulnerable because it is easy to overturn the security mechanisms of Windows when you start from an external medium to another operating system to access the system partition. But should an attacker to manipulate the directory database to a physically compromised server, when using a RODC excluded that the changes are applied system-wide in the directory.

But even if the attacker only gets read access to the directory database, this represents a significant risks for the corporate network, particularly the passwords of the users are at risk, even if encrypted or only the hash values are stored. So you can store passwords to prevent the principle RODCs. The disadvantage of this method is that logging on to an RODC is only possible if a full-fledged domain controllers for authentication is available.

An RODC still has more features that will also enhance security. Example, it is possible to set up a domain identifier, the administrative rights on the RODC has, however, no changes in the domain can make. For pure member servers, a system administrator could always work with a local administrator ID, which limited his rights to the respective server. An administrator who will manage a domain controller, Windows Server 2003 must be a rule but a member of the group of domain administrators. At least on an RODC, it is now possible with Windows 2008 to transfer the administration an administrator at the site working, without having to admit this but have rights in the domain. Another factor of safety on Windows 2003 is the DNS service when he domain controller in a poorly protected site is installed on one. Manipulation of the DNS can serious malfunctions in the entire domain cause. Therefore supports a DNS server that runs on an RODC, no dynamic updates. That is, Windows clients that want to self-register on DNS itself must detour through a full DNS server to go. The DNS service on an RODC will ensure that the clients appropriate DNS server to be forwarded to one.
Reply With Quote
Old 26-08-2010
Join Date: Aug 2006
Posts: 155
Re: Windows Server 2008 - Introduction

Network Access Protection (NAP) :

One of the major new features of Windows Server 2008 in security include the Network Policy and Access Services Network Access Protection (NAP =), Microsoft's Network Access Control solution (NAC). The role of NAP is to only computers that meet predefined safety conditions, to grant network access to other computers on the intranet. Microsoft calls these conditions "Guidelines for the Windows security integration test". Windows 2008 Server has five different types of such policies. They concern the Windows firewall, virus protection, the spyware protection, automatic updates and the security update notice.

A client computer meets the guideline for automatic updates, if on Windows automatic updating is enabled. This guarantees not to say that all security updates have been installed on this computer already. Was a PC is switched off for some time, it represents a potential security risk as it does not yet have the latest security updates. The directive for the protection of security update, the administrator can determine which updates should be available. It can, for example, configure that all critical updates must be installed and when the last test should have taken place on new security updates. This difference is, in principle, even with the Guidelines for the antivirus protection and spyware protection. This puts the system administrator also note whether the mere activation is sufficient or whether the signatures have to be up to date. The policy for the firewall checks only against the state, but not what rules are active. If a client applies all the directives, he described as "compatible" (compliant). NAP is in this case, free access to the network. If a computer is not compatible, he should receive only limited access to the quarantine network, which also called servers are in maintenance. One anti-virus server that provides the latest virus signatures for non-compliant clients would be an example of such a maintenance server. When the NAP agent is saying that the client complies with all policies, access to the whole network is released.

NAP is also able to use the guidelines to monitor only miss in. Not compatible clients are not initially locked out. This process is particularly important in the initial phase after the establishment of NAP highly recommended. So one can first get an overview, which computers access the network due to the defined policies would be refused. The restriction of access can be enforced by different processes. NAP supports five such enforcement methods. Each method relies on a particular network service to: DHCP, VPN, 802.1x, IPSec, and TS Gateway. While much of the NAP configuration on the Network Policy Server (NPS = Network Policy Server) allows one to perform, network service, the enforcement methods to the front end of the respective configuration. For Server will be about the DHCP enforcement methods on the DHCP-managed. There, the administrator can subnet mask and DHCP options specifically provide for non-compliant clients. The DHCP server must ensure, however, on a server running Windows 2008.

For each enforcement methods access restrictions are the dependency of the possibilities of the associated network service to formulate so in. It is also possible to use several methods in parallel. In practice, it will probably work but usually only one or two enforcement methods. Administration costs for the various procedures is highly variable. At the most elaborate method would be to IPSec. In this process, clients receive a digital certificate identifying them as compatible. Computers that do not have this certificate, have no access to other systems on the intranet.

This is also the 802.1X method achieved. These, however, all network switches, authentication via 802.1X and also control the automatic assignment of clients to virtual LANs based on RADIUS attributes allow. Not compatible clients are assigned in this method a specific VLAN. Similarly, this also works with the VPN method. Instead of a VLAN is not assigned to compatible clients here a specific IP subnet. TS Gateway is a new feature of Terminal Services in Windows Server 2008. It allows the creation of an encrypted RDP connection via HTTPS. NAP provides this enforcement methods that not compatible clients can not access via RDP to a Windows server. Unlike the other four enforcement methods supports NAP here the so-called "automatic maintenance" is not. As mentioned above, has the NAP agent on the ability to initiate any necessary procedures to help the non-compatible clients to a state with directives.

Strengths and weaknesses :

Plus -
  • NAP can make a significant contribution to security in the network, because vulnerabilities that are vulnerable to malicious software or hackers, are turned off automatically.
  • The Pack 3, a NAP client for Windows XP Service will be delivered with Da Mac OS X and Linux support and are also NAP, Windows 2008 allows the creation of a largely vendor NAC solution. Windows Vista takes a NAP client that already.
  • In addition, their third-party security software interfaces in NAP latch, so that in future more enforcement methods or guidelines are available. NAP could become, sooner or later to the control center for network security.

Minus -
  • NAP is already in its first version of a very complex NAC solution. Administrators must therefore plan for a correspondingly long training period.
  • A misconfiguration of NAP can disrupt network operation sensitive. Here is to consider whether the income compensates for the increased security error rate. Critical to the answer to this question is whether the system administrator has sufficient human resources to meet this new challenge.
  • The policy for the Windows Firewall offers too few settings. The fact that the firewall is enabled is still no information about the compliance of the rules defined the security policies of the company.
  • The DHCP enforcement methods brings only limited additional security, since the assignment of IP addresses can also be done manually. Administrators who rely on this relatively easy to configure method, weigh under circumstances in false sense of security.
  • The other offer enforcement methods although significantly more security, this is the configuration effort correspondingly higher. In particular, the IPSec method requires an extensive planning. For here not only NAP is set up, but also a complete IPSec infrastructure.

Terminal Services :

Another highlight of Windows Server 2008 Terminal Services enhancements. The three most important innovations concern the management of terminal server applications (TS RemoteApp), the Web Access (TS Web Access) on this as well as secure access to terminal services over the Internet (TS gateway). In addition, the terminal services for some minor features have been expanded. The most interesting are briefly explained here.

TS RemoteApp :

With the new RemoteApp Manager allows administrators to applications on a Windows server via Terminal Services on the net make available individual. Users start these applications from the Start Menu as usual their workstation or from a Web page. The application then presents the same effect as if it were running on the desktop. There is no indication that it was started in fact on a terminal server and only screen content and will be transferred. All applications for a user to run it in one sitting. This speeds up the launch of new applications. Even under Windows 2003 it is already possible to start with only one application on a terminal. The main innovation in Windows Server 2008 is that with the RemoteApp Manager tool is now available with the applications can be deployed centrally on a terminal. The Citrix Presentation Server provides similar functions under the slogans "Application Publishing", "Session Sharing" and "Seamless Windows" some time ago.

The links of RemoteApp programs for the workstation, the administrator creates on Windows 2008 with the RemoteApp Manager. In question can spend is a Windows Installer Package (MSI), or an RDP file. The allocation to the client can then for example, via group policies.

TS Web Access :

To start an application from a Web site on a terminal server can be on a Windows Server 2008 Terminal Services Web Access installed. What is new is that the RemoteApp Manager automatically set up programs for Web access are available. That is Terminal Services Web Access provides a special web page that displays all the shared applications. Removing a RemoteApp application can disappear automatically on the corresponding site icon. The administrator may, however individual applications for the Web access close it manually.

Access to the terminal services from the Web is already on Windows Server 2003. For the remote desktop Web connection is required, an ActiveX control that acts as the RDP client for Web access. In the current version replaces the Remote Desktop Connection Software (RDC), the ActiveX technology. This requires, however, that on the client computer at least RDC 6.0 is installed. In Windows Vista, the default is the case in Windows XP, it can be retrofitted . Windows 2008 supports or the old version with the ActiveX control. However, you must then manage the appropriate web page manually.

TS Gateway :

Terminal Services Gateway (Terminal Services Gateway) enables secure access via the Internet to corporate terminal servers. This RDP is HTTPS (HTTP secured by SSL encryption) tunneled over. Another advantage of this method is that the RDP port will not open in the firewall needs. The TS Gateway server is going through a perimeter network and forwards the requests to the RDP terminal server on the internal network.

On the TS Gateway can be about so-called resource authorization policy to configure this server in question are which. In addition, administrators can use the connection authorization policy to user groups, determine the build up to the TS Gateway can connect one.
Reply With Quote
Old 26-08-2010
Join Date: Aug 2006
Posts: 155
Re: Windows Server 2008 - Introduction

Other new features of Terminal Services :

The Terminal Services Licensing has been improved in two ways. First, it finally has a user-based licensing available - Windows Server 2003 supports only the device-based licensing - and the other license may be assigned in case of device-based license be revoked. This allows licenses unlock when, on individual computers are no longer needed. To prevent abuse, but this is for 20 percent of the licenses only. The resumption of an interrupted session now works in a terminal server farm. The new Terminal Services Session Broker (TS Session Broker) provides load balancing and is therefore an alternative to Microsoft's Terminal Server Network Load Balancing (NLB). In this way, can be used now with the standard edition of Windows Server load balancing in the operation of multiple terminal server.

What is new is the so-called drain mode. Must be a terminal server to be restarted, administrators can prevent more users log on. Users who have already opened a session, are still able to connect to the terminal server. A problem when using a terminal server as an application server was always been the involvement of local printers. With TS Easy Print Microsoft hopes, to get a grip on this problem. Even if the server, the driver of the local printer does not exist, now, thanks to the expression XPS (XML Paper Specification), Microsoft's alternative to PDF, work better. Also in terms of remote management of Windows servers, there are innovations. Many a management tool runs on Windows Server 2003 in a Terminal session. System administrators may be in such a case even remotely log into the console mode. The difference between a session on the console and a terminal connection to Windows Server 2008 abolished in principle. That should now be able to run most of the administrative tools that refuse on Windows Server 2003 in a terminal session to the service. Useful feature is that now a message is issued if another system administrator wants to register and both were awarded licenses for the remote already. Does not respond, the administrator after 30 seconds the connection is interrupted and released under the license. It can then resume at a later date this session.

Strengths and weaknesses :

Plus -
  • Thanks to the new possibilities of TS RemoteApp and TS Web Access, it will be possible in small and medium sized businesses now more likely not to Terminal Server third-party extensions such as Citrix and Ericom.
  • TS gateway is set up amazingly simple. If employees only through RDP over the Internet to the corporate network access, you get may help to use an expensive VPN solution.
  • The many improvements in detail particularly facilitate system administrators to deal with the Terminal Services.

Minus -
  • In order to really use all the new features can, the latest version of RDC is required. This is currently only available for the beta versions of Windows Vista SP1 and Windows XP SP3.
  • If one uses multiple terminal server, the applications must be published individually on each server. Centralized management tools for Windows Server Terminal server farms are missing 2008th
  • The distributions of the RDP or MSI files via group policy works only within a Windows domain.
  • Applications in RemoteApp can only publish to all users. One limitation to individual users or groups is not provided.
  • TS Web Access does not allow grouping of applications in subfolders. If a larger number of applications are available, users quickly lose the overview.
  • TS Web Access worked in test on Windows Server 2008 RC1 only with Internet Explorer. In Firefox the application icons are not displayed.
  • TS Session Broker supports only up to five terminal servers. For the use of session-based load balancing in large terminal server farms are therefore still necessary third-party extensions.
  • In Windows Server 2003 can register a total of three administrators simultaneously over RDP, two ordinary in a terminal session and one in the console mode. Because Windows Server 2008 console mode no longer knows, can now only two administrators simultaneously manage a Windows server.
Reply With Quote
Old 30-08-2010
Join Date: Apr 2008
Posts: 3,518
Re: Windows Server 2008 - Introduction

Versions of Windows Server 2008 -

Windows Server 2008, there are eight versions give in, and Itanium-based version of all editions in 32 - and 64-bit forms will be available with the exception. This is Windows Server 2008 for Microsoft's various announcements expected to be the last version for 32-bit hardware. The Standard, Enterprise and Datacenter virtualization software include Hyper-V and the license to a virtual instance. The editions at a glance
  • Standard Edition
  • Small Business Server
  • Essential Business Server
  • Enterprise Edition
  • Data Center Edition
  • Windows Web Server 2008
  • Windows Server 2008 for Itanium-based Systems (64-bit)
  • Standard, Enterprise and Datacenter Edition without Hyper-V
Reply With Quote

  TechArena Community > ARENA > Guides & Tutorials
Tags: , , , , , , , , , ,

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads for: "Windows Server 2008 - Introduction"
Thread Thread Starter Forum Replies Last Post
Doubts on printer migration from windows server 2003 to Windows server 2008 R2 AapHo Windows Server Help 8 08-03-2012 12:02 AM
how to migrate a domain controller from a windows server 2000 to windows server 2008? Menios Active Directory 1 22-05-2011 01:34 AM
Does Windows Server 2008 is most perfect for Server setup Oms-waroop Networking & Security 5 25-02-2011 11:47 PM
Installing a function of Windows Server 2008 Server Core SalVatore Tips & Tweaks 2 28-08-2010 04:03 PM
Difference between Windows Server 2008 / SBS 2008 / EBS 2008 / SBS2003 kyosang Small Business Server 1 06-05-2009 09:09 PM

All times are GMT +5.5. The time now is 07:55 AM.