Copyrighted Material

Index

Note to the reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations.

Active Directory-integrated zones, 178–179 Symbols & Numbers Active Directory Lightweight Directory % Processor Time counter, 103 Services, 224 802.1x enforcement, in NAP, 196–197 Active Directory Rights Management Services (AD RMS), 224 Active Directory Users and Computers (ADUC), 209, 210 AD CS (Active Directory Certificate Services), A 217–220 A (host) records, 180, 204 AD DS. See Active Directory Domain Services AAAA (host) records, 180, 204 (AD DS) Account logon events, auditing, 387, 411 AD FS (Active Directory Federation Services), 225 account management, auditing, 387 AD LDS (Active Directory Lightweight Directory Account Operators group, 228 Services), 224 acknowledge packets in DHCP, 160 AD RMS (Active Directory Rights Management actions, for tasks, 121–122 Services), 224 activating Windows Server 2008, 24–25 Add Roles Wizard, 11 Active Directory, 25–34 Select Server Roles page, 53 auditing capabilities, 387 for Terminal Services, 339 auditing detailed events, 388–389 /Add switch, for WDSUtil command, 51 backup and recovery, 230–240 administrative templates, language specific, 264 backup process, 232–235 Administrator account, 226 restoring, 235–240 Administrators (domain controller) group, database 227–228 read-only copy, 15 Administrators (local machine) group, 227 volume containing, 231 adminpak.msi file, 132 elements, 26, 26–29 .adml files, 264 listing shared printers in, 331 .admx files, 264 replication, DNS zone transfers in, 178 ADUC (Active Directory Users and Computers), rights and permissions, 225–230 209, 210 server editions for server roles, 4 alias (CNAME) record, 183 Windows Server 2008 editions support Allowed RODC Password Replication Group, for, 40 216, 229 Active Directory Certificate Services (AD CS), Apache web server, 6, 354 217–220 APIPA (automatic private IP address), 160 Active Directory DiagnosticsCOPYRIGHTED template, 103 AppCmd MATERIAL command-line tool, 431 Active Directory Domain Services (AD DS), 25, application pools, in SharePoint services, 323 209–211 Application server, Server editions for, 4 adding role, 31–33 applications installing, 32 Group Policy for provisioning, 260–262 publishing printer in, 308–309 installing on Terminal Server, 341–342 schema, 27 limiting CPU and memory use by, 123 tools, 33–34 virtual server for hosting, 83 Active Directory Federation Services (AD FS), 225 Applications and Services Logs, 112

93157book.indd 467 8/7/08 4:07:01 PM 468 /Approve switch – calendars

/Approve switch, for WDSUtil command, 52 Baseline Properties dialog box, 106, 107 ASP.NET applications, 354 basic images, 48 IIS and, 355, 355 Basic template, for data collector sets, 103 .aspx file extension, 355 batch files. See scripts asset management, SCCM for, 146 batch timeout, 114 assigning applications, 261–262 bcdedit (Boot Configuration Data Editor), 60 document activation and, 260 to restart domain controller, 237 asymmetric encryption, 380 BIOS, BitLocker requirements, 371 attributes, in global catalog, 27 BitLocker Drive Encryption, 8, 40, 370–378, 410 auditing, 387–392 adding feature, 371–372, 372 detailed Active Directory events, 388–389 enabling on non-TPM systems, 376–377 enabling, 411 and Encrypting File System, 379 enabling for Directory Service Access, multifactor authentication with, 377 389–391 partition configuration for, 373–375 object access, 391–392 recovery mode, 378 auditpol command-line tool, 389, 411 requirements, 371 Authenticated Users group, permissions for starting system with, 377 GPO, 253 Block Policy Inheritance, in Group Policy, authentication, 399 246–247 with private keys, 218 blogs, 322 RADIUS server for centralized, 401 Boot Configuration Data Editor (bcdedit), 60 at remote office, 16 to restart domain controller, 237 of servers, on Remote Desktop boot images, 46–48 Connection, 130 for WDS, 55 by VPN servers, 195 Boot Images container, in WDS, 61 Authentication Header (AH), in IPSec packet, 402 boot volume, 230 authoritative restore, 240, 272 bootable WinRE disk, creating, 437 of Active Directory, 236–237 booting from installation CD, 437 need for, 238 BOOTP (Bootstrap Protocol), 45 authorization, RADIUS server for broadcasts for DHCP, 168 centralized, 401 boot.wim file, 46 auto-cast transmissions, 68–69 Broadcast method, for name resolution, 175 autoenrollment, 223 broadcast packets, for DHCP, 160, 168 automatic private IP address (APIPA), 160 business continuity planning, 414 Automatic Updates, 136 failover clustering, 424, 424–428 autonomous mode, for WSUS servers, 138, 139 requirements, 425–426 fault tolerance for disks, 418–423 for print device, 308 B network load balancing, 428–431, 429 requirements, 430–431 backdoor, for data retrieval, 386 Windows Server Backup feature, 431–436 backup Business Desktop Deployment (BDD), 437 of Active Directory, 230–240 creating, 79–80 of file servers, 276 of Group Policy objects, 263–264 of Server Core critical volumes, 235 C Windows Server Backup feature, 431–436 CA. See certification authorities (CA) Backup Domain Controllers (BDCs), 28 cache, for passwords on RODC, 215 Backup Operators group, 228 calculated stability index, 101 baseline image, custom image as, 48 calendars, in SharePoint services, 322

93157book.indd 468 8/7/08 4:07:01 PM capture images – Data Recovery Agent 469

capture images, 47 Computer Configuration node in Group case sensitivity, and DNS names, 172 Policy, 241 CDs, copying EFS certificate to, 383 disabling, 252–253, 253 Certificate Manager, 384, 384 computer image deployment, 65–70 certificate revocation list (CRL), 218, 219 device management, 65–67 certificates, 217–218 prestaging computers, 65 for EFS, 380–381 Computer Management tool, creating shares with, backup, 382–383 282–284 importing, 384–385 conditions, for tasks, 122, 123 certification authorities (CA), 217, 218, confidentiality, 399 221–223 configuration information, in data collector enterprise, 222–223 set, 103 stand-alone, 222 context for task, 121 change management, 146 Contributor permission level, 289, 330 Change permissions, for shares, 289 control, OU for delegating, 210, 211–213 checksums, 399 Control Panel child domain, in Active Directory, 26 for accessing programs, 261 client computers BitLocker availability from, 372, 372 compliance with security policies, 192–193 Control Panel Wizard, 341 components, 13 /Convert switch, for WDSUtil command, 51 configuring for offline files, 295–296 /Copy switch, for WDSUtil command, 51 configuring to use WSUS, 138–145 counters, in Performance Monitor, 98 nondomain clients, 144–145 Create a Basic Task Wizard, 118, 118 configuring WDS server to respond to, Create a Shared Folder Wizard, 282–284, 283 65–67, 66 Create Quota page, 298 controlling patch deployment to, 134 Credential Security Support Provider (CredSSP) dynamic update settings, 189, 189 protocol, 77, 92, 338 health check for, 400 Critical event in log, 113 requirements for WDS, 50 critical volumes Client (Respond Only) Group Policy setting, for backup, 232–234 IPSec, 403 on Server Core, 235 client-side targeting, 155 in Windows Server 2008, 230–231 on WSUS server, 143–144, 144 CRL (certificate revocation list), 218, 219 ClusPrep, 426 cscript command, 75, 122 cmdlets, 13 custom images, 48 CNAME (alias) record, 183, 205 creating and capturing, 59–61 Co-owner permission level, 289, 330 custom views, for logs, 111–112 collector, for event subscriptions, 113 collector initiated event subscriptions, 114, 154 command-line tools. See also Server Core D AppCmd, 431 DAC (Discretionary Access Control) model, 286 auditpol, 389, 411 DACL (discretionary access control lists), 390 dfsrmig.exe, 316 data collector set templates, 100 gpupdate, 247 data collector sets, 97, 103–111 /Force, 271 creating from template, 106–108 for scripts, 11–12 reports from, 109, 109–111, 110 WinRM, 114, 154, 431, 447 running, 104 command prompt, in Windows Recovery data decryption field (DDF), 380 Environment, 437 Data Recovery Agent, 385–386 Common Criteria Evaluation Assurance Level 4+ vs. Key Recovery Agent, 386 (EAL 4+), 397

93157book.indd 469 8/7/08 4:07:02 PM 470 Datacenter edition of Windows Server 2008 – drivers

Datacenter edition of Windows Server 2008, 3 disks hardware requirements, 18 fault tolerance for, 418–423 virtual server licensing, 85 storage solutions, 421–423 virtual servers on, 8 terminology, 422 DCPromo tool, 29–30, 40, 213 displaying message when attaching tasks, 119 DDF (data decryption field), 380 distributed environment, WSUS in, 138, 139 default domain controllers policy, 241 Distributed File System (DFS), 310–321, 331 default domain policy, 241 creating replication group, 318 default gateway, 169 namespaces to organize content, 311, default groups, in Users container, 227 311–312 Delegation of Control Wizard, 210, 213, 271 replication, 313–316, 332 Delete Catalog command (Wbadmin), 434 and WSUS, 316 /Delete switch, for WDSUtil command, 52 DMZ (demilitarized zone), 347, 393, 393 Delete Systemstatebackup command DNS. See Domain Name System (DNS) (Wbadmin), 434 DNS Manager console, 176, 176 deleting reports from data collector sets, 110 creating new NS record in, 183 demilitarized zone (DMZ), 347, 393, 393 DNSAdmins group, 205, 229 Denied RODC Password Replication Group, documents, usage rights of, 224 216, 230 Domain Admins group, 204, 226, 227, 330 Deny permission, 287 and GPO creation, 256 Deployment Server service, in WDS, 52 domain-based namespaces, vs. stand-alone, DFS. See Distributed File System (DFS) 316–317 dfsrmig.exe command-line tool, 316 domain controllers, 28, 209 DHCP. See Dynamic Host Configuration bcdedit command to restart, 237 Protocol (DHCP) promoting to server to, 29–30 DHCP Administrators group, 171, 229 refresh interval, 247 DHCP Option 60 page, for WDS configuration, Terminal Services on, 338 54, 54 domain functional level, 31, 271 DHCP Users group, 171, 204, 229 viewing, 315, 316 digital signature, 218 Domain Name System (DNS), 29, 171–191 directories. See folders dynamic update, 187–189 directory-enabled applications, 224 configuring, 187, 187–188 directory service, 25 name resolution methods, 174–175 Directory Service Access auditing policy, 387, 389 name types, 172–173 enabling, 389–391 and RODCs, 189–191, 190 Directory Services Restore Mode (DSRM), 235, Server editions for, 5 237, 240 servers, 158 Disable Backup command (Wbadmin), 434 SRV records, priority configuration, 78 /Disable switch, for WDSUtil command, 51 and WINS, 192 discover images, 48, 92 zones, 175–186 discover packets in DHCP, 160 resource records, 180–183 Discretionary Access Control (DAC) types, 177–179 model, 286 zone files, 179–180 discretionary access control lists (DACL), 390 Domain Naming Master role, 28, 40 disk Properties dialog box, 301, 301–302 domain profile, for Windows Firewall, 395, disk quotas, 297–301, 331 396–397 creating with FSRM, 297, 297–299 domains, 244–245 creating with NTFS, 300–302, 301 GPOs linked to, 243, 246 disk space and sites, 243–244 for print spooler, 306 DORA acronym, for DHCP packets, 160 for Windows Server 2008 editions, 18 downstream server, 155 DiskPart utility, 65 drivers, for printers, 305

93157book.indd 470 8/7/08 4:07:02 PM drives – fault tolerance 471

drives encryption mapping to UNC path, 285, 285–286 and confidentiality, 399 for Shadow Copies, 414 IPSec for network, 402–403 DSRM (Directory Services Restore Mode), 235, of offline files, 296 237, 240 Enforce Password History Group Policy Dynamic Host Configuration Protocol (DHCP), setting, 258 158, 159–171 Enforced attribute, in Group Policy, 247 enforcement in NAP, 197–198 Enterprise Admins group, 204, 226–227 installing, 161–162 and GPO creation, 256 management, 171 enterprise certification authorities (CA), options, 169 222–223, 271 overview, 159, 159–160, 163 Enterprise edition of Windows Server 2008, 3 ports used by, 168–169 hardware requirements, 18 scopes, 163–168 virtual server licensing, 85 creating using all possible addresses, virtual servers on, 8 163–164 Equal per process policy, 124 creating using some of the addresses, Equal per session policy, 125 164–166 Equal per user policy, 124 modifying to use more addresses, Error event in log, 113 166–168 ESP (Encapsulating Security Payload), 196 server, 92 Event ID 7036, 119 authorizing in domain, 163 event subscriptions, 9, 97, 113–117, 114 configuration for dynamic updates, 188, configuring, 115–117 188–189 event tasks, configuring, 118–123 Server editions for, 5 to respond to event, 119–120, 120 Windows Deployment Services and, event trace data, in data collector set, 103 45, 170 Event Viewer, 111–123, 112 dynamic update for DNS, 172, 187–189 connecting to remote computer, 73, 74 configuring, 187, 187–188 event subscriptions, 113–117, 114 Everyone group, 290 expenditures, trend analysis to justify, 105 expires after property, in SOA record, 181 E /Export switch, for WDSUtil command, 51 exporting EFS certificate, 382–383 Edit Settings, Delete, Modify Security permission, external disks, backup to, 433 for GPOs, 254 Edit Settings permission, for GPOs, 254 Edit Trigger dialog box, 122 EFS. See Encrypting File System (EFS) email notifications, in FSRM, 280 F Enable Backup command (Wbadmin), 434 failover clustering, 424, 424–428, /Enable switch, for WDSUtil command, 51 446, 447 Encapsulating Security Payload (ESP), 196 improvements, 16–17, 17 Encrypting File System (EFS), 378–386 vs. network load balancing, 428 backup of certificate, 382–383 nodes and quorums, 426–428 and BitLocker, 379 requirements, 425–426 certificates and keys, 380–381 Validate tool, 426 Data Recovery Agent, 385–386 Failure Audit event in log, 113 decrypting file, 381, 382 FAT, converting to NTFS, 379 encrypting files and folders, 379, 380 fault tolerance importing certificate, 384–385 for disks, 418–423 recovering encrypted files, 382–386 for print device, 308

93157book.indd 471 8/7/08 4:07:02 PM 472 Fax Server – grace period

Fax Server, Server editions for, 5 folders Fibre Channel (FC), 423, 447, 448 auditing access, 391 file Properties dialog box, Previous Versions tab, for DFS namespaces, 312 415, 417 encrypting, 380 File Replication Service (FRS), 331 Group Policy for redirection, 259–260 and sysvol, 314–315 footprinting, 169 File Screening Management node in Forefront Threat Management Gateway FSRM, 279 (Forefront TMG), 397, 411 File Server Resource Manager (FSRM), 276, forest, 26 277–280, 278, 330, 331, 332 forest functional level, 30, 31, 271 launching, 278 formatting partition, during Windows Server File Server Resource Manager Options dialog install, 23 box, Email Notifications tab, 279 forward lookup zone file servers, 276–303 creating, 184 File Services role, 331 creating records within, 184–186 disk quotas, 297–301 forward lookup zone file, 179–180 creating with FSRM, 297, 297–299 forwarding events, for event subscriptions, 114 creating with NTFS, 300–302, 301 Free Megabytes counter, 103 indexing and searching, 302–303 FRS (File Replication Service), 331 Windows Search Service, 303 and sysvol, 314–315 installing, 277–278 FSMO (flexible single master operations) roles, offline data access, 292–296, 293 27–29 client configuration, 295–296 FSRM. See File Server Resource Manager (FSRM) configuring share for, 294–295 Full Control permission, 288, 289 permissions, 286–291 full mesh topology, 317 combining NTFS and share, 290–291 full-screen mode, in Virtual PC 2007, 24 NTFS permissions, 288 full server backup, 232, 432 share permissions, 288–290, 289 fully qualified domain names, case sensitivity Server editions for, 5 and, 172 shares, 281–286 accessing, 284–286, 285 creating, 281–284 files G auditing access, 391 Gantt charts, in SharePoint services, 322 encrypting, 380 gateway servers, for Terminal Services, recovering EFS-encrypted, 382–386 133–134, 134 filtering Group Policy, 253–254, 254 generic boot images, 46 firewall, 392–397, 393 Get Disks command (Wbadmin), 434 Group Policy for, 396, 411 Get Items command (Wbadmin), 434 Internet Security and Acceleration (ISA) Get Status command (Wbadmin), 434 server, 397 Get Versions command (Wbadmin), 434 opening ports, 348 Ghost (Symantec), 41, 47 packet filtering by, 393–395, 394 creating image with, 49 server internal, 395–397 global catalog, 27 Terminal Services and, 342 global names, 172, 173 two-host, 347 globally unique identifier (GUID), 65 Flexible Single Master Operations (FSMO) roles, GlobalNames Zone feature, 179, 204, 205 27–29, 40 on DNS servers, 175 floppy disk, copying EFS certificate to, 383 and WINS, 173, 191, 192 Folder Options dialog box (Windows XP), 296 gpupdate command-line tool, 247 folder Properties dialog box, Previous Versions /Force, 271 tab, 415 grace period, for Terminal Services role, 352, 368

93157book.indd 472 8/7/08 4:07:02 PM graphical user interface (GUI) – install images 473

graphical user interface (GUI), 12 health state validation in NAP, 194 Group Policy, 240–264 /Help switch, for WDSUtil command, 50 advanced settings, 246–247 hidden tasks, RACAgent task as, 101 applying, 242–247 history of events, 122–123 assigning folder redirection, 259–260 home folders, for users, 276 assigning password policies, 258–259 host (A) records, 180 auditing changes, 388 host (AAAA) records, 180, 204 to configure WSUS clients, 139–143 Host cache, 175 conflict resolution, 245–247 Host key, in Virtual PC 2007, 24 device installation restrictions, 262–263 hostnames, 172 to enable auditing, 387 resolution methods, 175 for firewall settings, 396 Hosts text file, 175 IPSec policy settings, 402, 402 hot-add capabilities, 3 language specific administrative HRA (health registration authority), 193 templates, 264 HTTPS, Terminal Services Gateway use of, 134 loopback processing, 248 hub and spoke topology, 317, 318 for managing Vista clients, 9 Hyper-V, 2, 80–85, 81 order of precedence, 140, 245 licensing, 85 OUs and, 210–211 resources for, 18 provisioning applications, 260–262 Server editions for, 4 replication to domain controllers, 314 Hypertext Transfer Protocol (HTTP), 356 settings for automatic updates, 141 when applied, 247 Group Policy Creator Owners group, for delegating permissions, 256–257, 257 I Group Policy Management Console (GPMC), 85, IANA (Internet Assigned Numbers Authority), 141, 249, 249–257 358, 394 creating and linking GPOs, 249–252, 250 icons, in System Stability chart, 101 delegating permissions to GPO, 253–256 IIS. See Internet Information Services (IIS) disabling Computer or User Configuration image groups settings, 252–253, 253 adding to WDS, 56 to enable BitLocker on non-TPM systems, permissions for, 62–64 376, 376 images Group Policy Management Editor, 241 boot, 46–48, 55 Group Policy objects (GPOs), 240 creating standard, 57–61 backup and recovery, 263–264 running sysprep, 58–59, 59 configuring for WSUS, 141–143 custom, 48 creating and linking, 249–252, 250 creating and capturing, 59–61 deploying, 67–68 install, 48, 55 imaging technologies, 13 H importing EFS certificate, 384–385 hard limits for disk quotas, 279, 297, 299 indexing, 302–303 hardware Infrastructure Master role, 29, 41 for failover clustering, 426 inheritance Windows Server 2008 requirements, 18 disabling, 64 hardware RAID, 418 of permissions, 287 hash, 399 /Initialize switch, for WDSUtil command, 51 health of clients, checking, 400 initiator, in iSCSI, 423 health policy compliance in NAP, 194 install images, 48 health registration authority (HRA), 193 for WDS, 55

93157book.indd 473 8/7/08 4:07:03 PM 474 Install Images container – LMHosts file

Install Images container, in WDS, 61 iSCSI (Internet Small Computer System Interface), installation CD, booting from, 437 423, 448 installing .iso images, 19, 48 Active Directory Domain Services, 32 converting .wim file to, 48 applications on Terminal Server, 341–342 Itanium-based systems, Windows Server 2008 DHCP, 161–162 for, 3 File Services role, 277–278 Internet Information Services (IIS), 357–358 network load balancing, 430, 430 K printer, 306–308 Kerberos, 223 Server Core, 71 time synchronization for, 29 Terminal Services role, 338–341 Key Management Service (KMS), 24–25, 42 TS RemoteApp, 343–346 key pair, 217 with USB drives, restrictions, 262–263 Key Recovery Agent (KRA), 386, 411 Virtual PC 2007, 20–21 keys Windows Backup, 231–232 for EFS, 380–381 Windows Deployment Services (WDS), on USB drive, for BitLocker recovery, 378 52–53 Knowledge Base, on Remote Desktop Windows Server 2008, 18–25 Client, 338 integrity, of information, 399 KRA (Key Recovery Agent), 411 Internet Assigned Numbers Authority (IANA), 358, 394 Internet Information Services (IIS), 5–6, 354–358, 368 and ASP.NET, 355, 355 L installing, 357–358 LAMP solution stack, 354 ports for, 358 language specific administrative Server editions for, 4 templates, 264 SharePoint and, 323 laptop computers, offline data access, on TS Gateway server, 348 292–296, 293 URL authorization rules, 356–357 Layer 2 Tunneling Protocol (L2TP), 399, 411, 412 and Windows Process Activation Service for VPN, 195 (WAS), 356 least privilege, principle of, 171, 226 and WSRM, 356 Legacy Images container, in WDS, 61 Internet Security and Acceleration (ISA) server, licensing 397, 411 for Terminal Services, 352–354 Internet Small Computer System Interface (iSCSI), for virtual server, 85 423, 448 Lightweight Directory Access Protocol IP addresses (LDAP), 224 manually assigning, 160 Limited-access environment for NAP, 194 mapping NetBIOS names to, 191 limited access in NAP, 195 resolving, 171. See also Domain Name limited-access network, 193 System (DNS) line-of-business application, 335 IPSec, 392, 399 Link-Local Multicast Name Resolution enforcement in NAP, 196 (LLMNR), 175 for network encryption, 402–403 Linux, 354 remotely managing, 77–78 List Folder Contents permission, in for VPN, 195 NTFS, 288 IPv6, 9 LLMNR (Link-Local Multicast Name ISA (Internet Security and Acceleration) Resolution), 175 server, 397 LMHosts file, 174

93157book.indd 474 8/7/08 4:07:03 PM load balancing – network 475

load balancing Minimum Password Length Group Policy on network, 428–431, 429, 447 setting, 258 installing, 430, 430 minimum TTL, in SOA record, 181 requirements, 430–431 mirroring (RAID-1), 419, 419–420 on Server Core, 431 mobile users, offline data access, 292–296, 293 with Session Broker, 350 Modify permission, in NTFS, 288 local file logging, for RADIUS, 401 Monitoring-only environment for NAP, 194 Local Group Policy object, to configure MOSS (Microsoft Office SharePoint Services), nondomain client, 144 225, 322–323, 352 local resources, in remote session, 128–129, 129 MPIO (multipath I/O), 422, 447 log events, 111 MPPE (Microsoft Point to Point logon Encryption), 399 AD FS for supporting, 225 Multicast Transmission container, in WDS, 62 auditing events, 388 multicast transmissions, 68–70 in Virtual PC 2007, 24 auto-cast transmissions, 68–69 logs scheduled-cast transmissions, 69, 69–70 custom views for, 111–112 multifactor authentication, 410 from Performance Monitor, 100 with BitLocker Drive Encryption, 377 for quotas, 301 multimaster replication, 313 for RADIUS, 401 multipath I/O (MPIO), 422, 447 Server Roles, 112 Multiple Activation Key (MAK), 25 volume holding, 231 multiuser mode, applications in, 341, 366 loopback processing, 272 MX (mail exchanger) records, 183, 186, 205 for GPO, 248 MySQL, 354

M N mail exchanger (MX) records, 183, 186, 205 namespace root, for DFS namespaces, 312 MAK (Multiple Activation Key), 25 namespace server, for DFS namespaces, 312 management components, in WDS, 14 namespaces manual caching, 292 domain-based vs. stand-alone, 316–317 mapping drives to UNC path, 285 to organize DFS content, 311, 311–312 MaxBatchItems variable, 115 NAN (network attached storage), 423 Maximum Password Age Group Policy NAP. See Network Access Protection (NAP) setting, 258 NAT (Network Access Translation), 399 member, in DFS replication, 313 nbtstat command, 174 memory, for Windows Server 2008 editions, 18 NET command, 122 memory leak, 124 .NET Framework, 5–6 Merge setting, in Loopback Processing, 248 NetBIOS cache, 174 Microsoft Management Console (MMC) snap-ins NetBIOS names, 172, 174, 191 DFS Management, 318–321 NetLogon service, 204 for RSAT, 132 NetShell command, 93, 133 for Server Core, 73–74 network Microsoft Network Monitor, 402 booting, 60 Microsoft Office 2007, rights-protected content IPSec for encryption, 402–403 support, 224 load balancing, 428–431, 429 Microsoft Office SharePoint Services (MOSS), installing, 430, 430 225, 322, 322–323, 352 requirements, 430–431 Microsoft Point to Point Encryption (MPPE), 399 on Server Core, 431 Minimize Bandwidth delivery mode, 114 security for, 392–403 Minimize Latency delivery mode, 114 support for WDS, 49

93157book.indd 475 8/7/08 4:07:03 PM 476 Network Access Protection (NAP) – password settings object (PSO)

Network Access Protection (NAP), 15, 42, 192–198, 193, 400 O 802.1x enforcement, 196–197 objects, 98 for client health check, 8, 9, 205 in Active Directory, 209 DHCP enforcement, 197–198 auditing access, 388, 391–392 IPSec enforcement, 196 listing all in forest, 27 on TS Gateway server, 348 marked for deletion, 235 VPN enforcement, 195, 195 OCSP (Online Certificate Status Protocol), 218, Network Access Translation (NAT), 399 219, 271 network attached storage (NAN), 423 offer packets in DHCP, 160 Network Configuration Operators group, offline data access, 292–296, 293, 330 229, 272 client configuration, 295–296 network infrastructure, Server editions for, 5 configuring share for, 294–295 Network Level Authentication (NLA), 127 Offline Files dialog box (Windows Vista), 296 network load balancing, 447 Online Certificate Status Protocol (OCSP), 218, Network Monitor (Microsoft), 402 219, 271 Network Policy and Access Services (NPAS), online responders, 219–220 400–401 open ports, risks from, 133 Server editions for, 5 operating system on TS Gateway server, 348 choosing, 3 New Group dialog box, 62 SCCM for deploying, 146 New Host dialog box, 185, 185 optical drives, backup to, 433 New Object - Group dialog box, 212 Optimized for Performance setting, 330 New Scope Wizard, 165 for offline data access, 292, 293 New Simple Volume Wizard, 375 order of precedence, in Group Policy, 245 /New switch, for WDSUtil command, 51 organizational units (OUs), 210, 245 New Virtual Machine Wizard, Options page, 20 deleting control to, 211–213 Nimda virus, 71, 136 GPOs linked to, 243 NLA (Network Level Authentication), 127 for WSUS servers, 139 NNTP traffic, blocking, 411 Out-of-Box Experience (OOBE), 58 No Majority: Disk Only quorum Outlook 2003, 366 configuration, 428 Outlook 2007, 366 Node and Disk Majority quorum Outlook Web Access (OWA), 223 configuration, 427 Owner permission level, 289–290 Node and File Share quorum configuration, 427–428, 446 Node Majority quorum configuration, 427 nodes, in failover clustering, 424, 426–428 nonauthoritative restore, 272 P of Active Directory, 236–237, 239–240 packet filtering, by firewall, 393–395, 394 Normal delivery method, 114 partitions, 65, 422 Novell SUSE Linux Enterprise Server, 6 for BitLocker, 371 NS records, 183 bootable WinRE, 437 NTFS configuring for BitLocker, 373–375 for BitLocker, 371 formatting during Windows Server install, 23 converting FAT to, 379 marking as Active, 375 creating disk quotas with, 300–302, 301 vs. volumes, 373 for Encrypting File System, 379 Password Must Meet Complexity Requirements Shadow Copies, 414 Group Policy setting, 258 NTFS partition, 276 Password Replication Policy, for RODCs, NTFS permissions, 40, 288 215–216 combining share and, 290–291 password settings object (PSO), 259, 272

93157book.indd 476 8/7/08 4:07:04 PM passwords – Python 477

passwords PPP (Point-to-Point Protocol), 398 for account for backup, 79 PPTP (Point-to-Point Tunneling Protocol), 399, for BitLocker recovery, 378, 410 411, 412 for EFS, 381 Preboot Execution Environment (PXE), 13 Group Policy to assign policies, 258–259 client computer, 45 PDC Emulator for managing changes, 29 client for image deployment, 65 for Windows Server 2008 install, 23 preferences, in Group Policy, 242 patches, 134 prestaging computers, 55, 65, 92 PDC Emulator role, 28 previous versions of files, opening, 415 Pending Devices container, in WDS, 62 Primary Domain Controller (PDC), 28 perfmon utility, 100 primary server, in SOA record, 181 performance baseline, 104 primary zone in DNS, 177 Performance Counter Properties dialog box, principle of least privilege, 171, 226 108, 108 Print Management console, 304 performance counters, 103 Print Operators group, 228–229 Performance Log Users group, 229 print process, 305, 305–306 Performance Monitor, 98–100, 99 Print Services, 303–309 history, 100 adding role, 307 Performance Monitor Users group, 229 installing printing, 306–308 Perl, 354 print process, 305, 305–306 permissions, 286–291 printer pooling, 308, 309 in Active Directory, 225–230 printer publishing, 308–309, 310 combining NTFS and share, 290–291 Server editions for, 4 delegating to GPO, 253–256 shared printers, 304, 304–305 Group Policy Creator Owners group for printer pooling, 308, 309 delegating, 256–257, 257 printer publishing, 308–309, 310 for image groups, 46, 62–64 printers, auditing access, 391 NTFS permissions, 288 private key, 217, 380, 381 share permissions, 288–290, 289 private ports, 394 PHP, 354 private profile, for Windows Firewall, 396 PIN, multifactor authentication with, 377 privileges, auditing use, 388 PING command, name interpretation by, 173 Process Model service, 349 PKI (public key infrastructure), 217 processor affinity, 123 Point-to-Point Protocol (PPP), 398 processor, for Windows Server 2008 Point-to-Point Tunneling Protocol (PPTP), 399, editions, 18 411, 412 /Progress switch, for WDSUtil command, 50 pointer (PTR) records, 180, 204 Prohibit Access to the Control Panel setting, 242, policies. See Group Policy 242–243 port 3389, for Remote Desktop connection, 133 project management, in SharePoint services, 322 ports, 411, 412 properties, of tasks, 120–122, 121 for DHCP, 168–169 Provision Share Wizard, 281–282 for DHCP and WDS, 170 provisioning, 81 dynamic, 394 PTR (pointer) records, 180, 204 for IIS, 358 public key, 217, 380, 381 opening on firewall, 348 public key infrastructure (PKI), 217 registered, 394 public profile, for Windows Firewall, 396 risks from open, 133 publishing applications, 261 for Terminal Services, 342 document activation and, 260 WDS configuration, 54 pull subscription, 114 well-known, 358, 394 push subscription, 115 Power Users group, 228 PXE (Preboot Execution Environment), 13 PowerShell, 12–13, 41, 431 Python, 354

93157book.indd 477 8/7/08 4:07:04 PM 478 quorums – replication group

registry key, auditing access, 391 Q /Reject switch, for WDSUtil command, 52 quorums, in failover clustering, 426–428 relative identifiers (RIDs), 28 Quota Management node in FSRM, 279, 297, Reliability and Performance Monitor, 96, 97 297–299 Resource Overview page, 98 quotas. See disk quotas Reliability Monitor, 101–102, 154 remediation servers, for DHCP enforcement, 197 remote access, 397–400, 398 Network Policy and Access Services for, 400–401 R security for, 392 RACAgent scheduled task, 101 Remote Authentication Dial-In User Service RADIUS (Remote Authentication Dial-In User (RADIUS), 401–402, 410 Service), 401–402, 410 remote computers, FSRM connected to, 279 RAID (Redundant Array of Independent Disks), Remote Desktop Connection, 14, 128–130, 418–423, 446 129, 155 configurations, 418–421 dialog box tabs, 128–130 mirroring (RAID-1), 419, 419–420 for Server Core, 72–73, 73 RAID-10, 420–421, 421 support for NLA, 338 striping (RAID-0), 418, 418–419 for TS Web Access, 352 striping with parity (RAID-5), 420, 420 Remote Desktop Protocol (RDP) over Secure RDC (Remote Differential Compression) Sockets Layer (SSL), 347 protocol, 313 Remote Desktop Users group, 229 RDP file, 128 Remote Desktops, 14, 130–131, 131 RDP over SSL, 347 access via TS Gateway, 347 Read & Execute permission, in NTFS, 288 /admin option, 131 read-only domain controllers (RODC), 15–16, 29, connection properties, 132, 134 40, 41, 213–217, 214, 271 Remote Differential Compression (RDC) and Domain Name System (DNS), protocol, 313 189–191, 190 Remote Installation Services (RIS), 13, 46 Password Replication Policy, 215–216 vs. Windows Deployment Services, 47 prerequisites, 217 remote management, 125–134 Read permission overview, 125–128 for GPOs, 254 port for, 348 in NTFS, 288 of Server Core, 72–75 Reader permission level, 289, 330 Terminal Services for, 366 recovery of WSUS, 145 of Active Directory, 235–240 remote office, authentication at, 16 for BitLocker, 378 Remote Registry service, 102, 154 of Group Policy objects, 263–264 Remote Server Administration Tool (RSAT), Recovery Wizard, 432, 433 132–133, 156 Redirect Folders Group Policy setting, 273 remote shared folders, backup to, 433 Redundant Array of Independent Disks removable media, backup to, 433 (RAID). See RAID (Redundant Array of /Remove switch, for WDSUtil command, 51 Independent Disks) Replace setting, in Loopback reference computer, building, 57–58 Processing, 248 refresh interval /Replace switch, for WDSUtil command, 51 for group policies, 247 replica mode, for WSUS servers, 138, 139 in SOA record, 181 replicated folder, 313 registered ports, 394 replication Registry Editor in DFS, 313–316, 332 to configure nondomain client, 145 topology, 317 for Server Core, 75–78 replication group, 313

93157book.indd 478 8/7/08 4:07:04 PM reports – server components 479

reports SCEP (Simple Certificate Enrollment from data collector sets, 104, 109, Protocol), 223 109–111, 110 scheduled-cast transmissions, 69, 69–70 Actions tab, 111, 111 schema, 40 Data Manager tab, 110, 110 in Active Directory Domain Services, 27 on disk usage and file storage, 279 Schema Admins group, 227 from FSRM, 280 Schema Master role, 28 in Performance Monitor, 98, 99 scopes in DHCP, 163–168 in Reliability and Performance Monitor, 97 creating using all possible addresses, 163–164 request packets in DHCP, 160 creating using some of the addresses, 164–166 resource allocation policies, 124–125 modifying to use more addresses, 166–168 responsible person, in SOA record, 181 scregedit.wsf Windows script, 72–73, 75, 93 Restore Catalog command (Wbadmin), 434 switches Restore object command, 240 for connections from previous Windows restoring versions, 76–77 Active Directory, 231, 235–240 to enable remote desktop connection, 76 nonauthoritative vs. authoritative, 236–237 to manage automatic updates, 77 system state, 235 scripts. See also PowerShell retry interval, in SOA record, 181 to capture server settings, 80 reverse lookup zone file, 180, 205 command-line tool for, 11–12 revoked certificate, 219 replication to domain controllers, 314 RID Master role, 28, 40 WDSUtil in, 50 RIDs (relative identifiers), 28 searching, 302–303 rights account certificates, 224 secondary zone in DNS, 177–178 rights in Active Directory, 225–230 Secure Server (Require Security) Group Policy RIPrep images, 61 setting, for IPSec, 403 RIS (Remote Installation Services), 13 Secure Socket Tunneling Protocol (SSTP), robocopy (Robust File Copy) command, 122 399, 411 RODC. See read-only domain controllers (RODC) Secure Sockets Layer (SSL) RODC server Properties dialog box, Password certificates for, 220 Replication Policy tab, 215, 215 Terminal Services Gateway use of, 134 roles security, 8 Server Core support for, 12 auditing for, 387–392 summary page for, 11 with BitLocker, 370–378 rollback plan, 78–80 for domain controllers, 214 root certification authorities, 218, 221–222, 222 Encrypting File System (EFS), 378–386 root domain, in Active Directory, 26 of IIS, 6 RPC over HTTP Proxy service, on TS Gateway KRA or DRA as risk, 386 server, 349 for network, 392–403. See also firewall Run line, in Windows, 284 RODCs and, 189 Server Core and, 71 USB drives as risk, 262–263 security access control lists (SACLs), 388, 390 S security identifiers (SIDs), 58, 238 DACL storage of, 286 SACLs (security access control lists), 388, 390 RID Master for creating, 28 sample interval for trend and baseline analysis, Security Log, 8, 113 changing, 108 sending email, when attaching tasks, 118 SAN (storage area network), 421, 423 serial attached SCSI (SAS), 421, 423 SAS (serial attached SCSI), 421, 423 serial number, in SOA record, 181 sc command, 93 server clusters, 424 scalability, load balancing for, 428 server components, in WDS, 13 SCCM (Systems Management Server), 145

93157book.indd 479 8/7/08 4:07:04 PM 480 Server Core – start command

Server Core, 12, 41, 70–78 shares, 276, 281–286 backup of critical volumes on, 235 accessing, 284–286, 285 installing, 71 configuring for offline files, 294–295 MMC snap-in for managing, 73–74 creating, 281–284 Registry Editor, 75–78 restricting access, 286 remote management, 72–75, 133 Shrink dialog box, 374, 374 Server Manager, 10, 10–11, 40 Sidewinder, 411 for adding Backup, 231–232 SIDs (security identifiers), 58, 238 adding WDS role to, 52 DACL storage of, 286 for DHCP server, 162 RID Master for creating, 28 Disk Management, 374 Simple Certificate Enrollment Protocol launching, 11 (SCEP), 223 Server Operators group, 272, 281, 330 Simple Mail Transfer Protocol (SMTP) Server (Request Security) Group Policy setting, for server, for email notifications in IPSec, 403 FSM, 280 server roles sites, 243, 243–244 consolidating on single server, 6 GPOs linked to, 243 Server editions for, 4 smart card, 386 virtualization for consolidating, SMTP (Simple Mail Transfer Protocol) server, for 83–84 email notifications in FSM, 280 Server Roles logs, 112 sniffers, 402 server-side targeting, on WSUS server, 144 SOA (start of authority) records, 180–182, 181 ServerManagerCmd.exe command line tool, soft limits for disk quotas, 279, 297, 299 11, 40 software servers for failover clustering, 425 authentication on Remote Desktop SCCM for distribution, 146 Connection, 130 software RAID, 418 enabling another in rollback plan, 80 Software Update Services (SUS), 134, 136 internal firewall, 395–397 source computer-initiated subscription, monitoring tools, 96–125 115, 154 Event Viewer, 97, 111–123, 112 spooled print jobs, 306, 331 Performance Monitor, 98–100, 99 SQL Server logging, for RADIUS, 401 Reliability and Performance Monitor, 96, SRV records, 171, 176, 182, 182 97, 98 SSL (Secure Sockets Layer), certificates Reliability Monitor, 101–102 for, 220 promoting to domain controller, SSTP (Secure Socket Tunneling Protocol), 29–30 399, 411 requirements for WDS, 49 stand-alone certification authority, 222, 271 for Terminal Services, 334–354, 335 stand-alone namespaces, vs. domain-based, Service Operators group, 228 316–317 Session Broker, for Terminal Services, Standard edition of Windows Server 2008 350–351, 351 hardware requirements, 18 session state management, with Session with Hyper-V, 2 Broker, 350 virtual server licensing, 85 Shadow Copies, 414–417, 446 virtual server on, 8 share permissions, 288–290, 289 without Hyper-V, 3 combining NTFS and, 290–291 standard image share Properties dialog box, General creating, 57–61 tab, 294 custom image as, 48 shared printers, 304, 304–305 Start Backup command (Wbadmin), 434 listing in Active Directory, 331 start command SharePoint services, 225, 322–323, 352 in Service Core Manager, 71

93157book.indd 480 8/7/08 4:07:05 PM Start menu – tombstone lifetime 481

Start menu System Center Configuration Manager (SCCM),  Administrative Tools 145–146, 156  File Server Resource Manager, 278 System Diagnostics template, 103  Reliability and Performance System Performance data collector set template, Monitor, 102 103, 154  Server Manager, 11 System Properties page, Remote Settings, 127, 127  Terminal Services  Remote system stability index, 97 Desktops, 130 system state, 231  All Programs  Accessories,  Remote backup, 235, 432 Desktop Connection, 128 restoring, 235 start of authority (SOA) records, 180–182, 181 system variables, 106 Start Recovery command (Wbadmin), 434 system volume (SYSVOL), 230 /Start switch, for WDSUtil command, 51 Systems Management Server, 145 Start Sysrecovery command (Wbadmin), 434 sysvol, and FRS, 314–315 Start Systemstatebackup command (Wbadmin), 434 Start Systemstaterecovery command (Wbadmin), 434 T starting target, in iSCSI, 423 program when attaching tasks, 118 Task Manager, in Server Core, 71 system with BitLocker Drive Encryption, 377 Task Scheduler, 118 Stateful mode for DHCP, 163 launching, 120 Stateless mode for DHCP, 163 for RACAgent, 101 static IP addresses, for domain controllers, 30, 33 tasks, properties of, 120–122, 121 stop command, in Service Core Manager, 71 Terminal Services connection authorization Stop Job command (Wbadmin), 434 policies (TS CAP), 349–350 /Stop switch, for WDSUtil command, 51 Terminal Services resource authorization policies storage area network (SAN), 421, 423 (TS RAP), 349–350 storage reports, from FSRM, 280 Terminal Services (TS), 126, 334, 366 Storage Reports Management node in FSRM, 279 and firewall, 342 Store Password Using Reversible Encryption gateway servers, 133–134, 134, 155 Group Policy setting, 258 licensing, 352–354 striping (RAID-0), 418, 418–419 configuring, 353 striping with parity (RAID-5), 420, 420 new features, 14 stub zone, 178 Server editions for, 5 Subcription Properties dialog box, 116, 116 servers, 334–354, 335 subordinate CAs, 221, 222 adding role, 336–341 subscriptions. See also event subscriptions installing applications on, 341–342 logs for, 112 network level authentication, 337–338 Success Audit event in log, 113 Session Broker, 350–351, 351, 367 surveys, in SharePoint services, 322 TS Gateway, 336, 346–350, 347, 367, 368 SUS (Software Update Services), 134, 136 TS RemoteApp, 343–346, 366 switches, for WDSUtil command, 50–51 TS Web Access, 368 Symantec Ghost, 41, 47 Web Access, 351–352 creating image with, 49 WSRM and, 342–343 symmetric encryption, 380 test bed, virtualization for, 84, 84–85 synchronization testing updates, 137 for deploying updates, 137, 155 TFTP (Trivial File Transfer Protocol), 13 one-way, 293 Thawte, 218 Sysprep, 41, 48, 92 time synchronizer, Primary Domain Controller running, 58–59, 59 as, 28–29 tombstone lifetime, 235–236

93157book.indd 481 8/7/08 4:07:05 PM 482 Tools menu (Windows Explorer) – VPN (virtual private network)

Tools menu (Windows Explorer)  Map Network URL authorization rules, in IIS 7.0, Drive, 285, 285–286 356–357 Transport Server service, in WDS, 52 usage rights of documents, 224 tree, 26 USB drives trend and baseline analysis, 100, 105 copying EFS certificate to, 383 triggers for tasks, 121, 122 data backup to, 447 Trivial File Transfer Protocol (TFTP), 13 installation restrictions, 262–263 Trusted Platform Module (TPM), 371, 410 multifactor authentication with, 377 Trusted Root Certification Authorities, 218 support at computer startup for BitLocker, trusts, in Active Directory, 26–27 371, 376 TS. See Terminal Services (TS) User Account Control (UAC), 121 TS CAP (connection authorization policies), User Configuration node in Group 349–350 Policy, 241 TS Client Access License (TS CAL), 352 disabling, 252–253, 253 TS Gateway, 336, 346–350, 347, 367, 368 user experience, on Remote Desktop vs. TS Web Access, 351 Connection, 130 Web Services (IIS) to support, 354 user folders, Group Policy for redirection, TS Licensing, 336 259–260 TS Per Device Client Access License, 353 users TS Per User Client Access License, 353 assigning or publishing software to, 262 TS RAP (resource authorization policies), home folders for, 276 349–350 limiting resource use by, 124 TS RemoteApp, 336, 343–346, 366 Users container, default groups in, 227 access for TS Gateway, 347 utilization, statistics on, 109 TS Session Broker, 336 TS Web Access, 336, 368 Web Services (IIS) to support, 354 V Validate tool, for failover clustering, 426 /Verbose switch, for WDSUtil command, 50 U VeriSign, 218 UDDI Services, Server editions for, 5 Virtual Disk Service (VDS), 421–422 UNC path. See universal naming convention Virtual PC 2007, 19–21 (UNC) path Host key, 24 underscore (_), for DNS Manager folder installing, 20–21 names, 176 Virtual PC Console, 21, 21 /Uninitialize switch, for WDSUtil virtual private network (VPN), 397 command, 51 enforcement in NAP, 195 universal naming convention (UNC) path, 234 virtual servers, support for, 40 backup to, 433 virtualization, 2, 6–8, 7, 80–85, 81 mapping drives to, 285, 285–286 requirements for, 41 for share access, 284 server licensing, 85 and share permissions, 288 virtual server uses, 82–85 unknown computer, administrator notification of Vista. See Windows Vista connection, 65, 66, 66–67 volume license keys, 25 /Update switch, for WDSUtil command, 51 volumes, 230, 422 upgrades backup of, 432 measuring performance before and vs. partitions, 373 after, 104 VPN server, 398 SCCM for managing, 146 VPN (virtual private network), 397 enforcement in NAP, 195

93157book.indd 482 8/7/08 4:07:05 PM WAIK (Windows Automated Installation Kit) – Windows Server Backup feature 483

Windows Image (WIM) format, 13 W Windows Internet Naming Service (WINS), 158, WAIK (Windows Automated Installation 191, 191–192 Kit), 437 GlobalNames Zone and, 179 Warning event in log, 113 Windows logs, 112 Wbadmin tool, 432, 433–434 Windows Management Instrumentation Control for system state backup, 235 (WMIC), 75 WDS. See Windows Deployment Services (WDS) Windows Memory Diagnostic tool, 436 WDSUtil command-line utility, 50–52, 92 Windows Process Activation Service (WAS) adding images with, 57 and IIS, 356 for configuring WDS server, 55 on TS Gateway server, 349 web browser, to access TS RemoteApp, 351–352 Windows RE image file (.wim), 437 Web Developer Express, 354 Windows Recovery Environment (WinRE), Web edition of Server 2008, 3 436–438, 447, 448 web servers. See Apache web server; Internet for BitLocker, 371 Information Services (IIS) launching, 437–438 well-known ports, 358, 394 Windows Remote Management (WinRM) .wim file, 437 command-line tool, 74–75, 114, 133, converting to .iso image file, 48 154, 431 Windows 2000 Server mode, for domain-based on Server Core, 447 namespace, 317 Windows Remote Shell, 74–75, 133 Windows Automated Installation Kit Windows Scripting Host (WSH), 75 (WAIK), 437 Windows Search Service, 303, 331 Windows Boot Manager, 46, 60 Windows Server 2003 Windows Complete PC Restore, 436 remote management, 127 Windows Deployment Services Server, 56, 56 support for CredSSP protocol, 338 Windows Deployment Services (WDS), 13–14, 14, and Windows XP, 9 41, 44–70 Windows Server 2008 boot images, 46–48 64-bit editions, 47 computer image deployment, 65–70 backup, 231–232, 272 device management, 65–67 critical volumes in, 230–231 prestaging computers, 65 editions, 2–5 configuring, 53–55, 61–64 evaluation copies, 19 creating custom image, 59–61 firewall for stand-alone computers, 395 creating standard image, 57–61 installing, 18–25 building reference computer, 57–58 activating, 24–25 running sysprep, 58–59, 59 exercise, 22–24 install images, 48 hardware requirements, 18 installing, 52–53 key benefits, 5–9 interaction with DHCP, 170 new features, 10–17 multicast transmissions, 68–70 failover clustering improvements, auto-cast transmissions, 68–69 16–17, 17 scheduled-cast transmissions, 69, 69–70 PowerShell, 12–13 overview, 45–46 Server Core, 12 requirements, 49–50 Server Manager, 10, 10–11 vs. RIS, 47 in Terminal Services, 14 Server editions for, 5 running, 18–19 WDSUtil command-line utility, 50–52 Windows Server 2008 mode, for domain-based Windows Event Collector service, 113 namespace, 317 Windows Explorer, creating shares with, Windows Server Backup feature, 431–436 282–284 locations, 433 Windows Firewall console, 395, 395–396 running, 435, 435–436

93157book.indd 483 8/7/08 4:07:06 PM 484 Windows Server Update Services (WSUS) – zones in DNS

Windows Server Update Services (WSUS), WinRM quickconfig command, 115 134–145, 135, 155 WinRM (Windows Remote Management) client configuration, 138–145 command, 74–75, 114, 133, 154, 431 client-side or server-side targeting, 143–144 WINS (Windows Internet Naming Service), 158, deployment, 135 191, 191–192 DFS and, 316 GlobalNames Zone and, 179 in distributed environment, 138, 139 server, 174 downloading and deploying updates, 137–138 wireless network, 196 nondomain clients, 144–145 Wireshark, 402 prerequisites, 137 witness disk, in failover clustering, 427 remote management, 145 witness file share, in failover clustering, 427 Windows Server virtualization (WSv) role, 6 WMIC (Windows Management Instrumentation Windows SharePoint Services (WSS), 322, 352 Control), 75 Windows Software Update Services, 41 Write permission, in NTFS, 288 Windows System Resource Manager (WSRM), WSH (Windows Scripting Host), 75 123–125, 155, 367, 368 WSRM. See Windows System Resource adding, 125 Manager (WSRM) and IIS, 356 WSUS. See Windows Server Update resource allocation policies, 124–125 Services (WSUS) SharePoint and, 323 Terminal Services and, 342–343 Windows Update, history, 136 Windows Vista X client configuration for offline files, 295, 296 X64 image, 47 Terminal Services session to emulate, 342 x86 image, 47 Windows Web Server 2008, 3 Windows XP client configuration for offline files, 295, 296 remote management, 127 support for CredSSP protocol, 338 Z and Windows Server 2003, 9 zone transfer, 177–178 WinRE. See Windows Recovery zones in DNS, 175–186 Environment (WinRE) resource records, 180–183 WinRE (Windows Recovery Environment), types, 177–179 436–438, 447, 448 zone files, 179–180 for BitLocker, 371 launching, 437–438

93157book.indd 484 8/7/08 4:07:06 PM