Not knowing your network configuration ahead of time isn’t usually going to be a showstopper. Knowing it can save you time though.
Protocols
Ever since NT 3.5, Microsoft has been trying to chivvy us into abandoning NetBEUI and making our networks 100 percent TCP/IP. Don’t get me wrong, I think it’s a great idea, but they’ve had to move slowly because lots of networks used NetBEUI, and because Windows 95 clients never ran very well with just TCP/IP—a few things like Network Neighborhood ran better with NetBEUI than with TCP/IP on 95.
With Server 2003, Microsoft takes things a step or two further.
First, as with Windows 2000, the only protocol that Server 2003 installs by default is TCP/IP. But Server 2003 is new in that it doesn’t even offer NetBEUI as a protocol option, offering only IPX and AppleTalk as TCP/IP alternatives. NetBEUI is available on the Server 2003 CD in the \VALUEADD\MSFT\ NET\NETBEUI folder, but you’ve got to do a bit of looking to find it! So if your network still has a bit of residual NetBEUI, now’s the time to do a little spring cleaning and go TCP/IP all the way.
Setting up TCP/IP requires knowing a few things about your system—what its IP address, subnet mask, default gateway, and preferred DNS server will be, for starters, or will you instead use DHCP? (If you’re not clear on what those things are, take a look at Chapters 6 and 7.) Find out this protocol info ahead of time—those network gurus are never around when you need them in mid-install. Domain Membership
Almost every server will be a member of a domain rather than a workgroup, and in early versions of Windows NT you had to make some serious you’d-better-get-this-right-the-first-time-there’s-no- going-back decisions at Setup time. Ever since Windows 2000, however, there’s a bit less pressure. In the pre-2000 days, you had to decide at Setup time whether a system was a domain controller or just a member server. With 2000 and later versions of Server, you needn’t answer that question now; instead, all systems come out of Setup as member servers and you can decide to change any of them to domain controllers later with a program called DCPROMO, which you’ll meet in Chapter 8.
You can, however, join an existing domain from Setup. If you want to do that, you will need to have a computer account created in the domain. A computer account is almost identical to a user
102 CHAPTER 5 SETTING UP AND ROLLING OUT WINDOWS SERVER 2003
If the server is a member of a domain, it can assign rights and permissions to users belonging to its member domain or any of its trusted domains. This is important to your users. They should log in once to the network and never have to be asked for a password again. If the server resides in a workgroup, then the ability to give rights to domain users is out of the question, causing multiple login points.
Upgrading Domain Controllers
Speaking of domain membership, here’s an important note about domain controllers. If you are think- ing of upgrading an NT 4 box that is acting as a domain controller, then I urge you to think once and twice before upgrading. You can cavalierly upgrade just about any other computer, but the domain controllers need some planning, or you’ll be very, very sorry!
You see, upgrading an NT 4 domain controller has an important side effect: it upgrades your NT 4 domain to an Active Directory—the Windows 2000 Server and Server 2003 name for a domain. Server 2003’s Setup doesn’t allow you to upgrade any of your backup domain controllers until you’ve upgraded the primary domain controller. So you might want to think twice before simply upgrading your existing DCs. Personally, I prefer a domain upgrade technique called “clean and pristine,” and I’ll discuss it in Chapter 8, the Active Directory chapter. You might want to read up to that chapter before doing any NT-to-Server 2003 surgery on your domain controllers. Basically, however, I advocate building a brand-new, empty Active Directory domain built atop either Windows 2000 Server or Server 2003 systems, then moving the user accounts over to that domain, leaving your old NT 4 domains in place “just in case” as you migrate. For small domains, however—say, 500 users or fewer—you may not have to do that much work, and an in-place upgrade to Active Directory may be an acceptable option. More on that in Chapter 8.
Networking Components
These are the additional services to be installed, like Internet Information Services and DNS Server. This is where I like to say things like “Ooh… Quality of Service Admission Control Protocol… sounds neat, gimme that.” That’s exactly what we shouldn’t say. Don’t overdo it here. Every option selected installs another service or utility that will consume more resources on your server, and more software in your system means more places where bugs could lurk—and that means more potential places for viruses to attack. Keep those servers as lean and mean as you can by minimizing the amount of software running on them!
Also be aware of the effect certain services may have on the rest of your network. Some services will require clients to be connected explicitly to a given server. On the other hand, some, like DHCP Server, act on a broadcast level and can affect clients just by being present. In addition, most services, also just by being present, have an adverse effect on available system resources. Hard-disk space is consumed for additional files, memory is taken up by loading more programs, and processor cycles are consumed by running excessive services that really don’t have anything to do with what your server is intended to do. Unless you will specifically be using the service on this particular server, don’t install these additional components.
Server Licensing
Licensing options remain pretty much the same as they have since NT 3.51. You are given per-seat or per-server licensing modes:
PLANNING AND PREPARATION 103
account for how many clients you have; you don’t need to worry about either concurrent connections from those clients into a single server or to how many servers each client holds a connection.
◆ Per-server licensing differs in that each client-to-server connection requires a license. If a client connects to 25 different servers, that client will take up 1 license on each server, totaling 25 licenses. You may know this as a “concurrent use license.” It’s simpler because it’s easy to track—once that 26th person tries to attach, he’s just denied the connection—but it’s usually more expensive because you then have to buy a bunch of licenses for each server.
Which way to go? Well, the short answer is: Per-seat is almost always the right technique. But if you want more details…
Warning Let me stress that licensing is not so much a technological issue as it is a legal issue. I’m not a lawyer and
therefore not qualified to be your sole advisor about software licensing. The following is just my layman’s understanding of a legal issue. Do not make all of your licensing decisions based on information in this book. Microsoft’s licensing is so complex that you can ask the same licensing question of four people and get five answers. So the best you can do is to equip yourself with the facts and then go buy the licenses from some firm that sells Microsoft stuff.
Per-seat is usually the cheapest licensing method if you have more than one server. Under per-seat licensing, you buy a client access license, or CAL, for every computer that will attach to your enterprise’s servers. Again, that’s computer, not person. So if Joe Manager reads his Exchange mail from the computer on his desktop sometimes, reads it on the road with his laptop sometimes, and once in a while comes in through the firewall from home, then you need to buy three licenses for Joe Manager. Surprised? Most people are. On the one hand, it means that if three people share a computer, then those folks only need one CAL. On the other hand, nowadays everyone has one or more computers, so CALs start to add up. By the way, CALs list for around $40, although you can buy them in bulk more cheaply and large organizations usually have some kind of an unlimited-client deal. But you don’t want to run afoul of the software watchdogs, so if you go with per-seat licensing, then be darn sure that you’ve got every computer covered! (And, sadly, that may mean that you have to disallow employees from checking their e-mail or using other corporate resources from their home, unless they’re using a company-issued laptop.)
Per-server licensing is simpler. You tell a server that you’ve purchased some number of CALs. The server’s Licensing Service (a built-in part of Windows Server 2003) then keeps track of how many people are connected to the server at any moment. If you have X licenses and the X+1st person tries to attach to the server, that person is denied access.
This sounds simple, but the problem is that you’ve got to buy a CAL for each connection for each server. For example, suppose you have 4 servers, 25 employees, and 40 workstation PCs—there are more PCs than employees because of laptops and “general access” PCs. Suppose your goal is that all 25 employees can access any and all servers at any time.
Under per-server licensing, you’d have to buy 25 CALs for each server, or 100 CALs total. Under per-seat licensing, you’d license each of the machines—all 40 of them—with a CAL. That one CAL would enable someone sitting at a machine to access any and all of the servers, no matter how many domains your system contains. Thus, in this case, 40 CALs would do the trick. In general, you’ll find that per-seat is the cheaper way to go, but again, be careful about remembering to license all of the laptops and (possibly) home PCs.
104 CHAPTER 5 SETTING UP AND ROLLING OUT WINDOWS SERVER 2003
Most likely, especially in larger environments, the licensing has already been worked out ahead of time. Prior to starting your first install, make sure that your licensing is best suited not just for your network, but also for the way your clients use the network.
Note Note, however, that if you already have Windows 2000 Server CALs, then you need not purchase upgraded
CALs—2000 Server CALs are fine for Server 2003–based networks. Upgrade or Fresh Install?
Finally, you need to decide whether you will be upgrading an existing operating system or performing a clean install.
This can be a real toughie. On the one hand, if you’ve got a server that’s already running a bunch of services, and each one took quite some time to get just so, then running Setup as an upgrade is pretty attractive. On the other hand, if you’re upgrading a system that will be working for some time to come, then it’s awfully appealing to use the fact that you’re changing the operating system as an excuse to also clean house, starting from ground zero and building a nice new system uncluttered by who-knows-what old data or programs that are just hanging around.
Personally, I do a clean install whenever possible. But the key words there are “whenever possible.” If I really have about two hours to get an install done before the server’s got to be up and ready in a production environment, then an upgrade’s the way to go. But if I have a bit more time, I go with a clean install. Cleanly installed systems take time to tweak to whatever standards you’re using in your organization.
Furthermore, I’ve had, well, spotty results from upgrades. In my experience upgrading from NT 3.1 to 3.5 (I lost my printer shares), 3.5 to 3.51 (some domain controllers simply refused to work), and 3.51 to 4 (several miscellaneous problems), I’ve run into problems. Having said that, I should in all honesty say that pretty much all of my NT 4-to-2000 upgrades were pretty smooth, so perhaps Microsoft has gotten the hang of upgrades. If you do upgrade, however, be sure to defragment your disk when you get done, and use the free pagedfrg.exe utility from www.sysinternals.com—it
defrags your pagefile, a large and important file on your system.
If you’ve decided on a clean install, there isn’t much more you need to do. If you’re running an upgrade, there are still a few considerations. The last thing you want to do is upgrade a cluttered system and carry over any issues that belong to the clutter. Many people sit in front of the server so much that they install their mail client, office suite, and other programs and utilities that are not related to what the server is supposed to be doing. These should all be uninstalled before running an upgrade. Look at your services on the server. Any third-party services, such as antivirus, Web publishing, disk defragmenting, or other types of software, should also be removed prior to beginning an upgrade. By doing so, there is much less to get in the way of your upgrade.