Windows.server.2008.R2.Secrets

(1)

(2)

(3)

(4)

(5)

SECRETS

Orin Thomas

(6)

Windows Server® 2008 R2 Secrets Published by

John Wiley & Sons, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com

Published by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada

ISBN: 978-0-470-88658-8 978-1-118-19784-4 (ebk) 978-1-118-19785-1 (ebk) 978-1-118-19786-8 (ebk)

Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appro-priate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the

accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warran-ties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or web site may provide or recommenda-tions it may make. Further, readers should be aware that Internet web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services, please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Not all content that is available in stan-dard print versions of this book may appear or be packaged in all book formats. If you have purchased a version of this book that did not include media that is referenced by or accompanies a standard print version, you may request this media by visiting http:// booksupport.wiley.com. For more information about Wiley products, visit us at www.wiley.com.

Library of Congress Control Number: 2011927297

Trademarks: Wiley, the Wiley logo, and Secrets are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its

affili-ates, in the United States and other countries, and may not be used without written permission. Windows Server is a registered trademark of Microsoft Corporation. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

(7)

v

About the Author

Orin Thomas

is, among other things, a multiple MCITP, an MCT, a Microsoft MVP and a Microsoft vTSP. He has worked in IT for almost 20 years, starting on a uni-versity help desk, working his way up to Senior Systems Administrator for one of Aus-tralia’s biggest companies. He has written more than 20 books on Microsoft products and technologies and regularly writes for Windows IT Pro magazine. He is the founder and convener of the Melbourne Security and Infrastructure Group and regularly pre-sents at industry events including TechED and Microsoft Management Summit. His twitter address is @orinthomas.

About the Technical Editor

Don Thoreson

has 20 years of experience in the IT field. For the last 13 years he has been a regional IT manager at a high tech company with offices around the globe. He currently leads a team responsible for all facets of IT operations includ-ing data center, network, and end user support functions. He created and runs the global IT group’s PMO (project management office) executing projects worldwide. He earned a bachelor’s degree in business from the University of New Hampshire’s Whit-termore School of Business and Economics.

(8)

vi

Credits

E x Ec u t i v E Edi t or Carol Long P rojEc t Edi t or Ginny Munroe t Echnic a l Edi t or Don Thoreson

SEnior P rod u c t ion Edi t or

Debra Banninger

c oP y Edi t or

Katherine Burt

Edi t or i a l M a n ag Er

Mary Beth Wakefield

Fr EEl a ncEr Edi t or i a l M a n ag Er

Rosemarie Graham a S S o ci at E dir Ec t or oF M a r k E t ing David Mayhew M a r k E t ing M a n agEr Ashley Zurcher Bu SinE S S M a n agEr Amy Knies

P rod u c t ion M a n agEr

Tim Tate

v ic E P r E SidEn t a nd E x Ec u t i v E gro u P P uBl i ShEr

Richard Swadley v ic E P r E SidEn t a nd E x Ec u t i v E P uBl i ShEr Neil Edde a S S o ci at E P uBl i ShEr Jim Minatel P rojEc t c o or din at or , c ov Er Katie Crocker c oMP o Si t or Chris Gillespie, Happenstance Type-O-Rama P ro oFr E a dEr Nancy Carrasco indE x Er Robert Swanson c ov Er iM agE

c ov Er dE SignEr

(9)

vii

Acknowledgments

This book

wouldn’t have been possible without the generous dedication and professionalism of all the people that worked behind the scenes. I’d like to thank Don Thoreson, Katherine Burt, Carol Long, Ginny Munroe, Debra Banninger, and Ashley Zurcher for their invaluable assistance in putting this book together.

(10)

Contents at a Glance

Read This First

₃

xv

3

Pa r t i dEPloy MEnt a nd a dMini S tr ation SEcrE t S 1

3

Chapter 1 Windows Server 2008 R2 Deployment Secrets 3

3

Chapter 2 The Windows Server 2008 R2 Administrator’s Toolkit 33

3

Chapter 3 Server Core Secrets 51

3

Chapter 4 Active Directory Domains and Forests 73

3

Chapter 5 Effectively Managing Group Policy 113

3

Chapter 6 Managing Users and Computers 135

3

Chapter 7 Managing Active Directory Certificate Services 165

3

Pa r t ii nE t work inFr a S truc t urE a nd SEcurit y SEcrE t S 191

3

Chapter 8 Network Addressing 193

3

Chapter 9 Securing the Network: Windows Firewall and Network Access Protection 219

3

Pa r t iii Sh a rEd FoldEr a nd data ProtEc tion SEcrE t S 2 47

3

Chapter 10 Secrets Behind Shared Folders 249

3

Chapter 11 Keeping Data Private 281

3

Chapter 12 Backup and Recovery 303

3

Pa r t i v inFr a S truc t urE SErv icE S 32 9

3

Chapter 13 Internet Information Services 331

3

Chapter 14 Configuring Hyper-V Virtual Machines 357

3

Chapter 15 Patch Management with WSUS 381

3

Chapter 16 High Availability 411

3

Pa r t v rEMotE ac cE S S SEcrE t S 4 3 3

3

Chapter 17 Presentation and Application Virtualization 435

3

Chapter 18 Remote Access 457

3

Pa r t v i M a intEn a ncE a nd Monitoring SEcrE t S 4 8 3

3

Chapter 19 Getting the Most Out of Event Logs and Auditing 485

3

Chapter 20 Performance and Resource Management 507

(11)

3

Part i dEPloy MEnt a nd a dMiniS tr ation SEcrE t S 1

3

chapter 1 windows Server 2008 r2 deployment Secrets . . . . 3

Choosing an Edition of Windows Server 2008 R2 4

Deciding Between Types of Installation 6

Optimizing Your Deployment Image 12

Minimizing Deployment Time 19

Activating Windows 27

Summary 30

3

chapter 2 the windows Server 2008 r2 administrator’s toolkit . . . . 33

Choosing the Right Remote Administration Tool 34

Remote Desktop 35

Management Consoles 41

Remote PowerShell 45

Emergency Management Services (When All Else Fails) 46

Summary 49

3

chapter 3 Server core Secrets . . . . 51

Using Server Core Administration Tools 52

Performing Server Core Post-Deployment Tasks 54

Understanding the Sconfig.cmd 62

Administering with Server Core Configurator 63 Understanding Server Core Infrastructure Roles 67

Summary 72

S E C RE T S

Choosing an Edition of Windows Server 2008 R2 Deciding Between Types of Installation

Optimizing Your Deployment Image Minimizing Deployment Time Activating Windows

Summary

Choosing the Right Remote Administration Tool Remote Desktop

Management Consoles Remote Windows PowerShell

Emergency Management Services (When All Else Fails) Summary

Using Server Core Administration Tools

Performing Server Core Post-Deployment Tasks Understanding the Sconfig.cmd

(12)

x Contents

3

chapter 4 active directory domains and Forests . . . . 73

Understanding Forests and Domains 74

Setting Domain and Forest Functional Levels 79

Selecting the DNS Server 82

Defining Active Directory Sites 89

Defining FSMO Roles 91

Using Read-Only Domain Controllers 93

Securing with Global Catalog Servers

and Universal Group Membership Caching 98

Maintaining the Active Directory Database 100

Summary 110

3

chapter 5 Effectively Managing group Policy . . . . 113

Applying Group Policy 114

Using Group Policy Management Console 117

Using Important Group Policy Features 122

Completing Common Group Policy Tasks 126

Summary 132

3

chapter 6 Managing users and computers . . . . 135

Using Organizational Unit Structures 136

Managing User Accounts 140

Configuring Account Policies 147

Managing Groups 155

Creating Computer Accounts 161

Summary 163

3

chapter 7 Managing active directory certificate Services . . . . 165

Understanding Certification Authority Types 166

Managing Certification Authorities 171

Using Certificate Templates 175

Utilizing Certificate Autoenrollment 181

(13)

xi

Contents

Backing Up Certificate Services 184

Revoking Certificates 186

Summary 188

3

Part ii nEt work inFr a StructurE and SEcurit y SEcrEtS 191

3

chapter 8 network addressing . . . . 193

Understanding IPv4 and DHCP 194

Understanding IPv6 205

Transitioning to IPv6 212

Summary 217

3

chapter 9 Securing the network: windows Firewall and

network access Protection . . . . 219

Understanding Windows Firewall with

Advanced Security 220

Understanding Connection Security Rules 230

Understanding and Configuring Network

Access Protection 236

Summary 244

3

Part iii Sh a rEd FoldEr a nd data ProtEc tion SEcrE t S 2 47

3

chapter 10 Secrets Behind Shared Folders . . . . 249

Using the Share and Storage Management Console 250

Using File Server Resource Manager 255

Working with the Distributed File System 271

Utilizing BranchCache 275

Working with Offline Files 278

Summary 280

3

chapter 11 keeping data Private . . . . 281

Encrypting File System 282

Encrypting with BitLocker 287

Using Active Directory Rights Management Services 296

(14)

xii Contents

3

chapter 12 Backup and recovery . . . . 303

Using and Configuring Windows Server Backup 304 Enabling Shadow Copies of Shared Folders 313

Performing Recovery 316

Using System Center Data Protection Manager 325

Summary 328

3

Part iv inFr a S truc turE SErv icE S 329

3

chapter 13 internet information Services . . . . 331

Managing Sites 332

Managing Application Pools 348

IIS Users and Delegation 351

Managing FTP 352

Summary 355

3

chapter 14 configuring hyper-v virtual Machines . . . . 357

Configuring Hyper-V 358

Understanding Virtual Hard Disks 363

Understanding Hyper-V Networks 369

Using Virtual Machine Snapshots 374

Migrating Virtual Machines 376

Summary 379

3

chapter 15 Patch Management with wSuS . . . . 381

Defining an Update Process 382

Installing and Deploying WSUS 383

Deploying Updates 395

Understanding WSUS Topologies 401

Verifying Update Deployment 402

Going Further 407

(15)

xiii

Contents

3

chapter 16 high availability . . . . 411

Understanding Network Load Balancing 412

Allocating Storage to iSCSI SAN 417

Understanding Failover Clustering 422

Summary 431

3

Part v rEMotE accE S S SEcrE t S 4 3 3

3

chapter 17 Presentation and application virtualization . . . . 435

Understanding Remote Desktop Session Host 436

Running RemoteApp 444

Using Remote Desktop Web Access 446

Utilizing Remote Desktop Connection Broker 447

Connecting via Remote Desktop Gateway 448

Remote Desktop Licensing 450

Understanding Remote Desktop Virtualization Host 453

Virtualizing Applications with App-V 453

Summary 454

3

chapter 18 remote access . . . . 457

Setting up Remote Desktop Gateway 458

Deploying Virtual Private Networks 468

Connecting via DirectAccess 478

Summary 482

3

Part vi MaintEnancE and Monitoring SEcrEtS 4 8 3

3

chapter 19 getting the Most out of Event logs and auditing . . . . 485

Auditing Windows Server 2008 R2 486

Filtering and Viewing Event Logs 492

Event Log Forwarding 497

Creating Event Viewer Tasks 499

Going Further with Operations Manager 504

(16)

xiv Contents

3

chapter 20 Performance and resource Management . . . . 507

Monitoring Point-in-Time Performance 508

Understanding Data Collector Sets 514

Using Windows Server Resource Manager 521

Summary 525

(17)

xv

Read This First

The aim of this book

is to teach you some things about Windows Server 2008 R2 that you don’t already know. It isn’t that this functionality is a hidden secret. It is just that there are a lot of things about Windows Server 2008 R2 that you won’t know unless you obsess over TechNet documentation or product group blog posts. In my time presenting at conferences such as Microsoft Management Summit and TechED, I’ve often had people come up to me after sessions expressing surprise that a product they regularly use is capable of doing astonishing things they didn’t know about. Even after writing several books on Windows Server 2008 and Windows Server 2008 R2, I’m still discovering cool things that the operating system can do.

This book isn’t just about obscure or poorly documented features of Windows Server 2008 R2. Obscure features are usually obscure because no one needs to use them! My aim in writing this book is to cover the important roles and functionality of the operating system without spending time on foundational topics that someone who has worked as a system administrator would already know. I also discuss neat features and tricks that might surprise you. In writing this book, I’ve tried to explain what each important Windows Server 2008 R2 role does and how you can leverage it, assuming you are someone who has hung around server rooms for a couple of years, rather than someone who is new to the game and doesn’t know the difference between DNS and DHCP.

Even as an experienced systems administrator, I believe you’ll find the book useful, because Windows Server 2008 R2 is such a vast operating system that there are bound to be things that you don’t know it can do. The product does so much that keeping abreast of it all is almost impossible. This book doesn’t cover everything, but I’ve tried to include links at the end of the chapter to web pages where you can start drilling down deeper to learn more.

Who This Book is For

The type of people that I had in mind as I was writing this book are the types I see in the Windows Server 2008 R2 classes I teach and the TechED sessions that I pre-sent. They are systems administrators who have been in the job a couple of years, who

(18)

xvi Read This First

know their way around operating systems such as Windows Server 2003, and who want to know what the Windows Server 2008 R2 does without getting bogged down in basic stuff they already know. The coverage is designed for someone who has the introductory theory down pat and wants to know what a specific Windows Server 2008 R2 role or feature does, and how it might be used in a real-world scenario.

With an audience of experienced administrators, there are, of course, topics that will be more familiar to you than others. Every administrator knows a part of the operating system inside out, and in some chapters, what might seem like a secret to some will appear as blindingly obvious to others. My hope is that even in these topics, the experienced administrator will find one or two nuggets of infor-mation that he didn’t know was useful to solve a problem when working with Windows Server 2008 R2.

It is also fair to say that almost everything you can learn from this book can also be found in scattered TechNet articles and blog posts. Given that, it’s reasonable to ask, “Why buy the book in the first place?” The benefit of the book is that all the information is nicely consolidated in one resource, rather than scattered about the Internet, where it would take you weeks, if not months, to track down. You’ve only got a finite number of hours on this world and the consolidation of knowledge in this book will save you from wasting those hours sifting search engines looking for nug-gets of wisdom. It’s also hard to come up with a search engine query to tell you about a role or feature you don’t know about!

WhaT This Book Covers

This book covers the technologies that are included out-of-the box with Windows Server 2008 R2. Although it’s often used as the host operating system for more com-plicated products, such as Microsoft Exchange and SQL Server, Windows Server 2008 R2 can perform a lot of other roles that are equally important for the day-to-day run-ning of your organization. Windows Server 2008 R2 is a workhorse operating system, and, if it is anything like other Microsoft server operating systems, you’re still going to find instances of it running in server rooms and datacenters well into the next decade. With that in mind, it is useful to have a guide that covers the built-in roles and features and how they can be leveraged to accomplish your goals as a systems administrator.

(19)

xvii

Read This First

hoW This Book is sTruCTured

In writing the book, I’ve tried to cover all the roles and features in Windows Server 2008 R2 in a comprehensive but not exhaustive way. I’ve provided links to appropri-ate documentation at the end of each chapter so that if you do need to drill down, you can quickly find the relevant TechNet articles and whitepapers.

The book is separated into seven parts, each of which contains two or more chapters.

Part I: Deployment and Administration Secrets:

3

3 This part deals with

deploy-ing Windows Server 2008 R2 and the toolkit you can use to manage the oper-ating system.

Chapter 1 includes choosing an edition of Windows Server 2008 R2,

con-3 3

figuring deployment images, making the choice of physical or virtual deployment, and understanding deployment tools.

Chapter 2 includes how to choose the right administration tool: Remote

3 3

Desktop, PowerShell, Windows Remote Shell, Emergency Management Services, and Microsoft Management Consoles.

Chapter 3 is about the Server Core installation option and covers common

3 3

server core tasks such as domain join, IP address configuration, roles and features installation, registry modification, and server core configuration for Windows Update.

Chapter 4 examines Active Directory deployment, sites, functional levels,

3 3

DNS support, Read Only Domain Controllers, Active Directory Recycle Bin, and Flexible Single Master Operations roles.

Chapter 5 includes Group Policy management strategies and tools.

3 3

Chapter 6 explains useful strategies on user accounts, administrative

3 3

delegation, group deployment strategies, and Fine-Grained Password Policies.

Chapter 7 describes Active Directory Certificate Services, key archiving,

3 3

(20)

xviii Read This First

Part II:

3

3 Network Infrastructure and Security Secrets: This part of the book

deals with IP addressing, firewalls, network access protection, and domain isolation policies.

Chapter 8 explains how to leverage and secure DHCP, as well as IPv6

3 3

addressing and transition strategies.

Chapter 9 describes Windows Firewall, connection security rules, network

3 3

access protection, and domain isolation policies.

Part III: Shared Folder and Data Protection Secrets:

3

3 This section deals with

one of the most important roles of an IT infrastructure: the storage and pro-tection of data.

Chapter 10 describes how you can use BranchCache, File System

3 3

Resource Manager and Distributed File System to manage shared folders infrastructure.

Chapter 11 explains how to use encryption technologies, including EFS,

3 3

BitLocker, and Active Directory Rights Management Services to protect the integrity of organizational data.

Chapter 12 includes data protection and recovery strategies, and how best

3 3

to leverage Windows Server Backup and Volume Shadow Copies.

Part IV: Infrastructure Services:

3

3 This section deals with Windows Server

2008 R2 in its capacity to host infrastructure service roles such as Internet Information Services, Hyper-V, Update Management, and Clustering.

Chapter 13 includes information about the differences in IIS 7.5,

includ-3 3

ing managing sites, application pools, the delegation of administrative privileges, and FTP.

Chapter 14 describes Hyper-V settings, dynamic memory, virtual machine

3 3

snapshots, virtual hard disks, and technologies that allow you to perform physical to virtual migration.

Chapter 15 explains how to deploy and configure Windows Server Update

3 3

Services, including how to use WSUS groups to optimize the update deployment process.

Chapter 16 details how to deploy highly available solutions through

net-3 3

work load balancing and Windows failover clustering. The chapter also covers configuring Windows Server 2008 R2 to connect to iSCSI LANs and to function as an iSCSI target.

(21)

xix

Read This First

Part V: Remote Access Secrets:

3

3 This part explains how you can use Windows

Server 2008 R2 to allow clients on remote networks, such as the Internet, access to internal network resources.

Chapter 17 describes presentation and application virtualization, which

3 3

allow you to deploy applications to computers without installing them locally.

Chapter 18 explains how to deploy Remote Desktop Gateway, Virtual

Pri-3 3

vate Networks, and DirectAccess to allow remote clients internal network access.

Part VI: Maintenance and Monitoring Secrets:

3

3 This section details strategies

related to event log management, auditing, and performance monitoring on Windows Server 2008 R2.

Chapter 19 includes information on setting up advanced audit policies,

3 3

event log forwarding, filtering, and views.

Chapter 20 explains the Windows Server 2008 R2 technologies for

perfor-3 3

mance, reliability, and resource monitoring.

WhaT You Need To use This Book

To get the most out of this book, you should have access to a copy of Windows Server 2008 R2 that you can play around with without your configuration experiments impacting other people. The best option is to set up some virtual machines so that you can try things out. If you completely destroy the installation, you can always roll it back to a previously functional configuration.

You can download an evaluation copy of Windows Server 2008 R2 from Microsoft’s website. You can also use a non-activated copy of Windows Server 2008 R2 as the basis for your lab for between 60-120 days, depending on if you are using the original media or an evaluation copy. You can extend this evaluation period by running the

slmgr.vbs-rearm command to reset the activation clock up to three times, allow-ing you a total of 240 days to evaluate the operatallow-ing system before it runs in reduced functionality mode.

(22)

xx Read This First

FeaTures aNd iCoNs used iN This Book

The following features and icons are used in this book to help draw your attention to some of the most important or useful information—some of the most valuable tips, insights, and advice—that can help you unlock the secrets of Windows Server 2008 R2.

No te The Note icon points out or expands on items of importance or interest.

C rossref Reference icon points to chapters where additional information

can be found.

W arN iNg The Warning icon warns you about possible negative side effects or

precautions you should take before making a change.

Watch fo

r

3 margin n

otes like

this one

that

highlight

some

key piece

of

informat

ion or

that disc

uss some

poorly do

cumente

d

or hard t

o find

technique

or

approach

.

(23)

Part i

DEPLOYMENT AND

ADMINISTRATION SECRETS

chaPtEr 1 Windows Server 2008 R2 Deployment Secrets

chaPtEr 2 The Windows Server 2008 R2 Administrator’s Toolkit

chaPtEr 3 Server Core Secrets

chaPtEr 4 Active Directory Domains and Forests

chaPtEr 5 Effectively Managing Group Policy

chaPtEr 6 Managing Users and Computers

(24)

(25)

1

c h a P t E r 1

Windows Server 2008 R2

Deployment Secrets

i n t h i S c h a P t E r

Understanding the differences between Windows Server 2008 R2 editions

3

Creating a deployment image

3

Choosing virtual or physical deployment

3

Minimizing deployment time

3

Going further with System Center

3

As an experienced administrator, you’ve installed Windows

Server operating systems more times than you can count. You didn’t pick up this book of secrets to read a walkthrough telling you how to insert a DVD into an optical drive and then proceed with a screen-by-screen description of how to perform the install. At this stage of your career, you are likely to perform a traditional optical media OS instal-lation only if you haven’t had time to set up Windows Deployment Services or configure a custom image on a USB flash drive.

In this chapter, you learn the differences between the various editions of Windows Server 2008 R2, including the answer to the question, “What is the real difference between the Enterprise and Datacenter Editions, beyond the licensing cost?” And, you find out what the Foundation Edition is and the types of situations where it makes sense to deploy Windows Web Server 2008 R2.

(26)

4

c h a P t E r 1 Windows Server 2008 R2 Deployment Secrets

Read this chapter and you will also learn how to set up a USB flash drive to deploy Windows Server 2008 R2 to individual servers far more quickly than using a DVD. You learn how to modify the install image to include drivers and updates, so you don’t have to install them as part of post-installation configuration, and you find out how to switch on certain features, so you don’t have to do it manually after the deploy-ment is complete.

This chapter contains information you can use to get Windows Deployment Ser-vices not only broadcasting images in WIM format, but also how to add VHD images to the deployment server. You also learn about the types of situations where you’ll save your organization time and money by using answer files and products like System Center Configuration Manager.

ChoosiNg aN ediTioN oF WiNdoWs server 2008 r2

You probably know that Windows Server 2008 R2 comes in a variety of flavors, but do you know the real differences between each edition? Though most systems admin-istrators deal with only one or two editions of Windows Server 2008 R2 on a regular basis, there are a total of seven editions available. Of course the more editions there are, the greater the complexity in choosing the right one for a specific set of needs. When most administrators see the number of editions that are available, they throw up their hands and choose the Enterprise Edition. In general, choosing the Enter-prise Edition of any Microsoft product is a reasonable strategy, because with it, you have access to all the available features and won’t be caught unable to install some unusual role like Federation Services. The downside of this strategy is that occasion-ally you’ll spend more on a server operating system license than might actuoccasion-ally be necessary. In reality, understanding the differences between the editions comes down to the following factors:

How many virtual licenses you want included with your OS so you can run 3

3

separate instances on the same machine.

Whether you need a specific feature or role, such as wanting to set up an 3

3

enterprise root certificate authority.

Whether you have a specific amount of RAM or number of processors that you 3

3

(27)

5

Choosing an Edition of Windows Server 2008 R2

No te All versions of Windows Server 2008 R2 run on only 64-bit platforms. If

you’ve got a server that has a 32-bit processor, you won’t be able to run Windows Server 2008 R2, though you will still be able to run Windows Server 2008.

There are seven editions of Windows Server 2008 R2. The differences between them are as follows:

The Standard Edition comes with only one virtual license, does not support 3

3

Active Directory Federation Services, and has caveats when it comes to host-ing the Certificate Services role. There are connection limits on Network Pol-icy and Access Services and Remote Desktop Services roles, and DFS is limited to one stand-alone DFS root. The Standard Edition supports up to four processor sockets and up to 32 GB of RAM.

Enterprise comes with four virtual licenses, supports all server roles and fea-3

3

tures, and supports up to eight sockets and 2 TB of RAM. This version of Win-dows Server 2008 R2 is most commonly deployed in medium- to large-sized organizations.

The Datacenter Edition differs from the Enterprise Edition only in that you 3

3

get an unlimited number of virtual instances and can use up to 64 processor sockets. The Datacenter Edition is most often deployed in virtualization scenarios, as it allows you to run as many virtual machines as you want on the one bit of hardware.

The Foundation Edition is available only from OEMs on single-socket serv-3

3

ers and is limited to 8 GB of RAM. The key to understanding the Foundation Edition is that it is limited to 15 user accounts. You can have it as a Domain Controller (DC) or as a member server, but if there are more than 15 accounts in the domain or on the stand-alone system, the Foundation Edition will automatically shut down after a ten-day grace period. With that 15-account limitation and a few minor exceptions, the Foundation Edition supports the same features as the Standard Edition of Windows Server 2008 R2. You cannot install the Foundation Edition in the Server Core configuration.

The Web Server Edition supports only the Web server and DNS server roles. It is 3

3

cheaper to license than other editions, and you should deploy it if you need a server running IIS but nothing else. It supports up to 32 GB of RAM and four processor sockets.

Sockets

are

3 different

from

cores, so

if you

have a co

llection

of quad-c

ore

processo

rs that

are all th

e same,

you can i

nstall fou

r

of these

quad-core proc

essors

on a serv

er that

runs the

Standar

d

Edition o

f Window

s

(28)

6

The HPC Server Edition is used in high-performance computing applications 3

3

where it is necessary to run complex jobs against thousands of processing cores. The HPC Server version of Windows Server 2008 is often used with spe-cial applications for finanspe-cial analysis. It supports up to 128 GB of RAM and four processor sockets.

Windows Server 2008 R2 for Itanium Edition runs on the Itanium platform and 3

3

supports only Itanium-specific server applications, like SQL Server 2008 R2.

No te 2008 R2 will be Microsoft’s last server release for the Itanium platform. In general, it costs less to deploy a server running the Enterprise Edition than it does to deploy five servers running the Standard Edition. Therefore, it makes sense to choose the Enterprise Edition with its four virtual licenses rather than purchasing five servers running the Standard Edition. A lot of organizations don’t actually need all the roles present in the Enterprise Edition of Server 2008 R2 and would be fine using the Standard Edition. A need for domain-based DFS is a common reason organi-zations choose to deploy the Enterprise Edition of Windows Server 2008 R2 over the the Standard Edition.

C rossref You learn more about DFS in Chapter 10, “Secrets Behind Shared

Folders.”

deCidiNg BeTWeeN TYpes oF iNsTallaTioN

After you’ve worked out which edition of Windows Server 2008 R2 you want to deploy, you need to decide what type of installation you are going to perform. This involves figuring out:

Do you want to perform a physical deployment or a virtual deployment? 3

3

Do you want to install the full version or Server Core? 3

3

Do you want to install to volume or VHD? 3

3

One of the big cost-cutting strategies organizations are pursuing today is server consolidation. That is, rather than deploying a collection of servers physically, the collection is deployed virtually. The virtual licensing options available in the Enter-prise and Datacenter Editions of Windows Server 2008 R2 are an attempt to address

(29)

7

Deciding Between Types of Installation

this strategy. Rather than deploying an extra physical server, you might choose to deploy a hosted virtual server instead. It makes sense to take this approach, because, depending on which edition of Windows Server 2008 R2 you have chosen, you’ve already got virtual licenses available.

For example, you might have a branch office site where there is currently a file server, a domain controller, a Web server and a mail server. All hosts are running Windows Server 2003, and each of these servers are running on hardware that is approaching its end of life. As you know, “end of life” hardware is generally under-powered by present-day standards. If this underunder-powered hardware is adequate enough to service the requirements of the roles at the branch office site, it is likely that servicing those requirements will consume only a portion of the resources pro-vided by modern hardware.

Rather than replace each server with one running Windows Server 2008 R2 on current hardware, it might make sense to consolidate all of these servers so that they run as virtual machines on one physical computer running the Enterprise Edi-tion of Windows Server 2008 R2. Because you are using Windows Server 2008 R2, which includes four virtual licenses, you are already covered for the licenses of each of these virtual machines.

The main factor that determines whether a host can be deployed virtually is input/output requirements. In most branch office scenarios, computers hosting tra-ditional roles, such as file server, domain controller, and DNS server, are rarely placed under sustained load. This makes them perfect candidates for virtualization.

Of course you can consolidate all these roles onto a single server without virtual-izing each machine. For example, you might configure one server to function as a DC, Remote Desktop server, Web server, and file server rather than configuring four separate virtual machines on the same virtual host. Whether you consolidate the roles onto one computer or split them up into virtual machines depends on several administrative considerations, including:

Placing each server role inside its own virtual machine simplifies the process 3

3

of delegating administrative rights. For example, you might want to allow Kasia to manage all the permissions on file shares on a file server and adjust quotas but not give her any rights in Active Directory. While it is possible to do this when you have the file server and Active Directory roles installed on the same computer, the process is simpler when these roles are installed on separate computers. If you’ve already got the virtual licenses, why not run dedicated virtual machines, so that you lessen the chance that Kasia ends up with permissions that she shouldn’t have.

The simp

ler the

3 process,

the less

likely the

re is to b

e

mistakes

.

The HPC Server Edition is used in high-performance computing applications 3

3

where it is necessary to run complex jobs against thousands of processing cores. The HPC Server version of Windows Server 2008 is often used with spe-cial applications for finanspe-cial analysis. It supports up to 128 GB of RAM and four processor sockets.

Windows Server 2008 R2 for Itanium Edition runs on the Itanium platform and 3

3

supports only Itanium-specific server applications, like SQL Server 2008 R2.

In general, it costs less to deploy a server running the Enterprise Edition than it does to deploy five servers running the Standard Edition. Therefore, it makes sense to choose the Enterprise Edition with its four virtual licenses rather than purchasing five servers running the Standard Edition. A lot of organizations don’t actually need all the roles present in the Enterprise Edition of Server 2008 R2 and would be fine using the Standard Edition. A need for domain-based DFS is a common reason organi-zations choose to deploy the Enterprise Edition of Windows Server 2008 R2 over the the Standard Edition.

deCidiNg BeTWeeN TYpes oF iNsTallaTioN

After you’ve worked out which edition of Windows Server 2008 R2 you want to deploy, you need to decide what type of installation you are going to perform. This involves figuring out:

Do you want to perform a physical deployment or a virtual deployment? 3

3

Do you want to install the full version or Server Core? 3

3

Do you want to install to volume or VHD? 3

3

One of the big cost-cutting strategies organizations are pursuing today is server consolidation. That is, rather than deploying a collection of servers physically, the collection is deployed virtually. The virtual licensing options available in the Enter-prise and Datacenter Editions of Windows Server 2008 R2 are an attempt to address

You are n

ot

3 only savin

g by

not havin

g to buy

server ha

rdware,

but you’r

e saving

because

you don’t

have to b

uy extra

server lic

enses.

(30)

8

Placing each server role inside its own virtual machine makes the process of 3

3

migrating roles away from the host server easier. For instance, traffic may increase substantially to your virtualized file server. It takes substantially less effort to migrate file shares, quotas and permissions to a new host, if all you have to do is transfer a virtual machine, than it does if the file server role is co-located with the domain controller. You also have the possibility of per-forming a virtual to physical migration should the input/output requirements of the file server make virtually hosting the role impractical.

If you are in the process of upgrading to Windows Server 2008 R2 from Windows Server 2003, it is likely that you are going from hardware that is at least a couple of years old to hardware that is probably new. New hardware can usually deal with resource pressure that would cause bottlenecks on older hardware.

Deploying Server Core

If you are like most administrators, you’ve heard about Server Core versions of Windows Server 2008 R2, but you probably haven’t worked with them. If you haven’t heard of Server Core, it is perhaps best described as Windows Server 2008 R2 command-line edition. You perform all the primary setup activities from the command command-line. After you’ve got the server set up, you can connect remotely using management con-soles that are part of the Remote Server Administration Tools (RSAT).

C rossref You learn more about Remote Server Administration Tools in

Chapter 2, “The Windows Server 2008 R2 Administrator’s Toolkit.”

The advantage of a Server Core deployment is that computers running Server Core don’t have all the extra components that a full version of Windows Server 2008 R2 has, and thus there are fewer components susceptible to vulnerabilities that require patching. For example, although you need to apply whatever updates are released for Internet Explorer to computers that run the full versions of Windows Server 2008 R2, you don’t need to apply these updates to computers that run Server Core.

No te The advantage of a Server Core deployment is that you spend a lot less

time fussing with patches and worrying about downtime caused by reboots.

When yo

u are

3 consideri

ng where

to deploy

a server

running W

indows

Server 2

008 R2,

take time

to think

about wh

ether it

might be

better

hosted vi

rtually or

whether

it needs

to be a p

hysical

deployme

nt.

(31)

9

The disadvantage is that from the outset, you will have to spend more time muck-ing about in the command line configurmuck-ing Server Core so that you can use the RSAT tools to manage the installation.

Another advantage of the version of Server Core that comes with Windows Server 2008 R2 is that it fully supports PowerShell. PowerShell wasn’t fully supported in the Server Core version of Windows Server 2008 RTM, which meant that you had an operating system managed from the command line without having access to the most powerful command-line tool on the platform.

The main drawback of Server Core installations is that they don’t support all the roles available on the full versions. Another drawback is that Server Core installa-tions do not support server applicainstalla-tions such as Exchange or SQL Server. The Enter-prise Edition of Server Core supports the following roles:

Active Directory Certificate Services 3

3

Active Directory Domain Services 3

3

Active Directory Lightweight Directory Services 3

3

BranchCache Hosted Cache 3 3 DHCP Server 3 3 DNS Server 3 3 File Services 3 3 Hyper-V 3 3 Media Services 3 3 Print Services 3 3

Web Services (IIS) 3

3

A Server Core installation running the Standard Edition of Windows Server 2008 R2 supports all these roles except BranchCache Hosted Cache. As with the full install, a Server Core installation of Windows Server 2008 R2 Standard Edition is also limited to one stand-alone DFS root. Server Core installations are not supported on Itanium or Foundation Editions of Windows Server 2008 R2.

C rossref You learn more about how to configure systems running Server

(32)

10

Installing to VHD

Usually, when you install an operating system, the installation routine writes a collection of files and folders across volumes on the hard-disk drive. If you booted the server up with Windows Preinstallation Environment (PE) and looked at the hard-disk drive, you’d see a collection of files and folders. Unlike previous versions of Windows Server, Windows Server 2008 R2 gives you the option of performing an installation to VHD file. The VHD file is a container that appears to the computer as a separate volume. When you have configured it correctly, you can format the VHD file, write files to it, and treat it exactly as any other volume on the hard disk. Because you can store multiple VHD files on a disk, you can configure Windows Server 2008 R2 to boot into different versions without having to repartition an existing hard-disk drive. If you install to VHD, boot up from Windows PE, and look at the hard hard-disk, you’ll see the VHD file and pretty much nothing else.

Installing to VHD makes your deployment of Windows Server 2008 R2 more por-table. You are able to move the VHD file to another computer or even configure the VHD file as a differential disk, so that you can roll back any changes that occur if they cause a problem.

C rossref You learn more about differential disks in Chapter 14, “Configuring

Hyper-V Virtual Machines.”

To prepare Windows Server 2008 R2 for an installation to VHD on a computer with an unformatted disk, perform the following steps:

1 . Start the Windows Server 2008 R2 installation routine either by booting from DVD, USB, or PXE.

2 . Select your language and click Next. Instead of selecting Install Now, click Repair Your Computer.

3 . On the System Recovery Options dialog, click Next (you won’t have any sys-tem to recover). When Windows fails to find a syssys-tem to recover, click Cancel. Click Cancel again until you can see the System Recovery Options dialog, shown in Figure 1-1. Then click Command Prompt.

(33)

11

FigurE 1-1: System Recovery Options

4 . From the command prompt, type diskpart.exe. From within diskpart.exe,

type the following commands:

select disk 0

create partition primary format

assign

create vdisk file=”c:\2008r2.vhd” maximum=X

select vdisk file=”c:\2008r2.vhd” attach vdisk

exit

5 . From the command prompt, ensure that you are still in the X:\sources

direc-tory, and then type Setup.exe. This will restart the Windows Server 2008 R2

installation routine.

6 . In the installation routine, with which you are no doubt familiar, answer the questions until you come to the screen where you are asked, “Where Do You Want to Install Windows?”

7 . On the Where Do You Want to Install Windows dialog, select the volume that matches the size of the VHD file that you created.

As backups taken with the built-in Windows Server 2008 R2 backup utility are stored in VHD format, it is also possible to copy a backup across to a new volume, use BCDEDIT to modify the boot configuration, and boot directly to the backup as an alternative boot strategy. This enables you to perform full server recovery on the same hardware without wiping the original operating system.

The value

3 you put f

or the

maximum

size of

the VHD

should

approxim

ate the

size of th

e volume

on which

you wan

t

to install

Windows

Server 2

008 R2.

You set th

is figure

in megab

ytes.

Server 2

008 R2

needs ab

out 15-20

GB of sp

ace for a

normal in

stallation

.

Click thr

ough

3 the warn

ing that

indicates

you are

unable to

install

to this d

rive. The

installatio

n will

continue

from this

point as n

ormal.

(34)

12

C rossref You will learn how to configure Windows Server 2008 R2 to boot

from a VHD file generated from a backup in Chapter 12, “Backup and Recovery.”

opTimiziNg Your deploYmeNT image

When you deploy Windows Server 2008 R2 for the first time, you will notice that it comes with no roles or features installed. There is a solid reason for this. When you start with no roles or features installed, it means that the only roles and features that will be installed in the future are the ones that you put there yourself. This all has to do with security. In the past several years, Internet worms propagated because a lot of administrators installed their Internet-facing servers in a default configuration. That default configuration came with a Web server and other roles and features installed and active—something that a lot of administrators didn’t realize. The reason that many of these systems admins didn’t patch their servers was that they simply didn’t know that they were vulnerable. With Windows Server 2008 R2, an administrator has to actually install a feature like Internet Information Services explicitly. In theory, this means that administrators should be aware that any vul-nerabilities that impact that feature need to be dealt with as soon as possible.

As good as it is from a security perspective that Windows Server 2008 R2 installs with no features or roles present, this creates a small challenge for administrators who need to regularly and rapidly deploy the operating system. For example, if you wanted to deploy all the pre-requisite software for a Windows Server 2008 R2 system that will function as a mailbox and client access server, you need to install a signifi-cant number of roles and features as well as configure several services. As you are aware, manually adding roles and features can take some time. You have to add the roles and then often reboot and log in again before the role is completely installed.

Managing Windows Server 2008 Images

In previous versions of Windows Server, such as Windows Server 2003, installation occurred through the extraction of relevant files from compressed archives (called CAB files). Rather than using compressed archives, Windows Server 2008 and Windows Server 2008 R2 use image files that are applied directly to the installation destination.

The Windows Server 2008 R2 image is located in the sources directory of the Win-dows Server 2008 R2 installation media. The image is stored in WIM format, and the

Creating

a

3 deployme

nt image

where all

necessar

y

prerequis

ite roles

and featu

res are

preconfig

ured

automati

cally can

save you

a lot of

time bec

ause you

don’t hav

e to add

those rol

es and

features

after the

server firs

t boots.

(35)

13

Optimizing Your Deployment Image

operating system ships with tools that allow you to mount and edit images directly. Of course, before you are able to modify the image, you need to copy the image to a volume that has a read/write file system. You can’t write changes back to the original DVD media, but you can write a revised image to a new DVD. The sources directory contains two image files that are of interest to administrators. These are as follows:

Install.wim:

3

3 This file contains the Windows Server 2008 R2 image. You

modify a copy of this file when creating a custom image. You install this file on a Windows Deployment Services (WDS) server when you want to perform a network deployment of Windows Server 2008 R2.

Boot.wim:

3

3 This file contains information necessary to boot Windows Server

2008 R2. You install this file on a WDS server as a boot image, allowing the network installation process to prepare a computer for the deployment of Windows Server 2008 R2.

Using DISM to Manage Images

DISM.exe is a command-line tool included with Windows Server 2008 R2. DISM.exe allows you to modify a Windows Server 2008 R2 image whether that image is stored in WIM format or VHD format. You can use DISM.exe to turn on features, add drivers, and add software updates to the image. This process is sometimes referred to as an offline update to the image. Online updates to an image traditionally involve deploy-ing the image, performdeploy-ing the updates on an active system, and then recapturdeploy-ing the updated system to a new image. An advantage of the WIM and VHD image formats is that they allow you to modify an image that you have created without having to go through the rigmarole of performing that modification on a live system.

If you obtain the installation media from Microsoft, TechNet, or MSDN, the install.wim image will allow the following installations:

Windows Server 2008 R2 Standard 3

3

Windows Server 2008 R2 Standard (Server Core) 3

3

Windows Server 2008 R2 Enterprise 3

3

Windows Server 2008 R2 Enterprise (Server Core) 3

3

Windows Server 2008 R2 Datacenter 3

3

Windows Server 2008 R2 Datacenter (Server Core) 3

3

Windows Server 2008 R2 Web 3

3

Windows Server 2008 R2 Web (Server Core) 3

3

You need

to

3 have the

boot.wim

file instal

led on th

e

WDS ser

ver even

if you are

deploying

VHD ima

ges rathe

r

than WI

M image

s.

This file

enables

the comp

uter to

boot up o

ver the

network,

just as

it would i

f the file

was store

d locally.

(36)

14

As you’ll already know, when you deploy Windows Server 2008 R2, you choose one of these options, and that’s the version of the operating system that installs. When you decide to modify the image, you need to select which of these installations you are going to modify, even though they are all stored in the same image file.

To modify an image, you need to specify which installation you want to mount and then mount it in a temporary directory. Each installation image has a corre-sponding index number that you will need to reference when making modifications. With DISM, you make modifications to one installation at a time. For example, if you add a driver to the Enterprise Edition installation, it does not automatically add the driver to the Standard and Datacenter Editions installation. You can determine the image index number that corresponds to a particular installation by running the command:

dism.exe /get-wiminfo /wimfile:c:\images\install.wim

For example, on the normal Windows Server 2008 R2 installation media, the index number of the standard version of Enterprise Edition is 3. To mount the Enter-prise Edition image so that you can make modifications in a directory called c:\ mount, issue the command:

dism.exe /mount-wim /wilmfile:c:\images\install.wim index:3 /mountdir:c:\mount

When you finish modifying the image, you will need to commit the image.

Committing the image writes all the changes back to the install.wim file, which you

can then add to your USB flash device, burn to a DVD or add to a WDS server so that you can deploy that image. To commit an image using DISM, issue the command:

dism.exe /unmount-wim /mountdir:c:\mount /commit

ADDINg DRIvERS TO IMAgES

Once the image is mounted, you can use the DISM to add drivers to the image. For example, you could create a directory named c:\drivers and copy all of the driver files into that directory, placing each driver’s files in its own separate folder. Once you’ve placed all the drivers into the directory, you can use DISM to recursively add all of these drivers to the image. To do this, issue the command:

Dism.exe /image:c:\mount /Add-Driver /driver:c:\drivers\ /Recurse

If you do

n’t

3 want to c

ommit

the chan

ges you

made to

the

image, su

bstitute

the /com

mit

switch for

/discard.

After you

’ve

3 committe

d an

image, yo

u’ll need

to remou

nt it

if you wa

nt to

make any

further

changes

as

committe

d images

(37)

15

You may be aware that Windows 7 has better driver detection routines than Windows Server 2008 R2. Rather than attempting to locate each separate driver for a model of computer that you intend to have running Windows Server 2008 R2 and then adding them to the install image for a specific hardware configuration, you can do the following:

1 . Install a 64-bit version of Windows 7 on the hardware that you will use to host Windows Server 2008 R2.

2 . Allow Windows 7 to connect to the Internet so it can detect and install all the drivers necessary for this hardware configuration.

3 . Once all drivers have been installed, copy the contents of the c:\windows\ system32\driverstore directory to a USB flash drive.

4 . Use DISM.exe with the /add-driver and /recurse options to inject all these drivers into the mounted Windows Server 2008 R2 image.

When you use this modified image to install Windows Server 2008 R2, all neces-sary drivers for this hardware configuration will be present, and you won’t have to spend time trying to figure out which unknown hardware device is missing its driver.

ENAbLINg FEATuRES

You can use DISM.exe to enable features such as the DHCP server so you do not have to manually install the role or feature after installation completes. You can see a list of features that you can enable by using the command:

dism.exe /image:c:\mount /get-features /format:list

To enable a specific feature, use the /Enable-Feature option. For example, to ensure that the DNS server role and management tools are installed on a server dur-ing installation, rather than as a post-installation configuration step, issue the commands:

Dism.exe /image:c:\mount /Enable-Feature:DNS-Server-Full-Role Dism.exe /image:c:\mount /Enable-Feature:DNS-Server-Tools

Each feature must be enabled separately. This means that if you want to enable the Web server role on a server during installation rather than doing it as a part of the post-installation configuration routine, you need to enable each specific Web server feature.

Windows

3 Server 2

008 R2

can use t

he same

drivers a

s the

64-bit ed

itions of

(38)

16

No te All feature names are case sensitive.

ADDINg uPDATES TO IMAgES

Every month Microsoft publishes new updates, some of which need to be deployed to computers running Windows Server 2008 R2. Something that you have to take into account when you are thinking about deployment is whether or not you want to include all the currently released updates in the deployment image or whether you want to have the server retrieve all necessary updates after the installation process has completed. Having the server retrieve all those updates and install them can sub-stantially add to your deployment time.

You can use DISM.exe to add updates to a mounted image. To do this, copy all the updates that have the .MSU extension into the same folder. After all the updates are in the same folder, use DISM.exe with the /Add-Package switch. For example, to add all the updates in the c:\updates directory to the Windows Server 2008 R2 Enterprise Edition image mounted in the directory earlier, issue the command:

Dism.exe /image:c:\mount /add-package /packagepath:c:\updates\

All of the updates that are added to the image are applied automatically at the end of the installation routine. This is likely to add to the amount of time it takes for the installation routine to complete but uses less time than having each server download the updates from your WSUS server or Microsoft Update server and then install them. As updates are released each month, you can use this simple procedure to perform an offline update of your deployment image.

Unfortunately, you don’t apply service packs to images in the same way that you apply updates. Because Windows Server 2008 and 2008 R2 use a different type of image than previous versions of Windows, you can no longer “slipstream” service packs. When the Windows Server 2008 R2 service pack becomes available, you should obtain an updated operating system image from Microsoft that includes the new ser-vice pack.

It is, of course, possible to build an updated image and then capture it using a utility such as ImageX.exe, but whether this is worth the effort when the updated image will be available for download is a decision that only you can make.

In fact, i

f

3 you don’t

come

up with a

way

to incorp

orate

updates i

nto your

image, yo

u’ll

eventuall

y find th

at

it takes l

onger

to perfor

m the

post-inst

allation

update pr

ocess

than it t

akes to

actually i

nstall the

operating

system i

n

the first

place!

(39)

17

C rossref You learn more about managing updates in Chapter 15, “Patch

Management with WSUS.”

Applying a WIM to a VHD

You can use the ImageX.exe utility to apply a WIM image that you have prepared to a VHD file and then allow the computer to boot to that VHD file.

To create a VHD file and apply a prepared WIM file to the VHD, perform the follow-ing steps:

diskpart.exe

create vdisk file=c:\win2k8r2.vhd maximum=30000 type=fixed select vdisk file=c:\win2k8r2.vhd

attach vdisk

create partition primary assign letter=v

format quick label=vhd exit

imagex.exe /apply c:\images\install.wim 3 v:\ diskpart.exe

select vdisk file=c:\win2k8r2.vhd detach vdisk

exit

You can copy this VHD file across to another computer, as long as the volume on which you put the VHD has enough space. Ensure that the computer to which you are copying already boots and runs either Windows 7 Professional or Ultimate Editions or Windows Server 2008 R2. After the file has been copied, perform the following steps:

1 . Run the following command, taking note of the CSLID that is displayed:

Bcdedit.exe /copy {current} /d “2K8R2_VHD”

2 . Run the following commands, substitute the CSLID, but keep the square brackets around the drive letter:

bcdedit.exe /set {CSLID} device vhd=[c:]\2k8r2.vhd bcdedit.exe /set {CSLID} osdevice vhd=[c:]\2k8r2.vhd bcdedit.exe /set {CSLID} detecthal on

When you reboot, 2K8R2.VHD will be present as a boot item. If you want to copy the file across to a computer that does not have an existing boot environment, use

Applying

a WIM

3 image to

a VHD

and then

booting

off the V

HD gives

you a qui

ck metho

d

of testing

whether

your WI

M image

is correc

tly

configure

d.

(40)

18

diskpart.exe to configure the volume and then the BCDboot tool to create the boot configuration. BCDboot is located on the Windows PE media.

SERvICINg vHD FILES wITH DISM.ExE

You can use the DISM.exe utility to service offline VHD files in the same way that you use the tool to service WIM images. Rather than using DISM.exe to mount the VHD file, you use the Diskpart utility to attach the file as a volume.

To mount the file c:\2008R2.vhd as a volume associated with the drive letter v,

issue the following commands from an elevated command prompt:

Diskpart.exe

Select vdisk file=c:\2008r2.vhd Attach vdisk

Assign letter=v exit

After you’ve done this, you can use the DISM.exe commands that you learned earlier to service the image. For example, to recursively add drivers stored in the

c:\drivers directory to the mounted image, issue the command: Dism.exe /image:v:\ /add-driver /driver:c:\drivers /recurse

To add all updates in the c:\updates directory to an image, issue the command:

Dism.exe /image:v:\ /add-package /packagepath:c:\updates\

To enable a specific role or feature, use the /Enable-Feature option. For example, to enable the DNS server role and to install the DNS management console, issue the commands:

Dism.exe /image:V:\ /Enable-Feature:DNS-Server-Full-Role Dism.exe /image:V:\ /Enable-Feature:DNS-Server-Tools

When you are finished servicing the VHD file, you need to detach the VHD to com-mit your changes. This is done by typing the following from an elevated command prompt: