Windows Server 2008 Installation and DC Role Installation

(1)

Windows Server 2008 Training

Essentials

By Coach Culbertson

Windows Server 2008

Installation

and DC Role Installation

Windows Server 2008

Installation and DC

Role Installation

• About Your Instructor and Train Signal

• What's Covered in This Course

• The Verde Petra Perks and Publishing

Network Scenario

• Quick Editions and Requirements Check

• Installation

• Initial Configuration Tasks

• Role Installation for Domain Controller

• What We Covered

(2)

About Your

Instructor and

Train Signal

• Coach Culbertson

– 10 Years of IT and Training Experience

– MCTS: SharePoint Server 2007, MCSA, MCDBA, MCT, A+, Net+, CIW, and a few others

– 2 Year Tour of Duty as an Inner City High School Teacher in Chicago

– Launched a couple hundred careers

• About Train Signal

– Casual Training Method that teaches real skills first

– Scenario-Based Training to answer the question "Why does this change my life?"

What's Covered

In This Course

• Windows Server 2008 Full Installation and Domain

Controller Installation

• Active Directory Users and Groups

• Server Core Installation and DHCP Role Installation

• File and Print Server Role Installation

• Read Only Domain Controllers

• IIS Installation and Basic Modularization

• Terminal Services Remote Application Set Up

• Client Imaging and Deployment

• Server 2008 Certification and More Cool Toys

Verde Petra Perks

and Publishing

Scenario – Part 1

• As a consultant, you've recently been retained by a new startup company, Verde Petra Perks and Publishing, a coffee shop chain that not only serves coffee, but also uses print-on-demand (POD) technology to deliver soft cover books from a library of the most recent 2500-3000 best sellers. Each coffee shop franchise and corporate owned location will be fully equipped with the standard coffee-espresso-iced latte equipment, but will also have touch screen kiosks at each table that will allow customers to order their drinks as well as order books that will be printed right in the coffee shop itself in about 5 minutes using the new Espresso Book Machine (basically a really big print device).

(3)

Verde Petra Perks

and Publishing

Scenario – Part 2

• The web application software that will be used for ordering coffee, snacks, and books is still in development by another agency. It's your job to build out the network infrastructure for the pilot coffee shop which will also serve as the initial headquarters for the chain. The owners, tech savvy coffee gurus, have opted to go with Server 2008 as the platform of choice, largely due to:

– Enhanced IIS 7.0 capabilities and modularization to support their internal ASP Web application for ordering

– Branch Office support and security through Server Core Installation, Read Only Domain Controllers, and Web Access to Remote Apps – Print Server Capabilities for book printing

– File Server Capabilities for book storage

– Windows Deployment Services (WDS)for easy installation of servers and clients for new franchise locations

Verde Petra Perks

and Publishing

Scenario – Part 3

Verde Petra Perks

and Publishing

Scenario – Part 4

• The initial build out will consist of:

1. A Server 2008 Enterprise domain controller with Active Directory 2. A Server 2008 Standard Server Core installation for DHCP 3. A Server 2008 Read Only Domain Controller for replication at franchises 4. A Server 2008 Standard Full Installation with File Server and Print Server Roles 5. A Server 2008 Standard Full Installation with Windows Deployment Services Server Role

-Mobile Machine that will not always be in the same place

6. A Server 2008 Standard Full Installation with Application Server Role for the forthcoming Web Application

7. A Server 2008 Standard Full Installation for Terminal Services for Remote Apps and Web Access for centralized administration of Espresso print device and everything else. 8. 12 Flat Panel Touch screen Vista clients - 10 for the floor, 2 reserved for behind the counter

• A main focus for this pilot installation is to make the network replicable and scalable for future franchises. Thus, image creation for Windows Deployment Services will be an important element.

• You're not an expert in 2008 as you approach this project—but you're about to become one.

(4)

Quick Edition and

Requirements

Check – Part 1

• Windows Server 2008 Standard Edition (x86 and x86-64) • Windows Server 2008 Enterprise Edition (x86 and x86-64) • Windows Server 2008 Datacenter Edition (x86 and x86-64) • Windows Web Server 2008 (x86 and x86-64)

• Windows Storage Server 2008 (x86 and x86-64)

• Windows Small Business Server 2008 (Codenamed Cougar) (x86-64)

• Windows Server Codenamed "Centro" (for mid-markets) (x86-64)

• Windows Server 2008 for Itanium-based Systems (IA-64)

Quick Edition and

Requirements

Check – Part 2

What We

Covered

• Describe the different editions of Server 2008

• Describe the requirements for a full

installation

• Perform a Full Installation of Server 2008

• Complete the Initial Configuration Tasks

• Install the Active Directory Domain Services

(5)

Active Directory Users and

Groups

Active Directory

Users and

Groups

• A Quick Review of AD and Some New

Toys

• User and Group Creation

• What We Covered

(6)

A Quick Review

of AD and Some

New Toys

• A Quick Review

– Active Directory is a database that provides the foundation of your network

– It holds User Accounts, provides Group Policy for control, and a whole lot more

– When you log in to a Windows Network, you authenticate against an Active Directory

• New Toys!

– Active Directory Domain Services is now a restartable service! No more rebooting!

– Directory Service Auditing - See exactly who changed what, what it used to be, and what it now is!

– Read Only Domain Controllers - that can be installed in Server Core! – And much, much more!

User and Group

Creation – Part 1

• The Verde Petra Perks

and Publishing AD

Structure

– Since you've successfully installed the DC and DNS, it's time to build out the basic Groups and Users for the coffee shop. The Web Application being built will use User Names to manage orders per table. – Here's the initial structure:

User and Group

Creation – Part 2

• Since this is a new environment, you'll

enable AD DS Auditing as well, to

ensure that as you make changes, if

something blows up, you know what

you altered. Also, you need to rename

the primary Administrator Account for

Server Hardening.

(7)

What We

Covered

• Describe three of the new features of AD DS

• Rename the Administrator Account for

Server Hardening

• Enable AD DS Auditing

• View AD DS Auditing Events

• Create Groups in AD Users and Groups

• Create Users in AD Users and Groups

• Add Users to Groups

DHCP Server Core

DHCP Server

Core

• What is Server Core and Why It's Cool

• Server Core Roles

• Server Core Installation and Domain Joining

• DHCP Role Installation

• Server Core and the MMC: Friends 4-Ever

• What We Covered

(8)

What is Server

Core and Why

It's Cool

• Server Core is a stripped down version that only requires 1GB of HDD space

• Local Command Line Interface Only • Use MMC's to manage it remotely

• Bare Minimum Functionality - only supports 8 server roles

• It's cool because:

– Less "Moving Parts" = Less Maintenance – Smaller Attack Surface

– Reduced Hardware Requirements (Depending on Roles) – 1 Trick Ponies are easier to manage

Server Core

Roles

• Active Directory Domain Services (AD DS) (including

RODC)

• Active Directory Lightweight Directory Services

(AD LDS)

• DHCP Server

• DNS Server

• File Services

• Print Services

• Streaming Media Services

• Web Server (IIS)

Installation and

Domain Joining

– The Installation is pretty standard- just select one of the Core options

– Only CLEAN installations are supported - no upgrade or downgrade options

• Fun and Valuable Command List for Joining a

Domain:

– To get system information -- systeminfo – To rename the machine - netdom renamecomputer

<currentcomputername>/NewName:<newcomputername> – To join a domain: netdom join %computername%

(9)

DHCP Role

Installation –

Part 1

• As more VPPP coffee franchises come into existence, an easy method of connecting machines to the network is necessary, as not all owners will be super savvy tech gurus like the VP owners. A DHCP Server Core machine will be an easy, cheaper, and manageable method of getting new shops up and running faster. Eventually, the Server Core will run as a virtual machine, allowing for hardware consolidation, but the initial DHCP server will be created for imaging purposes and initial operation. You're going to install a Server Core server, rename the machine, join it to a domain, and then install the DHCP Role. Then, you'll configure the Server Core to be remotely managed via an MMC.

DHCP Role

Installation –

Part 2 • Critical Commands

– To install DHCP: start /w ocsetup

DHCPServerCore

– To configure DHCP to start automatically: sc

config dhcpserver start= auto

– To start the DHCP service: net start

dhcpserver

Server Core and

the MMC:

Friends 4-ever

• Run the following on the Server Core:

netsh advfirewall firewall set rule

group="Remote Administration" new

enable=yes

• Just open up an MMC of your choosing and

connect to the Server Core machine by IP

• You may need to install Remote Server

Administration Tools (RSAT) to include the

MMC Snap-in for a particular role

(10)

What We

Covered

• Describe Server Core and it's supported roles

• Install Server Core

• Add and activate DHCP Server Role using Command

Line Interface

• Configure Windows Firewall for Remote

Administration of Server Core

• Install RSAT on a member server for additional

MMC's

• Connect to a Server Core using an MMC

File and Print Server Roles

File and Print

Server Roles

• A Quick Review of New Toys

• Distributed File Systems, Namespaces,

and Replication

(11)

A Quick Review

of New Toys

• Distributed File Services: Namespaces and

Replication

• Easy Shared Folder Provisioning for SMB or NFS

(UNIX/LINUX)

• Enhanced Support for Storage Area Networks

(SANs)

• Self Healing NTFS (No more CHKDSK??)

• Easier Back Up Experience

• Print Management Snap-In for Centralized

Administration of Network Printers

Distributed File

Services,

Namespaces, and

Replication – Part 1

Distributed File

Services,

Namespaces, and

Replication – Part 2

• The owners of Verde Petra Perks and Publishing need an easy way to push book files that will be used by the Espresso Book Machines to all of their franchise locations. As their library will increase and decrease daily due to licensing agreements, you decide to implement Distributed File Systems (DFS)

Namespaces and DFS Replication on the File Server. These two technologies together will allow Larry and Latisha to be able to put a file on the File Server in a Shared Folder, and it will automatically be pushed out to any and all other File Servers that are included in the Namespace. You'll also install Print Services for Print Management capabilities, and add a test printer.

(12)

What We

Covered

• Perform an installation of the File Services

Role

• Install DFS

• Configure a DFS Namespace

• Add Servers to a DFS Namespace

• Perform an installation of the Print Services

Role

• Add a network printer using the Server

Manager Integration of Print Management

Read-Only Domain

Controllers

Read-Only

Domain

Controllers

• What's an RODC and Why It's Cool

• Requirements and Steps to Deploy an

RODC

• The Verde Petra RODC Scenario

• What We Covered

(13)

What's an RODC

and Why It's

Cool – Part 1

• Read-Only Domain Controllers allow for users to authenticate against a read-only copy of the Active Directory in a remote location

What's an RODC

and Why It's

Cool – Part 2

• Great for Low Physical Security

Locations with few users

• Local Administrator functionality still

allows for onsite administration

• Can be installed on a Server Core for

less overhead

• Bit Locker Drive Encryption can be

installed for extra protection

Requirements and

Steps to Deploy an

RODC – Part 1

• What You Need:

– A Full Working Windows Server 2008 Domain

Controller already in place

– At least Windows Server 2003 Functional

Level

• You can have Server 2003 Machines on the

network

– A User Account that's part of the Domain

Administrators group

(14)

Requirements and

Steps to Deploy an

RODC – Part 2

• What You Do (Full Installation):

1. Install Server 2K8, join to the domain, and rename the machine 2. Add the Active Directory Domain Services (AD DS) Role 3. When running the DCPromo wizard, select Use advanced mode

installation

4. Select Existing Forest and Add a domain controller to an existing

domain

5. Hit Next three times, and then make sure you select Read-Only

Domain Controller

6. Specify Groups for Password Replication 7. Set Up Local Administrators Group or Accounts 8. Keep hitting next for defaults and let 'er spin!

9. After installation, you can Pre-Populate accounts to the RODC to avoid delays at first login

The Verde Petra

RODC Scenario

• Part of the value-added franchise package of Verde Petra Perks and Publishing is network management and assistance. Since not all VPPP franchise owners will be MCSE's, Larry and Latisha will be managing much of the network functionality at first for the franchise locations. While the Web Application being built for VPPP will allow for a large amount of autonomy for each store, issues like account management and library maintenance for Espresso Book Machine files still require centralization. A Read-Only Domain Controller will easily handle this and provide some security as well. You'll be building an initial RODC for use in the pilot store as well as for imaging for Windows Deployment Services. You'll also pre-populate the RODC with a user account to avoid delays at first login.

What We

Covered

• Describe what an RODC is and its

advantages in a Branch Office scenario

• Describe Requirements for an RODC

• Install an RODC through the DCPromo

Wizard

• Configure initial Password Replication

• Pre-populate the RODC with passwords of

(15)

IIS Installation and Basic

Modularization

IIS Installation

and Basic

Modularization

• New Features of IIS 7.0

• Modularization

• What We Covered

New Features of

IIS 7.0

• Support for PHP, Perl, and Ruby applications

through FastCGI module

• Complete Modularization - Build Your Own Web

Server

• Nicer IIS Manager Interface

• No more Metabase - All configuration info is in

shareable XML files

• FTP Server with SSL Support

• Terminal Services Web Access Integration

• And much, much more!

(16)

Modularization –

Part 1 • There are 40 different modules that

come with IIS 7

• Write your own

• Easily plug-in third party modules

• Keep your site more secure by only

installing the modules you need

Modularization –

Part 2 • The Verde Petra Placeholder Site

– While waiting for the Web Application for ordering to

be finished, you've been asked by Larry and Latisha

to go ahead and set up a Web Server with a static

site. The site will hold a basic static page with some

pretty graphics, and will be used for investor and

"future franchisee" walkthroughs while waiting for the

Web App to be completed. The site will be on a box

named PerksAndPublishing, and the URL to reach

the static pages should be

http://perksandpublishing/

,

as this is an internal site only.

– Now go set it up.

What We

Covered

• Describe seven new features of IIS 7.0

• Install the Web Server Role in Windows

Server 2K8

• Install and uninstall IIS modules as

needed

• Create a static web site using the

Default Website as a starting place for

internal site creation

(17)

Terminal Services-Remote

Application Setup

Terminal

Services-Remote

Application Setup

• New Features and Advantages of

Terminal Services

• Remote Applications

• What We Covered

New Features and

Advantages of

Terminal Services

• TS Remote App - Allows users to run a program on

the server like it was on their desktop - no need to

use the full Remote Desktop

• TS Web Access - A Web method to access Remote

Apps

• Terminal Services Gateway - Access a Remote App

from behind a firewall without needing a VPN

• Better Resolution for Remote Desktop- now supports

wide-screen, font smoothing, and the Vista Desktop

Experience enhancements

(18)

Remote

Applications –

Part 1

– A Server 2K8 box that is not a Domain Controller – Network/Internet Connections

– Do not install applications that you want served up until after the role installation

• What You Do:

1. Install the Terminal Services Role

2. Populate the TS Web Access Computers Group inside of Computer Management --> Local Users and Groups 3. Set up your Applications to be served as Remote Apps 4. Create RDP Shortcuts or Windows Installer Packages for the

App

5. Copy the RDP Shortcuts or Installer over to the remote machine

Remote

Applications –

Part 2 • The Verde Petra Print Scenario

– The software for the Espresso Book Machine has arrived ahead of the machine. The software allows for Remote Management of the printer, but has to be installed somewhere. Larry asks you to set up a Terminal Services box for the printer software, which will later be imaged and virtualized to consolidate hardware, so that the printer can be managed remotely from any machine in the coffee shop. Other applications that will be served up by Terminal Services will follow later. You need to install the Terminal Services Role, install the printer software, and then set up a Shortcut to copy over to the other machines.

What We

Covered

• Describe four new features of Terminal Services in

Server 2K8

• Install the Terminal Services Role

• Populate the TS Web Access Computers Group

• Add an Application to the Remote Apps List

• Create a Shortcut to the Remote App

• Use a Remote App Shortcut to access an application

running on a Terminal Services server

(19)

Client Imaging and

Deployment

Client Imaging

and Deployment

• Quick Introduction to Windows

Deployment Services and Imaging

• Initial WDS Server Configuration

• How to Capture a Vista/Server 2K8

Image

• What We Covered

Quick Introduction to

Windows Deployment

Services and

Imaging

• Images are copies of hard drives

• Images can be created from the Windows Installation disk or existing hard drives and then easily pushed down to PXE-enabled machines

• Server 2K8 and Vista are now image-based installations for easy deployment - no 3rd party software needed

• WDS Supports Unattended Installations and Multicast

(20)

Initial WDS

Server

Configuration

• On a Server 2K8 machine joined to a Domain with DHCP and DNS:

1. Install the WDS Role.

2. Import boot.wim and install.wim files from the /sources folder on a Server 2K8 install disk or ISO and/or a Vista disk.

3. In the WDS MMC, expand the Boot images folder.

4. Right click the boot image and select Create Capture Boot Image and follow the wizard to create a capture boot for grabbing images. 5. Right click the Boot folder and select Add Boot Image. When asked

for the location of the image, select the Capture Boot Image you just created.

• If you want to use all the features of WDS, only import the boot.wim from the Server 2K8 disk. The Vista boot.wim does not support multicasting, but you can still use the Server 2K8 boot.wim to multicast a Vista install.wim.

2-Initial WDS

Server

Configuration –

Part 1

1. Installation Images - Specific to an OS (Vista or

Server2K8) - Created by either importing the

standard installation images from the Windows

install disk or by capturing an image from an

existing hard drive

2. Boot Images Created from a Server 2K8 disk

-Can be used to deploy Vista or Server 2K8

3. Capture Boot Images - Created from a regular Boot

Image - Used for capturing and uploading an image

of a hard drive to the WDS

• Make sure you have lots o' space on your WDS

Server!

2-Initial WDS

Server

Configuration –

Part 2 • The Verde Petra Picture

– So you've built several different servers, and since all of them are going to be duplicated in some form or another in franchise coffee shops and such, you recommend to Larry and Latisha that they use WDS instead of a third party solution to save money on licensing. You need to set up a WDS role on a separate server, create installation images for Vista Client machines and the File and Print Server, and then demonstrate to the Verde Petra Owners how easy installing new machines and OS's really is. You'll use the installation disk for Server 2K8 to create the Boot image, the Vista Installation disk to create the initial client image, and then use the current File and Print Server as a Reference Computer to capture an image for future File and Print servers.

(21)

How to Capture

a Vista or Server

2K8 Image

• On a Vista or Server 2K8 machine that has been set up the way you want:

1. Open up your command line prompt 2. Go to C:/Windows/system32/sysprep 3. Run Sysprep.exe

4. Set sysprep to use OOBE and to Reboot

5. Make sure that your BIOS is set to use Network Boot first 6. As soon as it reboots, hit F12 to go into Network Boot 7. Select your Capture Boot Image (not your deployment image!!!) 8. Pick your location to save the image

9. Go home, have dinner, sleep, come back

10. If you saved the image to the reference machine's HDD, import the image to the WDS server

11. Your image is now ready to deploy

What We

Covered

• Describe the basics of imaging

• Install the WDS Role on a Server 2K8

• Import boot and install images from a Windows

installation CD

• Create a Capture Boot Image from a standard Server

2K8 Boot Image

• Capture an Install Image from a Reference Computer

• Deploy a Vista installation using WDS and PXE

Server 2008 Certification and

Other Cool Features of

(22)

Server 2008

Certification and

Other Cool Features

of Server 2008

• The New Certifications

• Upgrade Paths for MCSA's and MCSE's

• Cool New Features of Server 2008

• What We Covered

The New

Certifications –

Part 1 The New

Certifications –

Part 2 • The Three New Server Certification

Blocks for Network Admins

– MCTS

– MCITP: Server Administrator

– MCITP: Enterprise Administrator

(23)

The New

Certifications –

Part 3

• MCTS - Take any one exam from a large selection • MCTIP: Server Administrator Exams (From Scratch - Three

Exams)

– 70-642: TS Network Infrastructure – 70-640: TS Active Directory – 70-646 Pro: Server Administrator

• MCITP: Enterprise Administrator (From Scratch - Five Exams)

– 70-620: Vista

– 70-643: TS Server 2008 Application Infrastructure, Configuring – 70-642: TS Network Infrastructure

– 70-640: TS Active Directory – 70-647 Pro: Enterprise Administrator

Upgrade Paths

for MCSA's and

MCSE's – Part 1

• MCSA to MCTS

– Take Exam 70-648 and Receive two MCTS

Certifications

• TS: Active Directory Configuration • TS: Networking Infrastructure

• MCSE to MCTS

– Take Exam 70-649 and Receive Three MCTS

Certifications

• TS: Active Directory Configuration • TS: Networking Infrastructure

• TS: Server 2008 Application Platform, Configuring

Upgrade Paths

for MCSA's and

MCSE's – Part 2

• MCSA to MCITP: Server Administrator

– Take two exams:

• 70-648: Upgrade to the two MCTS Certs • 70-646 Pro: Server Administrator

Upgrade to Enterprise Admin: Add two exams --70-620: Vista Config and 70-643: Applications Infrastructure, and take 70-647 Pro: Enterprise Admin exam instead of the 70-646

• MCSE to MCITP: Enterprise Administrator

– Take Three Exams:

• 70-649: Upgrade for your three MCTS Certs • 70-620 or 70-624: Vista

• 70-647 Pro: Enterprise Administrator

Downgrade to Server Admin: Skip the 70-620, take 70-646 instead of the 70-647 for your Server Admin cert