Sunday, October 9, 2011

Overview of Server Roles and Features in Windows Server 2008

Server Roles describe the primary functions of a server in Windows Server 2008. On a server, there can be one or more server roles. For example, you can have a DNS server or a Web server, or a server comprising multiple roles.

Server Manager, a new feature with Windows Server 2008, can be used to install, configure, and delete server roles.

Using Server Manager from the command prompt, or from the GUI, we can install network services as  role-based features to Windows Server 2008. For example, we can add DHCP as a role

Each role can include one or more features to supplement a server role. For example, we can add WINS Server and Windows Backup as a feature. Server features provide supporting functions to the server roles.

Windows Server 2008 Server Manager Technical Overview

Tools Used for Administrative Tasks

Server Manager. Consolidates some of the older tools and wizards in Active Directory 2003. Server Manager is easy to use.

Command line tool. Windows Server 2008 also gives us a command prompt utility, ServerManagerCmd.exe for advanced users. 

Server Manager is used to install, configure, and remove Server Roles, as well as server role features. Server Manager Initial Configuration Tasks launches automatically after setup is complete to aid the administrator in the configuration of a new server. 

  1. Add Roles Wizard. Install server roles. 
  2. Add Role Services Wizard. Some roles are role services such as File Services, Terminal Services, and Active Directory Certificate Services. 
  3. Add Features Wizard. Install server features.

Server Manager will launch each time you log onto a Server 2008 computer as an administrator. 

If you do not want Server Manager to install each time you log on to Server Manager, you can edit the registry as follows: 
  • Go to Start | type regedit into the Search box | click regedit.exe and press return
  • You are presented with the Registry Editor
  • Go to HKEY_LOCAL_MACHINE | SOFTWARE | Microsoft | Server Manager 
  • Highlight Server Manager
  • There is a DWORD for DoNotOpenServerManagerAtLogon
  • Change the DWORD to a Value of 1
  • Click OK
  • Restart the computer
Note: when you shut down, you are presented with the Shutdown Event Tracker. Select the option that best describes why you want to shut down the computer. In this case, choose Operating System: Reconfiguration (Planned) and click OK. When Windows boots, you will go straight to the desktop without Server Manager being launched.

Power Shell. In Active Directory 2008, there is also full support for the Windows PowerShell scripting language. PowerShell is good for doing bulk changes to Active Directory and is useful for command line operations. 

What are Server Roles?
Previous to Windows Server 2008, DNS would have been considered a component of the operating system. Now, DNS is a server role.

Administrators can dedicate an entire server to one role or install several roles on a server.

Server Manager is actually an expanded MMC, Microsoft Management Console. The main window of the console contains four sections: 

  1. Server Summary
  2. Roles Summary
  3. Features Summary
  4. Resources and Support
What are Server Features?

Server features are used to add to or supplement the primary functions of a installed server role. 

Server Manager Step-by-Step Demo

Use the Add Roles Wizard to add one or more roles to the server

Add Roles Wizard
  • Select Server Roles
    • Active Directory Certificate Services
    • Active Directory Domain Servers (Installed)
    • Active Directory Federation Services
    • Active Directory Lightweight Directory Services
    • Active Directory Rights Management Services
    • Application Server
    • DHCP Server
    • DNS Server (Installed)
    • Fax Server
    • File Services (Installed)
    • Network Policy and Access Services
    • Print Services
    • Terminal Services
    • UDDI Services
    • Web Server (IIS)
    • Windows Deployment Services
    • Hyper-V
In this example, we will choose Print Services. 
Click Next. On the next screen, you will see links to the help menu in case you need to review criteria before you install the print services role. 
Click Next.
  • Print Server (default)
  • LPD Service (for Unix clients)
  • Internet Printing
  • Click Next.
               Click Next
               Click Install. Print Services will now install and the Printer Server Role is installed.
  • Server Summary
    • Computer Information 
      • Computer name
      • Domain
      • Local Administrator account name
      • Network connections
      • Product ID
    • Security Information
      • Windows automatic updating
      • Windows Firewall
      • Windows Internet Explorer Enhanced Security Configuration
Windows Server

Overview of the Server Core Installation Option

Server Core Installation installs only the requirements for a manageable server. There is no graphical user interface (GUI). Go to command prompt  or use remote management tools to manage the server. You still have access to some of the low-level tools, such as Task Manager.
  • Active Directory Domain Services (AD DS)
  • Active Directory Lightweight Directory Services (AD LDS)
  • DHCP Server
  • DNS Server
  • File Services
  • Print Server and/or Streaming Media Services
  • Windows Server Virtualization (Hyper-V). Requires 64 bit processor and hardware assisted virtualization. Can be installed on a full installation or a Server Core installation. Server Core Installs require the OCSETUP utility to get it installed.

The Windows Explorer “shell” is not installed in a Server Core install. Windows Core requires Administrators that are familiar with using command prompt or scripting for server management. Or...the Server Core install can be done with MMC snap-ins from another computer that runs Windows Server 2008 by selecting the computer running a Server Core Installation as the remote computer to manage.

Server Core Installation Option

Benefits of Server Core
  • Reduced management and increased security because the install only puts in what is required for the specific server role. Less services are required and no GUI.
  • Reduced attack surface.  There is only a command prompt. Very small attack footprint.
  • Reduced maintenance. Fewer applications running and less to manage.
  • Smaller disk space needed (occupies approximately 25% of the disk space needed for a Standard Edition installation. Approximately 1 GB disk space needed.)
Server Core Features Supported
  • Backup
  • Bitlocker Drive Encryption
  • Failover Clustering (not available in the Standard Edition) requires appropriate hardware to support
  • Multipath I/O
  • Network Load Balancing (NLB) requires appropriate hardware to support 
  • Removable Storage
  • Simple Network Management Protocol (SNMP)
  • Subsystem for any UNIX-based apps
  • Telnet Client
  • WINS
Managing a Server Core Install
  • Locally and remotely using command prompt
  • Remotely using Terminal Server
  • Remotely using Windows remote Shell
  • Remotely using an MMC snap-in requires appropriate hardware to support. One drawback, you have to install the server administration tools onto the client and it puts in an extra layer that might cause a security problem. It's probably better to use remote desktop to manage the remote install.
Using command line tools to set DNS parameters in Server Core
  1. Determine the current default assigned computer name. Type set in the command line window.
  2. To change the computer name, type netdom renamecomputer current computer name /newname:desired new computername press Enter
  3. Type y for yes, and press Enter.
  4. Set the static IP address: netsh interface ipv4 set address name="local area connection" source=static address=ip address desired
  5. Press Enter.
  6. Set the primary DNS server: netsh interface ip set dns "local area connection" static ip address of dns server primary
  7. Verify the ip addresses you just assigned. Type ipconfig /all and press enter.
Connect server to the domain
  1. Type netdom join DNS Servername /domain:domain name /userd:domain name signon id /passwordD:* and press enter.
  2. At the command prompt, type the domain name password and press enter.
note: your keystrokes will not show on the screen when typing. Make sure you are careful about entering the correct password. You will receive a message the command completed successfully. You need to restart the computer.

    Managing a Server Core Install of DNS Server Core Role

    1.       Logon on with the administrator password.
           (We will call the server SVR-1)
    2.       Preparing your desktop… message appears
    3.       The command prompt displays.
            (remember: You can still get to Task Manager by pressing the cntl, alt, delete key pads at the same time)
    4.       To see all of the current roles installed on the machine:
           Type oclist from the command prompt
    5.       Next, use the Start command with a /w or /wait from the command prompt to force the machine to wait until the installation of the role is completed. (note: ocsetup syntax is case sensitive)
    Start /wait ocsetup DNS-Server-Core-Role
    6.       Press the return key
    7.       The command prompt returns when the install is complete
    8.       You can either use dnscmd from the command prompt or use the DNS snap-in MMC.
    In this example, we will use the DNS snap-in on a machine that already has the dns admin tools installed. (We will call the machine DC-1.)
    1.       Go to Start | Administrative Tools | DNS Manager
    2.       Right click on DNS | Connect to DNS Server | Click The following computer:
    3.       Type in the name of the server where Server Core is installed, in this case SVR-1. Click OK to be connected to SVR-1. (Now, you can reconfigure or manage the DNS service on SVR-1)

    How to Uninstall a Server Role

    1.       Go to SVR-1 or whatever your server name is.
    2.       Type start /w DNS-Server-Core-Role /uninstall
    3.       Press Return
    4.       A message displays from Windows Package Manager notifying you the system must be restarted to enable the changes. Press “Yes” to let package manager restart the system or “No” if you plan to restart the system later.
    5.       After you log back on, the system goes straight to the command prompt.

    Using a Remote Desktop Connection to manage a server core installation

    1.       Logon to your XP, Windows Vista, or Windows 7 client machine. We will call this Vista client machine Cl-1.
    2.       We will start a remote desktop connection from the Vista client machine Cl-1 into SVR-1 to manage the server core install.
    3.       Go to Start and type in remote desktop.
    4.       Remote Desktop Connection link displays. Click on it to get the Remote Desktop Connection dialog box.
    5.       Select SVR-1 and Connect
    6.       A Windows Security dialog box displays asking for credentials. Enter the administrator password and click OK to connect to the machine remotely.
    7.       You are now presented with the command prompt in a remote desktop session where you can run ocsetup commands to install or uninstall roles or netsh commands to reconfigure services, firewall settings, or ports.

    Installation and Configuration for Windows Remote Management



Many times a Server Core Install will suffice. You might not need all of the roles on a full installation of Server 2008. You can get a free VMware Player or Virtual PC Software for free on a Microsoft download. You can setup your own virtual server to setup and test your own Server Core install.
Considerations for installing Windows Server 2008

  • Windows Server Core can only be installed on computers with ACPI (Advanced Configuration and Power Interface.
  • You cannot install a custom hardware installation layer (HAL) file with Windows Server 2008.
  • Windows Firewall is enabled by default. You must create inbound firewall rules to allow unsolicited inbound connections for server applications that must receive these types of connections.
  • Kernel-mode software on x64-based systems running Windows Server 2008 must follow the kernel-mode code-signing policy.
  • Server Core Windows Server 2008 cannot be an upgrade from a previous install of Windows. It must be a clean install.
Best Practices for installing Windows Server 2008
Only install roles and features required for the server's purpose.
Only install kernel-mode signed drivers when available. Required for x64 installations.

No comments:

Post a Comment

"Comment As:" anonymous if you would rather not sign into an account!