PART I TE RI AL DEPLOYMENT AND ADMINISTRATION SECRETS Windows Server 2008 R2 Deployment Secrets Chapter 2 The Windows Server 2008 R2 Administrator’s Toolkit Chapter 3 Server Core Secrets Chapter 4 Active Directory Domains and Forests Chapter 5 Effectively Managing Group Policy Chapter 6 Managing Users and Computers Chapter 7 Managing Active Directory Certificate Services CO PY RI GH TE D MA Chapter 1
C h apt e r 1 1 Windows Server 2008 R2 Deployment Secrets I n T h i s C h apt e r 33 Understanding the differences between Windows Server 2008 R2 editions 33 Creating a deployment image 33 Choosing virtual or physical deployment 33 Minimizing deployment time 33 Going further with System Center As an experienced administrator, you’ve installed Windows Server operating systems more times than you can count.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets Read this chapter and you will also learn how to set up a USB flash drive to deploy Windows Server 2008 R2 to individual servers far more quickly than using a DVD. You learn how to modify the install image to include drivers and updates, so you don’t have to install them as part of post-installation configuration, and you find out how to switch on certain features, so you don’t have to do it manually after the deployment is complete.
Choosing an Edition of Windows Server 2008 R2 NO TE All versions of Windows Server 2008 R2 run on only 64-bit platforms. If you’ve got a server that has a 32-bit processor, you won’t be able to run Windows Server 2008 R2, though you will still be able to run Windows Server 2008. There are seven editions of Windows Server 2008 R2.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets 33 The HPC Server Edition is used in high-performance computing applications where it is necessary to run complex jobs against thousands of processing cores. The HPC Server version of Windows Server 2008 is often used with special applications for financial analysis. It supports up to 128 GB of RAM and four processor sockets.
Deciding Between Types of Installation this strategy. Rather than deploying an extra physical server, you might choose to deploy a hosted virtual server instead. It makes sense to take this approach, because, depending on which edition of Windows Server 2008 R2 you have chosen, you’ve already got virtual licenses available. For example, you might have a branch office site where there is currently a file server, a domain controller, a Web server and a mail server.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets 33 Placing each server role inside its own virtual machine makes the process of migrating roles away from the host server easier. For instance, traffic may increase substantially to your virtualized file server. It takes substantially less effort to migrate file shares, quotas and permissions to a new host, if all you have to do is transfer a virtual machine, than it does if the file server role is co-located with the domain controller.
Deciding Between Types of Installation The disadvantage is that from the outset, you will have to spend more time mucking about in the command line configuring Server Core so that you can use the RSAT tools to manage the installation. Another advantage of the version of Server Core that comes with Windows Server 2008 R2 is that it fully supports PowerShell.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets Installing to VHD Usually, when you install an operating system, the installation routine writes a collection of files and folders across volumes on the hard-disk drive. If you booted the server up with Windows Preinstallation Environment (PE) and looked at the hard-disk drive, you’d see a collection of files and folders.
Deciding Between Types of Installation Figure 1-1: System Recovery Options 4. From the command prompt, type diskpart.exe. From within diskpart.exe, type the following commands: select create format assign create select attach exit disk 0 partition primary vdisk file=”c:\2008r2.vhd” maximum=X vdisk file=”c:\2008r2.vhd” vdisk 5. From the command prompt, ensure that you are still in the X:\sources directory, and then type Setup.exe. This will restart the Windows Server 2008 R2 installation routine. 6.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets C r os s Ref You will learn how to configure Windows Server 2008 R2 to boot from a VHD file generated from a backup in Chapter 12, “Backup and Recovery.” Optimizing Your Deployment Image When you deploy Windows Server 2008 R2 for the first time, you will notice that it comes with no roles or features installed. There is a solid reason for this.
Optimizing Your Deployment Image operating system ships with tools that allow you to mount and edit images directly. Of course, before you are able to modify the image, you need to copy the image to a volume that has a read/write file system. You can’t write changes back to the original DVD media, but you can write a revised image to a new DVD. The sources directory contains two image files that are of interest to administrators. These are as follows: 33 Install.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets As you’ll already know, when you deploy Windows Server 2008 R2, you choose one of these options, and that’s the version of the operating system that installs. When you decide to modify the image, you need to select which of these installations you are going to modify, even though they are all stored in the same image file. To modify an image, you need to specify which installation you want to mount and then mount it in a temporary directory.
Optimizing Your Deployment Image You may be aware that Windows 7 has better driver detection routines than Windows Server 2008 R2. Rather than attempting to locate each separate driver for a model of computer that you intend to have running Windows Server 2008 R2 and then adding them to the install image for a specific hardware configuration, you can do the following: 1. Install a 64-bit version of Windows 7 on the hardware that you will use to host Windows Server 2008 R2. 2.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets NO TE A ll feature names are case sensitive.
Optimizing Your Deployment Image C r os s Ref You learn more about managing updates in Chapter 15, “Patch Management with WSUS.” Applying a WIM to a VHD You can use the ImageX.exe utility to apply a WIM image that you have prepared to a VHD file and then allow the computer to boot to that VHD file. To create a VHD file and apply a prepared WIM file to the VHD, perform the following steps: diskpart.exe create vdisk file=c:\win2k8r2.vhd maximum=30000 type=fixed select vdisk file=c:\win2k8r2.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets diskpart.exe to configure the volume and then the BCDboot tool to create the boot configuration. BCDboot is located on the Windows PE media. Servicing VHD Files with DISM.exe You can’toffline 3r3 form an pe n a VHD service on you are file wheinto the booted g system operatinhosts. that it You can use the DISM.exe utility to service offline VHD files in the same way that you use the tool to service WIM images. Rather than using DISM.
Minimizing Deployment Time Minimizing Deployment Time Systems administrators are busy people. Although sitting in front of a computer watching a little grey bar go across a screen during the installation process might seem fun the first few times, there are probably better things that you can be doing. In this section, you learn about methods through which you can speed up deployment of Windows Server 2008 R2.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets 4. Issue the following commands: clean create partition primary select partition 1 active format fs=fat32 assign exit 5. After the USB flash drive is prepared, copy the entire contents of the Windows Server 2008 R2 installation DVD across to the device. If you have created a custom WIM image, replace the custom install.wim file with the one in the sources directory on the USB flash drive.
Minimizing Deployment Time Figure 1-2: Configure the DHCP tab if DHCP and WDS are on the same server. 33 In the PXE Response tab of the WDS server’s properties, configure an appropriate response policy. You can configure WDS to respond to any computers that PXE boot, to known computers only, or to both known and unknown computers, but manual administrator approval is required for unknown computers.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets 33 On the Multicast tab of the WDS server’s properties, you can configure whether or not you want to allow separate transfer streams. If you don’t do this, the transmission will proceed at the speed of the slowest connection. You should select the Separate clients into the three sessions (slow, medium, fast) option as shown in Figure 1-3.
Minimizing Deployment Time To add a Windows Server 2008 R2 image to WDS, perform the following general steps: 1. Open the Windows Deployment Services console. 2. Right-click on the Install Images node, and then click Add Image Group. Provide an appropriate name for the image group. 3. Right-click on the newly created image group, and then click Add Install Image. Navigate to the install.wim file that you have prepared and then click Next.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets 3. Create a separate image group for the WDS images. You can perform this action from the WDSUTIL.exe command-line utility. For example, to create an image group named VHD_Deployment, issue the command: WDSUTIL.exe /Add-ImageGroup /ImageGroup:”VHD_Deployment” 4. To add the VHD image to the WDS server, you also use the WDSUTIL.exe utility. For example, to add the VHD image c:\2008R2.
Minimizing Deployment Time Figure 1-4: Configure unattended installation files in WDS. There are several reasons why you should use Windows SIM rather than Notepad to create your Windows Server 2008 R2 answer files. These include: 33 The answer file XML syntax is complicated, and you are likely to mess something up if you do it manually. There are better uses of your time than trying to figure out where you made a syntax error in an XML file.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets 2. Click New Answer File. When asked if you want to open a Windows image file, click Yes. Navigate to the install.wim file. Select the image for which you want to create an answer file. Most of the time this will be install.wim. 3. Click Yes when prompted to create a catalog file. This step takes several minutes. 4. Right-click on a component and then click on Add Setting to Pass.
Activating Windows Activating Windows Part of getting deployment right is ensuring that the Windows Product Activation process occurs smoothly. Product activation is a process by which a Windows Product Key and a hardware identification are registered with Microsoft. Product activation generally occurs over the Internet, but it is also possible to perform product activation over the phone.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets Purchasing Multiple Activation Keys ot n You canM 3c3 AK a over re t once than has activationsumed. been co A Multiple Activation Key (MAK) is a special key issued by Microsoft that allows you to perform a specific number of activations. For example, you might purchase a MAK from Microsoft that allows you to perform 50 activations.
Activating Windows To perform MAK proxy activation, perform the following general steps: 1. Install the VAMT on a computer on the isolated network. 2. Create a computer group and use the VAMT to discover all computers on the isolated network. 3. Configure VAMT with the MAK. Right-click the computer group and select the MAK Proxy Activate option. Make sure that neither the Get Confirmation ID nor Apply Confirmation ID checkboxes are enabled. 4. Save the collection file. 5.
C h apt e r 1 Windows Server 2008 R2 Deployment Secrets KMS servers for computers running Windows Server operating systems. You should keep the following in mind when considering KMS: 33 You can use KMS only if you have five servers or twenty-five clients. 33 You configure KMS by adding a specific KMS key to a server and then performing activation. After activation is completed, the computer functions as a KMS server. You should use the telephone method to activate KMS on an isolated network.
Summary of multiple boots and also simplifies physical to virtual migrations. Using DISM.exe, you can configure a Windows Server 2008 R2 installation image with extra drivers. You can also use DISM.exe to automatically install Windows Server 2008 R2 roles and features and install software updates during the installation process. You can configure a USB flash drive with the installation files so that you can perform a quicker deployment of a custom image than you could if you were using a DVD or WDS.