Administering Windows 2003

Introduction to Windows Server 2003

What's new in Windows Server 2003?

Microsoft Server 2003 was a significant improvement in server technology from

Microsoft. It has new features throughout the operating system . There are significant
updates in a variety of the services, features, and architectures in the OS.

System Administrators should know the benefits to administering the OS and what things
are going to make your life easier.

Active Directory

AD was improved to lower total cost of ownership and ease the management of the
directory service. Migration tools were upgraded to version 2.0 allowing for migrating
passwords from Windows NT 4 and Windows 2000 to a Windows 2003 domain. There
were improvements to group policy allowing for central management from the Microsoft
Group Policy Management Console. In addition, Microsoft improved the MMC plugins
and the GUI of the operating system.

Microsoft has also made improvements to security, performance, and dependability.

File and Print Services

You may also be interested in some of the key new features with Windows File and Print
services. Windows Server 2003 introduces Volume Shadow Copy Service (VSS), a
feature which quickly creates point-in-time copies of data. This can be used to make
more reliable backups and take a quick snapshot of a server's file system.

Microsoft increased the performance of NTFS Journaling File System. NTFS uses
journaling to create a more reliable, secure, and high performance file system.

Microsoft also improved the performance of CHKDSK. Now when you are coming in for
a weekend maintenance, you will not have to wait as long for your CHKDSK to
complete!

Management Tools

Microsoft increased the capabilities of several of its management utilities with Windows
Server 2003. Most significantly are its management tools for Group Policy. Microsoft
added 200 additional group policy settings in Windows Server 2003, allowing you even
greater control in locking down the desktops in your organization.

In addition, Microsoft improved its Remote Installation Services (RIS), the User State
Migration tool, and the Windows Installer.

1
All of these improvements should help lower your costs and make administering a
Windows 2003 domain even easier than before.

The Role of a System Administrator

A system administrator holds a lot of responsibilities in most companies. Small

companies typically have one or two people who do everything from PC support to
network management. Larger companies often have entire teams focused entirely on
administering servers in a corporate data center (or even remotely administering
thousands of servers).

Whatever your role, Windows Server 2003 aims to improve your job by reducing the
administration time required of the server. With improved management tools and better
desktop control functionality, Windows Server 2003 can be a great tool to reduce your
company's total cost of ownership (TCO).

Part I - Administering Accounts and Resources

The foundation for understanding how to be a systems administrator is to understand the
fundamentals of administering accounts and resources. This section explores the
Windows Server 2003 environment, using the administrative tools, and understanding
Active Directory.

There are a lot of hands on exercises for you to practice with in this sections.

In this section, you will learn:

 The Windows Server 2003 environment

 How to find the Administrative Tools and what they are used for
 Planning an Active Directory Implementation
 Setting up an Active Directory Domain
 Installing the Administrative Tools on a workstation
 Creating an Organizational Unit
 How to Move Domain Objects

2
1. The Windows 2003 Server Environment
Starting up Windows Server 2003

When you first boot into Windows Server 2003, your first screen is the Manage Your
Server homepage. From this startup utility you can manage the roles of this server. We
are going to set this server up like it is the single server in a small company and will
perform all of the functions for the domain.

In a larger company, you may have multiple servers and have specific servers for specific
tasks. For example, you may have multiple file servers, a print server, an email server,
etc.

When you click on the Start menu, you will find it is more similar to Windows XP then
to Windows 2000. You now have the handy two pane interface of Windows XP.

3
Exploring the Start Menu

When you click on All Programs, you will see the default applications on a Windows
Server 2003 install. You will find the familiar Accessories from Windows XP as well as
an additional link to Administrative Tools.

By default, the Control Panel opens a submenu instead of opening the Control Panel
itself. Within this menu, you can choose any of the typical Control Panel applets to
change the settings on the server. In addition, there is another link to Administrative
Tools.

4
As a server administrator, you will spend a lot of time working with the tools within
Administrative Tools. These utilities will allow you to edit settings on the server, setup
your domain, manage users and groups, and more.

2. Administrative Tools
Administrative Tools are frequently used utilities for system administrators.

Most of the tools use the Microsoft Management Console, or MMC. MMC is a tool
which has many plugins available for it to manage different functions or the server or the
domain.

You can open MMC by going to Start, Run, and typing in MMC. Click ok to open
MMC.

MMC opens to a blank console screen. From here you can open add-ins and manage
specific functions on the server. When you use the shortcuts in the Administrative Tools
menu, it opens those specific MMC add-ins. If you want to open some add-ins now to
check out MMC, follow these instructions:

1. Click on the File menu and click on Add/Remove Snap-in.

2. Click on the Add button at the bottom.

5
 3. Choose the snap-in you would like to manage. In this example, we are going to
choose Disk Management. Click on Add. You have the option to manage the
local computer or a computer on the network.
4. Click the Close button.

5. The Disk Management snap-in is now open.

Microsoft has provided shortcuts to your commonly used administrative tools in the Start
Menu. We will explore these utilities briefly here. Later in the tutorial, you will learn
more detailed information as we explore the components and their specific uses.

Certification Authority

You need to install Certificate Services to use the Certification Authority functionality on
the server. Certificate Services allows your server to create and authenticate certificates.

Cluster Administrator

Cluster Administrator allows you to manage the server as part of a cluster. A cluster is a
group of servers which work on the same tasks to provide load balancing and failover
between servers. A cluster is setup to allow for mission critical applications to operate
even if one or more of the servers fail. In addition, it allows applications which are heavy
loads on a single server to have requests spread across several servers allowing it to
balance the load more evenly.

6
The search engine Google is an example of a large cluster. Google has thousands of low
cost servers in a data center balancing the tremendous number of search requests it
receives each day.

Component Services

Administrators can deploy and administer Component Services application through this
snap-in. In addition, it is routinely used to automate administrative tasks using a scripting
language.

Computer Management

The Computer Management MMC snap-in allows you to manage most functions on the
server. This is the same MMC snap-in in Windows XP Professional, so you are
probably familiar with its function.

7
Configure Your Server Wizard

The Configure Your Server Wizard is a wizard to setup your server to perform tasks and
setup server roles. For example, you can use this wizard to configure your server to act as
a File and Print server or as a web server.

Data Sources (ODBC)

The Data Sources (ODBC) administrator allows you to setup connections to databases
and manage database drivers. This is frequently used for setting up DSN connections for
applications.

8
Distributed File System

Distributed File System (DFS) and File Replication allows you to setup shared folders
across multiple servers. DFS allows you to place files and folders on different servers but
allow your users to see them all in one location. This reduces the need for users to
remember multiple server names on the network and also allows you to use fault
tolerance and load sharing.

Event Viewer

Event Viewer is a log viewer for Windows Server 2003. It is used to view your three
common log files: Application, Security, System. You can also change the settings of the
log files here.

Licensing

The Licensing service must be started for you to open the Licensing console. The
Licensing console is useful if you license your server on a per user basis versus a per
server basis. You can manage your server and client licenses through this console.

Local Security Policy

Local Security Policy are the settings which control most of the security functionality on
the server. You can change settings here which affect how users login, what functions
certain classes of users can perform, and auditing policies.

9
Manage Your Server

Manage Your Server is the beginning screen you see when you first startup your server.
As new roles are added to your server, this screen changes to reflect those new roles. If
you check "Don't display this page at logon" at the bottom, it will no longer appear when
you first logon to the server.

Microsoft .NET Framework 1.1 Configuration

This snap-in allows you to configure much of the settings the .NET Framework requires.

Microsoft .NET Framework 1.1 Wizards

10
Wizards to allow you to change settings or make application changes for .NET
framework applications.

Network Load Balancing Manager

Network Load Balancing Manager is a central management application for Network

Load Balancing clusters. You can create new clusters, add hosts to existing clusters,
remove hosts, configure properties, and diagnose problems. Central management of
Network Load Balancing makes administration and troubleshooting easier and quicker.

Performance

The Performance Monitor allows you to monitor performance in real time or create
performance monitoring logs to capture system or process performance over time. You
can monitor specific applications, processes, or hardware elements.

Remote Desktops

11
This administrative tool allows you to manage the remote desktop connections to the
server. Remote Desktop is a useful tool for connecting to terminal services sessions on a
server. It is also commonly used as a remote access tool for administrators.

Routing and Remote Access

The Routing and Remote Access snap-in allows you to manage access to local and
remote servers. This is a convenient way to setup secure, private servers and manage the
access to them.

Services

You are probably familiar with the Services control panel in Windows XP. Services are
applications which run when the system is started - not just when a user logs in and starts
them. Services can range from operating system specific functionality (like the Spooler
service for Printing) to application specific services (like McAfee virusscan service).
These services have full rights to the system so be sure you are installing only authorized
applications on your server.

Terminal Server Licensing

12
Controls the licensing for Terminal Services. Terminal Services is a functionality of the
server to allow for users to login to a "desktop" on the server and run applications on the
server. Similar to Citrix Metaframe, this functionality allows you to centrally manage
applications and only keep one machine up to date - the server.

Terminal Services Configuration

This utility allows you to manage the configuration of your terminal server.

Terminal Services Manager

Terminal Services Manager lets you control the connectivity of clients to your server and
functions of the server.

3. Planning an Active Directory Implementation

One of the first steps in setting up your server will be to configure Active Directory.
Designing your Active Directory implementation is an important part of this process. A
large company might spend months mapping out a strategy for implementing AD.

Active Directory is a directory service which contains structure and security for your
domain. AD is a powerful directory service allowing you to record information about
your users, groups, and environment.

The first step in implementation is to decide on a domain name for AD. We recommend
not using an existing domain name if you have an existing directory service or Windows
NT 4 domain. Using the same name can cause conflicts with clients while you are
migrating to AD. You should develop a new name which reflects your company,
location, or the fact that it is an AD network.

This domain name can be a true Internet domain name you register or a name which you
use internally only.

13
Once you have decided on your domain name, you should begin the initial setup of the
server. As we progress through the setup into other organizational containers, we will
describe planning those out and designing your AD environment.

4. Setting Up an Active Directory Domain

Active Directory is a database of computers, users, shared printers, shared folders, other
network resources, and resource groupings used to manage a network and enable users to
find a particular resource. Active Directory is a directory service, or an architecture
which stores all this information about everything on a network and allows administrators
to see a hierarchal view of the network. It is scalable to allow organizations to manage
very large networks very efficiently. With Windows Server 2003, you can have over
one billion objects in your Active Directory.

Configuring the Server

1. Click on Add or remove a role on the welcome configuration page.

2. The Configure Your Server Wizard opens. Click Next to continue.

14
3. You can either choose a typical configuration or a custom configuration. If you
choose custom, you will be able to add one role at a time. This method would
require you to run the wizard several times. Since we want a standard server for
our company, we will choose Typical configuration for a first server.

4. Enter your Active Directory domain name. Click Next.

5. Enter a NetBIOS domain name. This is used primarily by pre-Windows 2000

clients to access the network.

15
6. If you would like your DNS queries forwarded to different DNS servers, enter the
IP address here. If your DNS server does not have an entry for a domain name,
it will forward the query to an external DNS server if you choose this option. This
is commonly used to forward Internet DNS queries outside the enterprise.
7. The wizard provides you a summary of the selections you made. Click Next to
continue.

8. The wizard prompts you that during the process it will restart your computer.
Click OK and the installation process begins.

9. When the process is complete, you will see the final window of the wizard.

10. When you open the Manage Your Server utility, you will notice it has changed to
reflect the new roles you added to the server.

16
5. Installing and Configuring Administrative Tools
Windows Server 2003 will setup the Administrative Tools automatically as you add
roles to your server. If you plan on remotely administering servers on your domain, you
may want to install the Administrative Tools on your local Windows XP workstation.

The admin tools are on the Windows Server 2003 CD under \i386\adminpak.msi.
Double-click on that file to install the tools on your workstation.

If you do not have your Windows Server 2003 CD handy, you can download the
administrative tools at this link: http://www.microsoft.com/downloads/details.aspx?
FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en

6. Creating an Organizational Unit

An Organizational Unit is a container object in Active Directory within domains. It can
contain users, groups, computers, and other organizational units. You can link Group
Policy objects to an OU or you can delegate administrative authority to an OU.

If you company has multiple office locations, you may choose to setup each office with
its own OU. This allows you as the central administrator to delegate individual OU
administrative authority to staff at each office location.

You could also divide your company into divisions and create an OU for those divisions.
For example, if you had a manufacturing company which had separate divisions for
consumer products, chemical industry products, automotive industry products, and
technology products, you might create an OU for each of these divisions (e.g. OUs
named "AUTO", "CHEM", TECH", and "CONSUMER".)

When designing your Active Directory environment, you should determine and map out
the Organizational Units you want to define in Active Directory.

1. Open the Active Directory Users and Computers MMC.

2. Type in the name of the OU you want to create and click OK.
17
 3. Your new OU will display at the bottom of the list.

7. Moving Domain Objects

There are times you may wish to move computers or users from Organizational Unit to
another. Or perhaps you need to move a number of objects within a domain.

Moving domain objects is as easy as dragging and dropping in the Active Directory
Users and Computers MMC snap-in.

You can also right-click an item and choose Move. from the popup menu.

Section Review
18
In this section, you learned:
 The Windows Server 2003 environment
 How to find the Administrative Tools and what they are used for
 Planning an Active Directory Implementation
 Setting up an Active Directory Domain
 Installing the Administrative Tools on a workstation
 Creating an Organizational Unit
 How to Move Domain Objects

Hands On Practice

1. Create domain for a fictional company, Plastics Unlimited, Inc. Configure the server
for the common server tasks required by a medium size company.

2. Create three Organizational Units: Miami, Orlando, Tampa.

3. Install the Administrative Tools on a Windows XP workstation.

4. Explore each of the administrative tools and learn the common tasks you can perform
when you right-click on different elements. Explore the Computer Management console
in depth.

19