Windows Server 2003 in a Nutshell

Content preview·Buy reprint rights for this chapter

This brief chapter is designed to help Windows NT administrators quickly transition to Windows Server 2003 (WS2003) by highlighting some important differences between administering the two platforms. If you are a Windows 2000 (W2K) administrator looking for help transitioning, see Chapter 2. NT administrators are also encouraged to read through Chapter 2 because that chapter goes into greater depth regarding some features of WS2003.

If you are familiar with the Windows NT administrative tools and desktop, you may initially be thrown by WS2003 and its new Microsoft Management Console tools and enhanced desktop. Tables 1-1 through 1-3 help you bridge the gap between the two platforms, with the base Windows NT platform being Service Pack 4 or later.

To begin with, Table 1-1 lists the various Windows NT administrative tools and their counterparts in WS2003. Note that there is frequently no one-to-one correspondence between the old tools and the new. The steps for accessing administrative tools from the Start menu also differ slightly between the two platforms, namely:

Windows NT: Start → Programs → Administrative Tools
WS2003: Start → Administrative Tools

The above steps are implicit in Table 1-1.

There are often several ways of doing things in WS2003, but for simplicity and efficiency I usually describe only the most obvious method or the one involving the fewest number of steps.

Table 1-1: Administrative tools for Windows NT versus Windows Server 2003
NT tool

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

If you are familiar with the Windows NT administrative tools and desktop, you may initially be thrown by WS2003 and its new Microsoft Management Console tools and enhanced desktop. Tables 1-1 through 1-3 help you bridge the gap between the two platforms, with the base Windows NT platform being Service Pack 4 or later.

To begin with, Table 1-1 lists the various Windows NT administrative tools and their counterparts in WS2003. Note that there is frequently no one-to-one correspondence between the old tools and the new. The steps for accessing administrative tools from the Start menu also differ slightly between the two platforms, namely:

Windows NT: Start → Programs → Administrative Tools
WS2003: Start → Administrative Tools

The above steps are implicit in Table 1-1.

There are often several ways of doing things in WS2003, but for simplicity and efficiency I usually describe only the most obvious method or the one involving the fewest number of steps.

Table 1-1: Administrative tools for Windows NT versus Windows Server 2003
NT tool	WS2003 counterpart
Administrative Wizards	Manage Your Server
Backup	Accessories System → Tools → Backup
DHCP Manager	DHCP

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The remainder of this chapter provides some quick tips for NT admins transitioning to WS2003. These are listed in alphabetical order rather than order of importance. This list is by no means exhaustive in coverage; for detailed information about common WS2003 administrative tasks, see the Task Map in Chapter 3 and the cross references listed here to various topics in Chapter 4 and Chapter 5.

Configuring account policy—password and account lockout restrictions—was relatively easy in Windows NT using User Manager for Domains. In WS2003, you have to use Group Policy if you are in a domain environment, and you need a good understanding of Group Policy before attempting this. In a simple workgroup environment with standalone servers, you can edit the local security policy directly instead, which is simpler. Either way, see Group Policy in Chapter 4 before you try experimenting with configuring account policy. If you want to dive in right away, you can find the account policy settings in either:

Local Security Policy: Security Settings → Account Policies
Group Policy: Computer Configuration → Windows Settings → Security Settings → Account Policies

If you've tried installing WS2003, you've already been prompted to activate your product, unless you're an enterprise client with a bulk volume licensing agreement with Microsoft. Activation is an antipiracy measure implemented by Microsoft on Windows XP and later; see Installation in Chapter 4 for more information.

Implementing Active Directory (AD) for an enterprise is not a trivial task. You can find information about administering various aspects of Active Directory in the topics

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

This brief chapter is designed to help Windows 2000 (W2K) administrators quickly transition to Windows Server 2003 (WS2003) by highlighting some important differences between administering the two platforms. For Windows NT administrators looking for similar help transitioning, see Chapter 1. W2K administrators may want to read through Chapter 1 also, because it covers a few points regarding WS2003 not covered in this present chapter.

I'll start by briefly summarizing a number of minor and often unnecessary changes that are likely to cause frustrated W2K administrators to say, "Why on earth did they do that?" Then I'll conclude the chapter with a quick summary of new features and enhancements that make WS2003 even better than W2K from the point of view of administering the platform. The changes listed here are more or less in the order you might encounter them as you begin administering the new platform.

If you're already familiar with the Windows XP Professional platform, the transition to WS2003 will be considerably easier because the desktop for the two platforms is almost identical, except that the (in my opinion) ugly Luna theme of XP is replaced by the standard Windows Classic theme in WS2003. For a good introduction to XP, see Windows XP in a Nutshell (O'Reilly).

By default, the only icon on the WS2003 desktop is Recycle Bin, which can be a bit unnerving the first time you log on to a WS2003 machine. To make icons for My Computer, My Network Places, My Documents, and Internet Explorer visible on the desktop, do the following:

Right-click on desktop → Properties → Desktop → Customize Desktop → General → select icons to make visible on desktop

You can also hide/display all desktop icons at any time by:

Right-click on desktop → Arrange Icons By → Show Desktop Icons

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

I'll start by briefly summarizing a number of minor and often unnecessary changes that are likely to cause frustrated W2K administrators to say, "Why on earth did they do that?" Then I'll conclude the chapter with a quick summary of new features and enhancements that make WS2003 even better than W2K from the point of view of administering the platform. The changes listed here are more or less in the order you might encounter them as you begin administering the new platform.

If you're already familiar with the Windows XP Professional platform, the transition to WS2003 will be considerably easier because the desktop for the two platforms is almost identical, except that the (in my opinion) ugly Luna theme of XP is replaced by the standard Windows Classic theme in WS2003. For a good introduction to XP, see Windows XP in a Nutshell (O'Reilly).

By default, the only icon on the WS2003 desktop is Recycle Bin, which can be a bit unnerving the first time you log on to a WS2003 machine. To make icons for My Computer, My Network Places, My Documents, and Internet Explorer visible on the desktop, do the following:

Right-click on desktop → Properties → Desktop → Customize Desktop → General → select icons to make visible on desktop

You can also hide/display all desktop icons at any time by:

Right-click on desktop → Arrange Icons By → Show Desktop Icons

If you've opened the Display Properties using the earlier procedure, you'll immediately notice that they've renamed some of the tabs and rearranged where the settings are found. There's a lot of this renaming and rearranging in WS2003, and it can be frustrating to administrators who are used to the way they've been performing common tasks in W2K. Table 2-1 compares the Display Properties tabs and settings for the two platforms.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Anyway, now that I've vented my frustration a bit, I have to confess that I feel the new features and enhancements in WS2003 far outweigh the silly or unnecessary changes described earlier. Not only is WS2003 a more scalable platform than W2K, it's also more manageable and secure. Because this book focuses on the core tasks of everyday administration, this section highlights key new features W2K administrators should be aware of as you prepare to transition to WS2003, more or less in the order you might discover them as you start playing around with the new platform.

If you've tried installing WS2003, you've already been prompted to activate your product, unless you're an enterprise client with some sort of volume licensing agreement with Microsoft. Activation is an antipiracy measure implemented by Microsoft on Windows XP and later; see Installation in Chapter 4 for more information. Whether Activation is a plus or a minus is debatable, but it's a fact of life from now on.

When you first log on to WS2003 as Administrator, you'll be confronted with a notification bubble (or whatever they call it) that says "Stay current with Automatic Updates." This Automatic Updates feature was first included in Service Pack 3 for W2K, so you may already be familiar with it. If not, see Automatic Updates in Chapter 4 for more information about using this feature to automatically download and install the latest security patches from Microsoft as they are released.

When you first log on to WS2003 as Administrator, you'll also be confronted with the new Manage Your Server tool, which replaces (and incorporates) the old Configure Your Server Wizard in W2K. Manage Your Server lets you add roles to your server to turn it into a file server, print server, application (web) server, DHCP server, domain controller, and so on. Manage Your Server isn't the only way to add such roles however; for example, if you simply share a folder, your server automatically assumes the file server role.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

This chapter lists more than 600 common administrative tasks for the Windows Server 2003 (WS2003) platform. For the majority of these tasks, cross-references to specific sections within topics in Chapter 4 and Chapter 5 are provided in which you can find useful information concerning the task and/or information about the tools for performing it. For a minority of these tasks, specific steps are outlined on how to perform the task, for example, configuring certain Group Policy settings to administer various aspects of WS2003.

This chapter is designed to make it easier for you to find useful information in Chapter 4 and Chapter 5, which constitute the main reference portion of this work. Of course, you can always turn directly to a topic in Chapter 4 or a command in Chapter 5 and browse to find what you're looking for if you prefer. What makes this chapter useful, however, is that the level of concepts here is more granular than in the other chapters. For example, information on FSMO roles in Chapter 4 is found within the more general topic Domain Controller, but in this chapter, there is a separate heading for FSMO roles that lists related tasks. Similarly, while the topic Active Directory in Chapter 4 contains a great deal of information, few tasks are listed here in this chapter under Active Directory because this heading is too broad. Look instead for more specific headings such as Domains or Objects or Saved Queries to find tasks relating to these specific aspects of Active Directory.

The tasks in this chapter are listed in alphabetical order according to the main and specific concept involved. For example, "Configure a user account" is listed here under user and not account. Similarly, "Create an object in Active Directory" is listed here under Objects and not Active Directory. Take a moment to browse through this chapter before you use it, and you'll quickly get the idea. Note that commonly abbreviated terms such as DNS and OU are found here in their abbreviated form instead of being spelled out; see Appendix A for a quick list of abbreviations and acronyms.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Because some entries in this chapter are cross-references to Chapter 4 and Chapter 5 while others are explicit procedures you can perform, their formatting is slightly different depending on what they are intended to convey. The examples in this section are taken mostly from the DNS section later in this chapter.

The fact that the elements in the following menu are in italic font means this is a cross-reference to the topic DNS—Tasks in Chapter 4. In other words, to perform this task, refer to the section Configure a Forwarder under DNS—Tasks in Chapter 4.

The following cross reference is to the subsection Clients using Static Addresses within the section Configure DNS Clients under DNS—Tasks in Chapter 4.

Configure a name server to forward queries it can't resolve: DNS → Configure a Forwarder
Configure DNS clients to use static addresses: DNS → Configure DNS Clients → Clients using Static Addresses

The following is a cross-reference to the section Planning DNS under DNS—Concepts in Chapter 4.

Force a DNS client to reregister its hostname with name servers: ipconfig /registerdns

Compare this with the previous two examples, and you'll see that when the first element is simply DNS, it implicitly refers to DNS—Tasks in Chapter 4, while other sections in Chapter 4 like DNS—Concepts

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Account Lockout Policy

Configure account lockout policy settings: Group Policy Object Editor → Computer Configuration → Windows Settings → Security Settings → Account Lockout Policy

Group Policy—Concepts → Group Policy Settings → Security Settings

Active Directory

See also Domains, Forests, Objects, OUs, and Sites

Install Active Directory on a network: Active Directory → Install Active Directory

Active Directory → Upgrade to Active Directory
Plan the deployment of Active Directory for an enterprise: Active Directory—Concepts

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

A few words are probably in order before you start wading through the vast amount of material in this chapter. The topics in this chapter are organized alphabetically according to major themes of Windows Server 2003 (WS2003) administration. For example, if you want to find out about Active Directory and how to manage it, you'd begin by turning to Active Directory. Each topic begins with a description of basic concepts, followed by a description of the tools (if any) used to administer the feature, instructions on how to perform common or important administrative tasks, and notes providing extra insight on the topic. Many of the longer topics in this chapter follow this fourfold outline of concepts, tools, tasks, and notes, and knowing this will help you find the information you are looking for more quickly.

Each topic generally begins with a Concepts section that provides you with the necessary background information for administering the aspect of WS2003 being discussed. Comprehensiveness of coverage varies with the subject matter; for example, the DNS topic includes a fair amount of basic material on DNS terminology. Readers who are coming from a Unix BIND background may want to skim through this material to see how Microsoft's take on DNS may differ from their own, while those familiar with Windows NT or Windows 2000 Server platforms can either skip all or portions of this material or use it as a refresher, depending on their level of expertise in the subject.

After Concepts may come a Tools section, if it's helpful to summarize the consoles, snap-ins, or other tools used to administer the topic under consideration. Usually there is a presentation of the basic features of each tool along with some tips on how to get the most out of using it. If a tool is covered elsewhere in the chapter, there may simply be a cross-reference instead to indicate this.

The Tasks section comes next. This section outlines, in condensed form, various administrative tasks related to the topic (unless the topic is informational only). In the DNS topic, for example, you can find out how to perform various tasks such as installing a DNS server, viewing or flushing the resolver cache, configuring a forwarder, and so on. The tasks presented are usually a selection of the most important or most common administrative tasks relating to the topic. Minor and infrequent tasks are generally omitted since wise readers can usually figure them out on their own.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

A few words are probably in order before you start wading through the vast amount of material in this chapter. The topics in this chapter are organized alphabetically according to major themes of Windows Server 2003 (WS2003) administration. For example, if you want to find out about Active Directory and how to manage it, you'd begin by turning to Active Directory. Each topic begins with a description of basic concepts, followed by a description of the tools (if any) used to administer the feature, instructions on how to perform common or important administrative tasks, and notes providing extra insight on the topic. Many of the longer topics in this chapter follow this fourfold outline of concepts, tools, tasks, and notes, and knowing this will help you find the information you are looking for more quickly.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Each topic generally begins with a Concepts section that provides you with the necessary background information for administering the aspect of WS2003 being discussed. Comprehensiveness of coverage varies with the subject matter; for example, the DNS topic includes a fair amount of basic material on DNS terminology. Readers who are coming from a Unix BIND background may want to skim through this material to see how Microsoft's take on DNS may differ from their own, while those familiar with Windows NT or Windows 2000 Server platforms can either skip all or portions of this material or use it as a refresher, depending on their level of expertise in the subject.

After Concepts may come a Tools section, if it's helpful to summarize the consoles, snap-ins, or other tools used to administer the topic under consideration. Usually there is a presentation of the basic features of each tool along with some tips on how to get the most out of using it. If a tool is covered elsewhere in the chapter, there may simply be a cross-reference instead to indicate this.

The Tasks section comes next. This section outlines, in condensed form, various administrative tasks related to the topic (unless the topic is informational only). In the DNS topic, for example, you can find out how to perform various tasks such as installing a DNS server, viewing or flushing the resolver cache, configuring a forwarder, and so on. The tasks presented are usually a selection of the most important or most common administrative tasks relating to the topic. Minor and infrequent tasks are generally omitted since wise readers can usually figure them out on their own.

After Tasks frequently comes Notes to detail some fine points and provide tips, gotchas, things that may not be obvious, and strategies for troubleshooting and administration. I recommend that you always read the Notes section even if you just look up a procedure for a simple task.

Finally, at the end of most topics is See Also, a brief list of cross-references to other sections to which the reader can turn for additional or related information. Note that cross-references that are capitalized and italicized, like

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

To keep the size of this chapter at a (rather huge) minimum, I've tried to focus on common aspects of everyday WS2003 administration and have omitted end user experience stuff like enabling accessibility features, setting screen resolution, playing with desktop themes, and so on. Anyone who's worked with any version of Windows since Windows 95 either knows most of this stuff already or can easily pick it up by right-clicking all over the Windows desktop and selecting each available option. The GUI interface for WS2003 is almost identical to that of XP, so for a good overview of the WS2003 desktop, see a book on Windows XP such as Windows XP in a Nutshell by David A. Karp, Tim O'Reilly, and Troy Mott (O'Reilly). I've also omitted most things that are important only to developers, like ASP.NET, Authorization Manager, COM+, MSMQ, and the .NET Framework, as this is not the sort of stuff the average sysadmin needs to know for day-to-day administration of Windows-based networks. Specialized topics that are usually beyond the scope of day-to-day administration, like clustering, issuing and managing digital certificates, and Terminal Services, are also omitted (though Remote Desktop is covered).

Remember, this book is intended as a quick desktop reference for intermediate to advanced admins, and not as a beginner's tutorial. As a result, few readers will attempt to read this chapter through from beginning to end, and it really isn't intended to be used that way anyway. Instead, you will probably use this chapter to look up what you need to know about a specific topic you are interested in and to learn how to perform various administrative tasks commonly associated with the topic using the different tools the platform provides.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

But what if you try to look up something in this chapter and can't find it? There are several things you can try:

Use Table 4-1, which lists the topics in this chapter for quick reference.
Use the Task Map in Chapter 3 to find out which topics in Chapter 4 and Chapter 5 relate to the specific feature you want to understand or administrative task you want to perform.
Use the index at the back of the book.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

One more thing to note: procedures are generally shown as a series of steps separated by arrows ( → ) using what I call "gestalt menus." Steps in a procedure are described concisely and are often best understood when actually sitting at a WS2003 machine so you can follow along. For example, the procedure for sharing a printer is described as:

Start → Settings → Printers → right-click on a printer → Properties → Sharing → Share this printer → specify share name

which, when working at the computer, is fairly easily understood to mean:

Click the Start button, select Settings, then Printers. When the Printers folder opens, right-click on the printer you want to share and select Properties from the shortcut menu. Then click the Sharing tab, select the "Share this printer" option, and type a name for the share in the text box. Click OK when you're finished to close the Properties sheet.

Obvious steps are usually omitted, such as clicking OK to close a dialog box or Finish to end a wizard.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Table 4-1 lists the topics covered in this chapter to help you quickly find the information you're seeking. If you have a more specific task in mind, consult the Task Map in Chapter 3, which points you to where you can find further information in the book on how to perform the task.

Table 4-1: Quick summary of topics covered in this chapter
Active Directory	Domain	Recovery Console
Administrative Tools	Domain Controller	Remote Desktop
Advanced Options Menu	Event Logs	Routing and Remote Access
Auditing	Files and Folders	Security Templates
Automatic Updates	Forest	Services
Backup	Groups	Shared Folders
Connections	Group Policy	Site
Delegation	Installing	Tasks

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Active Directory—Concepts

Active Directory is the central repository of information on a WS2003-based network. Active Directory stores information about where different resources are located on the network. These resources include user and group accounts, computers, printers, and shared folders. Active Directory can be used to locate these resources quickly so that administrators can create, delete, configure, and maintain them as needed, and ordinary users can access them if they have suitable permissions to do so. Active Directory gives administrators a great deal of flexibility in how their network resources should be administered. By managing resources from any location in the enterprise, you can centralize IT administration in a few users or a single location. On the other hand, Active Directory allows you to create structure using domains and OUs and then to delegate authority over these portions. This allows for decentralized administration in which certain administrative tasks are devolved to various trusted users throughout the enterprise. Active Directory is managed primarily through the GUI but can also be programmatically accessed through an API called the Active Directory Service Interface (ADSI). By writing scripts that use ADSI, administrators can automate most Active Directory administrative procedures, but this requires a good understanding of VBScript or JScript and is beyond the scope of this book.

Logical Structure of Active Directory

In its most abstract sense, Active Directory represents a company's network resources using a hierarchical structure of logical objects such as the following:

Forest: The most encompassing logical construct in Active Directory. A forest is a collection of domain trees linked together at their roots by transitive trusts.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Command-line administration has been greatly enhanced in Windows Server 2003 (WS2003). Dozens of new commands and scripts have been added for administration of Active Directory, disks, event logs, Group Policy, IIS, network diagnostics, the pagefile, printers, processes, shared folders, and the registry. The result is a Windows operating-system platform that now rivals Unix in its ability to support command-line and scripted administration. Windows Management Instrumentation (WMI), though beyond the scope of this book, adds an additional level of programmatic administration capability to almost every aspect of the operating system.

This chapter is an alphabetical reference to command-line tools in WS2003 including their syntax and use. Examples are provided to illustrate the power of each command, and extensive notes provide additional insights and gotchas concerning their use. The commands and scripts in this chapter include general Windows commands, net commands, netsh commands, TCP/IP troubleshooting utilities, and other miscellaneous commands useful for WS2003 administration. Also included is a description of how to use the Windows command interpreter (cmd) itself and a list of environment variables.

Command coverage in this chapter is comprehensive but not exhaustive; as in Chapter 4, the focus here is on the core tasks of everyday administration of WS2003. As a result, certain commands have been omitted; those omitted include:

Commands such as certreq and change fl Windows components such as Certificate Services and Terminal Services.
Commands such as ipxroute for administering legacy networking components such as NWLink.
Commands such as dir and copy that have been around since MS-DOS days and with which most readers are familiar.
Commands such as choice and

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Command-line administration has been greatly enhanced in Windows Server 2003 (WS2003). Dozens of new commands and scripts have been added for administration of Active Directory, disks, event logs, Group Policy, IIS, network diagnostics, the pagefile, printers, processes, shared folders, and the registry. The result is a Windows operating-system platform that now rivals Unix in its ability to support command-line and scripted administration. Windows Management Instrumentation (WMI), though beyond the scope of this book, adds an additional level of programmatic administration capability to almost every aspect of the operating system.

This chapter is an alphabetical reference to command-line tools in WS2003 including their syntax and use. Examples are provided to illustrate the power of each command, and extensive notes provide additional insights and gotchas concerning their use. The commands and scripts in this chapter include general Windows commands, net commands, netsh commands, TCP/IP troubleshooting utilities, and other miscellaneous commands useful for WS2003 administration. Also included is a description of how to use the Windows command interpreter (cmd) itself and a list of environment variables.

Command coverage in this chapter is comprehensive but not exhaustive; as in Chapter 4, the focus here is on the core tasks of everyday administration of WS2003. As a result, certain commands have been omitted; those omitted include:

Return to Windows Server 2003 in a Nutshell

Table of Contents