Windows Server 2008 Inside Out- P30

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

0
45
lượt xem
9
download

Windows Server 2008 Inside Out- P30

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'windows server 2008 inside out- p30', công nghệ thông tin, quản trị mạng phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Windows Server 2008 Inside Out- P30

  1. Troubleshooting Startup and Shutdown 1417 on the system recently. A new device driver might have been installed or an application might have been installed that incorrectly modified the system configuration. Often you can resolve startup issues using Safe Mode to recover or troubleshoot system problems. In Safe Mode, Windows Server 2008 loads only basic files, services, and driv- ers. Because Safe Mode loads a limited set of configuration information, it can help you troubleshoot problems. You start a system in Safe Mode by completing the following steps: 1. If the system is currently running and you want to troubleshoot startup, shut down the server, and then start it again. If the system is already powered down or has previously failed to start, start the server again. 2. Press F8 during startup to access the Windows Advanced Options menu. You must press F8 before the Windows splash screen appears. 3. On the Windows Advanced Options menu, select a startup mode. The key options are as follows: Safe Mode—Starts the computer and loads only basic files, services, and drivers during the initialization sequence. The drivers loaded include the mouse, monitor, keyboard, mass storage, and base video. No networking services or drivers are started. Safe Mode With Command Prompt—Starts the computer and loads only basic files, services, and drivers, and then starts a command prompt instead of the Windows Server 2008 graphical interface. No networking services or drivers are started. Safe Mode With Networking—Starts the computer and loads only basic files, services, and drivers, and the services and drivers needed to start networking. Enable Boot Logging—Starts the computer with boot logging enabled, which allows you to create a record of all startup events in a boot log. Enable Low Resolution Video—Starts the computer in low resolution 640×480 display mode, which is useful if the system display is set to a mode that can’t be used with the current monitor. Chapter 41 Last Known Good Configuration—Starts the computer in Safe Mode using Reg- istry information that Windows Server 2008 saved at the last shutdown. Debugging Mode—Starts the system in debugging mode, which is useful only for troubleshooting operating system bugs. Directory Services Recovery Mode—Starts the system in Safe Mode and allows you to restore the directory service. This option is available on Windows Server 2008 domain controllers. Disable Automatic Restart On System Failure—Prevents Windows Server 2008 from automatically restarting after an operating system crash.
  2. 1418 Chapter 41 Backup and Recovery Disable Driver Signature Enforcement—Starts the computer in Safe Mode with- out enforcing digital signature policy settings for drivers. If a driver with an invalid or missing digital signature is causing startup failure, this will resolve the problem temporarily so that you can start the computer and resolve the problem by either getting a new driver or changing the driver signature enforcement settings. 4. If a problem doesn’t reappear when you start in Safe Mode, you can eliminate the default settings and basic device drivers as possible causes. If a newly added device or updated driver is causing problems, you can use Safe Mode to remove the device or roll back the update. 5. Make other changes as necessary to resolve startup problems. If you are still having a problem starting the system, you might need to uninstall recently installed applications or devices to try to correct the problem. Repairing Missing or Corrupted System Files Windows Server 2008 enters Windows Error Recovery mode automatically if Windows fails to start. In this mode, you have options similar to those you have when working with the Advanced Boot menu. For troubleshooting, you can elect to boot the system in Safe Mode, Safe Mode With Networking, or Safe Mode With Command Prompt. You can also choose to use the Last Known Good Configuration or to start Windows normally. If you can’t start or recover a system in Safe Mode, you can manually run Startup Repair to try to force Windows Server 2008 to resolve the problem. To do this, complete the following steps: 1. Insert the Windows installation or Windows Recovery disc for the hardware architecture and then boot from the installation disc by pressing a key when prompted. If the server does not allow you to boot from the installation disc, you might need to change firmware options to allow booting from a CD/DVD-ROM drive. 2. With a Windows Recovery disc, select Windows Setup (EMS Enabled) on Chapter 41 the Windows Boot Manager menu to start Windows Setup. With a Windows installation disc, Windows Setup should start automatically. 3. On the Install Windows page, select the language, time, and keyboard layout options that you want to use. Click Next. 4. When prompted, do not click Install Now. Instead, click the Repair Your Computer link in the lower-left corner of the Install Windows page. This starts the System Recovery Options wizard. If the boot manager is damaged, the wizard will repair it at this point to obtain a list of available operating systems. 5. On the System Recovery Options page, click Command Prompt. At the command prompt, enter cd recovery to access the X:\Sources\Recovery directory.
  3. Troubleshooting Startup and Shutdown 1419 6. At the command prompt, enter startrep to run the Startup Repair wizard. Follow the prompts to attempt to repair the server and enable startup. Resolving Restart or Shutdown Issues Normally, you can shut down Windows Server 2008 by clicking Start, and then click- ing the Shutdown button, and restart Windows Server 2008 by clicking Start, pointing to the Options button, and then clicking Restart. Sometimes, however, Windows Server 2008 won’t shut down or restart normally and you are forced to take additional actions. In those cases, follow these steps: 1. Press Ctrl+Alt+Delete. The Windows Security screen should be displayed. If the Windows Security screen doesn’t appear, skip to step 4. 2. Click Task Manager, and then look for an application that is not responding. If all programs appear to be running normally, skip to step 4. 3. Select the application that is not responding, and then click End Task. If the application fails to respond to the request, you’ll see a prompt that allows you to end the application immediately or cancel the end task request. Click End Now. 4. Try shutting down or restarting the computer. Press Ctrl+Alt+Delete, and then click the Shutdown button. As a last resort, you might be forced to perform a hard shutdown by holding down the power button or unplugging the computer. If you do this, run Check Disk the next time you start the computer to check for errors and problems that may have been caused by the hard shutdown. Chapter 41
  4. Index to Troubleshooting Topics Topic Description Page Active Directory schema You cannot change an attribute even though you are a 1016 member of the Administrators group Defragmenting disks Be careful when defragmenting 592 Drag and drop I’m unable to drag and drop items 135 Dynamic disks Dynamic disks have limitations 430 Hardware configuration RAM and CPUs are incompatible 99 Hardware interrupts Check the device slot configuration 241 Joining computer to domain The computer won’t join the domain 1227 Network interface Get separate views of bytes received and sent for 323 troubleshooting Network interface performance Compare network activity to disk time and processor time 363 Network user class Class ID problems 726 Printer spooling Check permissions on the spool folder 881 Clear out stuck documents 909 Running out of space may indicate a deeper problem 913 Processor performance Rule out processor affinity as an issue on multiprocessor 359 systems Remote monitoring Try the IP address if you can’t connect 355 Shadow copy Shadow copy relies on the Task Scheduler 596 Shortcut menus No shortcut menus appear when I right-click 135 Storage area networks Detecting SAN configuration problems 410 System processes Isolate 32-bit or 64-bit processes 315 Virtual memory Be careful when setting or moving the paging file 308 WINS replication Resolving WINS replication errors 828
  5. Index Symbols and Numbers user. See user accounts .NET Framework 3.0, 188 user account control. See UAC (User Account Control) 64-bit computing, 7–8. See also Itanium-based servers ACEs (access control entries), 1188 ACLs (access control lists) A Active Directory, role in, 988 access control RODCs, for, 1158 access permissions for fi les and folders, 571–578 ACPI (Advanced Configuration and Power Interface), Active Directory related features, list of, 989–990 379–382 entries. See ACEs (access control entries) ACPI BIOS, 240–241 lists. See ACLs (access control lists) Act As Part Of The Operating System privilege, 1178 systems, physical, 1315 activation of Windows Server 2008 user account control. See UAC (User Account Control) process for, 88–90 account policies. See also Group Policy viewing status of, 126–127 Account Policies, editing with default GPOs, Active Directory 1247–1249 administering. See Active Directory Users And configuring user policies, 1169–1170 Computers snap-in Group Policy objects. See GPOs (Group Policy objects) architecture of. See Active Directory architecture Kerberos policy settings, 1169, 1173 attribute management, 1014–1016, 1076 local user accounts, 1169 authoritative restores of, 1412–1414 location of, 1169 backup strategies for, 1409–1410 lockout policy, 1172, 1247 backups for installation media creation, 1127–1128 password policy enforcement, 1170–1171 bridgehead servers role, 58. See also bridgehead password settings object creation, 1173–1176 servers accounts building blocks, logical, 1053 Accounts: Rename Administrator Account policy, 1248 business requirements for, 1053–1054 Accounts: Rename Guest Account policy, 1248 changing structure of, 1061–1062 Administrator. See Administrator account classes of objects, 1014 authentication of. See authentication client connection requirements, 1111 built-in capabilities of, 1178 compatibility issues, 1016–1020 contact accounts, 1168 Computer objects, 1014 creating user accounts, 1184–1187 configuration containers in a forest, 1055 default user accounts, 1168 Contact objects, 1014 domain. See domain user accounts counters for, 1303–1304 expiration options for, 1192 CPUs, requirements for, 1108 Guest account, 1168 creating domain controllers for existing domains, InetOrgPerson. See InetOrgPerson accounts 1114–1122 local. See local user accounts data store architecture, 995–997 membership in groups, 1178 delegation of administrative rights, 1064–1065, naming accounts, 1168 1136–1139 OUs, placing in, 1136 designing systems of. See Active Directory system permissions of. See permissions design policies for. See account policies DHCP authorization, 689 RODC password replication policies, 1148, 1158–1159 DHCP set up with, 696, 698, 701 1421
  6. 1422 Active Directory architecture Active Directory, continued snap-ins, 163 Directory Services log, 328 Subnet objects, 1014 DNs (distinguished names), 1003–1004 System State fi les, 1110–1111, 1129 DNS zones, Active Directory–integrated type, 752–755 system volume. See Sysvol domain architecture design for, 50 Sysvol replication, 1077–1082. See also Sysvol Domain objects, 1014 SYSVOL$ shares, 555 Domain Rename utility, 1061–1062 task delegation, 1138–1139 domain trees. See trees, Active Directory tools for administering, table of, 107 domain trust design, 55 transactional processing, 993–995, 1076 domains. See domains, Active Directory trees. See trees, Active Directory failed domain controllers, removing references to, troubleshooting trust relationships, 1039–1040 1415–1416 trust relationships. See trusts failover clustering, configuration for, 1351 uninstalling, 1129–1133 forests. See forests, Active Directory User objects, 1014 functional levels, 1016–1020 Windows Vista with, 10–11 global catalog server role, 58. See also global catalog Active Directory architecture servers ACLs, 988 Group objects, 1014 administrator types, 1002 group policy. See Group Policy attributes of objects, 998 InetOrgPerson objects, 1014, 1063 authentication mechanisms, list of, 989 infrastructure masters, 57 authentication procedure, 990 inheritance of permissions, 1137 Checkpoint fi le, 995 installing. See installing Active Directory common names of objects, 1003 installing DNS Server service with, 767–771 Configuration containers, 1004 KCCs. See KCC (knowledge consistency checker) containers, 998 links. See site links data fi le types, 995–996 LSA (Local Security Authority), 988–989 data store architecture, 995–997 managing. See Active Directory Users And Computers Database Layer, 992–993 snap-in directory service component, 990–993 media, installing from, 1126–1129 directory trees, 999–1000 memory requirements, 1108 DNs (distinguished names), 1003–1004 namespace design, 54–55 domains, 999, 1004. See also domains, Active Directory nonauthoritative restores of, 1411–1412 ESE (Extensible Storage Engine), 993–995, 997 operations master role, 57. See also operations masters external trusts, 1003 OS support issues, 1016–1018 Forest Root Domain containers, 1004 OUs. See OUs (organizational units) forests, 1000–1001. See also forests, Active Directory PDC emulators, 57 global catalog servers, 1006 Performance Monitor counters for, 1303–1304 group policy, role of, 988 planning deployments, 54–58 GUIDs, 992 PrintQueue objects, 1014 indexed tables, 996 read-only domain controllers. See RODCs (read-only LDAP, 991, 998–999 domain controllers) log fi les, 995–997 recovery on SANs, 1110–1111 logical architecture overview, 997–998 RID masters, 57 logon/access features used with, 989–990 RODCs. See RODCs (read-only domain controllers) MAPI, 992 Schema snap-in, 1047 multimaster approach to replication, 991–992, 1085 Server objects, 1014 names of objects in data store, 992 server roles, planning for, 57–58 NET LOGON, 989 share information, publishing, 552 object class types, 998 site concept, 58. See also sites, Active Directory objects, 988, 998–999 Site objects, 1014 operations masters. See operations masters
  7. Active Directory Users And Computers snap-in 1423 OUs. See OUs (organizational units) Active Directory system design partitions, 1005–1006 attribute management, 1014–1016 physical layer overview, 987–988 authentication design overview, 1020 primary data fi les, 995–997 building blocks for, 1053 purpose of Active Directory, 987 business requirements for, 1053–1054 RDNs, 1003 compatibility issues, 1016–1020 replication support, 991–993 cross-forest transitive trusts, 1030–1032 RODC design considerations, 1145–1148 delegating authentication, 1040–1043 root domains, 1000, 1003–1004 domain functional level, 1016–1018 rootDSE objects, 1003–1004 domain planning overview, 1058–1059 SAM with, 990, 992 elements of, 1007 Schema containers, 1004 Exchange Server 2007 with, 1014 schemas, 993, 998–999, 1055 federated forest design, 1030–1032 security descriptor tables, 996 forest function level, 1018–1020 security subsystem key areas, 989–990 forests. See forests, Active Directory security subsystem, relation to, 987 global catalog access, 1011–1013 shortcut trusts, 1003 Kerberos for authentication, 1023–1026 SIDs (security identifiers), 993 LDAP, 1010 sites. See sites, Active Directory multimaster replication model, 1008 Temporary data fi les, 995 NTLM (NT LAN Manager), 1023–1024 tombstoned objects, 994–995 operations masters. See operations masters top-level view of, 987–988 OS support issues, 1016–1018 transaction logs, 994 OUs. See OUs (organizational units) trust paths, 1002–1003 planning overview, 1007–1008, 1053–1054 trust relationships, 988, 1001–1003 read-only domain controllers, 1008 user mode, 987 relative names of objects, 1010–1011 Windows NT 4 with, 992 replication attribute designation, 1014–1016 Active Directory Domain Services Installation Wizard. replication design, 1008–1009. See also replication See installing Active Directory resource access process, 1025–1026 Active Directory Domains And Trusts tool RODC design considerations, 1145–1148 creating trusts with, 1035–1038 security tokens, 1020–1022 raising functional levels, 1019–1020 session tickets, 1025–1026 Trust Type property, 1034 shortcut trusts, 1028–1029 UPN suffi xes, adding, 1021 single vs. multiple domains, 1060–1061 validating trust relationships, 1039–1040 single vs. multiple forests, 1056–1057 viewing existing trusts, 1033–1035 sites. See sites, Active Directory Active Directory Migration Tool. See ADMT (Active trees, searching, 1010–1011. See also trees, Active Directory Migration Tool) Directory Active Directory Schema snap-in, 1047 trusts. See trusts Active Directory Sites And Services two-way transitive trusts, 1027–1028 bridgehead servers, configuring as preferred, universal groups, 1020–1022 1300–1301 UPNs (user principal names), 1021 changing forest connected to, 1284 Windows Server 2008 domain functional level creating sites, 1283–1285 features, 1018 domain controllers, associating with sites, 1286–1287 writable domain controllers, 1008 global catalog server designation, 1012–1013 Active Directory Users And Computers snap-in site link bridges, configuring, 1295–1297 account options, managing, 1189–1192 site link creation, 1289–1292 adding members to groups, 1222 starting, 1012 administration, delegation of, 1137–1139 subnet creation, 1285 computer account management, 1225–1231 subnets, associating with, 1285–1286 computer account property configuration, 1229–1230 universal group membership caching, 1021–1022 creating computer accounts, 1225–1226
  8. 1424 active partitions Active Directory Users And Computers snap-in, continued Address toolbar, 149–150 creating domain user accounts, 1184–1187 addresses, IP. See IP addresses creating groups, 1220 Adjust Memory Quotas For A Process privilege, 1178 default accounts, listing, 1168 Admin Approval Mode, 290–293 delegated authentication, 1041–1043 ADMIN$ shares, 554 deleting computer accounts, 1228 administration disabling computer accounts, 1228 Active Directory, of. See Active Directory Users And fi nding shared folders, 552 Computers snap-in group properties, editing, 1223–1224 delegation of administrative rights using OUs, infrastructure master role, managing, 1050–1051 1064–1065 joining computers to domains, 1226–1227 delegation of, for Active Directory objects, 1136–1139 managing computer accounts remotely, 1228 planning deployments, 51–54 Member Of tab, 1188 planning, reviewing for, 42–43 moving computer accounts, 1227 remote. See Remote Desktop for Administration moving groups, 1224 tools for. See administration tools OU creation with, 1133–1134 tools, legacy compatibility issues, 52 Password Settings group creation, 1173–1176 administration tools PDC emulator role, managing, 1050 Active Directory tools, 107 purpose of, 153 Administrative Tools menu, 106–110 queries, saving, 1223 availability of, 109 renaming groups, 1224 Certification Authority tool, 107 renaming user accounts, 1211–1212 command-line utilities, 110–111 resetting passwords for computer accounts, 1228–1229 Computer Management console, 115–116 resetting user account passwords, 1212–1213 computer specification for, 109 RID (relative ID) role, managing, 1048–1050 Control Panel utilities. See Control Panel RODC Password Application Policy, editing, 1160–1162 Data Sources (ODBC) tool, 107 sending mail to groups, 1224 DFS Management tool, 107 taskpad example, 174 Event Viewer tool, 107 unlocking user accounts, 1213–1214 Failover Cluster Management tool, 107 user account properties, viewing and setting, 1187–1188 File Server Resource Manager tool, 107 active partitions, 77, 429 Initial Configuration Tasks console, 113–114 Active/Active controller model, 411 installing, 109–110 AD CS (Active Directory Certificate Services), 186 installing full tool set, 160–161 AD DS (Active Directory Domain Services) Net tools, 111–112 described, 186 Network Policy Server tool, 108 installing, 1114. See also installing Active Directory overview of, 105–106 AD FS (Active Directory Federation Services), 186 PowerShell, 112–113 AD LDS (Active Directory Lightweight Directory Registry, effect of tools on, 248 Services), 186 Reliability And Performance Monitor, 108 AD RMS (Active Directory Rights Management Services), Server Manager. See Server Manager console 186 Services tool, 108 Add Features Wizard Storage Explorer, 108 starting, 114 System console, 126–128 Windows Server Backup, installing, 1388 administrative shares, 553–555 Add Hardware Wizard, 235–236 Administrative Templates, Group Policy, 1235 Add Roles Wizard Administrative Tools menu, 385–388 RODC installations with, 1150 Administrator account starting, 114 Accounts: Rename Administrator Account policy, 1248 Terminal Services installation, 936–938 defi ned, 1168 Add Workstations To Domain privilege, 1178 renaming, 1168 Add/Remote Programs utility, 285–286 strong passwords recommended, 88 address classes. See classes of networks administrator applications, 295
  9. attributes 1425 administrator tokens run levels, 296–299 application integrity, assuring security settings related to, 299–301 defi ned, 247 standard user tokens, 294 administrators UAC role in, 294 domain, 1002 user applications, 295 enterprise, 1002 Application log, 327 forests, roles in, 1055 application servers Administrators group Application Server, 186 default logon rights assigned to, table of, 1181–1182 defi ned, 60 default privileges assigned to, table of, 1178–1181 applications roaming user profi les, adding to, 1197 high-availability guidelines for, 1309–1311 ADMT (Active Directory Migration Tool), 1061 installing. See software installation ADMX fi les, 1237–1238 monitoring with Task Manager, 314 Advanced Boot Options menu, 383 RemoteApps, making programs available as. See advantages of Windows Server 2008, 3–4 RemoteApps aliases, DNS, 797–798 run levels, security tokens for, 247 Allowed RODC Password Replication group, 1159–1160 running on remote servers. See Terminal Services alternate IP addressing, 660, 663–665 settings, storage of, 247 AMD-V, 10 startup problems from, 388 analysis of preexisting system for deployment planning Terminal Services compatibility scripts, 942 assessing servers and services, 39 Terminal Services, installing, 939–943 disaster recovery, 43–44 virtualization, security tokens for, 247 hardware inventories, 39–40 Applications and Services logs, 327–328 licenses, 39 Apply Group Policy permission, 1259–1261 localization issues, 39 architecture of Windows Server 2008 network administration review, 42–43 boot environment, 13–14 network infrastructure evaluation, 38 DNS design, 762–765 network management tools, assessing, 44 kernel architecture, 11–13 network map creation, 38 Network Diagnostics Framework, 15–18 network services and applications identification, 40–41 support architecture, 14–25 project worksheets, 37 architecture, Active Directory. See Active Directory purpose of, 37 architecture remote locations, 38 architecture, network security infrastructure, 41–42 domain architecture, 50 storage, 39 team for planning, 31 task in planning sequence, 29 archives answer fi les archive attribute, 1385 purpose of, 70 media rotation, 1386–1387 specifying in Setup, 70 media types supported, 1387 APIPA (Automatic Private IP Addressing) atomic permissions, 575 troubleshooting, 676–677 attributes use with DHCP, 665 Active Directory architecture object attributes, 998 Appearance And Personalization console, 120–122 fi le and folder, 567 application integrity multi-valued directory attributes, 1159 administrator applications, 295 nonresident NTFS attributes, 504 administrator user tokens OUs attributes, editing, 1135 Application Information service, 294 Read Attributes special permission, 573 compliant applications, 294 Read Extended Attributes special permission, 574 integrity levels, 297 resident NTFS attributes, 503 legacy applications, 294 Write Attributes special permission, fi le sharing, 574 overview, 294
  10. 1426 auditing auditing power supply redundancy, 1314 fi le and folder access, 581–585 predeployment planning checklist, 1322 logging, DHCP, 727–729 redundancy, components for improving, 1312 printer access, 884 server types, standardization by, 1312 Registry access, 283–284 spare parts, 1312 Security log, 327 standardized components for system services, 1310 systemic procedures for, 1319–1320 standardized deployment process, 1310 Terminal Services access, 964–966 standby systems, 1312 Authenticated Users group default logon rights assigned to, table of, 1181 B default privileges assigned to, table of, 1178 backups authentication Active Directory backup procedure, 1409–1410 Active Directory related mechanisms, list of, 989 Active Directory requirements, 1110–1111 computer accounts, troubleshooting, 1230–1231 archive attribute, 1385 cross-forest transitive trusts, 1030–1032 Back Up Files And Directories privilege, 1178 delegation overview, 1040–1041. See also delegating command-line tools for, 1387 authentication configuring backup type, 1389 design overview, 1020 copy backups, 1385 forwarded tickets, 1040 daily backups, 1385 Kerberos for, 1023–1026 data considerations, 1382–1383 NTLM (NT LAN Manager), 1023–1024 destination selection, 1398 outgoing trust authentication levels, 1038 DHCP backups, 1384 proxy tickets, 1040 differential backups, 1385–1386 RODC process for, 1144–1145 disaster preparedness procedures, 1373–1374 security token generation, 1020–1022 disaster preparedness, relation to, 1384. See also disaster session tickets, KDC server, 1025–1026 planning session tickets, Kerberos policy settings, 1173 DNS backups, 1384 Terminal Services, for, 937 DVDs for, 1390 trust paths, 1002–1003 event logs for, 1400–1401 trusts. See trusts fi le server backups, 1384 universal group membership caching, 1020–1022 group membership required for, 1388 authoritative restores of Active Directory, 1412–1414 Group Policy backups, 1278–1280, 1384 Automatic Black Hole Router Detection, 631 importance of, 1381 Automatic Dead Gateway Retry, 631 incremental backups, 1385–1386 Automatic Updates, 11 installing Windows Server Backup, 1388 availability manual backups, 1396–1400 99.9 percent uptime goal, 1309 media rotation, 1386–1387 application requirements for, 1310 normal backups, 1385–1386 checklist for application deployments, 1311 one-time backups, 1396–1400 clustering servers to improve. See clusters, server optimal technique selection, 1383–1385 facilities design. See structures and facilities plans for, 1318–1319 failover capabilities. See failover clustering print server, 912–913, 1384 fault tolerance for, 1312. See also fault tolerance programs for, 1384, 1388 hardware deployment process, 1312 recommended strategy for, 1383 hardware planning checklists, 1313 recovering data. See recovery hardware standardization for high availability, Registries, 272 1311–1312 scheduling, 1391–1395 hardware strategy for, 1311–1313 services, backup functions of, 1383–1384 high, defi ned, 1309 Shadow Copy API advantages for, 1383 highly available server deployment, 1321–1322 starting Windows Server Backup, 1388 integrated testing of applications for, 1310 storage location selection, 1390 noncritical system goals, 1309 strategy considerations, 1382–1383 operational plan for. See operations management strategy creation questions, 1381–1382
  11. BITS (Background Intelligent Transfer Service) Server Extensions 1427 system fi le considerations, 1382–1383 viewing entries, 390–393, 396–397 volume specification for, 1390–1391 well-known identifiers, 392 VSS for fi le servers, 1384. See also VSS (Volume Shadow Windows Legacy OS Loader entries, 396 Copy Service) Windows Memory Tester entries, 396 Wbadmin command, 1387, 1390 BIOS (basic input/output system) Windows Firewall settings for, 1390 ACPI requirement, 379 Windows Server Backup feature, 190 entering during boots, 380 Windows Server Backup overview, 1387 legacy boots, 382 WINS backups, 1384 BirthObjectIDs, 516 baselines for performance, establishing, 344 BirthVolumeIDs, 516 basic disks BitLocker Drive Encryption compared with dynamic type, 428–430 boot fi le validation, 477 conversions to and from dynamic type, 430–432 boot issues, 382 ESP partition type, 449–450 data volume encryption, 493–494 LDM partitions, 451–452 decrypting data volumes, 495 managing GPT partitions on, 449–452 defi ned, 188 managing MBR partitions, 434–448 deploying, 478–480 MSR partitions, 450–451 disabling, 495 OEM partitions, 452 Drive Preparation Tool, 484–485 primary partitions, 451 enabling encryption with PINs, 491 basic folder permissions, table of, 572 enabling encryption with startup keys, 488–491 BCD (Boot Configuration Data) stores FIPS, 481 boot sequence, temporarily changing, 404 installing, 485 commands, table of, 389–390 keys for volumes, 481 creating entries, 394–395 listing encrypted volumes, 492 creating new, 393–394 non-TPM operation of, 477–478 Debugger Settings entries, 397 partitions for, 479–480, 482–485 default operating system entry selection, 403 password management, 492–493 deleting entries, 395 performance issues, 477 deleting options, 395–396 PIN management, 492–493 DEP (Data Execution Prevention) options, 402 PINs, role of, 491–492 Editor, 388–390 planning for, 479 EMS Settings entries, 396–397 policy settings for, 480–481, 486–487 entries in, 388 purpose of, 11, 477 exporting, 394 readiness test, 485–486 guidelines for modifying, 390 recovering data, 494–495 GUIDs with, 392 Recovery mode, 477–478 Hypervisor Settings entries, 397 recovery passwords, 487–488 importing, 394 remote administration issues, 478 multiple operating systems with, 393 setup steps, overview, 481–482 operating system display order, 402–403 Startup Key Only mode, 478 options for boot application entries, 399 startup keys, 488–491 options for Windows OS Loader applications, 400–401 system vs. data volume encryption, 481 PAE mode options, 402 TPM and PIN mode, 478 properties, table of, 391 TPM and Startup Key mode, 478 purpose of, 382–383 TPM with, 468, 477–478 registry for, 382 TPM-Only mode, 478 Resume from Hibernate entries, 396 USB fl ash startup keys, 478 sample listing, 390–391 Windows Vista vs. Windows Server 2008 versions, 479 setting entry values, 395 BITS (Background Intelligent Transfer Service) Server system BCD stores, 390 Extensions, 188 timeout default, setting, 404
  12. 1428 boot configuration boot configuration listing for sites, 1298 ACPI requirement, 379 multiple, 1094–1095 Advanced Boot Options menu, 383 preferred servers, 1299–1301 applications problems, 388 replication attribute options, 1305–1306 BCD stores. See BCD (Boot Configuration Data) stores RODCs not allowed as, 1145 BIOS legacy boots, 382 site links, relationship to, 1287 BitLocker boots, 382 sites, role in, 1072 boot environment layer, 382–383 testing replication, 1305–1306 boot loader applications, list of, 388 bridges, 639 boot sequence, temporarily changing, 404 broadcast IP addresses, 636–637 CPUs, specifying number to use, 386 budget issues, 47–48 DEP (Data Execution Prevention) options, 402 building phase of MSF (Microsoft Solutions desktop class system issues, 377 Framework), 28 EFI legacy boots, 382 business requirements fi rmware boot settings, 381–382 Active Directory planning for, 1053–1054 fi rmware types, 379 goal assessment task for planning deployments, 34–35 fi rmware, entering during boots, 380 organizational objectives, specifying, 45–46 hardware capabilities, 379–382 system availability. See availability memory, specifying amount to use, 386 business units as OUs (organizational units), 1066 msconfig.exe command, 385–388 Bypass Traverse Checking privilege, 1178 No GUI boots, 386 overview, 13–14, 377 C partition styles, 382 C$ type drive shares, 554 power settings in fi rmware, 380–381 cabling, 1314 power state management capabilities, 379–382 CALs (client access licenses) power state options, 379–380 CAL Installation Wizard, Terminal Services, 954–957 Safe Boot modes, 386 defi ned, 63 SANs, booting from, 409–411 per-server vs. per-user options, 71 services problems, 387 Terminal Services with, 925–927 Startup And Recovery dialog box, 384–385 CAPI2 (CryptoAPI version 2), 18 startup control within boot environment, 382–383 certificates startup issues compounded in 2008, 377 Certification Authority tool, 107 Startup Repair Tool, 1408–1409 OCSP (Online Certificate Status Protocol), 18 System Configuration, 385–388 change control procedures, 1317–1318 timeout default, setting, 404 change journals, 514–515 TPM for boot fi le validation, 468 change logs, 1317 Windows Boot Loader, 383 change management planning process, 54 Windows Boot Manager, 383 Change Permissions Windows Vista power state management, 378 fi le sharing, 564 boot partitions fi le special permission, 575 defi ned, 77 printer permission, 880 mirrored boot volumes, 459–462 Change The System Time privilege, 1179 system partition allowed with, 429 Change The Time Zone privilege, 1179 BOOTP (Bootstrap Protocol), 685 Check Disk tool bottlenecks bad sectors, marking, 540 disk I/O, 360–362 command-line parameters, table of, 537–538 memory, 356–358 dirty, marking disks as, 537 network-based, 362–363 FAT volumes, analyzing, 538–539 overview of, 356 fi xing errors with, 535–537 bridgehead servers NTFS volumes, analyzing, 539–540 configuring, 1298–1301 repairing volumes, 540 defi ned, 58 Self Healing NTFS alternative to, 520–521 intersite replication with, 1089–1091 syntax for, command line, 537
  13. Computer Management console 1429 child domains, 653 print drivers with, 846 child folders, 569 purpose of, 1324 CIDR (classless interdomain routing) quorums, 1330 nonclassful network nature of, 637 redundancy role of, 1312 notation, 640–641 reliability goals, 1324–1325 classes of networks SANs using, 409–411 class A network subnets, 642–644 scalability goals, 1325 class B network subnets, 644–645 scalability limits, 1326 class C network subnets, 645–646 server clusters defi ned, 1323–1324 IDs for, 638–639 shadow copy issues, 595 purpose of, 633–635 three-tier structure for, 1326 clean installations CMAK (Connection Manager Administration Kit), 188 Initial Configuration Tasks console, 87 color printers installation step, 87 basics of, 851 language selection, 86 profi les, configuring, 906–907 product keys, 85–86 color scheme selection, 120–121 rolling back installations, 84 command-line utilities, list of, 110–111 starting, 84 Compact command, 523 steps for, 84–88 compliant applications, 294 updates during, 85 Compound TCP, 631 where to install to, choosing, 86–87 compressed (zipped) folders, 524–525 client access licenses. See CALs (client access licenses) computer accounts cluster-aware applications authentication issues, 1230–1231 failover clustering of, 1348 Computer container, 1225 high-availability goals for, 1309–1310 computer name, viewing, 1229 redundancy role of clustered systems, 1312 creating, 1225–1226 service compatibility requirements, 1325 delegated authentication, 1042–1043, 1229 clusters, fi le system deleting, 1228 FAT, 500 dial-in settings, 1230 fi le system overview, 498–499 disabling, 1228 NTFS, 508 Effective Permissions tool, 1188–1189 clusters, server group membership configuration, 1229 active nodes, 1327–1328 group policies for. See Group Policy application software compatibility with. See cluster- joining computers to domains, 1226–1227 aware applications Managed By property, 1229 availability goal of, 1324 managing remotely, 1228 benefits of, 1324–1325 moving, 1227 Cluster Administrator renamed, 1352 properties, configuring, 1229–1230 Cluster service, 1352–1353 remote install option, 1230 failover function. See failover clustering resetting passwords, 1228–1229 failures, causes of, 1324 security options, advanced, 1230 farms, 1325 troubleshooting, 1230–1231 fault tolerance not provided by, 1324 user object canonical name, 1229 high availability, 1323–1324 Computer Management console load balancing. See NLB (Network Load Balancing) components of, 115 maximum number of nodes supported, 1326 Computer Management Services And Applications multisite options, 1329–1330 tools, 116 nodes defi ned, 1323 Computer Management Storage tools, 116 operating modes, 1327–1328 Computer Management System Tools, 115–116 operating system version differences for, 1326 creating shares with, 559–562 organization of servers in, 1325–1326 fi le sharing, 556 packs, 1325–1326 MMC nature of, 155 passive nodes, 1327–1328 offl ine fi les configuration, 1207–1208
  14. 1430 computer names Computer Management console, continued screen savers, 121 publishing shares, 563 sound schemes, 121 remote device management, 221 themes, 121–122 shadow copy configuration, 593–596 Uninstall Or Change A Program utility, 273 share permission configuration, 565–566 views available, 119–120 TS Session Broker authorization, 946–947 copy backups, 1385 computer names copying items, 135–136 Append Suffi xes settings, 667–668 core-server installation type, 80 changing, 127 counters viewing, 117, 126 Active Directory counters, 1303–1304 WINS for resolving, 654–655 adding to Performance Monitor, 349–350 conditional forwarding, DNS alert configuration, 369–370 benefits of, 754 counter list, 352 configuring, 786–788 data collector sets of. See data collector sets drawbacks of, 756 default, 349 purpose of, 748 defi ned, 346–347 configuration tools. See administration tools deleting, 350 Configure A DNS Server Wizard, 773–783 disk I/O, 360–362 configuring TCP/IP networking display of, 350 alternate IP addressing, 660, 663–665 graphing of statistics for, 351 DNS configuration, 667–669 Histogram Bar view, 353 dynamic IP addressing, 660, 663–665 memory, 357–358 IP address configuration methods, 660–661 Memory\Available Bytes, 357 IP address information needed, 657–658 Memory\Commit Limit, 357 multiple gateway configuration, 665–666 Memory\Committed Bytes, 357 overview of, 660 Memory\Page Faults/Sec, 357 static IP address assignment, 660–663 Memory\Pages Input/Sec, 357 WINS configuration, 669–671 Memory\Pages Output/Sec, 357 configuring Windows Server 2008. See also specific Memory\Pages/Sec, 357 configuration topics Memory\Pool Nonpaged Bytes, 358 desktop configuration, 142–143 Memory\Pool Paged Bytes, 358 menu customization. See menu system network, 362–363 overview of, 129 Paging File\% Usage, 358 Quick Launch, 148–149 Paging File\% Usage Peak, 358 taskbar configuration, 143–148 Paste Counter List button, Performance Monitor, 352 toolbar optimization, 148–151 performance objects, table of common, 348–349 confl ict detection of IP addresses, 734 Physical Disk\% Disk Time, 358 consoles. See MMCs (Microsoft Management Consoles) Physical Disk\Avg Disk Queue Length, 358 contact accounts, 1168 Physical Disk\Avg Disk Sec/Transfer, 358 contingency allowances in planning projects, 48–49 PhysicalDisk\ counters, 361–362 Control Panel print server, 909–912 Appearance And Personalization console, 120–122 Processor\% Privileged Time, 360 color scheme selection, 120–121 Processor\% Processor Time, 360 Date and Time utility, 122–123 Processor\% User Time, 360 desktop background selection, 121 Processor\Interrupts/Sec, 360 display settings for monitors, 122 remote monitoring of, 354–355 Folder Options utility, 123–124 Report view, 353 mouse pointer selection, 121 sample rates, 351 overview of utilities in, 106 System\Processor Queue Length, 360 Programs And Features page, 287–288 CPUs (central processing units) Regional and Language Options utility, 125 Active Directory requirements for, 1108 Registry, effect of tools on, 248 bottlenecks, resolving, 359–360
  15. Desktop Experience 1431 counters for, 360 Debug Programs privilege, 1179 installation errors caused by, 98–99 Default Domain Controllers Policy GPO Itanium. See Itanium-based servers purpose of, 1235 listing types of, 126 restoring defaults, 1282 multiprocessor affi nity issues, 359 Default Domain Policy GPO performance statistics in Reliability And Performance purpose of, 1235 Monitor, 345 restoring defaults, 1282 performance statistics in Task Manager, 311–313 defragmenting drives process usage of, 315 configuring automated, 541–542 processor scheduling options, 304–305 Disk Defragmenter for, 543–544 requirements by edition, 72–73 fragmentation analysis, 545–546 specifying number to use, 386 fragmentation process, 541 WSRM (Windows System Resource Manager), 190 shadow copy issues crash dump partitions, 77, 429 delegating authentication Create A Pagefi le privilege, 1179 account option for, 1192 Create A Shared Folder Wizard, 560–562 configuring, 1041–1043 Create Files/Write Data special permission, 574 purpose of, 1040 Create Folders/Append Data special permission, 574 ticket models for, 1040 Create privileges, 1179 delegating management tasks credentials, logon, 1195 defi ned, 1249 cross-forest transitive trusts, 1030–1032, 1035 delegating Group Policy management privileges, 1252–1253 D delegating privileges for links and RSoP, 1253 daily backups, 1385 GPO creation rights, 1249–1250 DAS (direct-attached storage), 405–406 reviewing Group Policy management privileges, data collector sets 1250–1252 alert configuration, 369–370 Delete special permission, 574 capabilities of, 363 Delete Subfolders And Files special permission, 574 configuration sets, 364, 368 deleting user accounts, 1210–1211 creating, 365–367 Denied RODC Password Replication group, 1159–1160 deleting, 365 DEP (Data Execution Prevention) options, 402 performance counter sets, 364–367 department based groups, 1217 purpose of, 343, 363 deployments of applications Reliability And Performance Monitor console for, checklist for, 1311 363–364 standardized deployment process for high availability, reports, viewing, 368–369 1310 saving as templates, 364 deployments of hardware startup event traces, 364 highly available server deployment, 1321–1322 trace data sets, 364, 367–368 standard process checklist, 1312 types of, 364 deployments of Windows Server 2008 Data Execution Prevention (DEP) options, 402 MSF deployment phase, 28 data packets. See packets planning. See planning deployments Data Sources (ODBC) tool, 107 designing new networks data streams, 512–513 domain architecture, 50 database server failover clustering, 1349–1351 network operations issues, 50–51 Datacenter edition, Windows Server 2008 overall objectives for, 50 features of, 6 place in overall design plan, 30 hardware requirements for installations, 72–73 security requirements, 51 selection criteria, 62–63 Desktop Experience Date And Time utility, 122–123 defi ned, 12–13 day-to-day operations. See operations management purpose of, 188 Dcgpofi x utility, 1282 recommended, 129 Dcpromo command, 1112, 1114, 1129 Software Explorer, 288
  16. 1432 Desktop toolbar Desktop toolbar, 150 DHCP Server, 186 desktops, configuring, 142–143 DHCPv6 capable clients, 632, 687–688 development teams, 32 DHCPv6 stateless mode, 698 Device Manager Discover messages, 689–690 confl icting devices, 240–243 DNS configuration with, 667, 686, 697, 730, 757 driver installation steps, 230–232 domain controller collocation issue, 689 drivers, viewing information about, 224 dynamic addressing, 660 Enable Device command, 225 dynamic clients, 685 removing drivers, 234 dynamic DNS with, 759–760 Resources tabs for drivers, 227–228 exclusions, 686, 709, 712–713 rolling back drivers, 233 failover, 693–695 shortcut menu options, 220 fault tolerance, 693–695 troubleshooting with, 237–243 installing DHCP Server service, 697–700 types of devices displayed, options for, 221 IPCONFIG command for lease control, 680 viewing devices with, 219–220 IPv4 autoconfiguration, 687 warning symbols, 220 IPv4 messages and relay agents, 689–691 devices. See also hardware IPv6 autoconfiguration, 687–688 drivers for. See drivers IPv6 messages and relay agents, 691–693 installing, 215–221 lease audits, 728 DFS (Distributed File System) lease broadcast process, 689–693 architecture of, 1081–1082 lease databases, 685 clustering with, 1363 lease date stamps, viewing, 673 DFS command-line tools, 409 lease duration specification, 705–706 DFS management tool, 107 lease renewal process, 679–680 Dfscmd tool, 409 leases defi ned, 660 Dfsdiag tool, 409 limited broadcasts, 637 metatdata of, 1080 M and O fl ags, 691–693 Namespaces, 415, 417–418 management console. See DHCP console optimizing File Services with, 415 message mechanics, 689–693 purpose of, 408 multiple gateway configuration, 665 Replication, 415 NAP integration, 731–733 Replication log, 328 Netsh DHCP command, 700 sites, Active Directory, effects on, 1073–1074 NICs, binding to server’s, 729 Sysvol replication, 1077–1082 normal scope creation, 702–710 DHCP (Dynamic Host Configuration Protocol). See also number of clients per server, 696 DHCP console Offer messages, 689–690 Active Directory authorization for, 689, 701 planning issues, 60, 689–695 Active Directory, setting up with, 696, 698 relay agents, 691–693, 737–742 APIPA, 665, 676–677 renewing leases, 690–691 audit logging, 727–729 Request messages, 689–690 autoconfiguration routine, 687–688 reservations, 686, 713–716, 718 availability, 693–695 restoring data, 737 backups of, 1384 Routing and Remote Access Services setup, 737–739 client broadcasts, 689–690 RRAS integration, 686–687 clients per server guideline, 686 saving configurations of, 734–735 clustering with, 1363 saving data, 737 configuring network addresses, 663–665 scopes. See scopes for IP addresses confl ict detection with, 734 security issues, 688–689 confl icting addresses, troubleshooting, 677 server selection guidelines, 689, 696 console. See DHCP console servers, reservations recommended for, 686 database management, 735–737 setting up servers, overview of, 696–697 defi ned, 685 sites, requirements for, 1073
  17. DiskPart tool 1433 standby servers, 696 backup procedures, 1373–1374 startup sequence for clients, 687 backups, coordinating with, 1384 TCP/IP option configuration. See TCP/IP options under emergency response teams, 1371 DHCP escalation procedures, 1372–1373 troubleshooting, 679–680 fault tolerance, 1370 user-defi ned classes, 724–726 identification of essential systems, 1369–1370 WINS settings, 697 incident response teams, 1371 wireless network security issues, 689 Microsoft Product Support, 1375–1376 workgroup setup with, 697 notification procedures, 1372 DHCP console On Screen Keyboard, 1377 activation of scopes, 716 overview of, 1369 domain name specification, 706 physical security, 1370 exclusions, 712–713 post-action reporting, 1373 lease duration specification, 705–706 power protection plan, 1370–1371 normal IPv6 scope configuration, 708–710 preparedness procedures list, 1373 reservation management, 713–716 priorities systems, 1373 router address specification, 706 problem resolution policy documents, 1371–1373 scope creation, 702–705 recovery issues, 43–44, 1370 starting, 699 Rollback wizard, 1378 WINS server specification, 707 servers, types of essential, 1369 DHCPv6. See also DHCP (Dynamic Host Configuration staff key data, 1372 Protocol) Startup Repair, 1374–1375 clients, 632, 687–688 UPS (uninterruptible power supplies), 1370–1371 stateless mode, 698 vendor key data, 1372 diagnostics Disk Defragmenter, 541–546. See also defragmenting key areas, table of, 20–21 drives Network Diagnostics Framework, 15–18 disk drives. See hard disk drives; storage overview of, 14–15 disk I/O subsystem, 497 startups, diagnostic, 385–388 Disk Management snap-in WDI (Windows Diagnostics Infrastructure), 19–25 adding new disks, 423–424 dial-in settings for computer accounts, 1230 bad sectors, marking, 438 differential backups, 1385–1386 Check Disk, starting, 536 direct-attached storage. See DAS (direct-attached storage) command-line counterpart. See DiskPart tool directory. See Active Directory converting basic to dynamic disks, 431–432 directory partitions. See partitions, directory converting dynamic to basic disks, 432 Directory Replicator remote access to Registry encrypted BitLocker volumes, 492 requirement, 282 extending volumes, 443–446 directory service (Ntdsa.dll) moving dynamic disks, 456–457 Active Directory with, 992–993 purpose of, 419–420 defi ned, 990 quotas, setting, 529–532 names of objects, 992 rescanning disks, 455–456 replication, role in, 993 shrinking partitions with, 446–447 schemas, 993 spanned volume creation, 453–454 SIDs, reading, 993 views available, 421 Directory Services log, 328 volume creation, 435–439 Directory Systems Agent. See DSA (Directory Systems disk mirroring. See mirrored volumes Agent) disk quotas. See quota management directory trees. See trees, Active Directory disk striping. See striped volumes disabling user accounts, 1193, 1195, 1211 DiskPart tool disaster planning converting disk types, 432 availability issues. See availability defi ned, 409, 421 backup plans for data, 1370 extending volumes, 445–446
  18. 1434 Distributed File System DiskPart tool, continued global name deployment, 803–804 invoking, 421 host addresses, 748 listing devices with, 422 host names, 653 sample session, 422 inappropriate associations, 757 selecting devices, 422 installing DNS Server service with Active Directory, shrinking partitions with, 447 767–771 Distributed File System. See DFS (Distributed File installing DNS Server service without Active Directory, System) 771–773 distribution groups, 1216 IPv6 addresses for servers, 681, 756–757 DLT (Distributed Link Tracking) Client, 516–517 ISP zone maintenance, 776 DNs (distinguished names) LLMNR with, 655–656 defi ned, 1003–1004 log configuration, 808–809 searching, 1010–1011 lookups, troubleshooting with, 812 DNS (Domain Name System) mail exchange addresses, 749 A records, 794–797 main components of, 746 AAAA records, 794–797 MX (Mail Exchanger) records, 798–799 Active Directory requirements, 1109–1110 name resolution in, 654, 746–748 Add Roles Wizard for installing services, 771 name server resource records, 749 aging configuration, 807–808, 818 namespace, Active Directory planning, 54–55 aliases, 797–798 namespaces, 744–746 appending computer names settings, 667–668 NS records, 794, 799–800 application directory partitions, configuring, 804–806 parameters, server configuration, table of, 815–818 architecture for, 762–765 planning deployments of, 40, 59 automatic record creation, 794 planning overview, 744 backups of, 1384 pointer resource records, 749 cache management, 813 preferred DNS server IP addresses, 773 canonical names, 748 primary DNS servers, 750–751, 771 client TCP/IP configuration checks, 810–811 primary zone creation, 775 client/server nature of, 743 private namespace, 746 CNAME records, 797–798 PTR records, 794–797 conditional forwarding, 748, 754, 756, 786–788 purpose of, 652 configuration fl ags, table of, 816–818 query and reply, basic, 746–747 Configure A DNS Server Wizard, 773–783 query security issues, 757–758 configuring settings, 667–669 query statistics, 818–819 database for, 746 query types, 743 defi ned, 743 record change propagation, 795 destination caches, 683 recursion, 778, 786–788 DHCP-based configuration, 667, 686, 697, 730, 757 registering clients, 809 DNS console, 771–772 replication scope, 780, 782 DNS names for domains, setting, 768 replication, troubleshooting, 813 Dnscmd /Info command, 813–814 resolver caches, 681–683, 811 Dnscmd /Statistics command, 818–819 resource records, 748–749, 794–802 Dnscmd command, 772 restart issues, 754–755 DNSSEC (DNS Security), 757–758 reverse lookup queries, 743–744 domain names, 653–654 reverse lookup zone creation, 781–782, 785–786 dynamic updates, 668, 759–760, 776, 781–782, 819 reverse lookup zones, 774 event logging, 808–809 RODCs with, 1143, 1149 external name resolution security, 760–761 root hints fi les, 760–761, 778 external resource requests, 747–748 roots name servers, 760–761 forward lookup queries, 743 roots, namespace, 745 forward lookup zone creation, 774–781, 783–785 round-robin load balancing, 797, 1331 forwarders, 777–778, 782–783, 786–788, 818 scavenging, 807–808
  19. domain trusts 1435 secondary DNS servers, 750 local account issues, 1113–1114 secondary notification configuration, 793–794 moving out of Domain Controllers OU, danger of, 1249 secondary zone creation, 775 NETLOGON share, 555 secondary zone setup, 770–771 nonauthoritative restores of Active Directory, 1411–1412 secure dynamic updates, 759–760 operations master. See operations masters separate-name design, 763–765 OS support issues, 1016–1018 server order, setting, 667 OUs created within, 1133 server TCP/IP configuration checks, 812–813 partitions, 1005 service location resource records, 749 planning issues, 58–59 sites, requirements for, 1073 privileges required for creating, 1112–1113 small network configuration, 774–778 read-only. See RODCs (read-only domain controllers) SOA records, 794, 800 recovery strategies for, 1409–1410 split-brain design, 762–763 replication issues. See replication SRV records, 794, 801–802 replication scope, 1008 start-of-authority resource records, 749 replication topology based on number of, 1092 static, single label name configuration, 803–804 restoring failed with new, 1415–1416 subdomain configuration, 788–791 restoring Sysvol data, 1414–1415 testing, 682 sites, associating with, 1286–1287 top-level domains, 745–746 sites, locating in separate, advantages of, 1075 troubleshooting, 680–683 subdomain, DNS configuration for, 788–791 troubleshooting client services, 809–812 SYSVOL$ shares, 555 troubleshooting server services, 800–821 trust paths, 1002–1003 TTL values, 682 domain functional levels viewing server configuration, 813–819 operations masters, 57 WINS lookups using, 839 planning for, 55–57 zone transfers, 791–793 purpose of, 1016 zones, 749–757 RODC level requirements, 1148 DNS Server. See also DNS (Domain Name System) Sysvol replication, 1077–1082 defi ned, 186 table of, 1017 log, 328 Windows 2000 native mode, 1017 documentation, importance of, 1317 Windows 2008 mode, 1018 domain administrators, 1002 Windows Server 2003 mode, 1017–1018 domain controllers domain local groups authoritative restores of Active Directory, 1412–1414 defi ned, 1217 backup media, creating from, 1127–1128 local domain processing requirement, 1218 backup requirements, 1110–1111 member inclusion rules, 1218 change journals, 514 nesting limitations, 1218 configuration containers in a forest, 1055 permissions rules, 1218 creating domain controllers for existing domains, reasons for using, 1218–1219 1114–1122 domain names Default Domain Controllers Policy GPO, 1235, child domains, 653 1247–1249 defi ned, 653 delegation of administrative rights, 1136–1139 fully qualified, 654 deleting, 1129–1133 obtaining, 653 designing systems of. See Active Directory system parent domains, 653 design resolving. See name resolution services DHCP server collocation issue, 689 top-level domains, 653 domain architecture design, 50 domain naming master role, 1044–1046, 1048 failed, removing references to, 1415–1416 Domain Rename utility, 1061–1062 global catalog access, 1011–1013 domain trees, 1053. See also trees, Active Directory global catalog servers, 1006 domain trusts hardware guidelines, 1108–1109 configuring, 1035 IP addresses, 1109 planning for, 55
  20. 1436 domain user accounts domain user accounts defi ned for Active Directory, 999, 1053 Administrator. See Administrator account delegation of administrative rights, 1136–1139 backing up passwords, 1214–1215 deleting, 1129–1133 built-in capabilities of, 1178 design considerations, 1059 cached credentials, 1195 domain functional level, 1016–1018 consistency requirement, 1169 domain security policies, 1059 creating, 1184–1187 enforcing inheritance, 1258–1259 default user accounts, 1168 forests, relationship to, 1054–1055 defi ned, 1167 group policies created with, 1235 deleting, 1210–1211 group policies of. See Group Policy disabling, 1191, 1193, 1195, 1211 group policy inheritance order, 1254 Effective Permissions tool, 1188–1189 joining computer accounts to, 1226–1227 enabling, 1211 language standardization within, 1059 enabling disabled, 1195 membership options, 83 expiration options for, 1192 OUs in. See OUs (organizational units) folder redirection, 1203–1207 planning overview, 1058–1059 group memberships of, 1177–1178 policies on, 1059 Home Folder, 1194 privileges required for installing, 1112–1113 inheritance effects, 1188 raising functional levels, 1019–1020 Kerberos options, 1192 renaming, 1061–1062 Kerberos policy settings, 1173 replication considerations, 1059 lockout policy, 1172, 1195 resource access issues, 1059 logon rights of, 1178 root domains, 1000 maintenance overview, 1210 servers for. See domain controllers moving, 1211 single vs. multiple, design considerations, 1060–1061 multiple users, selecting, 1211 sites, relationship to, 1071 naming accounts, 1168 task delegation, 1138–1139 options, managing, 1189–1192 top-level domains, 653 password policy enforcement, 1170–1171 trees. See trees, Active Directory Password Settings containers, 1169 trusted and trusting, 1001–1002 permissions of, 1178 DoS attacks, DHCP vulnerability to, 688 policy configuration, 1169–1170 drive letters privileges of, 1178 assigning, 436 profi le settings, 1193–1194 configuring, 440–442 properties, viewing and setting, 1187–1188 enumeration of, 435 renaming, 1211–1212 drivers resetting passwords, 1212–1213 adding print drivers, 888 security descriptors of, 1188 base installation library of, 222 SIDs (security identifiers) of, 1210 bugginess of, 211 smart cards, requiring, 1192 Code Signing For Device Drivers policy, 224 top-level account policies, 1169 detection of missing, automatic, 215 troubleshooting, 1195 disabling, 236–237 unlocking, 1213–1214 improvements in, 19 user profi les. See user profi les installation steps, 230–232 DomainIDs, 516 installation wizards, 229–230 domains, Active Directory installing available updates, 215–216 assigning user rights for, 1182–1183 kernel mode, 845 changing designs for, 1061–1062 loading disk drivers during installation, 94–95 creating new domains in new forests, 1122–1125 maintaining lists of, 228 creating new domains or trees in existing forests, manifest fi les, 222 1125–1126 Microsoft Universal Printer Driver, 846 creation in Active Directory, 1005 network adapters, Advanced settings for, 227
Đồng bộ tài khoản