Xem mẫu

  1. Expert Reference Series of White Papers An Introduction to Windows Server 2008 Server Manager 1-800-COURSES www.globalknowledge.com
  2. An Introduction to Windows Server 2008 Server Manager Glenn Weadock, Global Knowledge Instructor & Developer, MCSE, MCT, A+ Introduction When you take your first look at Windows Server 2008, you'll find that many of the traditional tools that graced Server 2003 are still around: the Computer Management console; the System Information utility; the Services console; and so forth. Administrative Tools are still in a Start menu folder named "Administrative Tools," and you can start feeling fairly comfortable with the GUI if you have background with prior versions of Windows. If you have logged some flight time with Windows Vista, things will look even more familiar. Windows Server 2008 has the look and feel of Windows Vista. (Which makes sense, when you consider that both products were developed under the "Longhorn" moniker, and share many megabytes of code.) The new collapsible Start menu, the Vista-style search facilities, as well as some of the tools (such as Windows Firewall with Advanced Security) look just as they do in the Vista GUI. Where things change a bit is in the Server Manager console (ServerManager.msc, typically under C:\Windows\System32), which is really the "nerve center" of Server 2008. Parts of this console are simply con- venient pointers to other administrative tools. However, the "Roles" and "Features" nodes may be unfamiliar to you. This white paper introduces the Server Manager console and will help you find your way around it, so that you can get up to speed with Server 2008 more quickly than I did when I first started stumbling around this massive console! Version note: For this white paper, I installed Server 2008 Enterprise Edition, Beta 3 (build 6001), into a fresh Virtual Machine running on Virtual PC 2007, with the Virtual Machine Additions. The host system was Windows Vista Ultimate. What Is Server Manager? Server Manager is an administrative "cockpit" for managing virtually everything about a Windows 2008 Server machine. It combines capabilities that were spread across several consoles in Windows 2003: Configure Your Server, Manage Your Server, the Windows Optional Components wizard of the Add/Remove Programs control panel, the Security Configuration Wizard, and so on. It is quite possible that many server admins will be able to do almost everything they need to do from this one console. Of course, like other MMC consoles, you have the flexibility to create your own customized version of this tool, but I'd recommend spending some significant time with the "vanilla" Server Manager before you do so. Note that Server Manager is not the same as the "Initial Configuration Tasks" console (ICT) that comes up automatically the first time after you install Server 2008. You can use the ICT to assign an administrator pass- Copyright ©2007 Global Knowledge Training LLC. All rights reserved. Page 2
  3. word, configure your IP address, join a domain, set up Windows Update—in short, all the things you would normally be prompted to do in an interactive install of Server 2003. You can also use ICT to add roles and fea- tures, but that process is better performed in Server Manager. When you've finished with ICT, click the little checkbox saying "do not show this window at logon" and it vanishes. Or, if you prefer, you can ignore the ICT entirely, because everything it can do, Server Manager can do, too, as you can see in Figure 1. (It's Microsoft software—there's usually more than one way to do the same thing.) The way to see this Server Manager overview is to click the topmost node in the navigation pane—the one titled "Server Manager" followed by the name of the computer. The overview is also a quick way to see what roles and features are installed on the server. Figure 1. The Server Manager overview duplicates ICT functionality. What Are Roles? Roles are the primary responsibilities that a server may hold. They are analogous to job titles in a company. You may have been introduced to this term if you ever used the Security Configuration Wizard (scw.exe) that Microsoft bundled with Windows Server 2003 Service Pack 1. SCW would go through your server, identify the Copyright ©2007 Global Knowledge Training LLC. All rights reserved. Page 3
  4. services it was running, and assign roles based on what it found. You can also think of roles as being similar to the old "optional Windows components" that you used to install via the Add/Remove Programs wizard. (That function, by the way, is gone; if you go to the new Programs and Features control panel and try to turn Windows features on or off, guess what—you get routed to Server Manager!) An out-of-the-box installation of Server 2008 starts out with no roles; a big part of setting up a server is adding the roles that you need. When you add a role, you typically launch a wizard that handles the installa- tion of any required services and administrative tool consoles, and provides initial configuration of the role. Just as small business managers wear many hats, servers in small organizations can have many roles. In larger organizations, servers tend to be more specialized, and have fewer roles. You can set up Server 2008 with as many or as few roles as you like—understanding, of course, that just as with humans, more roles mean more stress! And more problems when the role-holder suffers some downtime. Note: For those of you interested in single-purpose servers, check out my other Server 2008 white paper on Server Core-a version of Server 2008 that runs without a GUI, for easier management and enhanced reliability. The roles that you can add to Server 2008 appear in a checkbox list that you will see after you click the "Add Roles" link in the context menu of the Roles node. You can add multiple roles at one session; for example, in Figure 2, we've selected DNS, File Services, and Network Policy and Access Services as the three roles to add to the machine. Figure 2. Select the role or roles you want for your Windows 2008 box. Copyright ©2007 Global Knowledge Training LLC. All rights reserved. Page 4
  5. Depending on your choices, the wizard's subsequent screens may provide informative text and links for addi- tional information in the help system (although most of these seem to be unavailable as of the Beta 3 release). Note that some of the above roles have optional subordinate roles. Also, some roles give you a choice of which "role services" to install and activate. The Add Roles Wizard will prompt you to select role services if there are choices to be made. For example, as shown in Figure 3, if you choose to add the Network Policy and Access Services, you can select from various role services. This screen shows that you could choose to install the Network Policy Server without installing the Routing service. Figure 3. Pick and choose from the services you need for a given role. For another example, if you choose to install the File Services role, you can choose among various role services: DFS, File Server Resource Manager, Services for NFS, Windows Search Service, and Windows Server 2003 File Services (FRS and the Indexing Service). Once you've made your role services choices for each role that you've selected for installation, a summary screen appears, and you can confirm your choices by clicking an Install button. The installation processes can take some time, so this may be a good time to return some phone calls. When you return to Server Manager, your roles should be installed—and you'll see that you can now check their related event logs and service sta- tus within the Server Manager as shown in Figure 4 (next page), where the navigation pane is set to display information about the DNS Server role. You can also stop and restart the related system services here, as you can see in the lower right portion of the figure. Copyright ©2007 Global Knowledge Training LLC. All rights reserved. Page 5
  6. Figure 4. Viewing events and service status for the DNS Server role. Just because your server roles are installed and the services are running doesn't mean they will be configured. You'll need to access the specific administrative tools for each role in order to do that. For example, you could now go to your Start menu, choose Administrative Tools, and see that the DNS console has been added. Although you may have to close and re-open Server Manager to get them to show up, Microsoft has integrat- ed the role-specific consoles with Server Manager. Note in Figure 5 (next page) that the DNS console is now available under the Roles node in the navigation pane. You can fire up the New Zone Wizard by right-clicking the Forward Lookup Zones node and choosing New Zone, just as you would in the standalone DNS console. Copyright ©2007 Global Knowledge Training LLC. All rights reserved. Page 6
  7. Figure 5. The DNS console integrates with Server Manager. The only problem I found with this feature is, unfortunately, a big one: Server Manager's version of the DNS console won't let you connect to a different DNS server like the standalone version of the DNS console. Right- click the DNS icon in Server Manager's navigation pane, and the "Connect to DNS Server" option is absent. (I had a moment of hope when I thought that installing the Remote Server Administration Tools would magically remote-enable Server Manager, but it was not to be.) Nothing's perfect, but if Microsoft truly intends Server Manager to be a one-stop shop, the company will need to enable the tool for remote administration as well as local administration. Perhaps if enough of us send postcards to Steve Ballmer, our message will be heard. Anyway, after the roles installation, you may be tempted to hunt for the Server 2008 version of the Server 2003 SP1 "Security Configuration Wizard" I mentioned earlier. This tool reduces the attack surface of a 2003 box by disabling services and ports that don't seem to be needed by the discovered roles. With Longhorn, Microsoft claims that the role wizards are already designed for security. So although SCW is still there (see the Server Manager overview screen, open Server Summary, then open Security Information) for the purpose of creating a portable server security policy, there is less urgency to run SCW to tighten things down after a role has been installed. I haven't tested this contention yet, but if true, it will be a welcome change from the old tradition of "install it first, secure it later." Copyright ©2007 Global Knowledge Training LLC. All rights reserved. Page 7
  8. What Are Features? In the lingo of Server Manager, features are operating system components that cross role boundaries. If a role is analogous to a job title, a feature is analogous to a job skill. Some skills are useful no matter what your role is. For example: A server that uses the BitLocker full volume encryption feature will be more secure, whether it performs the role of a DNS server or that of a file server. The Telnet Server feature will allow Server 2008 to host incoming telnet connections, whether the server holds the role of a domain controller or that of a Web server. The Remote Server Administration Tools feature lets you install administrative consoles even if the relat- ed service isn't running on your server. For example, if you want to administer DNS on a remote server, but you don't want to install the DNS service on your local server, you could just install the DNS console by selecting it under the RSAT feature. As with roles, you install features via wizards launched from Server Manager. Generally, the installation of a feature is simpler and quicker than the installation of a role. A portion of the features you can add to Server 2008 appears in Figure 6. Figure 6. Just some of the "features" Server 2008 offers. Copyright ©2007 Global Knowledge Training LLC. All rights reserved. Page 8
  9. Command Prompt Interface As is Microsoft's habit these days, a command-line tool exists to provide some of Server Manager's functional- ity. The tool is servermanagercmd.exe, and here are a few of its major qualifiers: -query (runs a discovery operation and reports what's installed and what's not, as well as providing the "code names" of each role and subordinate role) -install (you can also specify required settings with – setting) -remove -inputPath (processes an XML-formatted answer file) Typing the command with the /? qualifier presents more detailed help text if you want to explore this tool fur- ther. Be forewarned, the syntax can get fairly complex. Figure 7. A query operation using servermanagercmd. Other Goodies I'm about out of space, so I will just briefly mention that Server Manager also gives you convenient access to the following tools and consoles, via the navigation pane: • Diagnostics • Event Viewer • Services • Reliability and Performance Monitor • Device Manager • Configuration • Task Scheduler • Windows Firewall with Advanced Security • WMI Control • Local Users and Groups • Storage • Windows Server Backup • Disk Management Copyright ©2007 Global Knowledge Training LLC. All rights reserved. Page 9
  10. Conclusion Spending time studying and learning the Server Manager console may be the quickest way to become familiar with Windows Server 2008. Exploring the roles and features sections of this tool, especially, will acquaint you with Server 2008's capabilities. Adding roles will help you understand which operating system services are available to support those roles. The online help is mighty sparse right now, but experimenting with this con- sole (for example, in a Virtual PC "sandbox") should nevertheless help you wrap your brain around this huge new operating system. Learn More Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge. Check out the following Global Knowledge courses: Migrating to Server 2008 Updating Your Active Directory Technology Skills to Windows Server 2008 (Beta 3) Updating Your Application Platform Technology Skills to Windows Server 2008 (Beta 3) Updating Your Network Infrastructure Technology Skills to Windows Server 2008 (Beta 3) For more information or to register, visit www.globalknowledge.com or call 1-800-COURSES to speak with a sales representative. Our courses and enhanced, hands-on labs offer practical skills and tips that you can immediately put to use. Our expert instructors draw upon their experiences to help you understand key concepts and how to apply them to your specific work situation. Choose from our more than 700 courses, delivered through Classrooms, e-Learning, and On-site sessions, to meet your IT and management training needs. About the Author Glenn Weadock is a longtime instructor for Global Knowledge and co-course-director with Mark Wilkins of the seminars "Implementing and Maintaining Microsoft Windows Vista," "Migrating to Windows Vista," and "Deploying Group Policy." He also consults through his Colorado-based company Independent Software, Inc. and is the author of 18 computer books. Copyright ©2007 Global Knowledge Training LLC. All rights reserved. Page 10
nguon tai.lieu . vn