Вы находитесь на странице: 1из 60
AIDAN FINN 14/01/2008 Windows 2008 Server Manger Using Server Manager To Configure Your Server Abstract

AIDAN FINN

14/01/2008

Windows 2008 Server Manger

Using Server Manager To Configure Your Server

Abstract

Using Server Manager to manage your Windows Server 2008 servers.

Table of Contents

Table of Contents

2

Introduction

3

Server Configuration

7

Roles and Features

8

The Rest of Server Manager

49

Summary

60

Introduction

Windows Server 2008 brings about many changes for administrators to get used to. One of these is Server Manager. Server Manager is exactly what it says on the tin: it allows administrators to configure, monitor and manage their server. We’re going to look at two aspects of Server Manger. The most important aspect is that of Roles and Features. This allows us to add or remove functionality on our Windows 2008 servers. I’ll describe how we can manage Roles and Feature using the MMC console and by using the command line utility SERVERMANAGERCME.EXE. We’ll then wrap up the document by briefly looking at the tools that are integrated into Server Manger.

One of the first things you notice when you first install Windows Server 2008 is that it is locked down. In fact, it doesn’t do very much because it has almost no functionality. You configure your password, login and if you’re like me you’ve skipped past all those annoying windows that automatically open to get in under the covers to see how this thing ticks. I wanted to add those components that I’m used to playing with in work and in labs. That’s when I originally noticed that things were different … very different. Change isn’t necessarily a bad thing. Once you start trying things out you soon understand what is going on and why Microsoft has designed it the way they have.

A brief recap on what Microsoft has been doing in previous versions of Windows Server will give us a clue of what is happening. Firstly, Microsoft has been trying to develop a single tool approach to managing our servers. They’ve tried to get us to see servers as having specific functions that would be installed in a modular manner. We were given tools to do this but other than knowing about them for MCP exams we had little use for them. It was just quicker for us to get into Control Panel and install what we wanted plus we had 100% control over the process. The other thing that Microsoft has recently being aiming towards was the locked down initial installation that we had to add functionality to as and when we required it. Windows Server 2003 edged slowly towards this. Windows Server 2008 has firmly achieved this.

So our new server is sitting there and it doesn’t do very much. We’ve closed all those pesky windows that automatically opened when we logged in. We’ve gone into Control Panel to try change things and noticed that … well … we don’t know how to do it. Well, one of those pesky windows that did open automatically was Server Manager, a new tool that Microsoft has added to allow us to add/remove functionality to our server, monitor its performance, health and status and to manage it and other servers. So if you were patient, go back to the Server Manager window. And if you are like me, we’ll need to launch it again.

So, enough talk! Let’s get a look at Server Manager. Like I said, it does open automatically when you log in. This functionality is controlled by the registry value “DoNotOpenServerManagerAtLogon” in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Server Manager.

Value = 0

The window will open automatically. This is the default setting.

Value = 1

The window will not open automatically.

I’m thinking that people who are constantly logging into servers will want to take note of that setting and probably want to apply it to every server they manage. Having Server Manager always open automatically could get a little annoying even if it is a legitimately important tool.

We’ve got a few ways to manually launch Server Manager. Firstly, it is pinned to the Start Menu so it is always easy to find.

it is pinned to the Start Menu so it is always easy to find. Secondly, it

Secondly, it is in Administrative Tools:

Thirdly, go into “Programs and Features” in Control Panel where you can click on “Turn

Thirdly, go into “Programs and Features” in Control Panel where you can click on “Turn Windows features on or off” to launch Server Manager.

Using one of those methods you should have been able to get Server Manager to

Using one of those methods you should have been able to get Server Manager to open.

you should have been able to get Server Manager to open. Command line junkies should not

Command line junkies should not fret at all this talk of GUI’s and windows. Microsoft has hooked you up. One of their big plans has been to make every thing you can do in the GUI possible from

command line. This is important for scripted customizations which are common using off the shelf server cloning solutions. You’ll also find you can do some of these setup tasks faster using command line options. We’ll see this as we progress through the document. We can do everything from command line that we can do with the Server Manager GUI using the SERVERMANAGERCMD.EXE command. We’ll be looking at the syntax of that command as we go through the functionality of Server Manager.

Server Configuration

Under Server Summary we can see that we have some general configurations that we can manage. We have the following under Computer Information

Item

Where?

Computer Name

Change System Properties

Workgroup/Domain membership

Change System Properties

Local Area Connection

View Network Connections

Remote Desktop

Configure Remote Desktop

If you’ve done a manual installation then you are likely to use these settings to customise your server:

Rename the server;

Add it to a domain of your choosing;

Configure the IP settings and

Enable Remote Desktop for administrators so that you can remotely manage your server.

We can use the settings under Security Information to manage the security configuration of the server:

Item

Where?

Windows Firewall

Go to Windows Firewall

Windows Updates

Configure Updates

Last Checked for Updates

Configure Updates

Last Installed Updates

Configure Updates

IE Enhanced Security Configuration

Configure IE ESC

After you’ve configured the naming, membership and IP settings for the server you will likely configure the security settings, e.g. allow remote access to local services, configure automatic updates and configure Internet Explorer. In addition, you may also run the Security Configuration Wizard to apply your security hardening policies on the server.

It is possible that you will need to run each of these security configuration tools on each server in a small network. But any network with a well designed and implemented Active Directory should configure these settings automatically using Group Policy once the server is a member of a domain and located in the correct organisational unit.

Roles and Features

As I’ve already mentioned, our new Windows 2008 server doesn’t do very much. We’re likely going to want to add functionality so that we can use it as a file server, domain controller, web server, etc. Each of these can be described as a role. Microsoft defines a role as a “primary function”, i.e. some sort of function that can be used to uniquely identify a server. The complete listing of roles available for a Windows 2008 server is as follows:

Role

Description

Active Directory Certificate Server

Provide a Certificate Authority for a Public Key Infrastructure.

Active Directory Domain Services

To build a domain controller.

Active Directory Federation Services

To allow single sign-on for inter directory applications.

Active Directory Lightweight Directory Services

To run Active Directory Application Mode.

Active Directory Rights Management Services

Provide document level access rights and encryption.

Application Server

.NET 3 and Windows Process Activation Service.

DHCP Server

Dynamic Host Configuration Protocol Server

DNS Server

Domain Name System Server

Fax Server

Send and receive faxes

File Server

Folder sharing, UNIX integration and file replication.

Network Policy and Access Services

Control access to the network using policies.

Print Services

Manage and share printers.

Terminal Services

Provide server based computing services to full or thin clients.

UDDI Services

Universal Description, Discovery and Integration services.

Web Server

IIS 7.

Windows Deployment Services

An image based operating system deployment service.

Windows SharePoint Services

WSS3 is the engine for Microsoft’s collaboration services.

Looking at that list you’re probably thinking “Hey! That’s not all that different to what I used to see in Control Panel. I thought you said Windows 2008 was stripped down when it’s initially installed”. OK. Let’s have a look at features. Features are much more granular components of the operating system. Rather than changing the major function of a server, they add smaller amounts of functionality that can assist a role. Microsoft has described them as providing “auxiliary or providing functions to servers”. The complete listing of features is below:

Role

Description

.NET Framework 3.0 Features

Version 3.0 of the API framework used by developers.

BitLocker Drive Encryption

Adds the ability to secure drives and their contents by encrypting them.

BITS Server Extensions

Optimise available bandwidth during bulk transfer of data to client computers.

Connection Manager Administration Kit

Create profiles to automate the creation of connections for VPN’s or ISP’s on client computers.

Desktop Experience

Adds some functionality from Windows Vista such as photo management, themes and Media Player.

Failover Clustering

Provide active/passive clustering of applications.

Group Policy Management

The GPMC is used to manage group policy.

Internet Printing Client

Allows clients to print using printers on the network or internet using the Internet Printing Protocol.

Internet Storage Name Server

Provides a discovery service for available storage that is hosted by iSCSI devices.

LPR Port Monitor

Line print Remote Port Monitor allows the server to use printers on servers that use Line Printer Daemon, e.g. UNIX.

Message Queuing

A

service used by applications to messages or

jobs to a collection of application servers.

Multipath I/O

MPIO allows support of redundant data paths between the server and storage devices.

Network Load Balancing

Allows servers to share client loads for applications and to converge if one server fails.

Peer Name Resolution Protocol

Allows applications to register names on the computer so that they can be contacted by other computers.

Quality Windows Audio Video Experience

Provides audio and video streaming for IP home networks.

Remote Assistance

Allows a remote user to provide interactive assistance to a local user.

Remote Differential Compression

A

protocol that optimises data transfer by only

transferring the differences between two objects.

Remote Server Administration Tools

Administration tools for managing server roles and features.

Removable Storage Manager

Manage and catalog media and storage/backup devices.

RPC over HTTP Proxy

Allows RPC to be encapsulated in HTTP from a client computer and relays the RPC connection to an application server.

Simple TCP/IP Services

Provides some backwards compatibility services such as “Quote of the Day”.

SMTP Server

Simple Mail Transfer Protocol is a mail transfer service.

SNMP Services

Simple Network Management Protocol is used for many server monitoring applications.

Storage Manager for SANS

Create and manage volumes on Fibre Channel and iSCSI SAN’s that support Virtual Disk Service.

 

Be sure to check with your vendor before installing or using this.

Subsystem for UNIX-Based Applications

Compile and run UNIX-based applications.

Telnet Client

Connect to remote computers via Telnet.

Telnet Server

Allow remote computers to connect to this server via Telnet.

TFTP Client

Connect to a remote Trivial File Transfer Protocol server.

Windows Internal Database

A relational database that is used by other Windows roles and features.

Windows PowerShell

The new Windows scripting engine.

Windows Process Activation Service

Manages application pools and worker processes in IIS7. Allows you to host non-HTTP sites.

Windows Recovery Disc

Provides system recovery in the event of a failure.

Windows Server Backup Features

Backup/recover your server, applications and data.

Windows System Resource Manager

Manage how CPU and memory resources are allocated to processes.

WINS Server

Provide NetBIOS name resolution services using Windows Internet Naming Service.

Wireless LAN Service

Manages Wi-Fi connections and profiles to connect the server to a wireless network.

As you can see, you may wish to add certain roles to a server and then add some features to add additional functionality without changing the actual purpose of the server. This is possible by adding some of these features.

Adding a Role Using the Server Manager MMC

This will probably be the next thing you will do after performing your initial configurations such as naming and security. That’s where we stop next.

Fire up Server Manager and scroll down to “Roles”.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

10

Under the summary we can see that we have 0 of the 17 available roles

Under the summary we can see that we have 0 of the 17 available roles installed. I want to install a web server that will have IIS7 and .NET 3.0 functionality. I know from the above listing that this includes 2 roles. To start installing them I’ll click on <Add Roles>.

start installing them I’ll click on <Add Roles>. Windows 2008 Server Manger Copyright Aidan Finn 2008

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

11

We get the little splash screen that gives us some warnings about configuring passwords, network settings and applying security updates. Pay attention to this. Some of the roles you will install will require a static IP address, e.g. DNS, DHCP, etc.

You can choose not to see this screen again by ticking the “Skip this page by default” tick box. Click on <Next> to continue.

default” tick box. Click on <Next> to continue. We are now presented with a full listing

We are now presented with a full listing of the available roles. Tick those ones that you wish to select. The first one I selected was “Web Server (IIS)”.

select. The first one I selected was “Web Server (IIS)”. Now we get to see some

Now we get to see some of the clever engineering that Microsoft has done. Server Manager knows

that if I install the Web Server role then I will require some additional features. Without these

features I cannot have a functioning web server. the features and roles and how they are related.

This is possible because Microsoft has modelled all

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

12

Clicking on <Cancel> will cancel my selection of the Web Server role. I’ve clicked on <Add Required Features> to confirm that I want these additional features. The wizard can now go ahead with the selection of the Web Server role.

can now go ahead with the selection of the Web Server role. The role is now

The role is now selected. I now proceed with selecting my next role, Application Server.

now proceed with selecting my next role, Application Server. Role and feature modelling kicks in once

Role and feature modelling kicks in once again. The displayed features are displayed and I confirm my approval by clicking on <Add Required Features>.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

13

Both of my required roles are now selected. Clicking on <Next> will continue the wizard.

Both of my required roles are now selected. Clicking on <Next> will continue the wizard.

Clicking on <Next> will continue the wizard. We get an introduction to the Application Server role.

We get an introduction to the Application Server role. Click on <Next> to continue.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

14

The “Role Service” screen allows us to install the sub components of a role. We

The “Role Service” screen allows us to install the sub components of a role. We can add additional services to add functionality to this role. This is the default screen for Application Server. I’ve decided that I need to add “Web Server (IIS) Support”

decided that I need to add “Web Server (IIS) Support” I’m now warned that my new

I’m now warned that my new selection of a role service requires additional role services, including those in other roles, to be installed. Only by clicking on <Add Required Role Services” can this new role selection be allowed.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

15

-

- Notice how my new role service selection is selected? Also note that an additional role

Notice how my new role service selection is selected? Also note that an additional role service was selected to be installed because of this selection and the previous approval. This is role and feature modelling in action. Basically, it allows us to perform a minimal installation and lets Windows decide for us what components need to be installed. We just have to start with our high level requirements.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

16

I’m now f inished selecting role services for the Application Server role and now move

I’m now finished selecting role services for the Application Server role and now move onto the Web Server role.

Server role and now move onto the Web Server role. Windows 2008 Server Manger Copyright Aidan

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

17

As we can see, there’s a whole lot more involved in web servers! I’m actually going to stick with the default selections. What’s there meets my requirements and I can see that I’ve got ASP.NET functionality installed and enabled.

I’ve got ASP.NET functionality installed and enabled. Clicking on <Next> brings me to this summary screen.

Clicking on <Next> brings me to this summary screen. You should double check everything and then select <Install> to continue with the installation. You can backtrack through the wizard to alter your selections by clicking on <Previous>. And you can cancel the installation of your roles by clicking on <Cancel>.

installation of your roles by clicking on <Cancel>. I clicked on <Next> and the installation started.

I clicked on <Next> and the installation started.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

18

As we can see, I was a naughty boy and didn’t have my Automatic Updates

As we can see, I was a naughty boy and didn’t have my Automatic Updates configured. a warning but my selected roles were successfully installed.

That gave me

Note that now that I have installed additional functionality to the server I should most definitely

make sure that the server has all security updates installed.

that the attack surface has been increased with un-patched components. These components may have published vulnerabilities that require additional patching. Only by forcing an update will you be sure that your newly modified server is secure.

New functionality on the server means

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

19

I closed the wizard and then I’m brought back to Server Manager. We can see

I closed the wizard and then I’m brought back to Server Manager. We can see that we now have 2 of 27 roles installed. And we also see that 3 of 36 features are installed. We now have a functioning web server with .NET 3.0 functionality with a minimal attack surface to meet my technical and business requirements.

Adding a Role Using the Server Manager Command

OK, we’ve had a look at using the MMC to add a role. Let’s throw a bone to our friends who prefer the command line interface. Now don’t go skipping to the next part of the document if command line isn’t your thing! I promise you won’t regret reading and working through this section.

I’m starting off with another new server so we can repeat the above steps of installing a web and application server. Start off by running Command Prompt or CMD.EXE. Then run SERVERMANAGERCMD.EXE. This will give you a listing of the syntax for this command. As you will see, there’s lots that we can do!

We should start off by checking what roles and features are already installed. I know this server has nothing installed but this is good practice anyway. You can do this by running the SERVERMANAGERCMD QUERY command. We can see the results below.

C:\Users\Administrator>ServerManagerCmd.exe -query

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

20

----- Roles -----

[

] Active Directory Certificate Services [AD-Certificate]

 

[

] Certification Authority [ADCS-Cert-Authority]

[

] Certification Authority Web Enrollment [ADCS-Web-Enrollment]

[

] Online Responder [ADCS-Online-Cert]

[

] Network Device Enrollment Service [ADCS-Device-Enrollment]

[

] Active Directory Domain Services

 

[

] Active Directory Domain Controller [ADDS-Domain-Controller]

[

] Identity Management for UNIX [ADDS-Identity-Mgmt]

 

[

] Server for Network Information Services [ADDS-NIS]

[

] Password Synchronization [ADDS-Password-Sync]

[

] Administration Tools [ADDS-IDMU-Tools]

[

] Active Directory Federation Services

 

[

] Federation Service [ADFS-Federation]

[

] Federation Service Proxy [ADFS-Proxy]

[

] AD FS Web Agents [ADFS-Web-Agents]

 

[

] Claims-aware Agent [ADFS-Claims]

[

] Windows Token-based Agent [ADFS-Windows-Token]

[

] Active Directory Lightweight Directory Services [ADLDS]

[

] Active Directory Rights Management Services

 

[

] Active Directory Rights Management Server

[

] Identity Federation Support

[

] Application Server [Application-Server]

 

[

] Application Server Foundation [AS-AppServer-Foundation]

[

] Web Server (IIS) Support [AS-Web-Support]

[

] COM+ Network Access [AS-Ent-Services]

[

] TCP Port Sharing [AS-TCP-Port-Sharing]

[

] Windows Process Activation Service Support [AS-WAS-Support]

 

[

] HTTP Activation [AS-HTTP-Activation]

[

] Message Queuing Activation [AS-MSMQ-Activation]

[

] TCP Activation [AS-TCP-Activation]

[

] Named Pipes Activation [AS-Named-Pipes]

 

[

] Distributed Transactions [AS-Dist-Transaction]

 

[

] Incoming Remote Transactions [AS-Incoming-Trans]

[

] Outgoing Remote Transactions [AS-Outgoing-Trans]

[

] WS-Atomic Transactions [AS-WS-Atomic]

[

] DHCP Server [DHCP]

[

] DNS Server [DNS]

[

] Fax Server [Fax]

[

] File Services

 

[

] File Server [FS-FileServer]

[

] Distributed File System [FS-DFS]

 

[

] DFS Namespaces [FS-DFS-Namespace]

[

] DFS Replication [FS-DFS-Replication]

 

[

] File Server Resource Manager [FS-Resource-Manager]

[

] Services for Network File System [FS-NFS-Services]

[

] Windows Search Service [FS-Search-Service]

[

] Windows Server 2003 File Services [FS-Win2003-Services]

 

[

] File Replication Service [FS-Replication]

[

] Indexing Service [FS-Indexing-Service]

[

] Network Policy and Access Services [NPAS]

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

21

[

] Network Policy Server [NPAS-Policy-Server]

[

] Routing and Remote Access Services [NPAS-RRAS-Services]

[

] Remote Access Service [NPAS-RRAS]

[

] Routing [NPAS-Routing]

[

] Health Registration Authority [NPAS-Health]

[

] Host Credential Authorization Protocol [NPAS-Host-Cred]

[

] Print Services [Print-Services]

 

[

] Print Server [Print-Server]

[

] LPD Service [Print-LPD-Service]

[

] Internet Printing [Print-Internet]

[

] Terminal Services [Terminal-Services]

 

[

] Terminal Server [TS-Terminal-Server]

[

] TS Licensing [TS-Licensing]

[

] TS Session Broker [TS-Session-Broker]

[

] TS Gateway [TS-Gateway]

[

] TS Web Access [TS-Web-Access]

[

] UDDI Services

 

[

] UDDI Services Database

[

] UDDI Services Web Application

[

] Web Server (IIS) [Web-Server]

[ ] Web Server [Web-WebServer]

[

] Common HTTP Features [Web-Common-Http]

 

[

] Static Content [Web-Static-Content]

[

] Default Document [Web-Default-Doc]

[

] Directory Browsing [Web-Dir-Browsing]

[

] HTTP Errors [Web-Http-Errors]

[

] HTTP Redirection [Web-Http-Redirect]

[

] Application Development [Web-App-Dev]

 

[

] ASP.NET [Web-Asp-Net]

[

] .NET Extensibility [Web-Net-Ext]

[

] ASP [Web-ASP]

[

] CGI [Web-CGI]

[

] ISAPI Extensions [Web-ISAPI-Ext]

[

] ISAPI Filters [Web-ISAPI-Filter]

[

] Server Side Includes [Web-Includes]

[

] Health and Diagnostics [Web-Health]

 

[

] HTTP Logging [Web-Http-Logging]

[

] Logging Tools [Web-Log-Libraries]

[

] Request Monitor [Web-Request-Monitor]

[

] Tracing [Web-Http-Tracing]

[

] Custom Logging [Web-Custom-Logging]

[

] ODBC Logging [Web-ODBC-Logging]

[

] Security [Web-Security]

 

[

] Basic Authentication [Web-Basic-Auth]

[

] Windows Authentication [Web-Windows-Auth]

[

] Digest Authentication [Web-Digest-Auth]

[

] Client Certificate Mapping Authentication [Web-Client-Auth]

[

] IIS Client Certificate Mapping Authentication [Web-Cert-Auth]

[

] URL Authorization [Web-Url-Auth]

[

] Request Filtering [Web-Filtering]

[

] IP and Domain Restrictions [Web-IP-Security]

[

] Performance [Web-Performance]

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

22

 

[

] Static Content Compression [Web-Stat-Compression]

[

] Dynamic Content Compression [Web-Dyn-Compression]

[

] Management Tools [Web-Mgmt-Tools]

 

[

] IIS Management Console [Web-Mgmt-Console]

[

] IIS Management Scripts and Tools [Web-Scripting-Tools]

[

] Management Service [Web-Mgmt-Service]

[

] IIS 6 Management Compatibility [Web-Mgmt-Compat]

 

[

] IIS 6 Metabase Compatibility [Web-Metabase]

[

] IIS 6 WMI Compatibility [Web-WMI]

[

] IIS 6 Scripting Tools [Web-Lgcy-Scripting]

[

] IIS 6 Management Console [Web-Lgcy-Mgmt-Console]

[

] FTP Publishing Service [Web-Ftp-Publishing]

[

] FTP Server [Web-Ftp-Server]

[

] FTP Management Console [Web-Ftp-Mgmt-Console]

[

] Windows Deployment Services [WDS]

 

[

] Deployment Server [WDS-Deployment]

[

] Transport Server [WDS-Transport]

[

] Windows SharePoint Services [Windows-SharePoint]

----- Features -----

[

] .NET Framework 3.0 Features [NET-Framework]

[

] .NET Framework 3.0 [NET-Framework-Core]

[

] XPS Viewer [NET-XPS-Viewer]

[

] WCF Activation [NET-Win-CFAC]

 

[

] HTTP Activation [NET-HTTP-Activation]

[

] Non-HTTP Activation [NET-Non-HTTP-Activ]

[

] BitLocker Drive Encryption [BitLocker]

[

] BITS Server Extensions [BITS]

[

] Connection Manager Administration Kit [CMAK]

[

] Desktop Experience [Desktop-Experience]

[

] Failover Clustering [Failover-Clustering]

[

] Group Policy Management [GPMC]

[

] Internet Printing Client [Internet-Print-Client]

[

] Internet Storage Name Server [ISNS]

[

] LPR Port Monitor [LPR-Port-Monitor]

[

] Message Queuing [MSMQ]

[

] Message Queuing Services [MSMQ-Services]

 

[

] Message Queuing Server [MSMQ-Server]

[

] Directory Service Integration [MSMQ-Directory]

[

] Message Queuing Triggers [MSMQ-Triggers]

[

] HTTP Support [MSMQ-HTTP-Support]

[

] Multicasting Support [MSMQ-Multicasting]

[

] Routing Service [MSMQ-Routing]

 

[

] Windows 2000 Client Support [MSMQ-Win2000]

[

] Message Queuing DCOM Proxy [MSMQ-DCOM]

[

] Multipath I/O [Multipath-IO]

[

] Network Load Balancing [NLB]

[

] Peer Name Resolution Protocol [PNRP]

[

] Quality Windows Audio Video Experience [qWave]

[

] Remote Assistance [Remote-Assistance]

[

] Remote Differential Compression [RDC]

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

23

[

] Remote Server Administration Tools [RSAT]

[

] Role Administration Tools [RSAT-Role-Tools]

 

[

] Active Directory Certificate Services Tools [RSAT-ADCS]

 

[

] Certification Authority Tools [RSAT-ADCS-Mgmt]

[

] Online Responder Tools [RSAT-Online-Responder]

 

[

] Active Directory Domain Services Tools [RSAT-ADDS]

 

[

] Active Directory Domain Controller Tools [RSAT-ADDC]

[

] Server for NIS Tools [RSAT-SNIS]

 

[

] Active Directory Lightweight Directory Services Tools [RSAT-ADLDS]

[

] Active Directory Rights Management Services Tools [RSAT-RMS]

[

] DHCP Server Tools [RSAT-DHCP]

[

] DNS Server Tools [RSAT-DNS-Server]

[

] Fax Server Tools [RSAT-Fax]

[

] File Services Tools [RSAT-File-Services]

 

[

] Distributed File System Tools [RSAT-DFS-Mgmt-Con]

[

] File Server Resource Manager Tools [RSAT-FSRM-Mgmt]

[

] Services for Network File System Tools [RSAT-NFS-Admin]

 

[

] Network Policy and Access Services Tools [RSAT-NPAS]

 

[

] Routing and Remote Access Services Tools [RSAT-RAS]

[

] Health Registration Authority Tools [RSAT-HRA]

 

[

] Print Services Tools [RSAT-Print-Services]

[

] Terminal Services Tools [RSAT-TS]

 

[

] Terminal Server Tools [RSAT-TS-RemoteApp]

[

] TS Gateway Tools [RSAT-TS-Gateway]

[

] TS Licensing Tools [RSAT-TS-Licensing]

 

[

] UDDI Services Tools [RSAT-UDDI]

[

] Web Server (IIS) Tools [RSAT-Web-Server]

[

] Windows Deployment Services Tools [RSAT-WDS]

 

[

] Feature Administration Tools [RSAT-Feature-Tools]

 

[

] BitLocker Drive Encryption Tools [RSAT-BitLocker]

[

] BITS Server Extensions Tools [RSAT-Bits-Server]

[

] Failover Clustering Tools [RSAT-Clustering]

[

] Network Load Balancing Tools [RSAT-NLB]

[

] SMTP Server Tools [RSAT-SMTP]

[

] WINS Server Tools [RSAT-WINS]

[

] Removable Storage Manager [Removable-Storage]

[

] RPC over HTTP Proxy [RPC-over-HTTP-Proxy]

[

] Simple TCP/IP Services [Simple-TCPIP]

[

] SMTP Server [SMTP-Server]

[

] SNMP Services [SNMP-Services]

[

] SNMP Service [SNMP-Service]

[

] SNMP WMI Provider [SNMP-WMI-Provider]

[

] Storage Manager for SANs [Storage-Mgr-SANS]

[

] Subsystem for UNIX-based Applications [Subsystem-UNIX-Apps]

[

] Telnet Client [Telnet-Client]

[

] Telnet Server [Telnet-Server]

[

] TFTP Client [TFTP-Client]

[

] Windows Internal Database [Windows-Internal-DB]

[

] Windows PowerShell [PowerShell]

[

] Windows Process Activation Service [WAS]

[

] Process Model [WAS-Process-Model]

[

] .NET Environment [WAS-NET-Environment]

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

24

[ ] Configuration APIs [WAS-Config-APIs]

[

] Windows Recovery Disc [Recovery-Disc]

[

] Windows Server Backup Features [Backup-Features]

[

] Windows Server Backup [Backup]

[

] Command-line Tools [Backup-Tools]

[

] Windows System Resource Manager [WSRM]

[

] WINS Server [WINS-Server]

[

] Wireless LAN Service [Wireless-Networking]

C:\Users\Administrator>

I’m just going to go on a quick tangent here. A lot of administrators have a requirement to document their server configurations to satisfy the needs of things like industrial regulations, security officers or internal auditors or maybe just for best practice documentation. There are a lot of tools out there that can do this, many of which will put a reasonable dent into your annual budget. So we always like to look for economical alternates. Looking at the results we just got from our Server Manager query, we’ve just listed the components of the operating system that have been installed. You can go ahead and document them by piping the results into a text file:

C:\Users\Administrator>ServerManagerCMD query > C:\Config.txt

Or maybe you could run a scheduled task and store these results on a file share?

C:\Users\Administrator>ServerManagerCMD query > \\ITFileServer\Configs\%computername%.txt

Using this you can quickly dump the configurations of all of your Windows 2008 servers into a single documentation store that can be quickly referenced. Now we will return to our regularly scheduled programming.

In the above results we can see that nothing is ticked. This confirms that no roles or features have been installed on this server. I now want to install the Web Server and Application server roles on this server. We’ll use the SERVERMANAGERCMD command again but this time with the INSTALL parameter. I know that I want to install the Web Server (IIS) and the Application Server roles. The SERVERMANAGERCMD command will not accept roles with spaces in their names. By checking the results of the query command we can see the codes accepted by SERVERMANAGERCMD, e.g. “Web-Server” and “Application-Server”. And remember that I added an additional role service under the Application Server role? It was “Web Server (IIS) Support”. Looking at the query results I can see it’s code it “AS-Web-Support”. I’m going to add that as well to directly replicate what I did using the MMC.

C:\Users\Administrator>ServerManagerCMD -install Application-Server AS-Web-Support Web-Server

Start Installation [Installation] Succeeded: [Application Server] Windows Process Activation Service Support. [Installation] Succeeded: [Web Server (IIS)] Management Tools. [Installation] Succeeded: [.NET Framework 3.0 Features] WCF Activation. [Installation] Succeeded: [Web Server (IIS)] Web Server.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

25

[Installation] Succeeded: [Web Server (IIS)] Application Development. [Installation] Succeeded: [Web Server (IIS)] Security. [Installation] Succeeded: [Web Server (IIS)] Performance. [Installation] Succeeded: [Web Server (IIS)] Common HTTP Features. [Installation] Succeeded: [Web Server (IIS)] Health and Diagnostics.

[Installation] Succeeded: [Windows Process Activation Service] Configuration API

s.

[Installation] Succeeded: [.NET Framework 3.0 Features] .NET Framework 3.0. [Installation] Succeeded: [Windows Process Activation Service] .NET Environment.

[Installation] Succeeded: [Windows Process Activation Service] Process Model. [Installation] Succeeded: [Web Server (IIS)] IIS Management Scripts and Tools. [Installation] Succeeded: [Web Server (IIS)] IIS Management Console. [Installation] Succeeded: [Web Server (IIS)] Static Content Compression. [Installation] Succeeded: [Web Server (IIS)] Digest Authentication. [Installation] Succeeded: [Web Server (IIS)] Dynamic Content Compression. [Installation] Succeeded: [Web Server (IIS)] Default Document. [Installation] Succeeded: [Web Server (IIS)] Static Content. [Installation] Succeeded: [Web Server (IIS)] Directory Browsing. [Installation] Succeeded: [Web Server (IIS)] HTTP Redirection. [Installation] Succeeded: [Web Server (IIS)] HTTP Errors. [Installation] Succeeded: [Web Server (IIS)] Windows Authentication. [Installation] Succeeded: [Web Server (IIS)] Basic Authentication. [Installation] Succeeded: [Web Server (IIS)] Client Certificate Mapping Authentication. [Installation] Succeeded: [Web Server (IIS)] ISAPI Extensions. [Installation] Succeeded: [Web Server (IIS)] Tracing. [Installation] Succeeded: [Web Server (IIS)] HTTP Logging. [Installation] Succeeded: [Web Server (IIS)] ISAPI Filters. [Installation] Succeeded: [Web Server (IIS)] Request Monitor. [Installation] Succeeded: [Web Server (IIS)] Logging Tools. [Installation] Succeeded: [Web Server (IIS)] IP and Domain Restrictions. [Installation] Succeeded: [Web Server (IIS)] URL Authorization. [Installation] Succeeded: [Web Server (IIS)] Request Filtering. [Installation] Succeeded: [Web Server (IIS)] IIS Client Certificate Mapping Authentication. [Installation] Succeeded: [Web Server (IIS)] Management Service. [Installation] Succeeded: [Web Server (IIS)] .NET Extensibility. [Installation] Succeeded: [.NET Framework 3.0 Features] HTTP Activation. [Installation] Succeeded: [Web Server (IIS)] ASP.NET. [Installation] Succeeded: [Application Server] Application Server Foundation. [Installation] Succeeded: [Application Server] HTTP Activation. [Installation] Succeeded: [Application Server] Web Server (IIS) Support.

<100/100>

Success: Installation succeeded.

C:\Users\Administrator>

Running a query now should show us that I’ve successfully installed a server that is identical to the one I set up using the Server Manager MMC, except I did it using 1 command. We can see that the modelling process automatically selected the required components based on the roles and role services that I listed to be installed.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

26

C:\Users\Administrator>servermanagercmd -query

----- Roles -----

[

] Active Directory Certificate Services [AD-Certificate]

 

[

] Certification Authority [ADCS-Cert-Authority]

[

] Certification Authority Web Enrollment [ADCS-Web-Enrollment]

[

] Online Responder [ADCS-Online-Cert]

[

] Network Device Enrollment Service [ADCS-Device-Enrollment]

[

] Active Directory Domain Services

 

[

] Active Directory Domain Controller [ADDS-Domain-Controller]

[

] Identity Management for UNIX [ADDS-Identity-Mgmt]

 

[

] Server for Network Information Services [ADDS-NIS]

[

] Password Synchronization [ADDS-Password-Sync]

[

] Administration Tools [ADDS-IDMU-Tools]

[

] Active Directory Federation Services

 

[

] Federation Service [ADFS-Federation]

[

] Federation Service Proxy [ADFS-Proxy]

[

] AD FS Web Agents [ADFS-Web-Agents]

 

[

] Claims-aware Agent [ADFS-Claims]

[

] Windows Token-based Agent [ADFS-Windows-Token]

[

] Active Directory Lightweight Directory Services [ADLDS]

[

] Active Directory Rights Management Services

 

[

] Active Directory Rights Management Server

[

] Identity Federation Support

[X] Application Server [Application-Server]

[X]

Application Server Foundation [AS-AppServer-Foundation]

[X]

Web Server (IIS) Support [AS-Web-Support]

[

] COM+ Network Access [AS-Ent-Services]

[

] TCP Port Sharing [AS-TCP-Port-Sharing]

[X] Windows Process Activation Service Support [AS-WAS-Support] [X] HTTP Activation [AS-HTTP-Activation]

[

] Message Queuing Activation [AS-MSMQ-Activation]

[

] TCP Activation [AS-TCP-Activation]

[

] Named Pipes Activation [AS-Named-Pipes]

[ ] Distributed Transactions [AS-Dist-Transaction]

[

] Incoming Remote Transactions [AS-Incoming-Trans]

[

] Outgoing Remote Transactions [AS-Outgoing-Trans]

[

] WS-Atomic Transactions [AS-WS-Atomic]

[

] DHCP Server [DHCP]

[

] DNS Server [DNS]

[

] Fax Server [Fax]

[

] File Services

[

] File Server [FS-FileServer]

[

] Distributed File System [FS-DFS]

[

] DFS Namespaces [FS-DFS-Namespace]

[

] DFS Replication [FS-DFS-Replication]

[

] File Server Resource Manager [FS-Resource-Manager]

[

] Services for Network File System [FS-NFS-Services]

[

] Windows Search Service [FS-Search-Service]

[

] Windows Server 2003 File Services [FS-Win2003-Services]

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

27

 

[

] File Replication Service [FS-Replication]

[

] Indexing Service [FS-Indexing-Service]

[

] Network Policy and Access Services [NPAS]

 

[

] Network Policy Server [NPAS-Policy-Server]

[

] Routing and Remote Access Services [NPAS-RRAS-Services]

 

[

] Remote Access Service [NPAS-RRAS]

[

] Routing [NPAS-Routing]

 

[

] Health Registration Authority [NPAS-Health]

[

] Host Credential Authorization Protocol [NPAS-Host-Cred]

[

] Print Services [Print-Services]

 

[

] Print Server [Print-Server]

[

] LPD Service [Print-LPD-Service]

[

] Internet Printing [Print-Internet]

[

] Terminal Services [Terminal-Services]

 

[

] Terminal Server [TS-Terminal-Server]

[

] TS Licensing [TS-Licensing]

[

] TS Session Broker [TS-Session-Broker]

[

] TS Gateway [TS-Gateway]

[

] TS Web Access [TS-Web-Access]

[

] UDDI Services

 

[

] UDDI Services Database

[

] UDDI Services Web Application

[X] Web Server (IIS) [Web-Server]

[X] Web Server [Web-WebServer]

[X] Common HTTP Features [Web-Common-Http]

[X]

Static Content [Web-Static-Content]

[X]

Default Document [Web-Default-Doc]

[X]

Directory Browsing [Web-Dir-Browsing]

[X]

HTTP Errors [Web-Http-Errors]

[X]

HTTP Redirection [Web-Http-Redirect]

[X] Application Development [Web-App-Dev]

[X]

ASP.NET [Web-Asp-Net]

[X]

.NET Extensibility [Web-Net-Ext]

[

] ASP [Web-ASP]

[

] CGI [Web-CGI]

[X]

ISAPI Extensions [Web-ISAPI-Ext]

[X]

ISAPI Filters [Web-ISAPI-Filter]

[

] Server Side Includes [Web-Includes]

[X]

Health and Diagnostics [Web-Health]

[X]

HTTP Logging [Web-Http-Logging]

[X]

Logging Tools [Web-Log-Libraries]

[X]

Request Monitor [Web-Request-Monitor]

[X]

Tracing [Web-Http-Tracing]

[

] Custom Logging [Web-Custom-Logging]

[

] ODBC Logging [Web-ODBC-Logging]

[X]

Security [Web-Security]

[X]

Basic Authentication [Web-Basic-Auth]

[X]

Windows Authentication [Web-Windows-Auth]

[X]

Digest Authentication [Web-Digest-Auth]

[X]

Client Certificate Mapping Authentication [Web-Client-Auth]

[X]

IIS Client Certificate Mapping Authentication [Web-Cert-Auth]

[X]

URL Authorization [Web-Url-Auth]

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

28

[X]

Request Filtering [Web-Filtering]

[X]

IP and Domain Restrictions [Web-IP-Security]

[X] Performance [Web-Performance]

[X]

Static Content Compression [Web-Stat-Compression]

[X]

Dynamic Content Compression [Web-Dyn-Compression]

[X] Management Tools [Web-Mgmt-Tools]

[X]

IIS Management Console [Web-Mgmt-Console]

[X]

IIS Management Scripts and Tools [Web-Scripting-Tools]

[X]

Management Service [Web-Mgmt-Service]

[ ] IIS 6 Management Compatibility [Web-Mgmt-Compat]

[

] IIS 6 Metabase Compatibility [Web-Metabase]

[

] IIS 6 WMI Compatibility [Web-WMI]

[

] IIS 6 Scripting Tools [Web-Lgcy-Scripting]

[

] IIS 6 Management Console [Web-Lgcy-Mgmt-Console]

[ ] FTP Publishing Service [Web-Ftp-Publishing]

[

] FTP Server [Web-Ftp-Server]

[

] FTP Management Console [Web-Ftp-Mgmt-Console]

[

] Windows Deployment Services [WDS]

 

[

] Deployment Server [WDS-Deployment]

[

] Transport Server [WDS-Transport]

[

] Windows SharePoint Services [Windows-SharePoint]

----- Features -----

[X] .NET Framework 3.0 Features [NET-Framework]

[X] .NET Framework 3.0 [NET-Framework-Core]

[ ] XPS Viewer [NET-XPS-Viewer]

[X] WCF Activation [NET-Win-CFAC]

[X] HTTP Activation [NET-HTTP-Activation]

[ ] Non-HTTP Activation [NET-Non-HTTP-Activ]

[

] BitLocker Drive Encryption [BitLocker]

[

] BITS Server Extensions [BITS]

[

] Connection Manager Administration Kit [CMAK]

[

] Desktop Experience [Desktop-Experience]

[

] Failover Clustering [Failover-Clustering]

[

] Group Policy Management [GPMC]

[

] Internet Printing Client [Internet-Print-Client]

[

] Internet Storage Name Server [ISNS]

[

] LPR Port Monitor [LPR-Port-Monitor]

[

] Message Queuing [MSMQ]

[

] Message Queuing Services [MSMQ-Services]

 

[

] Message Queuing Server [MSMQ-Server]

[

] Directory Service Integration [MSMQ-Directory]

[

] Message Queuing Triggers [MSMQ-Triggers]

[

] HTTP Support [MSMQ-HTTP-Support]

[

] Multicasting Support [MSMQ-Multicasting]

[

] Routing Service [MSMQ-Routing]

 

[

] Windows 2000 Client Support [MSMQ-Win2000]

[

] Message Queuing DCOM Proxy [MSMQ-DCOM]

[

] Multipath I/O [Multipath-IO]

[

] Network Load Balancing [NLB]

[

] Peer Name Resolution Protocol [PNRP]

29

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

Windows 2008 Server Manger

[

] Quality Windows Audio Video Experience [qWave]

[

] Remote Assistance [Remote-Assistance]

[ ] Remote Differential Compression [RDC] [X] Remote Server Administration Tools [RSAT] [X] Role Administration Tools [RSAT-Role-Tools]

[

] Active Directory Certificate Services Tools [RSAT-ADCS]

 

[

] Certification Authority Tools [RSAT-ADCS-Mgmt]

[

] Online Responder Tools [RSAT-Online-Responder]

[

] Active Directory Domain Services Tools [RSAT-ADDS]

 

[

] Active Directory Domain Controller Tools [RSAT-ADDC]

[

] Server for NIS Tools [RSAT-SNIS]

[

] Active Directory Lightweight Directory Services Tools [RSAT-ADLDS]

[

] Active Directory Rights Management Services Tools [RSAT-RMS]

[

] DHCP Server Tools [RSAT-DHCP]

[

] DNS Server Tools [RSAT-DNS-Server]

[

] Fax Server Tools [RSAT-Fax]

[

] File Services Tools [RSAT-File-Services]

 

[

] Distributed File System Tools [RSAT-DFS-Mgmt-Con]

[

] File Server Resource Manager Tools [RSAT-FSRM-Mgmt]

[

] Services for Network File System Tools [RSAT-NFS-Admin]

[

] Network Policy and Access Services Tools [RSAT-NPAS]

 

[

] Routing and Remote Access Services Tools [RSAT-RAS]

[

] Health Registration Authority Tools [RSAT-HRA]

[

] Print Services Tools [RSAT-Print-Services]

[

] Terminal Services Tools [RSAT-TS]

 

[

] Terminal Server Tools [RSAT-TS-RemoteApp]

[

] TS Gateway Tools [RSAT-TS-Gateway]

[

] TS Licensing Tools [RSAT-TS-Licensing]

[

] UDDI Services Tools [RSAT-UDDI]

[X] Web Server (IIS) Tools [RSAT-Web-Server]

[ ] Windows Deployment Services Tools [RSAT-WDS]

[ ] Feature Administration Tools [RSAT-Feature-Tools]

[

] BitLocker Drive Encryption Tools [RSAT-BitLocker]

[

] BITS Server Extensions Tools [RSAT-Bits-Server]

[

] Failover Clustering Tools [RSAT-Clustering]

[

] Network Load Balancing Tools [RSAT-NLB]

[

] SMTP Server Tools [RSAT-SMTP]

[

] WINS Server Tools [RSAT-WINS]

[

] Removable Storage Manager [Removable-Storage]

[

] RPC over HTTP Proxy [RPC-over-HTTP-Proxy]

[

] Simple TCP/IP Services [Simple-TCPIP]

[

] SMTP Server [SMTP-Server]

[

] SNMP Services [SNMP-Services]

[

] SNMP Service [SNMP-Service]

[

] SNMP WMI Provider [SNMP-WMI-Provider]

[

] Storage Manager for SANs [Storage-Mgr-SANS]

[

] Subsystem for UNIX-based Applications [Subsystem-UNIX-Apps]

[

] Telnet Client [Telnet-Client]

[

] Telnet Server [Telnet-Server]

[

] TFTP Client [TFTP-Client]

[

] Windows Internal Database [Windows-Internal-DB]

[

] Windows PowerShell [PowerShell]

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

30

[X] Windows Process Activation Service [WAS]

[X]

Process Model [WAS-Process-Model]

[X]

.NET Environment [WAS-NET-Environment]

[X]

Configuration APIs [WAS-Config-APIs]

[

] Windows Recovery Disc [Recovery-Disc]

[

] Windows Server Backup Features [Backup-Features]

[

] Windows Server Backup [Backup]

[

] Command-line Tools [Backup-Tools]

[

] Windows System Resource Manager [WSRM]

[

] WINS Server [WINS-Server]

[

] Wireless LAN Service [Wireless-Networking]

C:\Users\Administrator>

Adding a Feature Using the Server Manager MMC

So we’ve build a web and application server. We’re feeling very happy with ourselves and are getting ready to put our feet up for the rest of the day … Oh! If only it was ever like that! Now we’ve been told that our shiny new web server must be added to an existing Network Load Balanced web server farm. I don’t remember anything in the Web Server (IIS) role installation about Network Load Balancing. But I do remember there being a feature for Network Load Balancing. It looks like we’ll have to customise our new server with a feature.

Fire up Server Manager again.

our new server with a feature. Fire up Server Manager again. Click on <Add Features>. This

Click on <Add Features>. This will launch a new wizard.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

31

All of the available features on the server are listed. Select the feature you wan

All of the available features on the server are listed. Select the feature you wan to install. In this case I’ve ticked “Network Load Balancing”.

In this case I’ve ticked “Network Load Balancing”. We get a summary of our selection before

We get a summary of our selection before we go any further. Click on <Install> to start the installation or <Cancel> to terminate the process.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

32

The installation starts. Note that this may actually take a while. The installation completes after

The installation starts. Note that this may actually take a while.

starts. Note that this may actually take a while. The installation completes after a few moments.

The installation completes after a few moments. You can see that Windows is still reminding me to activate my automatic updates and gives me a warning because of it.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

33

Back in the MMC, the status of the server is updated to reflect the new

Back in the MMC, the status of the server is updated to reflect the new feature, Network Load Balancing.

Adding a Feature Using the Server Manager Command

Let’s have a look at adding the Network Load Balancing feature via command line. Pay attention mouse and GUI fans. You’ll love how quick you can do this from the command line. We’ll be using the SERVERMANAGERCMD command once again. A quick run of the QUERY parameter shows us that we need to install “NLB”:

C:\Users\Administrator>ServerManagerCmd.exe -install NLB

Start Installation

[Installation] Succeeded: [Network Load Balancing].

<100/100>

Success: Installation succeeded.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

34

How quick and easy was that? Network Load Balancing is now installed and ready to be configured. Please tell me that you aren’t tempted to try this command line approach now! By now you should see how you could write a simple script containing the commands to install of your required role and feature installations. This could be saved and reused whenever you want to build a server of a specific type. You could then deploy a single simple image to your new hardware and then run the required role/feature installation script as required to complete the installation before you perform the server specific customisations, e.g. adding content.

Managing Roles and Features Using Server Manager

Server Manager is much more than just a tool for installing and removing features on your servers. You can actually use it as a tool to monitor the roles and features that you’ve installed. Not only this, but you can also use it as a tool to access the administrative tools for those roles and features. We’re going to have a look at this now.

I’ve opened the Server Manager MMC console and I’ve noticed something is wrong.

Manager MMC console and I’ve noticed something is wrong. We can see under Roles Summary that

We can see under Roles Summary that each of my installed roles is reporting a problem. I’m going to drill down to the cause by clicking on <Go to Roles>.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

35

In Roles I can scroll down and see that both the Application Server and the

In Roles I can scroll down and see that both the Application Server and the Web Server are each reporting services as not running. This is causing each of the roles to fail. I now click on <Application Server> to see what is happening.

on <Application Server> to see what is happening. Windows 2008 Server Manger Copyright Aidan Finn 2008

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

36

I can see the cause of my problem under “System Services”. The “World Wide Web Publishing Service” has a status of “stopped”. This has caused both the Application Server and the Web Server roles to fail. The solution is pretty easy in this example. I select the failed service and click on <Start> on the right-hand side of the console.

on <Start> on the right-hand side of the console. The service starts up successfully. I’m hoping

The service starts up successfully. I’m hoping that this has cleared up my problems so I navigate back to the top of Server Manager.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

37

I can clearly see under “Roles Summary” that both of my roles are now running

I can clearly see under “Roles Summary” that both of my roles are now running normally.

This is probably a good time to have a look at how we can diagnose problems with out roles. As you’ve just seen, we can navigate into each role in Server Manager. You should click on one of you installed roles now. I’ve navigated into “Application Server”.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

38

We can see there is an “Events” section under “Summary”. This presents each of the

We can see there is an “Events” section under “Summary”. This presents each of the events that have occurred on the server in relation to the selected role. This is extremely convenient when investigating role specific issues and saves you having to search through the endless listing of events that can exist within Event Viewer.

listing of events that can exist within Event Viewer. Windows 2008 Server Manger Copyright Aidan Finn

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

39

You can double-click on an event entry to get more specific detail related to the event you are investigating.

Great! So now we can investigate issues and resolve problems using Server Manager. Is there anything more? Well as it just so happens …

When a role is installed on a server there is also an MMC snap in added to the system to manage it. Normally we’ve always gone into Administrative Tools to find it. Microsoft really wants us to see Server Manager as just that … the primary tool for managing a server. If you want to manage a role then you should be able to access the MMC snap-in from Server Manager. And that’s what Server Manager allows us to do.

Navigate to a role on your server in Server Manager and expand the node. I’ve selected “Web Server (IIS)”.

and expand the node. I’ve selected “Web Server (IIS)”. Inside the role, I’ve now got access

Inside the role, I’ve now got access to the related MMC snap-in and I can use this from within Server Manager to manage my IIS7 installation. This means that Server Manager truly is a centralised administrative tool for all roles installed on the server.

Removing a Role/Feature Using the Server Manager MMC

Just typical! You’ve added your new network load balancing feature to the server and resolved your server’s issues when your boss has decided that this new server will be a standalone machine. That’s OK; we can remove it pretty quickly. This time around, I want you to pay attention to how much work there is when we remove the feature using the MMC and when we remove it using the

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

40

command line. I think you may find yourself drifting towards the command line option for future administration tasks related to server manager roles and features after reading this.

Let’s get Server Manager up and running again. We can see that Network Load Balancing is still listed as a feature that is installed.

Balancing is still listed as a feature that is installed. Click on <Remove Features> and a

Click on <Remove Features> and a wizard will launch.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

41

All of the features are listed. Those that are installed have a tick beside them

All of the features are listed. Those that are installed have a tick beside them and those that are not installed are greyed out. Deselect the feature you want to uninstall; in this case Network Load Balancing and then click on <Remove>.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

42

We get a summary of the actions to be completed. Click on <Remove> when you

We get a summary of the actions to be completed. Click on <Remove> when you are ready to uninstall the displayed features or click on <Cancel> to terminate the process.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

43

The process may take a few moments so you may want to take one of

The process may take a few moments so you may want to take one of those coffee breaks that we “progress bar engineers” are used to.

breaks that we “progress bar engineers” are used to. Windows 2008 Server Manger Copyright Aidan Finn

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

44

The removal process is completed and we can click on <Close> to return to the Server Manager

MMC.

on <Close> to return to the Server Manager MMC. We can now see the feature is

We can now see the feature is removed.

That’s how we remove a feature. The process of removing a role is exactly the same. Instead of “Remove Features” you select “Remove Roles”. It’s a process that Microsoft has made very easy for us. They’ve allowed us to concentrate on what we want to install or remove instead of worrying about how to do it.

Removing a Role/Feature Using the Server Manager Command

This is pretty easy. Instead of using the INSTALL parameter we will be using the REMOVE parameter with the SERVERMANAGERCMD command. I’m going to uninstall the Network Load Balancing feature:

C:\Users\Administrator>ServerManagerCmd.exe -remove NLB

Start Removal

[Removal] Succeeded: [Network Load Balancing].

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

45

<100/100>

Success: Removal succeeded.

Some features or roles may require a restart at the end of the uninstall to complete the process. You can automate this by adding the RESTART parameter at the end of the command.

ServerManagerCmd.exe -remove Print-LPD-Service restart

Removing the LPD printing service does require a reboot and you are warned about this if you run a remove command. Adding the RESTART parameter causes the server to reboot automatically, something you will find quite handy if you deploy your uninstall command remotely or run it by using a scheduled task.

Unattended Installations Using Answer Files

I’ve already alluded to the process of an unattended installation. You could simply write a batch file that includes a series of SERVERMANGERCMD commands. Microsoft has given us an alternative using XML based answer files. Using an answer file, we can run the SERVERMANAGERCMD command once and supply it with a listing of roles, role services and features to install.

I’m going to repeat the above scenario where I want to install 2 roles, a role service and a feature to create a network load balanced web server with .Net support. The XML file I’m going to use is below:

<?xml version="1.0" encoding="utf-8" ?>

<ServerManagerConfiguration Action="Install"

xmlns="http://schemas.microsoft.com/sdm/Windows/ServerManager/Configuration/2007/1"

xmlns:xs="http://www.w3.org/2001/XMLSchema">

<Role Id="Application-Server" />

<RoleService Id="AS-Web-Support" />

<Role Id="Web-Server" />

<Feature Id="NLB" />

</ServerManagerConfiguration>

You can see that each role is listed using “Role ID”, each role service is listing using “RoleService ID”

and each feature is listed using “Feature ID”.

I’ve saved this as C:\Media\WebServer.XML.

If you are automating an installation like this then it is likely that you’d like to see what the results will be before you run the command as some sort of a basic test. SERVERMANAGERCMD allows you to do this with the WHATIF parameter:

ServerManagerCmd.exe -inputPath C:\Media\WebServer.XML whatIf

46

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

Windows 2008 Server Manger

This parses my XML file to check the syntax and simulates the installation without modifying my server. It then lists the actions that will be performed. I can actually go ahead and run my command once I’ve got my syntax cleaned up and I’m happy with the actions:

C:\Users\Administrator>ServerManagerCmd.exe -inputPath C:\Media\WebServer.XML

Start Installation

[Installation] Succeeded: [Application Server] Windows Process Activation Servic

e Support.

[Installation] Succeeded: [Web Server (IIS)] Management Tools.

[Installation] Succeeded: [.NET Framework 3.0 Features] WCF Activation.

[Installation] Succeeded: [Web Server (IIS)] Web Server.

[Installation] Succeeded: [Web Server (IIS)] Health and Diagnostics.

[Installation] Succeeded: [Web Server (IIS)] Performance.

[Installation] Succeeded: [Web Server (IIS)] Application Development.

[Installation] Succeeded: [Web Server (IIS)] Security.

[Installation] Succeeded: [Web Server (IIS)] Common HTTP Features.

[Installation] Succeeded: [Windows Process Activation Service] Configuration API

s.

[Installation] Succeeded: [Windows Process Activation Service] Process Model.

[Installation] Succeeded: [Windows Process Activation Service] .NET Environment.

[Installation] Succeeded: [Network Load Balancing].

[Installation] Succeeded: [.NET Framework 3.0 Features] .NET Framework 3.0.

[Installation] Succeeded: [Web Server (IIS)] IIS Management Scripts and Tools.

[Installation] Succeeded: [Web Server (IIS)] IIS Management Console.

[Installation] Succeeded: [Web Server (IIS)] ISAPI Extensions.

47

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

Windows 2008 Server Manger

[Installation] Succeeded: [Web Server (IIS)] HTTP Logging.

[Installation] Succeeded: [Web Server (IIS)] HTTP Redirection.

[Installation] Succeeded: [Web Server (IIS)] Static Content.

[Installation] Succeeded: [Web Server (IIS)] Client Certificate Mapping Authenti

cation.

[Installation] Succeeded: [Web Server (IIS)] Default Document.

[Installation] Succeeded: [Web Server (IIS)] HTTP Errors.

[Installation] Succeeded: [Web Server (IIS)] Directory Browsing.

[Installation] Succeeded: [Web Server (IIS)] ISAPI Filters.

[Installation] Succeeded: [Web Server (IIS)] IIS Client Certificate Mapping Auth

entication.

[Installation] Succeeded: [Web Server (IIS)] Digest Authentication.

[Installation] Succeeded: [Web Server (IIS)] Request Filtering.

[Installation] Succeeded: [Web Server (IIS)] URL Authorization.

[Installation] Succeeded: [Web Server (IIS)] Windows Authentication.

[Installation] Succeeded: [Web Server (IIS)] Request Monitor.

[Installation] Succeeded: [Web Server (IIS)] Logging Tools.

[Installation] Succeeded: [Web Server (IIS)] Basic Authentication.

[Installation] Succeeded: [Web Server (IIS)] Tracing.

[Installation] Succeeded: [Web Server (IIS)] IP and Domain Restrictions.

[Installation] Succeeded: [Web Server (IIS)] Static Content Compression.

[Installation] Succeeded: [Web Server (IIS)] Dynamic Content Compression.

[Installation] Succeeded: [Web Server (IIS)] Management Service.

[Installation] Succeeded: [Web Server (IIS)] .NET Extensibility.

[Installation] Succeeded: [.NET Framework 3.0 Features] HTTP Activation.

[Installation] Succeeded: [Web Server (IIS)] ASP.NET.

48

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

Windows 2008 Server Manger

[Installation] Succeeded: [Application Server] Application Server Foundation.

[Installation] Succeeded: [Application Server] HTTP Activation.

[Installation] Succeeded: [Application Server] Web Server (IIS) Support.

<100/100>

Success: Installation succeeded.

In just one command, I have installed all the components required for my standard web server build. You have got to love that!

So that’s roles and features in Windows 2008. My advice to you is to try this out with some test machines. Compare the process using the MMC and the command line. And keep in mind the process of using an answer file for when you read about unattended installation of Windows Server 2008. We’re going to leave this subject now and move on to the rest of Server Manager and have a quick look around.

The Rest of Server Manager

I think it’s safe to say the Server Manager is the successor to Computer Management that was present in Windows Server 2000 and 2003. As such, a number of the tasks that you could do in Computer Management are also present in Server Manager. Not only this, but there’s some new stuff in there too. I keep saying this and you’re probably getting tired of it, but Server Manager is intended to be your all-in-one management tool for the server that you’re working on.

Each of the tools included in Server Manager has been categorised based on the operations that they are used for.

Diagnostics

We’ve already seen how we can diagnose and repair role specific failures in Server Manager. But sometimes problems are more complex than that and you’ll find that you need to do see the bigger picture. We can use the tools that are linked in Server Manager under “Diagnostics” to help us identify the cause of those problems.

The first tool we see in Diagnostics is an old friend: Event Viewer. Event Viewer has had a bit of work done on it.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

49

The root view gives us a very helpful summary of the different types of events

The root view gives us a very helpful summary of the different types of events that are available in Event Viewer. How often have you gone into Event Viewer and found that you had to search through thousands of entries to find Critical or Warning level events. You’ve probably gone and filtered the view but a large log can take some time to process. Windows 2008 Event viewer makes this easy for us. Just expand the Event Type under “Summary of Administrative Events” and you’ll get a listing of your desired level of events.

Another task that you’ve probably done repeatedly is to filter the view based on certain criteria such as all events of source “HttpEvent” and event type of either “Failure” or “Warning”. Isn’t it pretty annoying that every time you revisit Event viewer that you have to filter for this query again? Windows 2008 Event Viewer comes to the rescue with Custom Views. You can define and save your query using a Custom View. Not only that, but you can export the view and import it onto another computer! The file format is XML so you can quickly copy and modify the file to create a collection of Custom Views that you can import onto all of your servers as you deploy them.

Windows Logs gives us access to our now familiar set of logs including System, Security and Application. Two new entries are to be found in there by default. The first is Setup. This log will collect events related to the installation and removal of Roles and Features on your server. This will be useful to identify when, who and how your server configuration was modified. That’s something that will be useful to enforce compliance and change control. The most interesting addition to Event Viewer is Forwarded Events. Almost every week I am either asked or see someone on a forum asking for a solution for basic monitoring of small server networks that won’t cost an annual budget. Forwarded Events allows a single server to gather log entries from other computers using subscriptions. These events are then collected onto your server and presented to you in Forwarded Events. Note that this service requires that both the Windows Remote Management and the Windows Event Collector services are running.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

50

The Applications and Services Logs allows different applications to log their own specific details into their own dedicated logs that an administrator can access via a single interface. The logs are broken down into categories to make them easy to navigate. Of relevance to this document, you can find a log for Server Manger in \Diagnostics\Event Viewer\Applications and Services Logs\Microsoft\Windows\Server Manager. In here you can find log entries for every task you’ve run using SERVERMANAGERCMD.EXE.

Subscriptions is where you define on how to collect log entries from target computers to a source computer. You’ve got a number of options in here including selection targets, defining a query for events to collect and what credentials to use to make the connection to the remote computers.

to use to make the connection to the remote computers. Reliability and Performance allows and administrator

Reliability and Performance allows and administrator to monitor how a server is behaving. Instead of querying log data, the administrator can get access to more tangible statistics such as resource utilisation and server failure in this collection of tools.

Under Monitoring Tools we have Performance Monitor and Reliability Monitor. Performance Monitor should be familiar to Windows administrators. It allows you to monitor current performance metrics and to load a pre-existing data collector set to view historic data. Reliability monitor is a new tool for analysing how change relates to failures in server reliability via a time chart and collected events. It’s not uncommon for failures to be directly related to configuration changes. This tool is Microsoft’s attempt to help us correlate these events.

Data Collector Sets allows us to collect data from the server that is not normally collected in Event Viewer, i.e. performance and configuration information. It’s broken into two sets: System which is

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

51

the hard coded set of sets and User Defined which allows an administrator to define a query and schedule to gather data. You can run these sets to gather data. The resulting data can be either loaded in Performance Monitor to create a historic chart or in Reports so you can have a text summary of the Data Collector Set execution.

can have a text summary of the Data Collector Set execution. Device Manager allows administrators of

Device Manager allows administrators of a server to install or remove devices and to manage their drivers.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

52

Configuration The Configuration section of Server Manager allows administrators to manage the configuration of servers

Configuration

The Configuration section of Server Manager allows administrators to manage the configuration of servers that is unrelated to Roles and Features, i.e. those components that are common to all Windows 2008 servers.

Task Scheduler does exactly what it says on the tin. You can use it to schedule an operation that you want to occur once in the future or on a recurring basis. You’ll notice that Microsoft has included a set of tasks by default, including one to defrag your hard disks every week.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

53

Windows Firewall with Advanced Security is where you can configure the Windows Firewall. Notice that

Windows Firewall with Advanced Security is where you can configure the Windows Firewall. Notice that it’s on by default and it’s pretty water tight!

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

54

You can use the Services MMC to manage the services that are running on the

You can use the Services MMC to manage the services that are running on the server, including changing their running status, their start-up type and the credentials they use to execute on the server.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

55

You will WMI Control to manage the WMI configuration of the server that you are

You will WMI Control to manage the WMI configuration of the server that you are working on, including backup up/restoring the configuration, assigning permissions and changing the default scripting namespace.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

56

Local Users and Groups should be familiar to anyone who has worked with Microsoft operating

Local Users and Groups should be familiar to anyone who has worked with Microsoft operating systems since Windows 2000. It is where you will manage local users and local groups on standalone and member servers.

Storage

We now wrap up our document on Server Manager by looking quickly at the Storage Section. There are two aspects to this: Windows Server Backup and Disk Management.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

57

Windows Server Backup allows an administrator to back up their server without the need for

Windows Server Backup allows an administrator to back up their server without the need for third

party applications.

able to use Windows Server Backup.

You’re going to need to install the Windows Server Backup feature in order to be

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

58

Windows Server Backup is useful for smaller organisations with smaller budgets, those with standalone servers

Windows Server Backup is useful for smaller organisations with smaller budgets, those with standalone servers or for administrators with an isolated test lab. Backing up our servers is one of the most important things that we server administrators do and Windows Server Backup provides us with a reliable tool for doing this, albeit not one that will be ideal for those who require cross platform support, advanced storage or centralised management.

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

59

Administrators can use Disk Management to provision disks and volumes on the server. One of

Administrators can use Disk Management to provision disks and volumes on the server. One of the nice little improvements is the summary that tells us vital disk configuration information such as which volumes are the system, boot, page file and crash dump partitions.

Summary

So that’s Server Manager. I think that it’s quite an impressive upgrade over Computer Management and that Microsoft has given us a tool that probably does accomplish much of the lofty goal to create a single point for managing a server. Add in SERVERMANAGERCMD.EXE and administrators have a rapid, scriptable and easily repeatable way to manage the Role and Feature configurations of their servers. If you are a server administrator then this is likely going to be the tool you use the most in your day to day operations. If so, set up a test lab and try out some of the scenarios described in this document. Then expand on your experiments by adding in the features that you are likely to encounter in your job. Try to use SERVERMANAGERCMD.EXE and the answer file feature and you’ll be pleasantly surprised how we command prompt fearing types will actually want to learn a bit more of the dark side!

Windows 2008 Server Manger

Copyright Aidan Finn 2008 http://joeelway.spaces.live.com/ website@highwaycsl.com

60