Microsoft Windows Server 2003 represents a major advance in reliability, availability, and manageability. Not only is the operating system more versatile than its predecessors, but it also builds on the revolutionary system management and administration concepts introduced with Windows 2000, including
Active Directory directory service An extensible and scalable directory service that uses a namespace based on the Internet standard Domain Name System (DNS).
IntelliMirror Change and configuration management features that support mirroring of user data and environment settings as well as central management of software installation and maintenance.
Security Architecture The architecture provides improvements for smart cards, public and private encryption keys, and security protocols. It also features tools for analyzing system security and for applying uniform security settings to groups of systems.
Terminal Services Services that allow you to remotely log on to and manage other Windows Server 2003 systems.
Windows Script Host A scripting environment for automating common administration tasks, such as creating user accounts or generating reports from event logs.
Although Windows Server 2003 has dozens of other new features, each of the features just listed has far-reaching effects on how you perform administrative tasks. None has more effect than Active Directory technology. A sound understanding of Active Directory structures and procedures is essential to your success as a Windows Server 2003 systems administrator.
That said, the Windows Server 2003 security architecture also has a far-reaching effect on how you perform administrative tasks. Through Active Directory and administrative templates, you can apply security settings to workstations and servers throughout the organization. Thus, rather than managing security on a machine-by- machine basis, you can manage security on an enterprise-wide basis.
Domain Controllers and Member Servers:
When you install Windows Server 2003 on a new system, you can configure the server to be a member server, a domain controller, or a stand-alone server. The differences between these types of servers is extremely important. Member servers are a part of a domain but don’t store directory information. Domain controllers are distinguished from member servers because they store directory information and provide authentication and directory services for the domain. Stand-alone servers aren’t a part of a domain and have their own user database. Because of this, stand-alone servers also authenticate logon requests themselves.
Windows Server 2003 doesn’t designate primary or backup domain controllers. Instead, it supports a multimaster replication model. In this model any domain controller can process directory changes and then replicate those changes to other domain controllers automatically. This differs from the Windows NT single master replication model in which the primary domain controller stores a master copy and backup controllers store backup copies of the master. Additionally, Windows NT distributed only the Security Account Manager (SAM) database, but Windows Server 2003 distributes an entire directory of information called a data store. Inside the data store are sets of objects representing user, group, and computer accounts as well as shared resources, such as servers, files, and printers.
Domains that use Active Directory are referred to as Active Directory domains. This distinguishes them from Windows NT domains. Although Active Directory domains can function with only one domain controller, you can and should configure multiple domain controllers in the domain. This way, if one domain controller fails, you can rely on the other domain controllers to handle authentication and other critical tasks.
In an Active Directory domain, any member server can be promoted to a domain controller, and you don’t need to reinstall the OS as you had to in Windows NT. To promote a member server, all you need to do is install the Active Directory component on the server. You can also demote domain controllers to be member servers, provided that the server isn’t the last domain controller on the network. You promote and demote domain controllers by using the Active Directory Installation Wizard and following these steps:
1. Click Start.
2. Click Run.
3. Type dcpromo in the Open field, and then click OK.
Understanding and Using Server Roles:
Servers running Windows Server 2003 are configured based on the services they offer. You can add or remove services at any time by using the Configure Your Server Wizard and following these steps:
1. Click Start.
2. Click Programs or All Programs as appropriate.
3. Click Administrative Tools, and then select Configure Your Server Wizard.
4. Click Next twice. Windows Server 2003 gathers information about the server’s current roles. The Server Role page displays a list of available server roles and specifies whether they’re configured. Adding and removing roles is easy:
If a role isn’t configured and you want to add the role, click the role in the Server Role column and then click Next. Follow the prompts.
If a role is configured and you want to remove the role, click the role in the Server Role column and then click Next. Read any warnings displayed carefully and then follow the prompts.
Any server can support one or more of the following server roles:
Application server A server that provides XML Web services, Web applications, and distributed applications. When you configure a server with this role, IIS, COM+, and the Microsoft .NET Framework are installed automatically. You also have the option of adding Microsoft FrontPage Server Extensions and enabling or disabling ASP.NET.
DHCP server A server that runs the Dynamic Host Configuration Protocol (DHCP) and can automatically assign Internet Protocol (IP) addresses to clients on the network. This option installs DHCP and starts the New Scope Wizard.
DNS server A server that runs DNS resolves computer names to IP addresses and vice versa. This option installs DNS and starts the DNS Server Wizard.
Domain controller A server that provides directory services for the domain and has a directory store. Domain controllers also manage the logon process and directory searches. This option installs DNS and Active Directory.
File server A server that serves and manages access to files. This option enables you to quickly configure disk quotas and indexing. You can also install the Web-based file administration utility, which installs IIS and enables Active Server Pages (ASP).
Mail server (POP3, SMTP) A server that provides basic Post Office Protocol3 (POP3) and Simple Mail Transfer Protocol (SMTP) mail services so that POP3 mail clients can send and receive mail in the domain. Once you install this service, you define a default domain for mail exchange and then create and manage mailboxes. These basic services are best for small offices or remote locations where e-mail exchange is needed but you don’t need the power and versatility of Microsoft Exchange Server.
Print server A server that provides and manages access to network printers, print queues, and printer drivers. This option enables you to quickly configure printers and print drivers that the server should provide.
Remote access/VPN server A server that routes network traffic and manages dial-up networking or virtual private networking (VPN). This option starts the Routing and Remote Access Setup Wizard. You can configure routing and remote access to allow outgoing connections only, incoming and outgoing connections, or no outside connections at all.
Server cluster node A server that operates as part of a group of servers working together called a cluster. This option starts the New Server Cluster Wizard, which allows you to create a new cluster group, or the Add Nodes Wizard, which allows you to add the server to an existing cluster. (This server role is supported by the Enterprise and Datacenter versions only.)
Streaming media server A server that provides streaming media content to other systems on the network or the Internet. This option installs Windows Media Services. (This server role is supported by the Standard and Enterprise versions only.)
Terminal Server A server that processes tasks for multiple client computers running in terminal services mode. This option installs Terminal Server. You don’t need to install Terminal Server to remotely manage this server. Remote Desktop is installed automatically with the OS.
WINS server A server that runs Windows Internet Name Service (WINS) resolves NetBIOS names to IP addresses and vice versa. This option installs WINS.
Other Windows Server 2003 Resources
Using Graphical Administrative Tools:
Windows Server 2003 provides several types of tools for system administration. The graphical user interface (GUI)-based tools are the ones you’ll use the most. Usually you can use graphical administrative tools to manage the system to which you’re currently logged on, as well as systems throughout Windows Server 2003 domains. For example, in the Component Services console you specify the computer you want to work with by right-clicking the Event Viewer entry in the left panel and then choosing Connect o another Computer.
Tools and Configuration:
Which administrative tools are available on your system depends on its configuration. When you add services, the tools needed to manage those services are installed on the server. These same tools might not be available in Windows XP Professional or on another server. In this case you might want to install the administration tools on the workstation you’re using. To install Windows Server 2003 Administration Tools, complete the following steps:
1. Log on to the workstation using an account with administrator privileges.
2. Insert the Windows Server 2003 CD-ROM into the CD-ROM drive.
3. When the Autorun screen appears, click Perform Additional Tasks, and then click Browse This CD. This starts Windows Explorer.
4. Double-click I386 and then double-click Adminpak.msi. The complete set of Windows Server 2003 management tools are installed on your workstation or server.
Using NET Tools:
You can more easily manage most of the tasks performed with the NET commands by using graphical administrative tools and Control Panel utilities. However, some of the NET tools are very useful for performing tasks quickly or for obtaining information, especially during telnet sessions to remote systems. These commands include
NET SEND Sends messages to users logged in to a particular system
NET START Starts a service on the system
NET STOP Stops a service on the system
NET TIME Displays the current system time or synchronizes the system time with another computer
NET USE Connects and disconnects from a shared resource
NET VIEW Displays a list of network resources available to the system
No comments:
Post a Comment