- Windows Server 2008 Defined
- When Is the Right Time to Migrate?
- Versions of Windows Server 2008
- What's New and What's the Same About Windows Server 2008?
- Changes in Active Directory
- Windows Server 2008 Benefits for Administration
- Improvements in Security in Windows Server 2008
- Improvements in Windows Server 2008 for Better Branch Office Support
- Improvements for Thin Client Terminal Services
- Improvements in Clustering and Storage Area Network Support
- Improvements in Server Roles in Windows Server 2008
- Identifying Which Windows Server 2008 Service to Install or Migrate to First
This chapter is from the book
This chapter is from the book
This chapter is from the book
Windows Server 2008 Benefits for Administration
Windows 2008 provides several new benefits that help organizations better administer their networking environment. These new features provide better file and data management, better performance monitoring and reliability tracking tools to identify system problems and proactively address issues, a new image deployment tool, and a whole new set of Group Policy Objects that help administrators better manage users, computers, and other Active Directory objects.
Improvements in the Group Policy Management
Windows 2008 introduces over 800 new Group Policy Objects specific to Windows 2008 and Windows Vista, along with several new components that expand on the core capabilities of Group Policy management that have been part of Windows 2000/2003 Active Directory. The basic functions of Group Policy haven't changed, so the Group Policy Object Editor (gpedit) and the Group Policy Management Console (GPMC) are the same, but with more options and settings available.
As mentioned earlier, the Group Policy Management Console can either be run as a separate MMC tool, or it can be launched off the Features branch of the Server Manager console tree, as shown in Figure 1.7. Group policies in Windows 2008 provide more granular management of local machines, specifically having policies that push down to a client that are different for administrator and nonadministrator users.
)
Figure 1.7 Group Policy Management Console.
Additionally, applications can now query or register with a network location awareness service within Group Policy management, which provides the identity where a user or computer object resides. As an example, a policy can be written that allows a user access to applications and files if they are on a local network segment, but blocks the user from accessing the same content when they are on a remote segment for security and privacy reasons. This addition to group policies adds a third dimension to policies so that now administrators can not only define who and what someone has access to, but also limit their access based on where they are.
Group policies are covered in detail in Chapter 27, "Group Policy Management for Network Clients," as well as in Chapter 19, "Windows Server 2008 Group Policies and Policy Management."
Introducing Performance and Reliability Monitoring Tools
Windows 2008 introduces new and revised performance and reliability monitoring tools intended to help network administrators better understand the health and operations of Windows 2008 systems. Just like with the Group Policy Management Console, the new Reliability and Performance Monitor shows up as a feature in the Server Manager console. By clicking on the Performance Diagnostic Console, the tool shows up in the right pane, as shown in Figure 1.8.
)
Figure 1.8 Windows Reliability and Performance Monitor.
The new tool keeps track of system activity and resource usage and displays key counters and system status on screen. The Reliability Monitor diagnoses potential causes of server instability by noting the last time a server was rebooted, what patches or updates were applied, and chronologically when services have failed on the system so that system faults can potentially be traced back to specific system updates or changes that occurred prior to the problem.
By combining what used to be three to four tools into a single console, administrators are able to look at system performance, operational tasks, and historical event information in their analysis of a server problem or system operations instability. You can find more details on performance and reliability monitoring in Chapter 34.
Leveraging File Server Resource Manager
File Server Resource Manager (FSRM) was a feature pack add-in to Windows 2003 R2 and has been significantly improved with the release of Windows 2008. FSRM is a quota management system of files on network shares across an enterprise. Rather than allowing employees to copy the entire content of their laptop to a network, or potentially back up their MP3 audio files onto a network, FSRM provides the ability to not only limit the amount of content stored on network shares, but also to set quotas (or limit storage altogether) on certain file types. So, a user could be limited to store 200GB of files on a network share, but of that limit, only 2GB can be allocated to MP3 files.
FSRM, shown in Figure 1.9, in Windows 2008 has been improved to allow the nesting of quotas to ensure the most restrictive policy is applied. Quotas can also transcend subfolders, so as new folders are created, or as policies are applied at different levels in a folder hierarchy, the policies still apply, and the rules are combined to provide varying levels of quota allocation to user data. Additionally, quotas are now based on actual storage, so if a file is compressed when stored, the user will be able to store more files within their allocated quota.
)
Figure 1.9 File Server Resource Manager.
File Server Resource Manager is covered in detail in Chapter 28.
Introduction of Windows Deployment Services
Windows 2008 introduces a new tool called Windows Deployment Services (WDS), which is effectively an updated version of the Remote Installation Service (RIS) that has been available for the past several years. Unlike RIS, which was focused on primarily scripted installations and client images, WDS can distribute images of Windows Vista clients or Windows 2008 servers in a significantly more flexible and modifiable deployment process.
Like with RIS, Windows Deployment Services allows a client system to initiate a Preboot Execution Environment (PXE), effectively "booting" to the WDS server to see a list of images that can be deployed on the system. Alternately, an organization can create a Windows PE boot disc and have an image initiated from a CD or DVD.
With Windows 2008 and Windows Vista, the image can be created in Windows Imaging (WIM) format, which allows for the injection of patches, updates, or even new code to a WIM file without even booting the image file. This provides the organization with more than just static images that get pushed out like in RIS, but rather a tool that provides ongoing and manageable updates to image files.
WDS also supports the imaging of Windows 2003 servers and Windows XP client systems in the same manner that RIS did in terms of pushing out images or using an unattend script file to send images to systems.
Windows Deployment Services is covered in detail in Chapter 26, "Windows Server Administration Tools for Desktops."