Clinic

Windows Server®
2008: Windows
Server 2008
Management
Clinic Outline

Server Management Overview

Server Core Installation
Windows PowerShell
Remote Management
 Spend Less Hardens the OS Quickly Respond
Time on and Protects to Changing
Everyday Tasks Your Business Needs
Environment
Enhanced Better Security Centralized
Scripting and and Application and
Task Compliance Remote Access
Automation Solutions
Network
Role Based Access Integrated
Installation Server
and Protection
Management Virtualization
 Server
Management
Overview
Overview

Primary Management
Tools

Alternative Management
Methods

Printer Management
Primary Management Tools

Benefits
Easy, systematic, single interface for all
management
More secure and reliable
Ensures service prerequisites are met
Initial Configuration Tasks
• Guides you through the process of configuring a
new server
Server Manager Console
• New MMC snap-in provides a consolidated view
of the server, including server configuration,
status of installed roles, and links for
adding/removing roles and features
ServerManagerCmd.exe
Command line tool to automate deployment of
server roles and features
Alternative Management Tools

Windows PowerShell
Remote Management
Windows Remote Manager (WS-
Management)
Windows Remote Shell (WinRS)
Event Subscriptions

Task Scheduling based on Events

Microsoft System Center

Print Management

Overview
Single console for managing printers
(local and remote)
Up-to-minute details

Group Policy integration

Troubleshooting
Pre-defined filters
Email message notifications
Technical Background

Initial Configuration
Tasks

Server Manager

Server Manager
Wizards

Server Roles

Features
Initial Configuration Tasks

Allows administrators to postpone certain tasks

until installation is complete - fewer
interruptions
Replaces
Windows
Server 2003
SP1 Post-Setup
Security
Updates
Guides you
through all
tasks required
to complete
installation –
not just
security
Management through Group Policy
Server Manager

Guides administrators through installation,

configuration and management of Server Roles
Installed by default
Requires admin credentials
Main Window
Server Summary
• System Information
• Security Summary
Roles Summary
Features Summary
Resources and Support
Management through Group Policy
Server Manager Wizards

To add, remove, or augment multiple roles in a

single session
• Streamlining server deployment
• Roles configured with recommended
security settings, by default
• Performs dependency checks
Collection of Wizards
Add Roles | Remove Roles
Add Role Services | Remove Role Services
Add Features | Remove Features
Role Management Home Pages
Server Roles

Displays
events
and
services
that are
part of
the role
Adding a role automatically creates a
management console home page in Server
Manager for that role
Features

Augment the functionality of an installed role

Demonstration: Server Manager
Overview

• Server Manager Overview

• Performing Key Tasks
• Using
ServerManagerCmd.exe
Implementation/Usage Scenarios

Improved New Server Deployment and

Configuration

Improved Security

Improved Server Administration

Recommendations

For single server administration, use

Server Manager
To manage roles from a command prompt,
use ServerManagerCmd.exe
For multiple server administration, use
Windows PowerShell
For Remote Management, use Windows
Remote Management (based on WS-
Management Standard)
Use Event Subscriptions to collect Event
Viewer logs from multiple servers

Use System Center for enterprise-wide

management
Summary

Windows Server 2008 installation postpones non-

essential tasks
Initial Configuration Tasks configures a new server
Server Manager provides a consolidated, single
management interface
ServerManagerCmd.exe enables automation of roles
from a command-line environment
Windows PowerShell is a new command-line shell
and task based scripting technology
Windows Remote Management remotely manages
servers and obtains management data through WMI
or Windows Remote Shell
Windows Server 2008 and Windows Vista allow for
Event Forwarding
Server Core
Overview

Server Core Installation

Minimal OS functionality
(9 roles with limited
optional features)

Benefits of Server Core

Reduced maintenance
Reduced attack surface
Reduced management
Less disk space required
Technical Background

Server Core
Deployment

Server Roles

Optional Features

Management
Server Core Deployment

Prerequisites
• Windows Server 2008 Media with a valid
product key
• A computer on which to perform a clean
install
• Administrative Credentials
Manual through command line or unattended
using an XML file
Set password for local administrator
account
Set IP address using NETSH commands (or
DHCP)
Optionally join a domain and activate the
server
View/Configure the firewall
Install supported roles/features
Server Core Features

At Command Prompt, type: start /w ocsetup

featurename
Feature Feature Name

Backup WindowServerBackup

BitLocker Drive Encryption BitLocker

Failover Cluster FailoverCluster-Core

Multipath IO Microsoft-Windows-Multipathio

Network Load Balancing NetworkLoadBalancingHeadlessServer

Microsoft-Windows-
Removable Storage Management RemovableStorageManagementCore

Simple Network Management Protocol (SNMP) SNMP SC

Subsystem for UNIX-based applications SUACore

Telnet Client TelnetClient

Windows Internet Naming Service (WINS) WINS-SC

Server Core Management

Remotely
Terminal Services
Locally
Windows Remote
Shell Command
Prompt
MMC
Command Prompt
Scripting
(\Windows\System32\scregedit.wsf )
Enable Automatic updates
Enable Error reporting
Enable TS Remote Admin Mode
Enable TS client on legacy clients
Enable IPSec remote management
Configure DNS record weight and priority
View a list of common command line tools
Demonstration: Managing a Server
Core

• Locally and remotely via the

Command Prompt
• Remotely via MMC

Serve
r Core
Implementation/Usage Scenarios

Reduced maintenance

Reduced attack surface

Reduced management

Less disk space required

Recommendations

Implement Server Core whenever possible

Publish cmd.exe using Terminal Services

RemoteApp to allow you to run cmd.exe in a
window on your local machine rather than in a
full terminal services client

Minimize administrative access to the system

Ensure physical security of the server

Implement BitLocker Drive Encryption

Summary

Server Core provides a minimal installation option

Server Core supports 9 roles and minimal features
Server Core is managed:
• Locally and remotely through the command line
• Remotely via MMC
• Remotely via Terminal Services
• Remotely via Windows Remote Shell
• Server Core provides a script for configuring settings
that cannot be configured through a command-line
or MMC snap-in
 Windows
PowerShell
Overview

What is
PowerShell?

Benefits

What can I do
with
PowerShell?

Prerequisites
Technical Background

Cmdlets

Beyond the
Cmdlet

Navigation

Administration

Security
PowerShell Cmdlets

Cmdlets form the basis of PowerShell’s

functionality
• Built in a .NET Framework language (e.g., Visual
Basic, Visual C#)
• Act as PowerShell’s “command line utilities”
• 129 provided…more can be “snapped in” (e.g.,
Exchange)
PowerShell Concepts “Get-
Simplicity Command” -
Backward compatibility shows what
functionality
Work with objects, not text is available
Command family is extensible
PowerShell handles input and display
Access to additional data stores
Beyond the Cmdlet

Pipelines
• A series of cmdlet segments connected by a
pipe operator
• Reduce the effort involved in entering complex
commands
• Reduces the resource demand of complex
commands
Aliasing
• Associates a command name that you type with
another command
• Allows users with experience in other shells to
reuse common commands they already know
New Scripting Language
Commands saved in a file for later execution
13 primary keywords
Scripts live in .ps1 files
PowerShell Navigation

PowerShell exposes virtually anything that can

be navigated like a standard Microsoft
Windows disk drive as a Windows PowerShell
drive
• Does not necessarily represent a real drive,
either locally or on the network
• PSDrive – noun used for working with
PowerShell drives
• Location – Noun used to manage the current
location in PowerShell
• Item – Noun used to refer to things found on a
PowerShell Drive (files, folders, registry keys)
PowerShell Administration

Manage local processes

Manage local services
Collect information about computers
Work with software installations
Change computer state
Work with Printers
Perform networking tasks
• IP configuration
• DHCP configuration
• Network shares
• Working with files and folders
• Working with registry keys and entries
PowerShell Security

Execution policy
• Determines whether scripts are allowed
to run and if so, whether they must be
digitally signed
PowerShell profiles
Allows you to save aliases, functions,
and variables to a profile which will be
loaded each time PowerShell starts
Allows you to enforce a consistent view
of PowerShell in a larger enterprise
Can have 4 different profiles
Not created automatically
Demonstration: Using Windows
PowerShell

• Getting Help
• Navigating Windows
PowerShell
• Adding a User to Active
Directory
Implementation/Usage Scenarios

Command-Line Services, Processes,

Registry, and WMI Data Management

Server/Role Management

Terminal Server
IIS 7.0
AD
Exchange 2007
MOM 2007
Recommendations

Start using Windows PowerShell

immediately!
Don’t throw away any existing scripts
or batch files – they can still be used!
Don’t forget the power of the wildcard,
such as “get-services*”
Don’t deploy Windows PowerShell on
any machine where it is not actually
needed
Centrally-Control Windows PowerShell
security settings through GPOs – do it
now!
Summary

Windows PowerShell is a new command line shell

and task-based scripting technology that:
Provides administrators with comprehensive
control and automation of system administration
tasks, increasing productivity
Is backward compatible with existing command-
line technologies
Is easy to learn and use

Windows PowerShell is the new standard for

command-line management.
Windows PowerShell is the administrative
foundation for Exchange Server 2007, System
Center Operations Manager 2007, and more.
Windows Remote
Management
Overview

Windows Remote Management

Winrm.cmd

Prerequisites

Benefits
Technical Background

Remote Management Architecture

Installation and Configuration

Scripting in Windows Remote Management

Authentication for Remote Connections

Event Collection
Remote Management Architecture
WinRM Scripting API
• To obtain data from remote computers using
scripts that perform WS-Management Protocol
operations
Winrm.cmd
• Command-line tool for system management
Winrs.exe
• Command-line tool to remote execute most
CMD.exe commands using the WS-Management
Protocol
IPMI Driver and WMI Provider
• To control and diagnose remote server
hardware
WMI service
• Tuns side-by-side with WinRM; provides
requested data or control through the WMI plug-
in
WS-Management Protocol
Remote Management Installation and
Configuration
WinRM quickconfig – to enable WS-
Management Protocol and set the default
configuration
Default settings
• IPMI and WinRM are installed
• No WinRM listener configured
• Internet Connection Firewall (ICF)
blocks all ports
• ProxyCfg.exe – to set a WinRM proxy
configuration
Authentication for Remote Connections

Kerberos
• Default method when client is in a
domain and the remote destination
string is not localhost, 127.0.0.1, or
[::1]
Negotiate
• Default method when client is not in a
domain and the remote destination
string is localhost, 127.0.0.1, or [::1]
Basic
• Disabled in default configuration
Digest
Supported for WinRM client, but not
Server
Event Forwarding

The ability to use

WinRM to forward
Windows events
from one machine
(Source) to another
(Collector) based
on a subscription
mechanism
Built-in to Windows
Server 2008
Allows
administrators to
get events from
remote computers
and store them in
a centralized place
Demonstration: Windows Remote
Management (WinRM)

• Configure Windows Remote

Management
• Get WMI Data
• Use Windows Remote Shell
• View Event Forwarding
Implementation/Usage Scenarios

Manage PCs in restricted environments

(e.g. DMS, Internet, through firewalls/NATs)

Remotely connect WMI instrumentation for

asset and configuration management

Execute remote scripts or command-line

utilities with Windows Remote Shell

Monitor PC health by forwarding events to

a central collector
Recommendations

Enable Windows Remote Management to

manage Vista clients
Remotely collect WMI properties to bolster
your asset and inventory system
(specifically the Win32_Operating System
and Win32_ComputerSystem classes)
Use Event Forwarding to monitor client
health by focusing only on Critical or Error
events in the Application and System event
logs
Use Event Forwarding to monitor client
security by collecting ‘Audit Failure’ events
Summary

Windows Remote Management uses

Winrm.cmd to perform its operations
and is fully compliant with the DMTF
open standard: WS-Management
Windows Remote Management can use
a WMI plug-in that exposes WMI
classes, methods and properties
Event Forwarding uses WinRM to
forward Windows Events from a source
computer to a collector computer
Lab: Server Management in
Windows Server 2008

In this lab, you will:

Use Server Manager
Manage a Server Using
Windows PowerShell
Manage a Remote Computer
with WinRM
Clinic Summary

Windows Server 2008 provides new

tools, technologies and installation
options to improve the management
experience:
Server Manager/Initial Configuration
Tasks
Server Core
Windows PowerShell
Windows Remote Management