Sneak Preview to Windows 2008:

Whats New and What Early Adopters

have Experienced with Longhorn
Server

Created and Presented by:

Rand Morimoto, Ph.D., MCSE, CISSP

Author, UnleashedUnleashed-series / Sams Publishing
President, Convergent Computing
http://www.cco.com
Seminar slides / video: http://www.cco.com/online.htm

Top Ten Areas of Focus of Windows

2008 Early Adopters
Improvements in Server Security
New Terminal Services capabilities
Network Access Protection (NAP)
Improvements in Networking
Enhancements to Directory Services
New Deployment Roles
Improved Interoperability with Unix
Reliability and Performance Improvements
New Application Server
Management improvements

Dynamic Partitioning

Windows 2008 Under the Hood

In the past, hardware upgrades and maintenance

have required a shutdown, resulting in downtime
Windows Server 2008 reduces the need for
downtime by supporting these hardware
configuration changes without a reboot
Hot plug PCI Express
Some vendor proprietary Windows Server 2003 configurations
support hot plug PCI Express

Hot replace of memory

Windows Server 2003 supports hot add memory

Hot add and replace of processors

Self--Healing NTFS
Self
In the past, NTFS corruptions required running
Chkdsk (which often could only be done on the
next reboot)
In Windows Server 2008, an NTFS worker thread
pe
o s background
bac g ou d C
ds -type co
ect o s
performs
ChkdskChkdsk
corrections
when NTFS detects a corrupt file or directory
Minor disk errors are transparent to the user
Only corrupted files/folder inaccessible during repairs
unlike lock of the entire volume
No need to reboot to repair corruptions

SMB2
SMB is the original Windows remote file
system protocol
Cant adapt to new NTFS features
Not designed for todays large data sizes

SMB2 introduced in Windows Vista and

Windows Server 2008
Supports NTFS client
client--side symbolic links
Operations can be batched to minimize client/server
round trips
Support for arbitrary buffer sizes for more efficient
copies result in 30
30--40x throughput improvement

Parallel Session Creation

In the past, session creation was done serially
Was a bottleneck for Terminal Services

In Windows Server 2008, initial Smss.exe creates an

instance of itself to initialize each session
Minimum parallel session startups is 4
M i
Maximum
iis number
b off processors

Session 0 Smss runs Wininit.exe

No need for Winlogon since session 0 is noninteractive
Wininit starts what Winlogon used to start: Services, Lsass

Session 11-n Smsss create initialize interactive sessions

Session--specific instance of Csrss.exe and Winlogon.exe
Session

IPv6 and Why Now?

End--to
End
to--end connectivity broken today
NATs used to share single IPv4 address across multiple
hosts/devices can break (or requires point solutions for)
several scenarios requiring client to client communication
Decrease in performance when relaying all traffic through
servers
Hides home network from ISP and hence, blocks the
ability to provide services like remote assistance, remote
monitoring
Global IP address is becoming more and more premium
.blah, blah, blah

Enabling IPv6 in the Enterprise

Intra--Site Automatic Tunnel Addressing Protocol:
Intra
ISATAP provides IPv6 connectivity throughout
enterprise by deploying few ISATAP servers
No infrastructure upgrade needed
Works by tunneling IPv6 packets over IPv4
ISATAP addresses contain embedded
IPv4 addresses
[64--bit prefix]:0:5EFE:w.x.y.z: w.x.y.z is a public or private
[64
IPv4 address. Example: FE80::5EFE:157.59.137.133

Clients communicate directly without going through

ISATAP server
Entire IPv4 intranet appears as a single IPv6 subnet

Clean Service Shutdown

In the past, services had no way to extend the time
allowed for shutdown
After a fixed timeout (default 20 seconds), SCM was
killed and system halted (while services were running)
This was a problem for services that needed to flush
data
In Windows Server 2008, services can request
preshutdown notification
Can take as long as they want to shut down as long as
they are responsive
If the service stops responding the system gives up on
it after 3 minutes
After prepre-shutdown services stop, the system performs
Windows XPXP-style shutdown for other services

Windows Server 2008 is IPv6IPv6-Ready

As with Windows Vista, IPv6 is on by default
(and can be centrally managed)
IPv6 can be used on IPv4 networks using
numerous builtbuilt-in transition technologies:
Intra-Site Automatic Tunnel Addressing Protocol
Intra(ISATAP)
Teredo (NAT traversal for IPv6 over IPv4 networks)
6to4

Example of current IPv6 applications:

Windows Meeting Space enables shared views, text
messaging, presentations, file sharing
Remote assistance possible through NATs by using
IPv6

Hypervisor
Windows Server 2008 is the
basis for Microsofts new
virtualization offering
(codename Viridian)
Hypervisor to control low level
access to system resources
Processors,, Local APICs,,
physical memory
Kernel enlightenments for
improved performance and
scalability

Root partition implements

device support using Server
Core

Root
Partition

Child
Partition

Child
Partition

Apps

Apps

Apps

Server
Core

OS 1

OS 2

Windows hypervisor
Hardware

Different than VMWare ESX

where hypervisor implements
drivers

Service Changes in Windows

Server 2008
Improvements in
Server Security

Controlling Device Installation

Windows XP SP2 / Server 2003 R2

Windows Vista /
Windows Server 2008

Account

Services

Account

Services

LocalSystem

Wireless Configuration
System Event
Notification
Network Connections
(netman)
COM+ Event System
NLA
Rasauto
Shell Hardware
Detection
Themes
Telephony
Windows Audio
Error Reporting
Workstation
ICS

LocalSystem

WMI Perf Adapter

Automatic updates
Secondary Logon

App Management
Wireless Configuration

LocalSystem

BITS
Themes
R
Rasman
TrkWks
Error Reporting

6to4
Task scheduler
R
RemoteAccess
t A
Rasauto
WMI

Network Service

DNS Client
ICS
DHCP Client

browser
Server
W32time

Cryptographic Services
Telephony

PolicyAgent
Nlasvc

System Event Notification

Network Connections
Shell Hardware Detection

COM+ Event System

Windows Audio
TCP/IP NetBIOS helper
WebClient
SSDP

Event Log
Workstation
Remote registry

Network
Service

DNS Client

Local Service

SSDP
WebClient
TCP/IP NetBIOS helper
Remote registry

RemoteAccess
DHCP Client
W32time
Rasman
browser
6to4
Help and support
Task scheduler
TrkWks
Cryptographic Services
Removable Storage
WMI Perf Adapter
Automatic updates
WMI
App Management
Secondary Logon
BITS

Firewall Restricted

Fully Restricted

Network Service
Network Restricted

Local Service
No Network
Access

Local Service
Fully Restricted

Secure Wireless LAN

Ability to block all new device installs

Network Policy Server
Authentication Server

Can deploy a machine and allow no new devices

to be installed

Active Directory

Set exceptions based on device class or device ID

Wireless Clients

Allow keyboards and mice to be added

added, but
nothing else
Allow specific device IDs
Configurable via Group Policy
Set at the computer level

Wireless Controller
Wireless Access Points

SQL Server (Optional)

Certificate Authority
(Optional)

Efficiently deploy and manage secure 802.11 wireless networking

Deploy & maintain leading wireless 802.11 security methods, including
smartcards or passwords, with no additional client software.
Windows Server NPS, AD & CA services enable central control of network
authentication and encryption of wireless 802.11 traffic
Group Policy and scriptable mechanisms to provision wireless clients
and settings

AD Rights Management Services

AD RMS protects access to an
organizations digital files
AD RMS in Windows Server 2008
includes several new features
Improved installation and
administration experience
Self--enrollment of the
Self
AD RMS cluster
Integration with
AD Federation Services
New administrative roles
Information Author

New Terminal Services

Capabilities
p

The Recipient

Terminal Services

TS Remote Programs

(Secure centralized application access)

Centralized Application Access

Central Location

App Deployment (app virtualization)

Branch Office
Secure Anywhere Access

Configure all the publishing settings

Create MSI package or RDP package
Deploy package to clients

New features
TS Gateway
TS Remote Programs
SSO for managed clients

Way to publish applications for access by users

Three--step process
Three

Remote Programs require Seamless Windows

Remote programs integrate seamlessly with local programs
Integration of graphics enhancements (WPF
(WPF, WinFX)

Branch Office

MSI packages provide setup and deployment integration

New in RDP 6
Spanning multiple monitors (mstsc.exe /span)
Going beyond 1,600 x 1,200 resolution limit (8,192k video
memory) to 4,096 x 2,048
Introducing 32 bpp color mode
New performance counters added in conjunction with support for
32 bpp color depth
Support of ClearType fonts
Support of AeroAero-Glass via RDP

Active Directory Group Policy

Systems Management Server
Manual

Shortcuts published to
Desktop
Start menu
Add/remove programs

Mobile or
Home Office

TS Remote Programs

TS Remote Programs

Push GP-published
applications

Active Directory

Publish

Windows 2008
RDP Client

Publish
manually

Windows 2008
Terminal Server

Terminal Services
License Server

Terminal Server Web Access

Access published applications from a list of
program icons in a Web browser page

TS Web Access
AD Mode
HTTPs

Application icons are presented in IE

Program opens in a seamless window

Ideal for low complexity scenarios

Active Directory

TS
Web Access

Two modes of configuration

Single Terminal Server mode
AD Mode (queries group policies for published MSI
packages)

Single Server Mode

RDP

Windows 2008
RDP Client
Load
Balancer

Windows 2008
Terminal Servers

Session
Directory

TS Web Access

TS Gateway
Allows secure seamless connection without VPN
Tunnels RDP over HTTPS
Place TS behind multiple firewalls without opening multiple
firewall ports other than 443
Uses same infrastructure as Outlook over RPC/HTTPS

Allows access to
Terminal Server Remote Desktops & Programs
Client Remote Desktop
Server Remote Desktop

When should TS Gateway be used in place of VPN?

When no local copy of data is required
When a quicker connection time is required
When bandwidth or application data size makes VPN
experiences suck

TS Web Access & TS Gateway

LDAP
HTTPs

Active Directory

TSWA

Network Access Protection

((NAP))

SSL

Windows 2008
RDP Client

TS
Gateway

Load
Balancer

Windows 2008
Terminal Servers

Session
Directory

Network Access Protection

Policy--driven access
Policy

Policy Servers
e.g. MSFT Security
Center, SMS, Antigen
or 3rd party

Windows
Vista Client

Not policy
compliant

DHCP, VPN
Switch/ Route

Organizational
Benefits

MSFT
Network
Policy
Server

Policy Validation
Determines whether the computers are compliant with the companys security policy.
Compliant computers are deemed healthy

Restricted
N
Network
t
k

Policy
compliant
5

Fix Up
Servers
e.g. MSFT
WSUS, SMS &
3rd party

Corporate
Network

Enhanced Security
All communications are authenticated, authorized & healthy

Network Restriction
Restricts network access to computers based on their health

Remediation
Provides necessary updates to allow the computer to get healthy. Once healthy, the
network restrictions are removed

Ongoing Compliance
Changes to the companys security policy or to the computers health may dynamically
result in network restrictions

Defense--inDefense
in-depth on your terms with DHCP, VPN, IPsec
IPsec,, 802.1X
Policy--based access that IT Pros can set and control
Policy

NAP - Enforcement Options

Enforcement

Healthy Client

Unhealthy Client

DHCP

Full IP address given,

full access

Restricted set of routes

VPN (Microsoft
and 3rd Party)

Full access

Restricted VLAN

802.1X

Full access

Restricted VLAN

Can communicate with

any trusted peer

Healthy peers reject

connection requests from
unhealthy systems

IPsec

Improvements in Directory
Services

Complements layer 2 protection

Works with existing servers and infrastructure
Flexible isolation

Terminology

Problems that RODCs resolve

Deployment of domain controllers at remote locations
challenges enterprises

Active Directory Domain Services (AD DS)

Previously Active Directory

Active Directory Lightweight Directory Services

(AD LDS)
Previously ADAM, Active Directory Application
M d
Mode

Dealing with these challenges

Consolidation of domain controllers in few locations?
New option: Introducing the readread-only domain
controller (RODC)

Server roles
Server functionalities like AD DS, AD LDS, DNS,
DHCP
Centrally managed through Server Manager

Impact of stolen RODC limited to accounts with replicated

secrets
Password replication policy, to prevent replication of secrets to
insecure locations
By default, no secrets are replicated
Recommend replication of passwords of
branch--specific accounts
branch

Server Core
Minimal server installation option
Reduces attack surface because fewer
components installed

How RODC Works

Windows Server
2008 DC

Threat mitigation

Attacker perspective

Read
Only DC

Hub

Deployment of domain controllers at

unsecured locations
Delegation of domain administrator privileges to administrators at
branches

Hub Admin perspective

RODC

Branch

1
6
1 User logs on and authenticates
2 RODC: Looks in DB: "I don't have the users secrets"
3 Forwards Request to Windows Server 2008 DC
4 Windows Server 2008 DC authenticates request
5 Returns authentication response and TGT back to the RODC
6 RODC gives TGT to User and RODC will cache credentials

Must be in Windows Server 2003 Forest

Functional Mode
At least one Windows Server 2008 DC
required
Multiple Windows Server 2008 DCs
recommended for fault tolerance

Additional remote infrastructure improvements

Administrative Role Separation
Provides a new local administrator level of access per RODC
Prevents accidental AD modifications by machine administrators
Does not prevent local administrator from maliciously
modifying the local DB

New Deployment Roles

Two--stage DC promotion
Two
First stage: domain administrator prepre-creates RODC computer
account
Second stage: machine administrator at branch promotes the
machine to RODC

Stop/Start the AD Directory Services without reboot

Reduce DC downtime for offline operations
Keep other services running while DC offline
Acts like a member server while DC offline

SYSVOL replication using DFSDFS-R

Greater scalability and reliability
Bandwidth utilization reduction through RDC

Server Core

Server Core Desktop

New minimal installation option with only core components

No GUI interface or graphical applications installed
Subset of server roles and features available
Manage remotely as you would any server

Benefits of Server Core

Fewer Patches
Server Core reduces # of patches by ~60%
Based on all Windows 2000 patches

Servicing burden is reduced by removing components that are

most often serviced

More Secure, Reliable and Less Management

Removal of nonnon-value add legacy & client components from server

Deploying Server Core

There is a screen in Setup to select either:
Server with the shell and all Server Roles
Server Core with Command Prompt and supported roles

Server Core initial configuration can be

done either
Manually using the command line tools
Using an unattend file

Adding Server Roles

Command line only, no Server Manager
Start /w Ocsetup RolePackage
DHCP = DHCPServerCore
DNS = DNS
DNS--Server
Server--Core
Core--Role
File = File
File--Server
Server--CoreCore-Role
File Replication service = FRSFRS-Infrastructure
Distributed File System service = DFSNDFSN-Server
Distributed File System Replication = DFSRDFSR-Infrastructure
Infrastructure--ServerEdition
Network File System = ServerForNFSServerForNFS-Base
Media Server = MediaServer

Active Directory
Dcpromo /unattend:Unattendfile
Dcpromo now installs Active Directory
Ocsetup not supported for Active Directory

Managing Server Core

CMD for local command execution
Terminal Server using CMD
WS--Management and Windows Remote Shell for remote
WS
command execution
WMI

IIIS 7 on Server Core

Can be managed remotely using IIS PowerShell
cmdlets or managed code
Same installation granularity as on
Server installations
IIS--WebServerRole
IIS

Can use WMI based PowerShell scripts and cmdlets remotely

Top level packages are

Task Scheduler for scheduling jobs and tasks

Event Logging and Event Forwarding
RPC and DCOM for remote MMC support
SNMP
Scripting host

IIS--WebServerManagementTools
IIS
IIS--IIS6ManagementCompatibility
IIS
IIS--ManagementScriptingTools
IIS
WAS--WindowsActivationService
WAS
WAS--ProcessModel
WAS

Not included:

Control Panel in Server Core?

IIS-FTPPublishingService
IISIIS--FTPServer
IIS
IIS--WebServer
IIS
IIS--ApplicationDevelopment
IIS
A li i D
l
IIS--CommonHttpFeatures
IIS
IIS--HealthAndDiagnostics
IIS
IIS--Performance
IIS
IIS--Security
IIS

Management Service and GUI Tools

ASP.NET support
PowerShell cmdlets

Limited functionality for specific scenarios

Time zone, to change -- Control timedate.cpl
Keyboards and/or language, to change -- Control intl.cpl

Windows 2008 Branch Office Improvements

Technologies
Active Directory
Read-Only Domain Controller
ReadAdministrative Role Separation
Restartable Active Directory
SYSVOL replication using DFS

Improved Interoperability with

Unix Environments

BitLocker Drive Encryption

NetIO
SMB 2.0

Value Propositions
Improve the efficiency of remote office server
deployment
and administration
Mitigate physical security risks in remote offices
Improve the efficiency of WAN communications

Windows Server 2008 Features for

UNIX Interoperability
Improve and enhance UNIX integration features
as a part of Windows Server

Password Synchronization
Pluggable
Authentication
Module (pam)

Authentication integration
UNIX scripting and application migration tools

Support for 3232-bit and 64

64--bit

Password
Synchronization
Service
in
Windows Server

Single
Sign On
Daemon (ssod)
HP-UX
Solaris

Extensions to Active Directory default schema to

support UNIXUNIX-related attributes (RFC 2307)

AIX
Red Hat
Linux

LEGEND:
Windows Password Changed
UNIX Password Changed

Server for NIS

UNIX NIS Servers(UID/GID)

Windows Servers (SID)

Subordinate SubordinateSubordinate

Reliability and Performance

Improvements

Master

NIS Clients

Makes a Windows Server into an NIS master server

Clustering Improvements

Enhanced Quorum Model

Majority--based cluster membership
Majority

Enhanced Quorum Model

Who and what gets a vote is fully configurable

Eliminating failure points

Networking Enhancements

Original design assumed that storage would be always

available

Stretched Cluster Enhancements

New bestbest-of
of--both
both--worlds quorum model
Hybrid of legacy Majority Node Set (MNS) logic and
Shared Disk Quorum model
This model will replace both existing models

Designed for Storage Area Networks

Tools for Cluster Migrations

No single point of failure!

Can survive loss of the Quorum disk

Majority quorum model

Majority of Nodes

New majoritymajority-based quorum model

Majority of nodesnodes-based quorum
Disk is optional witness to have a vote in deciding majority

Only Nodes get votes

3+ Node votes without Shared Storage vote
Majority of votes needed to operate cluster
No shared disk vote

3 total votes, with 2 needed for majority

So the Cluster can survive the loss of any 1 vote

Vote

Vote

Vote
Each node
counts as 1 vote

Vote

Vote
Vote

Shared Storage
Device gets 1 vote

Replicated Storage Devices

Witness Disk

File Share Witness

File Share Witness allows a 22-node cluster with no shared disk

Only Disk gets a vote

Nodes have no votes, quorum disk is the master
Cluster stays up as long as least 1 node can talk to the disk
Achieves same behavior as legacy quorum model

Majority of Nodes + Witness based quorum

Excellent solution for GeoClusters

File Share should reside in a third site

Single file server could serve as the Witness for multiple clusters
Improved from Windows Server 2003 to support greater than 2 nodes
Witness

File Share on an
independent server

Vote
Vote

Shared Storage
Device is master

Geographically dispersed clusters

Cluster nodes can now reside
in different subnets
Allow cluster nodes to
communicate across
network routers
No more having to connect
nodes with VLANs!
VLANs!

Enhanced infrastructure allows

stretching cluster nodes over
greater distances
Configurable Heartbeat timeouts
No cluster distance limitations

Vote
Each node
counts as 1 vote

Revamped mechanism to manage shared disks

Enhanced mechanism to use Persistent Reservations
New algorithm for managing shared disks

No more device resets with PRs!

No longer uses SCSI Bus Resets which can be disruptive on a
SAN
Disks are never left in an unprotected state

Tight integration into core OS disk management

Enhanced support for hardware snapshot restores of
clustered disks
Suppresses clusters disk health monitoring
Improved disk Maintenance Mode will allow giving temporary
exclusive access to online clustered disks
to other applications
Combines Windows Server 2003 SP1 Maintenance Mode and postpostSP1 Extended Maintenance Mode into superior behavior

New Reliability Technology in Win/2008

Windows Performance Diagnostic Console and
Reliability Monitor
Introduction to Windows Performance Diagnostic
Console and Reliability Monitor
Combination of performance tools
Keep track of system activity and resource usage with Resource
View
Reliability Monitor diagnoses potential causes of instability

New Application Server

Benefits of Windows Performance Diagnostic Console

and Reliability Monitor
Combines performance tools in a single interface increases
efficiency of operations
Resource View is easier to use but more powerful than Task
Manager
Reliability Monitor saves administrators time for recovering the
system from instability in a targeted manner

10

Managing Your Web with IIS 7.0

IIS 7.0 Overview

Secure HTTPS
Internet

Administrator

Shared
Config

Manage Remotely

Shared App Hosting

Xcopy deployment and shared

configuration

Streamlined installation means

reduced attack surface
Simplified administration through
variety of tools

Event logging and tracing for

faster troubleshooting

Customization and extensibility

through .NET

Application and health

management for Web services

XML
Site Owner

App

Web.config

Web Farm

Arsenal of Admin Tools

Secure Remote Management

Delegated Management

Shared Config for Web Farms

IIS7 Administration Experience

Improved Tree
View

Management Improvements
Category sorting
for easy to find
features

Multiple Local GPOs

Group Policy Tools
New GPOE & GPMC Tools
Search and Filter on Settings
Add comments to GPOs

Group Policy
Templates
ADM Templates now in
ADMX files (ADMX, ADML)

ADM

Group Policy Service

LGPOs
LGPO

Group Policy
Settings

NLA service provides the latest

network information
Applications can query or register
with
NLA for network change indications

Group Policy
Logging
Administrative log
Applications and Services log
XML based event logs
New Tools - GPOLogView

Local Computer Policy

Admin

Group Policy
Enhancements

Admin/Non--Admin Group Policy

Admin/Non

User

Over 800 new policy changes

with Windows Vista (firewall,
power, removable media, ptr mgmt)
Extended GP for new Windows
Vista features

Network Location
Awareness (NLA)

ADMX

Multiple Local GPOs

GP now runs in a shared service

Hardened Service, more reliable

NLA

Windows Vista/Windows
Server 2008

User Specified Group Policy

Policy

Group Policy Central

Store
Centralized repository for ADMX
Contains all ADMX templates
Created in the Sysvol on DC
in each domain
DC

SysVol

FRS/DFS--R
FRS/DFS

Policies
GUID
+
ADM
+
+ Policy Definations
ADMX, ADML Files

ADMX
ADML

More granular management of the local machine (for

example differences for admin and nonnon-admin users)
Local GPOs still lower precedence than domaindomain-based
GPOs!
Processed in the following order (least precedence first)
Local Policy Object (as before Windows Vista and always exists)
Processes both computer and user policy
Admin/Non--Admin LGPOs (optionally created by admin)
Admin/Non
Mutually exclusive for any one user
Processes only user policy
Specific User LGPO (created by admin)
Local user accounts
Processes only user policy

Create/Manage LGPOs through GPEdit.msc

New policy in Windows Vista to turn off LGPO processing

11

ADM to ADMX/L
Before Windows Vista and 2008 when you created a GPO,
an ADM subdir is created in the GPO automatically ((Sysvol
Sysvol))
If you merely view a GPO which does not have the ADM
directory, it is recreated
The ADM subdirectory includes five ADM files, totaling about
3.5 MB
100 GPOs? Thats about 350 MB of data, replicated to all
DCs.
Thats
DC Th
t Sysvol
S
l Bloat!
Bl t!
The Central Store is a domain
domain--wide directory
In Sysvol at \Policies
Policies\\PolicyDefinitions
Stores ADMX files (normally one per component)
One subdirectory for each supported language (en_us
(en_us,, fr,
fr, etc.), each
storing ADML files

If the Central Store exists, Windows Vista tools use it for

locating ADMX/ADML files
If the Central Store does not exist, Windows Vista tools use
their local policy definitions directory

Windows Server 2008 GP Support

Search/Filters: Constrain list of settings based on
Text search of setting title, explain text and comments
Platform and applications supported on
Managed (true GP policy setting)
Configured (enabled or disabled)
Results of search is a filtered view in the editor

Comments: Annotate per GPO or per setting

Starter GPOs:

Group Policy Interoperability

Windows
Vista and
Windows
Server
2008

Can manage all Group Policy

operating systems

Windows
XP,
Windows
Server 2003
and
Windows
2000

Can manage
Windows XP

Windows 2000

Has limited management of

Windows Vista

Windows Server 2008

WDS Image Capture Walkthrough

Image Capture
Process

1
2

WIM
3

WDS
Capture

Volume

Create WDS Capture image from

existing WinPE boot image using
MGMT tools
Install OS on reference
machine
Customize OS, install apps and drivers, etc

Run Sysprep

Boot into WDS Capture image

Run WDS Capture utility to create

image (optionally upload to WDS
server)

Encapsulate of best practices/scenarios

Contain recommended policy settings and values
Microsoft will make some available for download
Anyone can create and share new custom templates
Create new GPOs based on a Starter GPO

File Server Resource Management (FSRM)

Windows
Server 2003

Configure
Deployment Server
with images
Server Manager
WDS management

Create
transmission for
install images

Select install
image and deploy

PXE boot clients

Notification Option Screens

Differs from existing Windows 2000 and Windows 2003 quota solution,
which is logical, volume, perper-user
user--based
Quota Management allows a physical size to be specified on a volume or
folder basis
Restricts the data to grow beyond the defined size for the volume or
folder. All files count toward quota
This means compression on files enables more data to be saved
Real--time checking. Can cancel a current I/O.
Real
Hard or soft mode
Auto Apply for automatic sub
sub--folder quota assignment
User data folders on file server common use
Nesting of quotas supported and most restrictive will always apply
Available only on NTFS volumes and only volumes with quotas are
monitored
Due to SMB 1.0 limitations free disk space is shown based on the root of
the share and not current folder. Addressed with SMB 2.0.

12

Improvements in viewer and infrastructure

Task Scheduler Improvements

Previous Releases

Event Viewer Console

Windows Server 2008

Rich Schedule Trigger

Complete rewrite for Windows Vista & Windows Server 2008

Improved organization, integration, filtering, and searching

Backward Compatibility
Trigger on Event

Event Logs

Network Conditions

Viewable and exportable to XML

Channels for administrative events, global view across logs

Synchronized Tasks
Random Delayed Start

Events

Password Resilience

Notifications and user

user--defined actions on events
Richer online event information

Execution History

Event Forwarding

Task Import & Export

Consolidate events remotely over WSWS-Management

XPath subscriptions

Failure Notification

Convergent Computing
Services

Next Seminar
Introduction to Microsoft PowerShell

Existing Windows / Active Directory Assessment

October 11th (Thurs), 9am-11:30am (Santa Clara Marriott)
October 16th (Tues
Tues), 9am-11:30am (San Francisco Hyatt)
9am-11:30am (Sacramento Hyatt)
October 17th (Weds), 9am-

Active Directory health check

Active Directory architecture review
Server consolidation and redesign optimization

Migration Planning and Preparation / Budgeting Assistance

Planning and design sessions to migrate to Windows 2008

Hands--on Migration Assistance

Hands
Prototype migration testing and crosscross-training
Assistance with a successful migration
Cross--training on best practices, tips, and tricks
Cross

Technology Roadmap Assistance

Identifying key projects and initiatives, and sequencing them
properly (chicken and egg rere-Vista, Win2008, E2007, etc)
Understanding key initiatives of other similar orgs and what they are
doing with IT that you may not be doing
Budgeting and planning IT projects 6, 12, 24 months in advance

Questions?

Free
To Register for this Seminar:

Email - [email protected]
--or-Call (510) 444-5700 x179 (Seminar Registrations)
--or-Write PowerShell (SC, SF, Sac) on todays seminar eval form
to register for the upcoming event

Sneak Preview to Windows 2008:

Whats New and What Early Adopters
have Experienced with Longhorn
Server

Created and Presented by:

Rand Morimoto, Ph.D., MCSE, CISSP

Author, UnleashedUnleashed-series / Sams Publishing
President, Convergent Computing
http://www.cco.com
Seminar slides / video: http://www.cco.com/online.htm

13