Installation and Configuration

Hardware Requirements
Processor — Processor performance depends not only on the clock frequency of the
processor, but also on the number of processor cores and the size of the processor cache.
The following are the processor requirements:
• Minimum: 1 GHz (for x86 processors) or 1.4 GHz (for x64 processors)
• Recommended: 2 GHz or faster
RAM — The following are the RAM requirements:
• Minimum: 512 MB
• Recommended: 2 GB or more
• Maximum (32-bit systems): 4 GB (for Windows Server 2008 Standard) or 64 GB (for
Windows Server 2008 Enterprise or Windows Server 2008 Datacenter)
• Maximum (64-bit systems): 32 GB (for Windows Server 2008 Standard) or 2 terabyte
(for Windows Server 2008 Enterprise, Windows Server 2008 Datacenter, or Windows
Server® 2008 for Itanium-Based Systems)
Disk space requirements —The following are the approximate disk space requirements
for the system partition. Itanium-based and x64-based operating systems will vary from
these estimates. Additional disk space may be required if you install the system over a
network:
• Minimum: 10 GB
• Recommended: 40 GB or more
Note
Computers with more than 16 GB of RAM require more disk space for paging,
hibernation, and dump files.
• DVD-ROM drive
• Super VGA (800 x 600) or higher-resolution monitor
• Keyboard and mouse (or other compatible pointing device)
See Hardware and Software Requirements for Installing SQL Server 2008 for more
information.
Install Windows Server 2008 R2 or Windows Server
2008
Windows Server 2008 or Windows Server 2008 R2 setup works in several stages: first
you are prompted for some basic information, including where you want to install
Windows®.
Figure 1: Provide basic information
Then, the setup procedure copies files and restarts the computer. The setup procedure
concludes by presenting the Initial Configuration Tasks menu, which you can use to
adjust the server configuration for your specific needs. Detailed instructions can be
found at Installing Windows Server 2008 R2 or Installing Windows Server 2008.
Server Core Option
Note that you can choose to perform a Server Core installation—a minimal server
installation of the operating system. With the addition of .NET Framework to Server
Core in Windows Server 2008 R2, the Server Core installation option is even more
appealing for those who want to use a very low footprint server for hosting their
applications. For detailed instructions, see the Server Core Installation Option Getting
Started Guide.
Figure 2: Server Core option
With the Server Core installation option, the traditional Windows interface is not
installed, so you must configure the server from the command prompt. Note that if
you use a Server Core installation, you cannot install some modules that rely on the
.NET Framework or managed code. For more information, see Using Server Core.
Configure Windows Server 2008 R2 or Windows
Server 2008
After the Windows Server 2008 or Windows Server 2008 R2 setup is finished, log on to
the server for the first time, and the Initial Configuration Tasks window automatically
opens. You can now configure the new server by using commands in the Initial
Configuration Tasks window.
The configuration tasks include setting the administrator password (the default is
blank), changing the name of the administrator account to improve the security of
your server (the default is "Administrator"), joining the server to an existing domain
(the default is "WORKGROUP"), changing the name of the computer (the default is a
random-generated name), enabling Remote Desktop for the server, and enabling
Windows® Update (the default is off) and Windows® Firewall (the default is on). For
more information, see Windows Server Initial Configuration Tasks.
Windows Server 2008 can properly install and configure DNS during the AD DS installation if it
knows that the DNS is local. To accomplish this, assign the private network adapter to the
preferred DNS server address of the same private network adapter, as follows:

1. From the Windows Start menu, open Administrative Tools > Server Manager.
2. In the Server Summary section of the Server Manager window, click View Network Connec-
tions.
3. In the Network Connections window, right-click the private adapter and select Properties.
4. From the list of conected items, select Internet Protocol Version 4, and then click Properties.
5. Copy the IP address that is displayed in the IP address box and paste it in the Preferred DNS
serverbox. Then, click OK.

6. Click OK in the Properties dialog box, and close the Network Connections window.
Add the Active Directory Domain Services role

Adding the Active Directory Domain Services role installs the framework for Windows Server
2008 to become a DC and run AD DS. It does not promote the server to a DC or install AD DS.
1. In the Server Manager window, select the Roles directory.
2. In the Roles Summary section, click Add Roles.
3. On the Before You Begin page of the Add Roles Wizard, click Next.
4. On the Select Server Roles page, select the Active Directory Domain Services check box, and
then click Next.
5. On the Confirmation page, click Next.
6. On the Installation Progress page, click Install.
7. On the Results page, after the role is successfully added, click Close.
Enable remote management

1. Open the Server Manager window if it is not already open.

2. In the Properties area of the Local Servers page, click Remote Management.
3. Select the Enable remote management of this server from other computers check box.
Install AD DS

Now that you have prepared the server, you can install AD DS (DCPROMO).

Note: As an alternative to performing steps 1 through 3, you can type dcpromo.exe at the com-
mand prompt. Then, skip to step 4.
1. If it is not already open, open the Server Manager window.

2. Select Roles > Active Directory Domain Services.

3. In the Summary section,click Run the Active Directory Domain Services Installation Wizard
(dcpromo.exe).
4. On the Welcome page of the Active Directory Domain Services Installation Wizard, ensure that
the Use advanced mode installation check box is cleared, and then click Next.
5. On the Operating System Compatibility page, click Next.
6. On the Choose a Deployment Configuration page, select Create a new domain in a new for-
est and then click Next.
7. On the Name the Forest Root Domain page, enter the domain name that you choose during prepa-
ration steps. Then, click Next.
The installation program verifies the NetBIOS name.

8. On the Set Forest Functional Level page, select Windows Server 2008 R2 in the Forest function
levellist. Then, click Next.
 The installation program examines and verifies your DNS setting.

9. On the Additional Domain Controller Options page, ensure that the DNS server check box is se-
lected, and then click Next.
10. In the message dialog box that appears, click Yes.
11. On the Location for Database, Log Files, and SYSVOL page, accept the default values and then
click Next.
12. On the Directory Services Restore Mode Administrator Password page, enter the domain admin-
istrator password that you chose during the preparation steps. This is not your admin password
that was emailed to you during the creation of your server, although you can use that password if
you want to. Then, click Next.
13. On the Summary page, review your selections and then click Next.
The installation begins.

Note: If you want the server to restart automatically after the installation is completed, select
the Reboot on completion check box.
14. If you did not select the Reboot on completion check box, click Finish in the wizard. Then, re-
start the server.
15. After a few minutes, reconnect to your server in the Console in the Cloud Control Panel or RDP.

16. To log in, perform the following steps:

17. a. Click **Switch User**, and then click **Other User.**

18.

19. b. For the user, enter the full domain name that you chose, fol-
lowed by a back slash and **Administrator** (for example, **internal.ex-
ample.com\\Administrator**).

20.

21. c. Enter the password that was emailed to you when you first built
the server. If you changed your password for the local admin account on
this server before you began the installation of AD DS, use that pass-
word.
22.

23. d. Click the log in button.

The installation of Active Directory Domain Services on your server is complete.

Uninstalling Active Directory

When you uninstall Active Directory, you demote the domain controller
and make it a workgroup server. You uninstall Active Directory Domain
Services by following these steps:
1. In Server Manager, tap or click Manage and then tap or click Remove
Roles And Features. This starts the Remove Roles And Features Wizard. If
the wizard displays the Before You Begin page, read the Welcome mes-
sage and then tap or click Next.
2. On the Select Installation Type page, select Role-Based Or Feature-Based
Installation and then tap or click Next.
3. On the Select Destination Server page, the server pool shows servers you
added for management. Tap or click the server you are configuring, and
then tap or click Next.
4. On the Remove Server Roles page, clear Active Directory Domain Ser-
vices. An additional prompt is displayed warning you about dependent
features, such as Group Policy Management and the AD DS management
tools. If you tap or click the Remove Features button, the wizard removes
the dependent features as well as Active Directory Domain Services. If
you want to keep related management tools, clear the Remove Manage-
ment Tools check box and then click Continue.
5. Next, you see the Validation Results dialog box. Tap or click Demote This
Domain Controller. This starts the Active Directory Domain Services Wiz-
ard.
When the Active Directory Domain Services Configuration Wizard starts,
you'll see the Credentials page. You must be a member of the Domain
Admins group to remove an additional domain controller in a domain and
a member of the Enterprise Admins group to remove the last domain
controller from a domain. If you are logged on with an account that has
appropriate permissions for uninstalling Active Directory, you can use
your current logged-on credentials. Otherwise, tap or click Change and
then use the options in the Windows Security dialog box to enter the user
name and password for an account that does have the appropriate
permissions.
If this is the last domain controller in the domain and you want to
permanently remove the domain from the forest, select the Last Domain
Controller In The Domain check box before you continue. After you
remove the last domain controller in the domain, you can no longer
access any application partition data, domain accounts, or encrypted
data. Therefore, before you uninstall the last domain controller in a
domain, you should examine domain accounts and look for encrypted files
and folders
NAT SERVICES
Network Address Translation (NAT) is the process where a network device, usually a
firewall, assigns a public address to a computer (or group of computers) inside a private
network. The main use of NAT is to limit the number of public IP addresses an organiza-
tion or company must use, for both economy and security purposes.

The most common form of network translation involves a large private network using ad-
dresses in a private range (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or
192.168.0 0 to 192.168.255.255). The private addressing scheme works well for com-
puters that only have to access resources inside the network, like workstations needing
access to file servers and printers. Routers inside the private network can route traffic
between private addresses with no trouble. However, to access resources outside the
network, like the Internet, these computers have to have a public address in order for re-
sponses to their requests to return to them. This is where NAT comes into play.

Internet requests that require Network Address Translation (NAT) are quite complex but
happen so rapidly that the end user rarely knows it has occurred. A workstation inside a
network makes a request to a computer on the Internet. Routers within the network rec-
ognize that the request is not for a resource inside the network, so they send the request
to the firewall. The firewall sees the request from the computer with the internal IP. It
then makes the same request to the Internet using its own public address, and returns
the response from the Internet resource to the computer inside the private network.
From the perspective of the resource on the Internet, it is sending information to the ad-
dress of the firewall. From the perspective of the workstation, it appears that communi-
cation is directly with the site on the Internet. When NAT is used in this way, all users in-
side the private network access the Internet have the same public IP address when they
use the Internet. That means only one public addresses is needed for hundreds or even
thousands of users.

Most modern firewalls are stateful - that is, they are able to set up the connection be-
tween the internal workstation and the Internet resource. They can keep track of the de-
tails of the connection, like ports, packet order, and the IP addresses involved. This is
called keeping track of the state of the connection. In this way, they are able to keep
track of the session composed of communication between the workstation and the fire-
wall, and the firewall with the Internet. When the session ends, the firewall discards all of
the information about the connection.

There are other uses for Network Address Translation (NAT) beyond simply allowing
workstations with internal IP addresses to access the Internet. In large networks, some
servers may act as Web servers and require access from the Internet. These servers are
assigned public IP addresses on the firewall, allowing the public to access the servers
only through that IP address. However, as an additional layer of security, the firewall
acts as the intermediary between the outside world and the protected internal network.
Additional rules can be added, including which ports can be accessed at that IP address.
Using NAT in this way allows network engineers to more efficiently route internal net-
work traffic to the same resources, and allow access to more ports, while restricting ac-
cess at the firewall. It also allows detailed logging of communications between the net-
work and the outside world.

Additionally, NAT can be used to allow selective access to the outside of the network,
too. Workstations or other computers requiring special access outside the network can
be assigned specific external IPs using NAT, allowing them to communicate with com-
puters and applications that require a unique public IP address. Again, the firewall acts
as the intermediary, and can control the session in both directions, restricting port ac-
cess and protocols.

NAT is a very important aspect of firewall security. It conserves the number of public ad-
dresses used within an organization, and it allows for stricter control of access to re-
sources on both sides of the firewall.

OR

What is NAT?

A. Network Address Translation (NAT) is designed for IP address conservation. It enables private IP
networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router,
usually connecting two networks together, and translates the private (not globally unique)
addresses in the internal network into legal addresses, before packets are forwarded to another
network.
As part of this capability, NAT can be configured to advertise only one address for the entire network
to the outside world. This provides additional security by effectively hiding the entire internal
network behind that address. NAT offers the dual functions of security and address conservation and
is typically implemented in remote-access environments.
Q. How does NAT work?
A. Basically, NAT allows a single device, such as a router, to act as an agent between the Internet (or
public network) and a local network (or private network), which means that only a single unique IP
address is required to represent an entire group of computers to anything outside their network.
Q. How do I configure NAT?
A. In order to configure traditional NAT, you need to make at least one interface on a router (NAT
outside) and another interface on the router (NAT inside) and a set of rules for translating the IP
addresses in the packet headers (and payloads if desired) need to be configured. In order to
configure Nat Virtual Interface (NVI), you need at least one interface configured with NAT enable
along with the same set of rules as mentioned above.

A NAT (Network Address Translation or Network Address Translator) is the

virtualization of Internet Protocol (IP) addresses. NAT helps improve
security and decrease the number of IP addresses an organization needs.

NAT gateways sit between two networks, the inside network and
the outside network. Systems on the inside network are typically assigned
IP addresses that cannot be routed to external networks (e.g., networks in
the 10.0.0.0/8 block). A few externally valid IP addresses are assigned to
the gateway. The gateway makes outbound traffic from an inside system
appear to be coming from one of the valid external addresses. It takes
incoming traffic aimed at a valid external address and sends it to the
correct internal system. This helps ensure security, since each outgoing or
incoming request must go through a translation process that also offers the
opportunity to qualify or authenticate incoming streams and match them to
outgoing requests, for example.

NAT conserves the number of globally valid IP addresses a company

needs, and in combination with Classless Inter-Domain Routing (CIDR) has
done a lot to extend the useful life of IPv4 as a result. NAT is described in
general terms in IETF RFC 1631.

The NAT mechanism ("natting") is a router feature, and is often part of a

corporate firewall. NAT gateways can map IP addresses in several ways:

• From a local IP address to one global IP address statically;

• From a local IP address to any of a rotating pool of global IP addresses

a company may have;

• From a local IP address plus a particular TCP port to a global IP ad-

dress or one in a pool of ports;

• From a global IP address to any of a pool of local IP addresses on a

round-robin basis.

In some cases, network administrators don't define simple mappings.

Instead they define policies that allow the gateway device to assign
mappings based on the intended destination ("pick this external address for
communications to partner A's network; pick that external address for
communications to partner B's"), or on the protocols being used ("assign
out of this pool for HTTP traffic, that pool for HTTPS") or on other factors.
A newer role for NAT focuses on translating IPv4 addresses to IPv6, and
vice versa, to provide integration of IPv4 infrastructure and end-nodes into
IPv6 environments, and allow IPv6 services to interact with IPv4 systems.

Print Management
Brief Description
Print Management is a Microsoft Management Console (MMC) snap-in that enables you to
install, view, and manage all of the printers in your organization from any computer running
Windows Server.
Overview
Print Management provides up-to-the-minute details about the status of printers and print servers
on the network. You can use Print Management to install printer connections to a group of client
computers simultaneously. Print Management can help you find printers that have an error
condition by using filters. It can also send e-mail notifications or run scripts when a printer or print
server needs attention. On printer models that provide a printer Web page, Print Management
has access to more data, such as toner and paper levels, which you can manage from remote
locations, if needed.
What Is Print Management?
Print Management is a snap-in in Microsoft Management Console (MMC) that enables you to
install, view, and manage all of the printers in your organization from any computer running
Windows Server. Print Management provides up-to-the-minute details about the status of printers
and print servers on the network. You can use Print Management to install printer connections to
a group of client computers simultaneously. Print Management can help you find printers that
have an error condition by using filters. It can also send e-mail notifications or run scripts when a
printer or print server needs attention. On printer models that provide a Web page, Print
Management has access to more data, such as toner and paper levels, which you can manage
from remote locations, if needed.

Who Should Use Print Management?

This guide is targeted at the following audiences:

·Print Administrators and Help Desk professionals.

·Information Technology (IT) planners and analysts who are evaluating the product.
· IT planners and designers.
·Early adopters.
Benefits of Print Management
Print Management saves the print administrator a significant amount of time installing printers on
client computers and managing and monitoring printers. Tasks that can require up to 10 steps on
individual computers now can be accomplished in 2 or 3 steps on multiple computers
simultaneously and remotely.

By using Print Management with Group Policy, you can automatically make printer connections
available to users and computers in your organization. In addition, Print Management can
automatically search for and install network printers on the local subnet of your local print
servers.
Requirements for Print Management
Here are some important notes about the requirements for Print Management and the print
servers that you can monitor using Print Management:

·You can install Print Management only on computers running Windows Server.
·You can use Print Management to monitor printers that are on print servers running Microsoft®
Windows® 2000 Server, Windows Server 2003, and Windows Server operating systems.
·You can use Print Management to monitor multiple print servers at a time.
Print Management can display and install printer drivers on computers running the Microsoft®
Windows NT® Server 4 operating system, but it cannot display printer drivers that are already
installed. It is not possible to display forms on computers running Windows NT 4.

Security Requirements
To take full advantage of Print Management, you must be logged on as an administrator or a
member of the Administrators group on the print servers you are managing.

It is good practice for administrators to use an account with restrictive permissions to perform
routine, non-administrative tasks and to use an account with broader permissions only when
performing specific administrative tasks.

You can open Print Management and monitor any print server and printer without administrative
privileges. However, you will be unable to perform certain functions such as adding and deleting
printers and printer drivers.

Steps for Deploying and Operating Print

Management
To deploy and operate Print Management, complete the following tasks:

Step 1: Install Print Management

Installing Print Management is accomplished by adding or updating the print server role. Note
that the computer on which Print Management is installed does not need to be a print server. Do
one of the following:

·If the print server role is not installed, perform the following procedure.
To install the print server role

1. Click Start, point to All Programs, point to Administrative Tools, and then
click Manage Your Server.
2. Click Add or remove a role.
3. In the Configure Your Server Wizard, click Next to get to the Server Role page.
4. On the Server Role page, click Print Server, and then click Next twice. Follow the
steps in the wizard to complete the installation.
·If you are running an earlier version of a Windows server operating system that has the print
server role and at least one shared printer already installed, perform the following procedure.
To update the print server role

1. Click Start, point to All Programs, point to Administrative Tools, and then
click Manage Your Server.
2. Click Update this role.
 3. In the Print Server Role Wizard, click Next.
4. Follow the steps in the wizard to complete the installation.

Step 2: Open Print Management

After you install both Windows Server and Print Management, then open Print Management. If
you want to use Print Management on a computer in another location by using Remote Desktop,
the remote computer must have Windows Server and Print Management installed.

To open Print Management

·Click Start, point to All Programs, point to Administrative Tools, and then click Print Man-
agement.
Step 3: Add and remove print servers
You can add both a local print server and network print servers to Print Management. Note that
the computer on which Print Management is installed does not need to be a print server.

Adding a Print Server

If the server on which you use Print Management is also a print server and you want to manage
the printers that it hosts by using Print Management, use the following procedure to add the print
server to Print Management.

To add print servers to Print Management

1. In the Print Management tree, right-click Print Management, and then click Add/Re-
move Servers.

2. In the Add/Remove Servers dialog box, under Specify print server, in Add server, do
one of the following:
·Type the name.
·Click Browse to locate and select the print server.
3. Click Add to List.
4. Add as many print servers as you want, and then click OK.
Note

You can add the local server on which you are working by clicking Add the Local Server.
To remove print servers from Print Management

1. In the Print Management tree, right-click Print Management, and then click Add/Re-
move Servers.
2. In the Add/Remove Servers dialog box, under Print servers, select one or more serv-
ers, and click Remove.
Step 4: View Printers
The Print Management tree contains three places where printer information is stored: Custom
Printer Filters,Print Servers, and Deployed Printers. The Custom Printer Filters folder
contains the All Printers object, which contains a dynamic view of all of the printers on all of the
servers available for managing by Print Management. All of the custom views, or filters, of
printers that you create are stored in Custom Printer Filters.
The network printer servers that you add are stored in Print Servers. Every printer server
automatically is given four objects that serve as filters for information about a server:
·Drivers
·Forms
·Ports
·Printers
To quickly access the Print Server Properties dialog box, right-click the Drivers, Forms,
or Ports objects, and then click Manage Drivers, Manage Forms, or Manage Ports.