Managing Servers Running Windows Server 2012

  • 9/15/2012
This chapter from Windows Server 2012 Pocket Consultant covers the roles, resources, and features available in Windows Server 2012 including the tools used for installation, setup and configuration, and management.
  • Server Roles, Role Services, and Features for Windows Server 2012
  • Full-Server, Minimal-Interface, and Server Core Installations
  • Installing Windows Server 2012
  • Managing Roles, Role Services, and Features
  • Managing System Properties

Servers are the heart of any Microsoft Windows network. One of your primary responsibilities as an administrator is to manage these resources. Windows Server 2012 comes with several integrated management tools. The one you’ll use for handling core system administration tasks is Server Manager. Server Manager provides setup and configuration options for the local server as well as options for managing roles, features, and related settings on any remotely manageable server in the enterprise. Tasks you can use Server Manager to perform include

  • Adding servers for remote management
  • Initiating remote connections to servers
  • Configuring the local server
  • Managing installed roles and features
  • Managing volumes and shares on file servers
  • Configuring Network Interface Card (NIC) Teaming
  • Viewing events and alerts
  • Restarting servers

Server Manager is great for general system administration, but you also need a tool that gives you fine control over system environment settings and properties. This is where the System utility comes into the picture. You can use this utility to do the following:

  • Change a computer’s name
  • Configure application performance, virtual memory, and registry settings
  • Manage system and user environment variables
  • Set system startup and recovery options

Server Roles, Role Services, and Features for Windows Server 2012

Windows Server 2012 uses the same configuration architecture as Windows Server 2008 and Windows Server 2008 Release 2 (R2). You prepare servers for deployment by installing and configuring the following components:

  • Server roles A server role is a related set of software components that allows a server to perform a specific function for users and other computers on a network. A computer can be dedicated to a single role, such as Active Directory Domain Services (AD DS), or provide multiple roles.
  • Role services A role service is a software component that provides the functionality for a server role. Each role can have one or more related role services. Some server roles, such as Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP), have a single function, and installing the role installs this function. Other roles, such as Network Policy and Access Services and Active Directory Certificate Services (AD CS), have multiple role services that you can install. With these server roles, you can choose which role services to install.
  • Features A feature is a software component that provides additional functionality. Features, such as BitLocker Drive Encryption and Windows Server Backup, are installed and removed separately from roles and role services. A computer can have zero or more features installed depending on its configuration.

You configure roles, role services, and features by using Server Manager, a Microsoft Management Console (MMC). Some roles, role services, and features are dependent on other roles, role services, and features. As you install roles, role services, and features, Server Manager prompts you to install other roles, role services, or features that are required. Similarly, if you try to remove a required component of an installed role, role service, or feature, Server Manager warns that you cannot remove the component unless you also remove dependent roles, role services, or features.

Because adding or removing roles, role services, and features can change hardware requirements, you should carefully plan any configuration changes and determine how they affect a server’s overall performance. Although you typically want to combine complementary roles, doing so increases the workload on the server, so you need to optimize the server hardware accordingly. Table 2-1 provides an overview of the primary roles and the related role services you can deploy on a server running Windows Server 2012.

Table 2-1 Primary Roles and Related Role Services for Windows Server 2012

ROLE

DESCRIPTION

Active Directory Certificate Services (AD CS)

Provides functions necessary for issuing and revoking digital certificates for users, client computers, and servers. Includes these role services: Certification Authority, Certification Authority Web Enrollment, Online Responder, Network Device Enrollment Service, Certificate Enrollment Web Service, and Certificate Enrollment Policy Web Service.

Active Directory Domain Services (AD DS)

Provides functions necessary for storing information about users, groups, computers, and other objects on the network, and makes this information available to users and computers. Active Directory domain controllers give network users and computers access to permitted resources on the network.

Active Directory Federation Services (AD FS)

Complements the authentication and access management features of AD DS by extending them to the World Wide Web. Includes these role services and subservices: Federation Service, Federation Service Proxy, AD FS Web Agents, Claims-Aware Agent, and Windows Token-Based Agent.

Active Directory Lightweight Directory Services (AD LDS)

Provides a data store for directory-enabled applications that do not require AD DS and do not need to be deployed on domain controllers. Does not include additional role services.

Active Directory Rights Management Services (AD RMS)

Provides controlled access to protected email messages, documents, intranet pages, and other types of files. Includes these role services: Active Directory Rights Management Server and Identity Federation Support.

Application Server

Allows a server to host distributed applications built using ASP.NET, Enterprise Services, and Microsoft .NET Framework 4.5. Includes more than a dozen role services.

DHCP Server

DHCP provides centralized control over IP addressing. DHCP servers can assign dynamic IP addresses and essential TCP/IP settings to other computers on a network. Does not include additional role services.

DNS Server

DNS is a name-resolution system that resolves computer names to IP addresses. DNS servers are essential for name resolution in Active Directory domains. Does not include additional role services.

Fax Server

Provides centralized control over sending and receiving faxes in the enterprise. A fax server can act as a gateway for faxing and allows you to manage fax resources, such as jobs and reports, and fax devices on the server or on the network. Does not include additional role services.

File And Storage Services

Provides essential services for managing files and storage, and the way they are made available and replicated on the network. A number of server roles require some type of file service. Includes these role services and subservices: BranchCache for Network Files, Data Deduplication, Distributed File System, DFS Namespaces, DFS Replication, File Server, File Server Resource Manager, Services for Network File System (NFS), File Server VSS Agent Service, iSCSI Target Server, iSCSI Target Storage Provider, and Storage Services.

Hyper-V

Provides services for creating and managing virtual machines that emulate physical computers. Virtual machines have separate operating system environments from the host server.

Network Policy and Access Services (NPAS)

Provides essential services for managing network access policies. Includes these role services: Network Policy Server (NPS), Health Registration Authority (HRA), and Host Credential Authorization Protocol (HCAP).

Print And Document Services

Provides essential services for managing network printers, network scanners, and related drivers. Includes these role services: Print Server, LPD Service, Internet Printing, and Distributed Scan Server.

Remote Access

Provides services for managing routing and remote access to networks. Use this role if you need to configure Virtual Private Networks (VPN), Network Address Translation (NAT), and other routing services. Includes these role services: DirectAccess and VPN (RAS) and Routing.

Remote Desktop Services

Provides services that allow users to run Windows-based applications that are installed on a remote server. When users run an application on a terminal server, the execution and processing occur on the server and only the data from the application is transmitted over the network.

Volume Activation Services

Provides services for automating the management of volume license keys and volume key activation.

Web Server (IIS)

Used to host websites and web-based applications. Websites hosted on a web server can have both static content and dynamic content. You can build web applications hosted on a web server by using ASP.NET and .NET Framework 4.5. When you deploy a web server, you can manage the server configuration using IIS 8 modules and administration tools. Includes several dozen role services.

Windows Deployment Services (WDS)

Provides services for deploying Windows computers in the enterprise. Includes these role services: Deployment Server and Transport Server.

Windows Server Update Services (WSUS)

Provides services for Microsoft Update, allowing you to distribute updates from designated servers.

Table 2-2 provides an overview of the primary features you can deploy on a server running Windows Server 2012. Unlike early releases of Windows, Windows Server 2012 does not install some important server features automatically. For example, you must add Windows Server Backup to use the built-in backup and restore features of the operating system.

Table 2-2 Primary Features for Windows Server 2012

FEATURE

DESCRIPTION

Background Intelligent Transfer Service (BITS)

Provides intelligent background transfers. When this feature is installed, the server can act as a BITS server that can receive file uploads from clients. This feature isn’t necessary for downloads to clients using BITS. Additional subfeatures include BITS IIS Server Extension and BITS Compact Server.

BitLocker Drive Encryption

Provides hardware-based security to protect data through full-volume encryption that prevents disk tampering while the operating system is offline. Computers that have Trusted Platform Module (TPM) can use BitLocker Drive Encryption in Startup Key or TPM-Only mode. Both modes provide early integrity validation.

BitLocker Network Unlock

Provides support for network-based key protectors that automatically unlock BitLocker-protected operating system drives when a domain-joined computer is restarted.

BranchCache

Provides services needed for BranchCache client and server functionality. Includes HTTP protocol, Hosted Cache, and related services.

Client for NFS

Provides functionality for accessing files on UNIX-based NFS servers.

Data Center Bridging

Supports a suite of IEEE standards for enhancing LANs and enforcing bandwidth allocation.

Enhanced Storage

Provides support for Enhanced Storage Devices.

Failover Clustering

Provides clustering functionality that allows multiple servers to work together to provide high availability for services and applications. Many types of services can be clustered, including file and print services. Messaging and database servers are ideal candidates for clustering.

Group Policy Management

Installs the Group Policy Management Console (GPMC), which provides centralized administration of Group Policy.

Ink and Handwriting Services

Provides support for use of a pen or stylus and handwriting recognition.

IP Address Management Server

Provides support for central management of the enterprise’s IP address space and the related infrastructure servers.

Internet Printing Client

Provides functionality that allows clients to use HTTP to connect to printers on web print servers.

Internet Storage Naming Server (iSNS) Server Service

Provides management and server functions for Internet SCSI (iSCSI) devices, allowing the server to process registration requests, deregistration requests, and queries from iSCSI devices.

LPR Port Monitor

Installs the LPR Port Monitor, which allows printing to devices attached to UNIX-based computers.

Media Foundation

Provides essential functionality for Windows Media Foundation.

Message Queuing

Provides management and server functions for distributed message queuing. A group of related subfeatures is available as well.

Multipath I/O (MPIO)

Provides functionality necessary for using multiple data paths to a storage device.

.NET Framework 4.5

Provides APIs for application development. Additional subfeatures include .NET Framework 4.5, ASP.NET 4.5, and Windows Communication Foundation (WCF) Activation Components.

Network Load Balancing (NLB)

NLB provides failover support and load balancing for IP-based applications and services by distributing incoming application requests among a group of participating servers. Web servers are ideal candidates for load balancing.

Peer Name Resolution Protocol (PNRP)

Provides Link-Local Multicast Name Resolution (LLMNR) functionality that allows peer-to-peer, name-resolution services. When you install this feature, applications running on the server can use LLMNR to register and resolve names.

Quality Windows Audio Video Experience

A networking platform for audio video (AV) streaming applications on IP home networks.

RAS Connection Manager Administration Kit

Provides the framework for creating profiles for connecting to remote servers and networks.

Remote Assistance

Allows a remote user to connect to the server to provide or receive Remote Assistance.

Remote Differential Compression

Provides support for differential compression by determining which parts of a file have changed and replicating only the changes.

Remote Server Administration Tools (RSAT)

Installs role-management and feature-management tools that can be used for remote administration of other Windows Server systems. Options for individual tools are provided, or you can install tools by top-level category or subcategory.

Remote Procedure Call (RPC) over HTTP Proxy

Installs a proxy for relaying RPC messages from client applications to the server over HTTP. RPC over HTTP is an alternative to having clients access the server over a VPN connection.

Simple TCP/IP Services

Installs additional TCP/IP services, including Character Generator, Daytime, Discard, Echo, and Quote of the Day.

Simple Mail Transfer Protocol (SMTP) Server

SMTP is a network protocol for controlling the transfer and routing of email messages. When this feature is installed, the server can act as a basic SMTP server. For a full-featured solution, you need to install a messaging server, such as Microsoft Exchange Server.

Simple Network Management Protocol (SNMP) Services

SNMP is a protocol used to simplify management of TCP/IP networks. You can use SNMP for centralized network management if your network has SNMP-compliant devices. You can also use SNMP for network monitoring via network management software.

Subsystem for UNIX-Based Applications (SUA)

Provides functionality for running UNIX-based programs. You can download additional management utilities from the Microsoft website. (Deprecated)

Telnet Client

Allows a computer to connect to a remote Telnet server and run applications on that server.

Telnet Server

Hosts the remote sessions for Telnet clients. When Telnet Server is running on a computer, users can connect to the server with a Telnet client from a remote computer.

User Interfaces And Infrastructure

Allows you to control the user experience and infrastructure options (Graphical Management Tools And Infrastructure, Desktop Experience, or Server Graphical Shell).

Windows Biometric Framework

Provides functionality required for using fingerprint devices.

Windows Internal Database

Allows the server to use relational databases with Windows roles and features that require an internal database, such as AD RMS, UDDI Services, WSUS, Windows SharePoint Services, and Windows System Resource Manager.

Windows PowerShell

Allows you to manage the Windows PowerShell features of the server. Windows PowerShell 3.0 and the PowerShell ISE are installed by default.

Windows PowerShell Web Access

Allows the server to act as a web gateway for remotely managing servers in a web browser.

Windows Process Activation Service

Provides support for distributed, web-based applications that use HTTP and non-HTTP protocols.

Windows Standards-Based Storage Management

Provides support for managing standards-based storage and includes management interfaces as well as extensions for WMI and Windows PowerShell.

Windows Server Backup

Allows you to back up and restore the operating system, system state, and any data stored on a server.

Windows System Resource Manager (WSRM)

Allows you to manage resource usage on a per-processor basis. (Deprecated)

Windows TIFF IFilter

Focuses on text-based documents, which means that searching is more successful for documents that contain clearly identifiable text (for example, black text on a white background).

WinRM IIS Extension

Provides an Internet Information Services (IIS)–based hosting model. WinRM IIS Extension can be enabled at either the website or virtual-directory level.

WINS Server

A name-resolution service that resolves computer names to IP addresses. Installing this feature allows the computer to act as a WINS server.

Wireless LAN Service

Allows the server to use wireless networking connections and profiles.

WoW64 Support

Supports WoW64, which is required on a full-server installation. Removing this feature converts a full-server installation to a Server Core installation.

XPS Viewer

A program you can use to view, search, set permissions for, and digitally sign XPS documents.

As an administrator, you might be asked to install or uninstall dynamic-link libraries (DLLs), particularly if you work with IT development teams. The utility you use to work with DLLs is Regsvr32. This utility is run at the command line.

After you open a Command Prompt window, you install or register a DLL by typing regsvr32 name.dll—for example:

regsvr32 mylibs.dll

If necessary, you can uninstall or unregister a DLL by typing regsvr32 /u name.dll—for example:

regsvr32 /u mylibs.dll

Windows File Protection prevents the replacement of protected system files. You can replace only DLLs installed by the Windows Server operating system as part of a hotfix, service pack update, Windows update, or Windows upgrade. Windows File Protection is an important part of the Windows Server security architecture.