Windows Server 2008

[patris1]

کد:

http://windowsserver.trainsignal.com/how-to-install-configure-use-snmp-on-sever-2008

With the release of Server 2008, SNMP (Simple Network Management Protocol) is now supported using IPv6.
Prior editions of Windows XP and Windows Server 2003 included SNMP support, but only with IPv4, even if the IPv6 stack was installed. Unfortunately, that means that SNMP management from Server 2008 will not communicate with SNMP services still on Server 2003 regardless of whether IPv6 is implemented on those servers.
The good news, is that the updated TCP/IP stack in Windows Vista is capable of communicating with the new SNMP implementation.
Still, the new implementation of SNMP in Windows Server 2008 offers much for the enterprise level systems administrator. Although SNMP Services are no longer installed by default, installing and setting it up is a snap.
Why Use SNMP Services on Windows Server 2008?

Many organizations have installed proprietary management systems over the years. These systems often provide more functionality than SNMP does. However, SNMP is both non-proprietary, and interoperable.

These days, interoperable often means that something works on both Windows and Unix. However, in this case, interoperable means that it works on virtually any connected network device. This includes routers and other networking equipment as well as networked peripherals such as NAS devices and networked printers.
Couple this wide range with relatively simple setup and the fact that you don’t have to pick and choose which devices to monitor to stay under a monitoring suite license count, and there are many uses for SNMP in most companies.
Installing SNMP on 2008 Server

The SNMP service is installed via the Add Features Wizard in Server Manager.
For Windows Server Core systems, SNMP services must be installed using the command prompt.
start /w ocsetup SNMP-SC

Configuring SNMP

After installing the SNMP service, you configure the SNMP agent properties by right-clicking on the SNMP Service in the Services console and choosing Properties.
• Agent Tab

In the Agent tab you can set the usual SNMP attributes like contact, location, and so on.

• Traps Tab

The useful monitoring provided by SNMP comes from properly configured traps. Traps are configured via the appropriately named Traps tab. Here you configure the community name and address of the system to receive the traps.

• Security Tab

The Security tab is used to lock down the SNMP service to prevent any possible holes for hackers to exploit and to prevent the wrong people from receiving traps from the system. By default, the SNMP agent accepts packets from ALL hosts. This is something that will obviously need to be limited.
The remaining options should be configured within your enterprise’s security and reporting scheme. Generally, the minimum security you want to use is to at least define the Accepted Community Names. Keep in mind that community names are case sensitive in SNMP.

• Option Tabs

Also, after installing SNMP in Server 2008, the SNMP option tabs will not show up until you have logged off and logged back on again. So, you won’t be able to configure anything until after you log back in. This has caused a fair amount of confusion in the field.

If this is the server that will receive incoming traps, then your work is done at the server. Once the agents are configured, the data will flow back to the SNMP service where it can be used as necessary by administrators.
Configure SNMP Event Traps in Windows Server 2008


One nice feature of SNMP services is the ability to turn Windows level events into SNMP traps. This can be useful for many reasons, the most common of which, is the ability to monitor servers via a centralized monitoring station without any additional access rights.
This concept is particularly useful for environments where servers are monitored overnight or on weekends by lower-level system operators.
The system that already alerts them when devices (including Windows Servers in some cases) go dark on the network can also alert them to other events which may allow an administrator to head off trouble or to simply get advance notice of a potential situation.
To translate Windows events into traps, run the evntcmd command. Once configured, the Windows events will trigger traps that are received at the monitoring console.
There, the traps can be configured with an appropriate response. For example, certain traps could be ignored during business hours on the assumption other administrative tools will be alerting the appropriate admins. But, after hours, or on weekends, such traps might generate an alert that can prompt off-hours operators to take specific actions or to simply call or page the on-call systems administrator.
A timely alert to building volumes of bad sectors can be the difference between an easy fix, and a rushed full-scale hardware reconfiguration.
Is SNMP Right For Your Organization?

Remember that SNMP services are fairly low overhead with all of the real work being split among hundreds or thousands of agents. Additionally, SNMP agents can be configured for installation as part of the unattended install for incoming workstations. In all, SNMP can provide a lot of value for little extra work

[patris1]

کد:

http://windowsserver.trainsignal.com/windows-server-2008-globalname-zone

When any administrator worth their salt heard that Windows Server 2008 finally provided a mechanism to eliminate the need for WINS servers on the network, they pumped their fist in the air and said, "Yes!"
Left over from the days when Microsoft networks were mainly broadcast based, NetBIOS name resolution has long been a thorn in the side of the Windows administrator.
Though most networks eventually mature into a state where the WINS servers stand quietly and dish out simple name resolution, getting the proper configuration in place can be a nightmare. Even after the configuration is set, problems can creep up when users move locations or when DHCP or DNS servers are removed, relocated or added.
Often these network issues look like something else, so the admins end up spending way too much time troubleshooting the issue.
Still, there has really been nothing the administrator can do about it, thanks to legacy applications and user’s understandable inability to work with complicated Fully Qualified Domain Names (FQDN).
(I’ve literally seen something like: Sever5.Austin.RemoteOffice.District7.Operations.Us ers.TheBigCompany.com)
All of this changes in Windows Server 2008 …

Introducing: GlobalNames Zone

Windows Server 2008 comes with IPv6 installed and enabled (if you haven’t already, check out my article on Windows Server 2008 IPv6 – The Future of Internet Protocol).
IPv6 makes no provision for WINS and Microsoft has wisely chosen not to shoehorn something in specifically for Microsoft networks.
IPv6 works with DNS, and DNS only. So, Microsoft came up with a rather ingenious solution to the problem of simple-name resolution, a special forward lookup zone.
The GlobalNames Zone (GNZ) is a regular issue, standards compliant forward lookup zone.
That means no interoperability issues for administrators. (And there was much rejoicing.) It does require a special name – GlobalNames – but otherwise, it is indistinguishable from other forward lookup zones.
It does take a specific configuration though. Specifically, it must be set to replicate to all DNS servers in the forest. It should not be set for dynamic updates, and GlobalNames Zone support has to be enabled on the DNS server.
How GlobalNames Zone Works

So how does this new bad boy work?
Basically, if a DNS server receives a request that it can’t resolve in its normal way by using local zones, it will then try and resolve the name with the GlobalNames Zone.
So, when that request comes in for AustinServer, the DNS servers will check its normal local zones (filled with FQDN) and come up empty. Then, it will check the GlobalNames Zone — where it will find AustinServer, and match it to its FQDN.
No extra configuration needed on the client to point to a WINS server, and no extra configuration on server to add a WINS role. You’ll be using DNS anyway, so everything that has to be there is already installed.
How to Setup GlobalNames Zone

Setting up GNZ is pretty straightforward as well. Just logon to your Domain Controller and fire up Server Manager.
Next, expand the DNS section under Roles until you come to Forward Lookup Zones. Inside Forward Lookup Zones, create a new zone.
The new zone should be a Primary Zone and needs to be set to Store the Zone in Active Directory. (Don’t forget this checkbox!)
Click Next to move on to the next page. Here, name the zone “GlobalNames” (this name is required).
Also, do not enable Allow Dynamic Updates. That is it for configuration only.
The one semi-bumpy spot is enabling GNZ support on the server. This requires issuing a command via the command-line. The command is:

dmscmd /config /EngalbeGlobalNamessupport 1

Where you are most likely to mess this up is the two "s". It is Global Names Support not Global Name Support. Remember that and you’ll be fine.
This support has to be enabled on all the DNS servers in the forest. Don’t waste time typing it in all those times. Make a simple batch file and schedule it to replicate and run on all the servers.
In order to avoid any forgetfulness on new servers, make sure enabling GNZ support is included as standard operating procedure for all new DNS server installations.
All that is left is to build the forward lookup zone. Each entry will be a CNAME record with the corresponding Fully Qualified Domain Name.
Will You Ever Need WINS Again?

It is possible that some applications seem to require a WINS server. Unless the application interacts via specific WINS commands (not very common), it is usually possible to trick it by giving the program the address of a DNS server instead of a WINS server.
When your DNS server gets the name request, it will find the name and respond. Any application still being supported shouldn’t need this crutch for very long since most applications are being readied to work with IPv6 and there is no WINS in IPv6.
If you are tempted to configure both WINS and GNZ, don’t.
While it isn’t specifically forbidden, if you think your simple-name resolution is flakey now, wait until sometimes a WINS server responds and sometimes a GNZ server responds.
Not to mention you’ll have to add new entries to both places every time you add a resource to the network. The whole point of GNZ is to make things simpler not more complicated.
Say Goodbye to WINS and Say Hello to GNZ

Victory! WINS is no longer needed on your network. How do you celebrate?
Step One: Go into your DHCP configuration for the domain and find the setting: "WINS Is Not Required".
Invite the whole systems administrator team and have everyone gather around. This is a big moment for your network.
Select the no WINS setting and start the high-fives.
Step Two: Go to happy hour. Get the Jalapeno Poppers, you’ve earned them

[patris1]

کد:

http://windowsserver.trainsignal.com/windows-server-2008-dns-server

Hopefully if you’re in the tech field you know that DNS is one of the main pillars of the Internet and what makes having those delightful friendly domain names (Free Computer Training Videos from Train Signal Training) possible instead of having to memorize a long list of boring IPs (69.16.232.158).
For those of you that might need a refresher, the DNS service is the addressing book of the networking world, allowing the translation of human friendly names to IP addresses at its base level.
It also stores other types of records that helps in delivery of different types of information from one end of the Internet to the other.
Why Have An External DNS Server?

This is especially useful if you are running IIS and have a lot of sites and don’t want to use a 3rd party option for DNS. For example, at a client I worked with, they owned over 250 domain names and wanted to keep tight control over their DNS in case of server moves and other email considerations.
An external DNS server will also help limit the exposure of your network to security leaks in case the server is compromised. If you connect the Internet facing server to the rest of your DNS servers you will have your internal network AD information stored on there. Should this external facing server get hacked or compromised they would find quite a bit more information than just some publicly available resource records.

Once you have setup the external DNS servers you have your internal DNS servers with your private information forward requests to the external DNS server for clients needing name resolution to the outside world.
Installing Windows DNS Server 2008

The first thing we will have to do is setup the DNS Role on the server that we want to use. Let’s walk through that first:
NOTE: This walkthrough is for EXTERNAL DNS servers and will not include information on integrating with Active Directory or installing other components other than what is needed.
1. Open Server Manager and click on Roles in the left pane and then click on Add Roles in the center pane.

2. Depending on whether you checked off to skip the Before You Begin page while installing another service, you will now see warning pages telling you to make sure you have strong security, static IP, and latest patches before adding roles to your server.
If you get this page, then just click Next.

3. Next is the Select Server Roles window, and we are going to go ahead and check DNS Server in the list of possible roles.
Now if you don’t have a Static IP Address assigned to your server you will get the warning:

Either choose to ignore the warning and continue to install or go back and set a Static IP for the server. Either way you come back to the Select Server Roles screen, you can now choose to click Next.

4. Next is the DNS Server information screen giving some links to understanding the DNS integration with AD and other information.
Of course since we are configuring an External DNS server we will click Next to continue.

5. Confirm the Installation Selections by reviewing the list and then clicking Install.

6. After a little while you should now see the Installation Results page, and hopefully see a Installation Succeeded message across from DNS Server, and then click Close.

That’s it! You have now installed the DNS Role on a Windows Server 2008. Let’s go to some configuration tasks now.
Please note that when you install the DNS service the server will automatically open up port 53 TPC/UDP for DNS related traffic.
Configure Windows DNS Server 2008

Ok, before we start configuring your server there are a few basics we should cover.
Remember I said basics, because I am not going to go beyond what is needed for an External DNS server and confuse the issue, but there are other options beyond what I am going to review here.

• Forward Lookup Zone – A DNS Zone that does lookups for the domain name to IP address. This is the most common form of zone that people will use.
• Reverse Lookup Zone – This DNS Zone is the exact opposite of the Forward Lookup Zone and allows an IP to be assigned to a domain/hostname.
  
  Note: Most external Reverse Lookup Zones will not work unless you own your block of IPs. The ISP/WebHost service that you use will more than likely own the reverse IP records, and you will have to request them to make any changes you require.

If you have gone through my earlier IIS articles you know that I have used a test domain called logfiletest.com. Let’s go ahead and create a forward lookup zone for that domain.
1. Open DNS Manager
2. Since I am local to the server it will automatically have itself in the DNS Manager. Expand out the server then right click on Forward Lookup Zones, and then left click on New Zone.

3. Welcome to the New Zone Wizard, should be the next window you see. Go ahead and click Next.

4. Next we are going to pick a zone type. Since this is going to be the primary DNS server for logfiletest.com choose Primary Zone, and then click Next.

5. Now we are going to enter the Zone Name, in this case it is logfiletest.com. After entering the name of your zone go ahead and click Next.

6. The next window is about the zone file.
Non-Active Directory zones are kept in a flat text file in %SystemRoot%\system32\dns on the server. You have the option of creating a new one or using one that was copied over from a different server.
In our case we will use the default naming and create a new one, by clicking Next.

7. Dynamic Updates allow client computers to create and update their own resource records. For external servers this would be bad, so we will go with the Do not allow dynamic updates radio button and then click Next.

8. Completing the New Zone Wizard will be the next window and it has a review of the settings you specified during the wizard.
Go ahead and click on Finish to complete the setup of the Forward Lookup Zone for logfiletest.com.

9. At the completion you will now return back to the DNS Manager, and you can see logfiletest.com is now listed under the Forward Lookup Zone folder.

Congratulations on your setup! Though the domain is setup it currently has no resource records in it to resolve! Let’s fix that and give this server a purpose.
There are different types of resource records, in this case we are going to create a Host (A) record, which maps a name to an IP address.
Create a Host (A) Record on Server 2008 DNS

The most basic and simple host record is going to be for a website, so let’s go ahead and map the www of the domain name to the IP that the website uses.
For our example, the IP of logfiletest.com is 192.168.11.5.
1. Open DNS Manager
2. Choose the Forward Lookup Zone you want to work with, in this case it is logfiletest.com and right click on it. Select New Host (A or AAAA) and left click on it.
Note: Don’t be confused by the AAAA, as that is used for IPv6 records.

3. The new host window will now popup allowing you to enter the name (if blank it will use the parents domain name), which we will type in www, and fill in the IP address we want logfiletest.com to resolve to, which is 192.168.11.5.
If we choose to we can associate a PTR record with this, which would create the reverse lookup. Not necessary in this case since we don’t control the IPs.
Click Add Host when done.

4. You will get a message that confirms the creation of the Host Record, so click OK.
5. Now in the DNS Manager you will see your A resource record for www mapped to the correct IP.

6. Now let’s do a quick test with NSLookup and you will see that the name resolves correctly.

Summary for Creating External DNS Server

So we have walked through the following:

• Installing DNS Role on a Windows Server 2008
• Created a Forward Lookup Zone
• Created a Host (A) Resource Record

Again this is just the basics for getting you started in running your own External DNS Server.
In the future we will discuss the different types of resource records and how they are used, how to make use of features such as round robin DNS and setup redundancies to keep your sites resolving correctly

[patris1]

کد:

http://windowsserver.trainsignal.com/install-bind-dns-on-windows-web-server-2008

Since Windows Server 2003 there has been a low cost entry in the server SKUs and that has been the Windows Web Server edition.
The 2003 version of this edition was severely limited by licensing to what you could install and do on it, and was really only a solution for the most basic of web sites.
The 2008 version has had most of those limits removed and is now a much more viable alternative for hosts and companies looking for a economical Windows based web server running IIS7.
One of the most glaring oversights for this edition of Windows Web Server is the exclusion of the DNS role. I understand the argument from Microsoft that if you are running this edition of server more than likely your hosting company will have a DNS infrastructure in place and most users can and will use that.
I counter that with the fact that I like to control my own DNS name servers and records and do not like having to deal with a hosting company infrastructure that may or may not be streamlined for DNS requests.
I have read in various forums that the Server team is looking into this and it may change in the future, but for now we will have to find another solution for this problem.
This low cost (free) solution is going to be — installing BIND DNS on the server and configuring it to handle DNS queries.

Today I’ll focus on the installation part and in Part 2 I’ll show you how to configure BIND DNS on Windows Web Server 2008.
BIND DNS Server

BIND (Berkeley Internet Name Domain) is an open source implementation of Domain Name System (DNS) protocols distributed for free under the BSD License.
It is currently maintained on the Internet Systems Consortium and is used by the majority of the DNS servers on the Internet.
The current version we are going to be using in this article is BIND 9.5.0-P2-W2 (Windows-specific fixes). You can download the current version at:

ISC has a new website | Internet Systems Consortium

Creating a User Account for Bind

BIND requires a local user with only "Log on as a service" privilege. The installer will actually check for this, and if the user has more rights it will ask if you really want to use that ID.
The default user for the BIND installer is named, but you can do any other name you want.
1. Open the Computer Management console
2. Select Local Users and Groups and then right click on Users, select New User…

3. Fill in the new user information, I am going to use the following and then click Create before closing the New User window:

User name: named
Description: BIND DNS Account
Password: %password%
Confirm Password: %password%
Unselect: User must change password at next logon
Select: User cannot change password
Select: Password never expires

4. Now open the Local Security Policy MMC from the Administrative Tools Menu.

5. Expand Local Policies then select User Rights Assignment in the policy pane; scroll down and right click on Log on as a service, then left click Properties.

6. Click on Add User or Group…

7. Type in the user account you created, in our case the default named, then click Check Names to make sure you typed it correctly, then click Ok.

8. Click Ok to exit the properties box, and you should see the account listed now next to the Log on as a service policy.

That’s it for the user account for now. Later you will have to give the account you created read/write rights to the directory you install BIND into, but that will be covered in a bit.
Install BIND DNS on Windows Web Server 2008

This is where we will walk through the install and initial configuration of BIND DNS. Let’s get started!
1. Unzip the download and then click on BindInstall.exe to start the installation.
2. The installer will ask for the following information:

Target Directory: Your choice
Service Account Name: The account we created earlier
Service Account Password: Password used
Confirm Service Account Password: Password used

For options I am leaving the default , when you are done click Install

3. When you click on Install you might get a message saying the account has too many privileges, just click on No to continue. You can go in and strip out more of the accounts rights, but as a average user, the attack profile will be low.

4. After a few seconds you should see a message that states Bind installation completed successfully. Click Ok, and then click Exit on the installer.

5. We now want to go in and give the user account you have been using full read/write rights to the directory you installed BIND to.

You have now installed BIND on the server and set it up to run as a service. It is important to note that the installer does not copy over the help html files, so if you are going to need those you can move them to a convenient location yourself.
Summary

In this article we have installed BIND DNS on a Windows Web Server and set it up to run as a service under a local user.
Now since BIND DNS comes from the *NIX side of the house there is quite a bit more we have to do to configure this before it runs.
In the next article we will go through configuring BIND DNS with some demo configurations

[patris1]

کد:

http://windowsserver.trainsignal.com/configure-bind-dns-on-windows-web-server-2008

In the first part of this series on Installing BIND DNS I walked you through installing the software on Windows Web Server 2008.
The main reason for this of course, is that Windows Web Server 2008 does not allow you to install the Microsoft DNS Role.
In this part of the series I will walk you through an initial configuration of the BIND DNS server. First let’s talk about a few different types of DNS server setups available.
Authoritative Name Servers

Every DNS zone, like Free Computer Training Videos from Train Signal Training, is served by at least one authoritative name server which contains all the DNS records for the zone.
To account for fault tolerance most zones have more than one server that keeps all these records in case of outages.
Because of this you will have two types of Authoritative Name Servers — one that keeps the master copy of the zone and that server is called the primary master, and the other called a slave or secondary server that loads their data from the master server by a means of zone replication.

Caching Name Servers

Also called a recursive name server, this is most commonly the local DNS server that your operating system talks to.
When you make a request on your local PC, more than likely it will go out to your ISP’s DNS Caching server which will make a request to the Authoritative Name Server. One of the features of most caching servers is that it will keep that request cached for a certain amount of time to speed lookups.
Creating an Authoritative Name Server with BIND

Once BIND DNS is installed you will see that it is a pretty bare install and needs to be setup via configuration files.
For some Wintel administrators this may be a little daunting in an age of GUI interfaces, but don’t worry it isn’t too painful, and gives you good practice for some *nix cross training.
In this demo I am going to create a Authoritative Name Server for the domain bindtest.com at the IP of 192.168.11.13, as a note this is only accessible at my internal network so don’t go searching around for it.
To refresh your memory we installed BIND DNS at C:\Windows\System32\dns
1. Start by opening a command prompt with administrative rights by clicking on the Start menu, right click Command Prompt then left click on Run as Administrator

2. Type in the following at the command prompt hitting Enter after each line:

cd c:\windows\system32\dns\bin (or where you installed BIND)
rndc-confgen –a
rndc-confgen > C:\windows\system32\dns\etc\rndc.conf

Close the command prompt

3. Open Explorer and go to C:\windows\system32\dns\etc and create the following directories:

run
zones
log

Create an empty file in the log directory called named.log

4. Download the following file: named.conf and place it in C:\windows\system32\dns\etc (or wherever you installed BIND).
If you did install BIND in a different directory, then in the named.conf go in and change the location in options for the directory to your install location.

5. You also need to modify the named.conf to change the zone to the domain you want to manage.
In our example I am using bindtest.com, but you need to change this to match your domain.
You should also change the file name to replace db.bindtest.com.txt to db.%yourdomain.com%.txt –replacing %yourdomain.com% with your domain name.

6. Open rndc.conf in notepad (in the etc folder) and copy everything below the line that says:

# Use with the following in named.conf

7. Open named.conf and paste the contents of the clipboard at the end of the file.
Remove all the # from each line and delete the first line copied in and the last line copied in so it looks like the picture below. Save and close named.conf

8. Download the following file: db.bindtest.com.txt and place it in C:\windows\system32\dns\etc\zones
9. Rename db.bindtest.com.txt to whatever you used in step 5, so that the file is named db.%yourdomain.com%.txt — replacing %yourdomain.com% with your domain name.
10. Open the db.bindtest.com.txt (or whatever you renamed it) and modify the following then save the file:

Change any reference to bindtest.com to your domain name
Change the serial line to reflect the current date in this format: YYYYMMDDRR
YYYY = YEAR
MM = MONTH
DD = DAY
RR = Revision number (01 if this is the first time)
Change the IPs to the IPs that your servers are using

Now you are configured to be an Authoritative Name Server for bindtest.com (or whatever your domain is named) with no recursive lookup.
Open Server Firewall

If you are using a firewall for your server either software or hardware, you will want to make sure that incoming requests on UDP port 53 are open. This will make sure that your server will accept incoming queries.
Start the BIND DNS Service

Ok, we are finally ready to actually start this service. Let’s go in and start this service.
1. Go to the Start button, then to the Administrative Tools, then left click on Services

2. Scroll down and find ISC Bind and right click on it, then click on Start to start the service.

That’s it! The BIND DNS service is now up and running and ready to accept queries. Let’s test out the service.
Testing BIND DNS

I am going to use a very cool tool that is loaded with BIND DNS that’s called DIG.
You will find it in the bin directory where you installed BIND. The tool will go out and query for a domain name and grab all the DNS records. Let’s take a look:
1. Open a command prompt and navigate to the bin directory

2. Type in the following to get a feel for what you get back and hit Enter:

Dig Yahoo.com any

3. Below you will see a piece of the output:

4. Now that you know what to look for, I am going to use my test domain bindtest.com with the dig tool by typing: Dig @192.168.11.13 bindtest.com any

Note: I use @192.168.11.13 because bindtest.com is not registered with ICANN so it tells dig to use the name server at that address.

5. You can see that the BIND Name Server is responding with the correct information:

We have now configured an Authoritative Name Server for the test server bindtest.com that responds correctly to DNS requests.
A quick note, when you make changes you will have to restart the ISC BIND Service or run the command c:\windows\system32\dns\bin\rndc reload from a command prompt or batch file

[patris1]

کد:

http://windowsserver.trainsignal.com/backup-and-restore-active-directory-on-windows-server-2008

Have you ever accidentally deleted a user account or an OU in Active Directory and wished you could restore it?
I recently had a client call me after they installed updates and rebooted their server. They noticed after the reboot that there was a message that said “Active Directory is rebuilding indices. Please wait”.
Their Active Directory database had become corrupted from the updates. So what do you do? How can you restore AD?
Let’s talk about how to backup AD in Windows Server 2008 and how to restore it. Today I’ll show you:

• what you need to do to get your Server 2008 ready for backup
• how to backup Active Directory on Server 2008
• how to perform an Authoritative Restore of Active Directory
• how to perform Active Directory Snapshots

Prerequisites: Getting Server 2008 Ready for Backup


Before you can backup Server 2008 you need to install the backup features from the Server Manager.
1. To install the backup features click Start → Server Manager.


2. Next click Features → Add Features



3. Scroll to the bottom and select both the Windows Server Backup and the Command Line Tools



4. Click Next, then click Install


Backing up Server 2008 Active Directory

Now that we have the backup features installed we need to backup Active Directory. You could do a complete server backup, but what if you need to do an authoritative restore of Active Directory?
As you’ll notice in Server 2008, there isn’t an option to backup the System State data through the normal backup utility.



So what do we do? We need to go “command line” to backup Active Directory.
1. Open up your command prompt by clicking Start and type “cmd” and hit enter.
2. In your command prompt type “wbadmin start systemstatebackup -backuptarget:e:” and press enter.
Note: You can use a different backup target of your choosing
3. Type “y” and press enter to start the backup process.



When the backup is finished running you should get a message that the backup completed successfully. If it did not complete properly you will need to troubleshoot.



Now you have a system state backup of your 2008 Server!
Authoritative Restore of Active Directory

So now what if you accidentally delete an OU, group, or a user account and it’s already replicated to your other servers? We will need to perform an authoritative restore of the Active Directory object you accidentally deleted.
1. To do this you will need to boot into DSRM (Directory Services Restore Mode) by restarting your server and pressing F8 during the restart.
2.Choose Directory Services Restore Mode from the Advanced Boot menu.



3. Login to your server with your DSRM password you created during Active Directory installation.
4. Once you’re logged into your server and in DSRM safe mode, open a command prompt by clicking Start, type “cmd“, and press enter.
5. To make sure you restore the correct backup it’s a good idea to use the “wbadmin get versions” command and write down the version you need to use.



6. Now we need to perform a non-authoritative restore of Active Directory by typing “wbadmin start systemstaterecovery -version:04/14/2009-02:39“.
Note: The version of backup will vary depending on your situation. Type “y” and press enter to start the non authoritative restore.
7. Go grab some coffee and take a break while the restore completes.



8. You can mark the sysvol as authoritative by adding the –authsysvol switch to the end of the wbadmin command.



9. But if you want to restore a specific Active Directory object then you can use the ever familiar ntdsutil.
For this example we are going to restore a user account with a distinguished name of CN=Test User,CN=Users,DC=home,DC=local. So the commands would be:

ntdsutil
activate instance ntds
authoritative restore
restore object “cn=Test User,cn=Users,dc=home,dc=local”

Note: The quotes are required



10. Reboot your server into normal mode and you’re finished. The object will be marked as authoritative and replicate to the rest of your domain.
Using Active Directory Snapshots

There is a really cool new feature in Windows Server 2008 called Active Directory Snapshots. Volume Shadow Copy Service now allows us to take a snapshot of Active Directory as a type of backup. They are very quick to create and serve as another line of defense for your backup strategy.
With your server booted into normal mode open a command prompt by clicking Start, type “cmd“, and press enter.
We are going to use the ntdsutil again for creating the Active Directory snapshots. The commands are:

ntdsutil
snapshot
activate instance ntds
create
quit
quit

So now that you have a snapshot of AD, how do you access the data? First we need to mount the snapshot using ntdsutil. The commands are:

ntdsutl
snapshot
list all
mount 1 — (Note: You should mount the correct snapshot you need; for this example there is only 1.)
quit
quit

Your snapshot is mounted, but how do you access the data? We need to use the dsamain command to accomplish this. Then we need to select an LDAP port to use. The command is as follows:

dsamain –dbpath c:\$SNAP_200905141444_VOLUMEC$\WINDOWS\NTDS\ntds.d it –ldapport 10001

The result should look like this:



Now we need to go to Start, Administrative Tools, then Active Directory Users and Computers.
Right click Active Directory Users and Computers and select Change Domain Controller.



In the area that says < Type a Directory Server name [ort] here > enter the name of your server and the LDAP port you used when running the dsamain command.
For my example it would be: WIN-V22UWGW0LU8.HOME.LOCAL:10001



Now you can browse the snapshot of Active Directory without affecting anything else negatively.
Your AD Backup Strategy


It’s always good to have a solid backup plan for your Active Directory. You can use a combination of backup strategies or just one of these methods for backing up your Active Directory.
Make sure you tailor your Active Directory backup strategy to meet your company’s needs and make it easy to recover if disaster does strike

[patris1]

کد:

http://windowsserver.trainsignal.com/windows-server-2008-installing-distributed-file-system

DFS stands for Distributed File System and provides two very important benefits for system administrators of Wide Area Networks (WAN) with multiple sites that have a need to easily store, replicate, and find files across all locations.
The first is the benefit of being able to have one Namespace that all users can use, no matter what their location, to locate the files they share and use.
The second is a configurable automatic replication service that keeps files in sync across various locations to make sure that everyone is using the same version.
Let’s take a look at these two very important aspects of DFS.

• DFS NameSpaces – Each namespace appears as a folder with subfolders underneath.
  
  The trick to this is that those folders and files can be on any shared folder on any server in your network without the user having to do any complicated memorization of server and share names.
  
  This logical grouping of your shares will also make it easier for users at different sites to share files without resorting to emailing them back and forth.
• DFS Replication – This service keeps multiple copies of files in sync.
  
  Why would you need this? Well if you want to improve performance for your DFS users you can have multiple copies of your files at each site.
  
  That way a user would be redirected to the file local to them, even though they came through the DFS Namespace. If the user changed the file it would then replicate out to keep all copies out in the DFS Namespace up to date.
  
  This feature of course is completely configurable.

What’s New in DFS Server 2008?

Distributed File System in Server 2008 has added some additional functionality and improved stability from some of the problems that might have plagued earlier DFS implementations.
Most new features are contingent on running your DFS NameSpace in Server 2008 mode which means all servers are Windows Server 2008 AND the domain is running at Server 2008 domain functional level.
DFS NameSpaces Changes:

• Access-based Enumeration – Users are only allowed to see files and folders that they have access to through permissions.
  
  This feature requires either a standalone Server 2008 NameSpace or a domain based NameSpace running in 2008 domain functional level.
  
  It is not enabled by default and has to be activated through the following command line:
  
  dfsutil property abde enable \\‹namespace_root›
• Improved Command Line Tools – Windows Server 2008 DFS NameSpaces has a new version of dfsUtil and a diagnostic tool to help troubleshoot issues named dfsdiag.
• Search within the DFS NameSpace – Windows Server 2008 has the ability to run a search through the NameSpace and target folders.
  
  Convenient if you want to do a targeted search across all the documents in the NameSpace instead of having to attach to each server.

Improved Functionality in DFS Replication:

• Performance Improvements – Server 2008 DFS Replication includes several improvements including: Faster replication both for small and large files, Initial synchronization is faster, Network bandwidth is utilized better.
• Improved Unexpected Shutdowns Handling – There are a few reasons for unexpected shutdown of the DFS NameSpace, and when they occur it can cause the NameSpace database to become corrupt or out of sync.
  
  In earlier versions of DFS, this could cause the entire database to be rebuilt which would be very time consuming and resource intensive. The Windows Server 2008 DFS rarely has to rebuild its database after an unexpected shutdown and allows a much quicker recovery.
• Content Freshness – A new feature in Windows Server 2008 DFS keeps servers that are part of the DFS NameSpace that might be offline for an extended period of time from overwriting other servers when it comes back online.
• Replicate Now – Administrators now have the ability to force replication in the NameSpace on demand, temporarily ignoring the replication schedule.
• Support for Read Only Domain Controllers (RODC) – Any changes detected on the RODC are rolled back by the DFS Replication service.
• SYSVOL Replication – Server 2008 replaces the use of FRS (File Replication Service) with DFS Replication for Active Directory DS for domains that are running at the Server 2008 functional level.
• Propagation Report – Shows a report based on a test file created during a diagnostic propagation test.

Install DFS Role on Windows Server 2008

Now that we know more than we probably wanted to about Windows Server 2008 DFS NameSpaces let’s go ahead and run through installing the role on a server.
For our example I am using a Windows Server 2008 Domain Controller running Active Directory DS at the Server 2008 functional level.
1. Open Server Manager.
2. Go to Roles in the left pane, then click Add Roles in the center pane.

3. Select File Services from the list of roles.
You will see a short description of what the File Services role provides in the upper right corner in case you needed it. Click Next when done.

4. Now you will get an Introduction to File Services information screen; read through it and move on by clicking Next.

5. In Select Service Roles you can click on Distributed File System and it should also place a check next to DFS Namespaces & DFS Replication; after this click Next.
NOTE: At the bottom you will see Windows Server 2003 File Services and File Replication Service. You would only choose this if you were going to be synchronizing the 2008 server with old servers using the FRS service.

6. On the Create a DFS Namespace screen you can choose to create a namespace now or later.
For this tutorial I am going to create one later as I will have another article going into greater details. So I am going to choose Create a namespace later using the DFS Management snap-in in Server Manager and then click Next.

7. The next screen allows you to confirm your installation selections, so review and then click Install.

8. After a short interval of loading you will see the Installation Results screen which will hopefully have Installation succeeded in the top right. Go ahead and click Close.

9. In Server Manager you should now see File Services and under the Role Services you will see the installed components:
Distributed File System
DFS Namespaces
DFS Replication

Now that you have DFS installed the next step is to create a namespace and configure replication. I will be covering these in my next article

[patris1]

کد:

http://windowsserver.trainsignal.com/configuring-distributed-file-systems

In my article on Installing Distributed File Systems, I discussed what DFS was and the benefits it could provide to an organization.
If you have not read it or need a review please check out that article before proceeding.
Back already? Good, let’s move on!
There are two parts we will be configuring in this article the first will be DFS NameSpace and then we will move on to the DFS Replication.
Configure DFS NameSpace on Server 2008

The DFS NameSpace will be the client facing aspect of DFS and what really makes life easier for the end users.
Having a common namespace across your enterprise for the users to share files will cut down on support calls and make collaboration on documents a breeze.
Let’s go ahead and configure a DFS Namespace through the DFS Management MMC Snap-In.

1. Open DFS Management Snap-in.

2. In the left pane click on Namespaces and then in the right column click New Namespace…

3. In the New Namespace Wizard, the first thing it wants to see is your server that will host the Namespace.
In this case it will be the domain controller that I installed DFS on, so let’s go ahead and enter that name in TESTDOMAIN and then click Next.

4. The next window is Namespace Name and Settings, and it is asking for the name of the namespace.
Depending on if this is a standalone install or a domain, this is the name that will be after the server or domain name. In this case I am going to type the namespace Sharedfiles.
Notice when you type in the name the Edit Settings button becomes live. This is because the wizard will create the shared folder. You can modify the settings it uses at this time by clicking Edit Settings.

5. You can now edit the following settings:
Local path of share folder
Shared folder permissions
I am going to go with Administrators have full access; Other users have read and write permissions.
If you select Custom you can choose specific groups and users and give them specific rights. Click Ok when you are done choosing permissions, then click Next.

6. Next comes the Namespace Type, there are two choices: Domain-based namespace or Stand-alone namespace. There are some big difference between the two so let’s take a quick look at them now:

• Domain-based namespace – Stored on one or more servers and in Active Directory Domain Services. Increased scalability and access-based enumeration when used in Server 2008 mode.
• Stand-alone namespace – It is stored only on a single namespace server, for redundancy you have to use a failover cluster.

I am going to go with Domain-based namespace in Windows Server 2008 mode and you can see the preview is going to be \\ADExample.com\Sharedfiles, once your choice is made click on Next.

7. The next screen lets you review the choices you just made, if they are correct go ahead and click Create.

8. Next you will see a screen telling you that the namespace is being created. After a few minutes you should see the status of Success, and then click Ok.

9. Now in DFS Management Snap-in you can see the Namespace we just created.

10. Let’s go ahead and quickly create a folder. Right click on the namespace and click New Folder.

11. Now type the name of the folder you want. In this case I am going to be very original and type Folder1, but hopefully you will use something more descriptive when the time comes.
Below the Name field you will see a space that shows you a preview of the Namespace with this new folder. Also under that you will see Folder Targets. This allows you to point this folder at a shared folder already on your network.
That way you don’t have to migrate files over, but be warned; if you setup these target folders there is no replication, so if that share goes down for any reason users will not be able to access that data.
Go ahead and click Ok.

12 You will now see in the DFS Management Snap-in Folder1 under the namespace we just created.

Configure DFS Replication

Ok now that we have a Namespace configured and we have placed a folder in that namespace let’s setup replication with another server in the domain to make sure that users can always get their data and we don’t get any complaints!
1. Open DFS Management Snap-in.
2. In the left pane go ahead and right click on Replication and then left click on New Replication Group.

3. Your first choice is: if you want a Multipurpose replication group or Replication group for data collection.
In most cases you will want the Multipurpose replication group, but in some cases where you wanted to grab data from a remote server and bring it to a centralized backup server the group collection would help.
In our case we are going to use Multipurpose replication group, and click Next.

4. Next we are going to set the name of the replication group; the only limit is that the group must be unique for the domain it servers.
In our case let’s use testrep for the group name. After typing it in click Next.

5. Next we are going to add the group members. Click Add and enter the name of the servers that are going to be members of this group.
In my case it is going to be TSTest and TESTDOMAIN; after they are entered click Next.

6. In the next page we are going to choose the Topology for the group. Since we only have two servers we will be defaulted to Full Mesh which will work in this example.
On this page you will also see an explanation of the other topologies if you need them. Click Next.

7. Replication Schedule is next on the list to configure. There are A LOT of option here for every bandwidth budget and the ability to limit it to certain days and times.
I am going to leave the default since we are just in my virtual lab, but you may need different settings based on your server locations and connections. Once set, click Next.

8. Primary member is now the next thing to be set. This is to set the authoritative member for the INITIAL replication.
In our case we will use TESTDOMAIN, and then click Next.

9. Now we can setup the folders we want to replicate to the other server.
Click Add and you will be prompted for the folders information. In this case I am going to choose to replicate the folder we used in the last example Folder1. Note that you can always change permissions on the replication target by selecting Custom Permissions, or you can leave them as is by leaving it at Existing Permissions.
I am going to enter all the info, click Ok and then click Next as that is the only folder I am replicating.


10. Next you must set the local path for the replicated folder on the other server.
It is by default disabled, so highlight the partner server and click Edit. Select Enable and then browse and you can navigate to a folder you have already created or create one in the desired location.
After you’re done you can click Ok, and if that is your only partner server click Next.


11. Next you can review your settings and then click Create; after a few seconds you should go to a Confirmation page where you will see a success messages for each step.
After review click Close.


12. After that you will see a popup window telling you:
"Replication will not begin until the configuration is picked up by the members of the replication group. The amount of time this takes depends on Active Directory Domain Services replication latency as well as the polling interval".
Basically the meaning of this is that if you specified remote servers in different sites, you will have to wait until Active Directory replicates the data out with their next sync.
Click Ok to get passed this.

Now that we have configured the namespace and setup replication let’s take a look at how it would be used by our ever grateful end users.
1. Click start.
2. Type in the domain and namespace, in our case it was \\ADExample.com\Sharedfiles and hit Enter.

3. You should get an explorer window with the Folder1 in the center pane.

Remember this has been the very basic structure of DFS and depending on your need and environment you can create very robust namespaces and replication

[patris1]

کد:

http://windowsserver.trainsignal.com/how-to-setup-a-remote-desktop-on-windows-vista

The main reason why administrators would want to setup remote access on a client computer such as Vista is to access the servers without leaving their own desk or office.
The server room is often on a different floor, sometimes even in a different building. Remote desktop allows administrators to work on servers without physically having to be there.
Before you go on to Vista to setup the remote connection you need to enable remote connections on all the servers you will want to connect to.
The recommended option for remote desktop on the server is the one with Network Layer Authentication which means that the client needs to be joined to the domain and the administrator needs to be logged in with his or her credentials.
This is the most secure way to allow remote access to the server and there shouldn’t be any reason for you not to select this option.


Before you start setting up remote desktop make sure that your client machine’s name matches your company’s naming convention. If for any reason you do not have a naming convention (I would strongly recommend creating one though), name your machine something that will be easy to identify.
If it’s your machine, maybe name it with your last name, or if it’s a machine used only for remote connections to the servers, name it RemoteVista, or something like that.
You want to avoid the random numbers and letters as it will be almost impossible to identify the machine on the network.
You also need to join that machine to your company’s domain. Since you have selected the Network Layer Authentication option on your servers in order to connect to them, the client must be joined to the domain.
Go ahead and join your Vista machine and reboot it. Now we’re ready to get started.
1. Once you log back in, you need to go to the Start menu and type in Remote in the search box.
This will bring results on top where you can select and click on Remote Desktop Connection.

2. In the Remote Desktop Connection window go ahead and click on the Options button.

3. In the Computer: field you need to type in a FQDN (Fully Qualified Domain Name) of the server you are trying to connect to as well as your user name.
In our example we are connecting to ny-dc1-2k8 so our FQDN is ny-dc1-2k8.globomantics.com.

4. If you wish to save the settings and credentials of this remote connection as a shortcut to your desktop go ahead and check the box next to Allow me to save credentials.
This will allow you to double click on a shortcut on your desktop and automatically login to the server.
As convenient as this may seem however, it is not the most secure way to connect to the server and some administrators prefer not to do so. If you decide to create the shortcut, make sure you lock your machine every time you leave your station, even if it is only for few minutes.

5. Next click on the Display tab.

6. Under the Remote desktop size option select the size of your window. You can select a smaller window so you can still see your Vista desktop or select a Full Screen.
I prefer the full screen view as it almost looks like I am sitting at the server and not remote desktop.

7. In the Colors section select the color quality for your remote desktop.

8. I really recommend leaving the check next to the Display the connection bar when in full screen mode option since it will let you know which server you are connected to.
It can be difficult to keep track if you are working on more than 1 server at a time. This bar will show up on top of your screen and it will display the server’s name.

9. Now let’s click on the Local Resources tab.

10. The first section is about your Remote computer sound. It’s really helpful to hear if your server is making a beep or error sound.
I would recommend selecting the Bring to this computer option.

11. Next you need to make a selection for Keyboard key combinations such as ALT+TAB. This is definitely your preference and choice.
In our example we are going to use it only in full screen mode.

12. Under the Local devices and resources section make sure to select both Printers and Clipboard options.
The Printers option will allow you to print info or reports directly from the server you are connected to, to your printer at your desk. That option is really convenient as you won’t have to go down to the server room to get your printout.
The Clipboard option will allow you to copy information, files, or folders from your server and paste them on your Vista machine and vice-versa.

13. Next click on the Programs tab.

14. In this tab you can specify which programs should start automatically as soon as your remote connection is established.
For example if you always work in Server Manager, you can set it up so it automatically starts up when you connect.
In our example we don’t want any programs to start automatically, so we are going to skip this option.

15. Now click on the Experience tab.

16. First select your connection speed between your client and your server.
If you are on the same network you should choose LAN option. If, however, you’re connecting from home and you have a high speed cable modem then select the Broadband option.

17. Once you select the speed the appropriate options will be automatically checked, such as background, themes, etc.
The slower connection speed the less of these options will be selected. Keep in mind that you can always change these selections if you decide to.

18. And finally click on the Advanced tab.

19. The Server authentication option verifies that you are connecting to the correct machine.
If the verification doesn’t meet the minimum requirements you have the option to be connected anyway, to be warned, or to not be connected at all.
In our example we are going to select the Warn me option.

20. After all your settings have been selected, go back to the General tab and click on the Save As button.

21. First make sure you save this shortcut to your desktop. Then type in the shortcut’s name and click on Save.

22. And there it is. To test it go ahead and double click on the shortcut.

23. You will need to type in your password. If you prefer the automatic logon, check the box next to Remember my credentials — but remember, this is not the most secure way to create a remote connection.
When ready, hit the OK button.

And here you are — your remote desktop on Windows Vista is ready!

[patris1]

کد:

http://windowsserver.trainsignal.com/server-2008-install-rodc-read-only-domain-controlle

Installing a Read-Only Domain Controller (RODC) isn’t much different than installing a regular domain controller.
However, there is one important factor to keep in mind. A RODC can only be installed into an existing Active Directory Domain with at least one full (non-read-only) Windows 2008 Server Domain Controller.
The reason is that the RODC is a new feature to Windows 2008 and it needs at least one DC to understand what it is doing in order to function properly.
Once the decision has been made to install a RODC the next decision is whether to install on a full-install or core-install of Windows 2008 Server.
The RODC is primarily aimed at providing additional security on an Active Directory Database for a server that is not physically secured. Installing a RODC on a Core Install of Windows 2008 provides no additional physical security.
It is actually a fair assumption that if someone is savvy enough to break into a stolen server that they also are capable of working most of their tricks from the command-line. So, while a Core Installation does increase security by having a smaller attack footprint, this level of security is separate from that provided by a RODC.

Although, it can be tempting to consider a Core Installation for remote RODC installs to lower the amount of patches and updates that need to be installed. However, it is important to remember that if there is no technical staff on-site, it can be much more difficult to walk someone through any procedures that must be performed locally if the non-technical person has to use the command line.
Installing RODC on a Core Server Install

There is only one way to install RODC role on a Core Server installation. The dcpromo.exe command runs on the GUI-less version of Windows Server 2008.
Using an answer file for the command makes the process much easier than trying to get all the switches just right in the command line.

Although there are many settings available depending upon your particular infrastructure, just basic information is required to complete the command:

• an account with permissions to do what you are trying to do
• the name of the Site
• the database and log paths
• and whether or not to install DNS.

Many people will put a “yes” for RebootOnCompletion. If you are doing an actual unattended promotion then that would make sense.
If you are sitting at the console, I prefer to manually reboot the server so that I can take as much time as I want to study what is on the screen if there is an issue.
Regular Installation

On a full install of Windows Servers 2008, there is of course a GUI tool to help with the process. The Active Directory Domain Services Installation Wizard handles the installation of RODC.
Type “dcpromo” at a command prompt to start the wizard. The first screen will ask you whether you want to use an existing forest, or create a new domain in a new forest. Since you must join an existing domain with a RODC, the choice is obvious.
Next you’ll be asked for a username and password. The account must be a member of Domain Admins in order to create a Read-Only Domain Controller.
Next, you’ll choose the site you wish to join.
So far, this is all the same as a regular Domain Controller install. Under “Additional Options” is where you actually choose to make this a Read-Only Domain Controller installation.

Next, choose the paths for installing the components, or just click Next to use the defaults. Once the confirmation screen appears, you are all set.
In this case, you might as well check “Reboot On Completion”. Unlike in the command-line environment, here in the GUI-world if something goes wrong you’ll have all the time you want before clicking on OK or Next to analyze what happened.
It’s Five O’clock Somewhere …

Your RODC is now installed. Congratulations! If it’s late enough in the day, or if your boss has already gone home, then head on out to happy hour.
If it’s still morning, or this is the third day this week you’re leaving early, then go get a cup of coffee. Either way, you’ve earned it

[patris1]

کد:

http://windowsserver.trainsignal.com/windows-server-2008-server-core-install

So, you’ve decided to install Windows 2008 Server Core.
You understand that a Core install comes with no GUI. No problem. You aren’t one of those wimpy sys admins who say things like “Go ask Ted” when the problems get hard.
There is no Ted. You ARE Ted.
Your TechNets hang by a thread, proudly worn out from eliciting the details that make the difference between a super-admin, and some over-glorified technology monkey who points and clicks around the screen to add the company’s new users.
Same, But Different

There are lots of improvements in Windows 2008 Server. One of them removes the annoying need to sit and watch your Windows Server install in order to answer those “in the middle” install questions. With Windows 2008 Server, you get before and after inputs, and that is it.
Installing Server Core is the same as a full install for the “Before” questions. No surprises here. Just boot up off your media, answer the language, time format, and keyboard format questions.

Click Install Now (the purpose of this seemingly useless screen is so that you can click the Repair option at the bottom.) Then, the product key, and finally the differences begin.
Choose the Installation Type. We want the Core! We want the Core! (Please, no chanting in the IT Department.)
There is no such thing as an upgrade to Server Core. Whereas an upgrade of a full install requires updating files, adding new files, and reconfiguring, upgrading to Core would actually require deleting entire files, directories, and processes without taking out previously set configurations.
Imagine the nightmare of trying to code something like that. So, there is no Server Core upgrade.
Clean install it is. Ted would want it that way, anyhow. By the way, there is also no way to “add” the components to turn a Server Core Install into a Full Install. That is, you have to re-install (clean) to get a Full Server Installation.
Pick your partition for the install and click Next. Now, go get a cup of coffee, or feed the meter, or get back to work. Either way, your work here is done until it is time to configure. All the file copying and rebooting will happen without you.
No ICT For You!

If you were doing a full install, now is when you get that nice new Initial Configuration Tasks (ICT) screen. So pretty, so simple, so great for reminding you to do everything.
No ICT For You! Just the login screen. Click Ctrl-Alt-Delete, click Other User and let’s get to work.
When you login for the first time, you will have to change the password. Don’t forget, the “Previous Password” is just blank. Once you are finished you’ll see the command prompt and nothing else. Ah, Ted would be proud.
The Initial Configure Task List, DOS Style

Without the ICT to guide you through the initial configuration steps, you are going to need a checklist.

1. Secure the Administrator Account
2. Set the Time and Date
3. Configure the Network
4. Activate the Server
5. Name the Server
6. Join a Domain
7. Configure Automatic Updates
8. Setup Remote Administration

A lot of the commands you might already be familiar with, but the switches might not be ones you’ve used a lot. Just remember that every (well, most of them) command comes with a /? option that will list out those slash-As and Bs that you don’t quite remember.
Oops! Now What?

Every administrator who does a core installation will eventually close the command prompt window, usually just out of habit.
When you do, Windows 2008 Server Core seems ominously blank. Your mind might go blank too. Now what? Jab at Ctrl-Shift-Esc and fire up the Task Manager, run a new task, type cmd and you are back in business.
Security!

Nothing makes hackers happier than an unsecured administrator account. You already set the password when you logged on. To change it you can still press Ctrl-Alt-Delete.
Hey, wait that looks like a GUI! Some very small GUI interfaces still exist.
The ones that do, have two things in common: One, they are small and cause no observable impact on the server performance. Two, they have no dependencies on bigger sub-systems. You have to have some sort of login screen anyway, and keeping the password changing piece is no big deal.
At the Sound of the Tone the Time Will Be

Setting the time and date is one of those places where you use a tiny GUI. All you have to do from the command line is get it started.
Type: control timedate.cpl
Now, just set the time and date like you always do.
Network Configuration

By default, your Windows 2008 Core Server will be DHCP enabled. If that is how you want it, then you are done here. If not, you need to know what network interfaces are in your server and what number they have been assigned by the system.
To find out type: netsh ipv4 show interfaces

All we really need from this output is the index number (Idx on the screen) of the interfaces we want to configure. Jot them down (if you have more than one) so you don’t have to come back here. Usually, 1 is the Loopback address. There is no need to configure this.
Now, with index numbers we are ready to setup our network. First, we setup our IP address information; assuming the interface index number is 2 – replace the number in the parameter “name” with whatever number you got from the netsh command:
netsh interface ipv4 set address name=”2” source=static address=10.1.1.101 mask=255.255.255.0 gateway = 10.1.1.1
Next, we setup the DNS:
netsh interface ipv4 set add dnsserver name=”2” address=172.10.10.10 index=1
Activation

The easiest step we have.
Type: slmgr.vbs –ato
Name the Server, Join the Domain

Using the Windows Management Interface to rename the computer is the easiest. Otherwise, we have to join the domain first in order to use the netdom command. Then we have to go back in and clean up the name generated by setup.
Since it is just one command we don’t have to do a full script.
wmic computersystem where name=”SetupName” rename name=”NewName”
Unfortunately a reboot is required to get the name change to take affect and we want the name changed before we try and add it to the domain, so it’s rebooting time.
Once the reboot is complete and you’ve logged back on, it is time to join the domain.
Using the name of the server (NewName), the domain we want to join (OurDomain) and an account with access to do so (Username = Ted, Password = ThePass) we use the netdom command:
netdom join NewName /domain:OurDomain /userid:Ted /password:ThePass
Now, the server has its name and it is in the domain. We’ll have to reboot again.
Set Automatic Updates

To setup automatic updates we use the scregedit.wsf script. The /au switch sets the automatic updates. A value of 4 is on. A value of 1 is off.
cscript scregedit.wsf /AU 4
Hit The Road Jack and Don’t Come Back

Unless you want to sit at the command prompt in front of your Windows 2008 Core Server every time you need to do something, you are going to want to enable remote administration of the server.
The great part about this is that for many functions you can go back to using the GUI (if you feel like it, you don’t have to) by using the remote functions on systems that do have the GUI installed, like your administrator workstation.
To enable remote admin we go back to our scregedit.wsf pal:
cscript scregedit.wsf /AR 0
That’s it. One installed and minimally configured Windows 2008 Core Server ready to go.
Of course, for the server to be of much use in your environment you’ll have to install and configure any roles you need, but that is a topic for another day

[mrpa]

تشکر از این همه لطف شما به این سایت واقعا مدیر فعالی هستین خدا قوت برادر