What settings are added or changed?
The following registry settings apply to Server Manager and Initial Configuration Tasks in all available variations of Windows Server 2008.
The registry settings in the following table control the default opening behavior of the Server Manager and Initial Configuration Tasks windows.
Setting name
|
Location
|
Default value
|
Possible values
|
Do not open Server Manager at logon
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Server Manager
|
0
|
0 to disable and open the window normally; 1 to enable and prevent the window from opening.
|
Do not open Initial Configuration Tasks at logon
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Server Manager\oobe
|
0
|
0 to disable and open the window normally; 1 to enable and prevent the window from opening.
|
How should I prepare to deploy Server Manager?
Server Manager is installed by default as part of Windows Server 2008. To use Server Manager, you must be logged on to the computer as a member of the Administrators group.
Note
If you log on to the computer by using an Administrator account other than the default Administrator account, a dialog box might open to prompt you for your permission to run Server Manager. Click Allow to start Server Manager.
How do I open Server Manager?
Server Manager opens by default when the Initial Configuration Tasks window is closed.
After initial configuration tasks are complete, Server Manager opens by default when an administrator logs on to a computer running Windows Server 2008. If you close Server Manager and want to open it again, you can open Server Manager by using the Server Manager command in any of the following locations:
In the Start menu, under Administrative Tools.
In the Start menu (if you are logged on to the computer as a member of the Administrators group).
In the Start menu, right-click Computer, and then click Manage.
On the Quick Launch toolbar, adjacent to the Start button.
In Control Panel, click Programs, click Programs and Features, and then click Turn Windows features on or off.
Additional references
For more information about Server Manager, see the Windows Server TechCenter (http://go.microsoft.com/fwlink/?LinkId=48541). You can also learn how to perform specific operations in Server Manager in the Server Manager Help, available by pressing F1 in an open Server Manager console window.
The Server Manager Technical Overview (http://go.microsoft.com/fwlink/?LinkId=85101) provides more detailed information about Server Manager, and includes the XML schema to which Server Manager command-line answer files must conform. You can also download the Server Manager command-line XML schema from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=81203).
The Server Manager Scenarios Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=101037) provides an overview of Server Manager and walkthroughs of several common scenarios for using Server Manager in your enterprise.
Server Core Installation Option
In the Windows Server® 2008 operating system, administrators can now choose to install a minimal environment that avoids extra overhead. Although this option limits the roles that can be performed by the server, it can improve security and reduce management. This type of installation is called a Server Core installation.
What does a Server Core installation do?
A Server Core installation is a minimal server installation option for Windows Server 2008. Server Core installations provide an environment for running the following server roles:
Active Directory Domain Services
Active Directory Lightweight Directory Services (AD LDS)
DHCP Server
DNS Server
File Services
Print Server
Streaming Media Services
By choosing to use the Server Core installation option on a server, you can reduce your administrative effort and help limit security risks. A Server Core installation provides these benefits in three ways:
By reducing the software maintenance required
By reducing the management required
By reducing the attack surface
To accomplish this, the Server Core installation option installs only the subset of the binary files that are required by the supported server roles. For example, the Windows Explorer user interface (or "shell") is not installed as part of a Server Core installation. Instead, the default user interface for a server running a Server Core installation is the command prompt.
A Server Core installation of Windows Server 2008 supports the following optional features:
Backup
BitLocker Drive Encryption
Failover Clustering
Multipath IO
Network Load Balancing
Removable Storage
Simple Network Management Protocol (SNMP)
Subsystem for UNIX-based applications
Telnet client
Windows Internet Name Service (WINS)
Who will be interested in this feature?
The Server Core installation option is designed for use in organizations that either have many servers, where some only need to perform dedicated tasks, or in environments where high security requirements require a minimal attack surface on the server.
Since no graphical user interface is available for many Windows operations, using the Server Core installation option requires administrators to be experienced in using a command prompt or scripting techniques for local administration of the server. Alternatively, you can manage the Server Core installation with Microsoft Management Console (MMC) snap-ins from another computer running Windows Server 2008 by selecting the computer running a Server Core installation as a remote computer to manage.
You should review this topic and additional documentation about the Server Core installation option if you are in any of the following groups:
IT planners and analysts who are technically evaluating the product
Enterprise IT planners and designers for organizations
Those responsible for IT security
IT Pros managing the following server roles: Active Directory Domain Services, AD LDS, DHCP Server, DNS Server, File Services, Print Server, or Streaming Media Services
What new functionality does a Server Core installation provide?
The Server Core installation option does not add new functionality to the server roles it supports. Each server role, however, might have changes for Windows Server 2008.
Why is this change important? What threats does it mitigate?
Server Core installations provide the following benefits:
Reduced maintenance. Because a Server Core installation installs only what is required for the specified server roles, less servicing is required than on a full installation of Windows Server 2008.
Reduced attack surface. Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.
Reduced management. Because fewer applications and services are installed on a server running a Server Core installation, there is less to manage.
Less disk space required. A Server Core installation only requires about 1 gigabyte (GB) of disk space to install, and approximately 2 GB for operations after the installation.
What works differently?
A server running a Server Core installation does not have a user interface or provide the ability to run applications. A Server Core installation is a minimal installation for running the Active Directory Domain Services, AD LDS, DHCP Server, DNS Server, File Services, Print Server, and Streaming Media Services server roles.
The management experience will also be different using a Server Core installation. A Server Core installation requires you to initially configure the system from the command line, or using scripted methods such as an unattended installation, because it does not include the traditional full user interface.
Once the server is configured, you can manage it from the command line, either locally or remotely with a Terminal Services remote desktop connection. You can also use MMC snap-ins or command-line tools that support remote connections to manage the server remotely.
How do I fix any issues?
Administrators managing a Server Core installation need to be aware that there is no graphical user interface (GUI) available.
Although no changes are required to the configuration of your network, you might need to become familiar with command-line tools.
What settings are added or changed in a Server Core installation?
The Server Core installation option does not add or change any settings. However, you should review the documentation for each of the supported server roles that are available with the Server Core installation option, to check for changes in Windows Server 2008.
The changes in each of those roles are the same whether you are using the Server Core installation or full installation option.
Do I need to change any existing code?
The Server Core installation option is not an application platform, and you cannot run or develop server applications on a Server Core installation. A Server Core installation can only be used to run the supported server roles and management tools.
Servers running a Server Core installation support development of management tools and agents, which can be divided into two categories:
Remote management tools. These tools do not require any changes, as long as they use one of the protocols supported in Server Core installations to communicate with the remote management workstation, such as remote procedure call (RPC).
Local management tools and agents. These tools might require changes to work with Server Core installations because they cannot have any shell or user interface dependencies, and cannot use managed code.
The Windows Server 2008 Software Development Kit (SDK) includes a list of APIs that are supported in Server Core installations. You need to verify that all APIs called by your code are listed, and you also need to test your code on a Server Core installation to ensure that it behaves as expected.
What do I need to change in my environment to deploy a Server Core installation?
No changes to your environment or infrastructure are required.
The Server Core installation option only supports a clean installation onto a server. You cannot upgrade to a Server Core installation from a previous version of Windows.
To install a Server Core installation of Windows Server 2008, start the server computer with a bootable Windows Server 2008 DVD in the computer's DVD drive. When the Autorun dialog box appears, click Install Now, and then follow the instructions on the screen to complete the installation.
Note
In many cases, a Server Core installation will be installed using an unattended installation script.
The following optional features require appropriate hardware to be able to use them:
BitLocker Drive Encryption
Note
Some BitLocker functionality is available without specific hardware.
Failover Clustering
Multipath IO
Network Load Balancing
Removable Storage
There are no prerequisites for the following optional features:
Backup
Simple Network Management Protocol (SNMP)
Subsystem for UNIX-based applications
Telnet client
Windows Internet Name Service (WINS)
Additional references
The following resources provide additional information about Server Core installations:
If you need product support, see Microsoft Connect (http://go.microsoft.com/fwlink/?LinkId=49779).
To access newsgroups for this feature, follow the instructions that are provided on Microsoft Connect (http://go.microsoft.com/fwlink/?LinkId=50067).
If you are a beta tester and part of the special Technology Adoption Program (TAP) beta program, you can also contact your appointed Microsoft development team member for assistance.
The following resources on the Microsoft Web site provide additional information about some of the commands you can use to configure Server Core installations and enable server roles:
Command-line reference A-Z (http://go.microsoft.com/fwlink/?LinkId=20331)
Dcpromo unattended installation files
Performing an Unattended Installation of Active Directory (http://go.microsoft.com/fwlink/?LinkId=49661)
Netsh
Netsh overview (http://go.microsoft.com/fwlink/?LinkId=49654)
Dnscmd
Dnscmd overview (http://go.microsoft.com/fwlink/?LinkId=49656)
Dnscmd syntax (http://go.microsoft.com/fwlink/?LinkId=49659)
Dnscmd examples (http://go.microsoft.com/fwlink/?LinkId=49660)
Dfscmd
Dfscmd reference (http://go.microsoft.com/fwlink/?LinkId=49658)
The following resource provides additional information for deploying, configuring, and managing a Server Core installation, and also for enabling a server role on a Server Core installation:
Server Core Installation Option Step-By-Step Guide (http://go.microsoft.com/fwlink/?LinkId=87369)
Active Directory Certificate Services Role
Active Directory® Certificate Services (AD CS) in the Windows Server® 2008 operating system provides customizable services for creating and managing public key certificates used in software security systems employing public key technologies. Organizations can use AD CS to enhance security by binding the identity of a person, device, or service to a corresponding private key. AD CS also includes features that allow you to manage certificate enrollment and revocation in a variety of scalable environments.
The following topics describe changes in AD CS functionality available in this release:
Cryptography Next Generation
AD CS: Online Certificate Status Protocol Support
AD CS: Network Device Enrollment Service
AD CS: Web Enrollment
AD CS: Policy Settings
AD CS: Restricted Enrollment Agent
AD CS: Enterprise PKI (PKIView)
Cryptography Next Generation
Cryptography Next Generation (CNG) in the Windows Server® 2008 operating system provides a flexible cryptographic development platform that allows IT professionals to create, update, and use custom cryptography algorithms in cryptography-related applications such as Active Directory® Certificate Services (AD CS), Secure Sockets Layer (SSL), and Internet Protocol security (IPsec). CNG implements the U.S. government's Suite B cryptographic algorithms, which include algorithms for encryption, digital signatures, key exchange, and hashing.
What does CNG do?
CNG provides a set of APIs that are used to:
Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data.
Create, store, and retrieve cryptographic keys.
Install and use additional cryptographic providers.
CNG has the following capabilities:
CNG allows customers to use their own cryptographic algorithms or implementations of standard cryptographic algorithms. They can also add new algorithms.
CNG supports cryptography in kernel mode. The same API is used in both kernel mode and user mode to fully support cryptography features. Secure Sockets Layer/Transport Layer Security (SSL/TLS) and IPsec, in addition to startup processes that use CNG, operate in kernel mode.
The plan for CNG includes acquiring Federal Information Processing Standards (FIPS) 140-2 level 2 certification together with Common Criteria evaluations.
CNG complies with Common Criteria requirements by using and storing long-lived keys in a secure process.
CNG supports the current set of CryptoAPI 1.0 algorithms.
CNG provides support for elliptic curve cryptography (ECC) algorithms. A number of ECC algorithms are required by the United States government's Suite B effort.
Any computer with a Trusted Platform Module (TPM) will be able to provide key isolation and key storage in TPM.
Share with your friends: |