This chapter from Windows Server 2012 Pocket Consultant covers the roles, resources, and features available in Windows Server 2012 including the tools used for installation, setup and configuration, and management.
Servers are the heart of any Microsoft Windows network. One of your primary responsibilities as an administrator is to manage these resources. Windows Server 2012 comes with several integrated management tools. The one you’ll use for handling core system administration tasks is Server Manager. Server Manager provides setup and configuration options for the local server as well as options for managing roles, features, and related settings on any remotely manageable server in the enterprise. Tasks you can use Server Manager to perform include
Server Manager is great for general system administration, but you also need a tool that gives you fine control over system environment settings and properties. This is where the System utility comes into the picture. You can use this utility to do the following:
Windows Server 2012 uses the same configuration architecture as Windows Server 2008 and Windows Server 2008 Release 2 (R2). You prepare servers for deployment by installing and configuring the following components:
You configure roles, role services, and features by using Server Manager, a Microsoft Management Console (MMC). Some roles, role services, and features are dependent on other roles, role services, and features. As you install roles, role services, and features, Server Manager prompts you to install other roles, role services, or features that are required. Similarly, if you try to remove a required component of an installed role, role service, or feature, Server Manager warns that you cannot remove the component unless you also remove dependent roles, role services, or features.
Because adding or removing roles, role services, and features can change hardware requirements, you should carefully plan any configuration changes and determine how they affect a server’s overall performance. Although you typically want to combine complementary roles, doing so increases the workload on the server, so you need to optimize the server hardware accordingly. Table 2-1 provides an overview of the primary roles and the related role services you can deploy on a server running Windows Server 2012.
ROLE
DESCRIPTION
Active Directory Certificate Services (AD CS)
Provides functions necessary for issuing and revoking digital certificates for users, client computers, and servers. Includes these role services: Certification Authority, Certification Authority Web Enrollment, Online Responder, Network Device Enrollment Service, Certificate Enrollment Web Service, and Certificate Enrollment Policy Web Service.
Active Directory Domain Services (AD DS)
Provides functions necessary for storing information about users, groups, computers, and other objects on the network, and makes this information available to users and computers. Active Directory domain controllers give network users and computers access to permitted resources on the network.
Active Directory Federation Services (AD FS)
Complements the authentication and access management features of AD DS by extending them to the World Wide Web. Includes these role services and subservices: Federation Service, Federation Service Proxy, AD FS Web Agents, Claims-Aware Agent, and Windows Token-Based Agent.
Active Directory Lightweight Directory Services (AD LDS)
Provides a data store for directory-enabled applications that do not require AD DS and do not need to be deployed on domain controllers. Does not include additional role services.
Active Directory Rights Management Services (AD RMS)
Provides controlled access to protected email messages, documents, intranet pages, and other types of files. Includes these role services: Active Directory Rights Management Server and Identity Federation Support.
Allows a server to host distributed applications built using ASP.NET, Enterprise Services, and Microsoft .NET Framework 4.5. Includes more than a dozen role services.
DHCP provides centralized control over IP addressing. DHCP servers can assign dynamic IP addresses and essential TCP/IP settings to other computers on a network. Does not include additional role services.
DNS is a name-resolution system that resolves computer names to IP addresses. DNS servers are essential for name resolution in Active Directory domains. Does not include additional role services.
Provides centralized control over sending and receiving faxes in the enterprise. A fax server can act as a gateway for faxing and allows you to manage fax resources, such as jobs and reports, and fax devices on the server or on the network. Does not include additional role services.
File And Storage Services
Provides essential services for managing files and storage, and the way they are made available and replicated on the network. A number of server roles require some type of file service. Includes these role services and subservices: BranchCache for Network Files, Data Deduplication, Distributed File System, DFS Namespaces, DFS Replication, File Server, File Server Resource Manager, Services for Network File System (NFS), File Server VSS Agent Service, iSCSI Target Server, iSCSI Target Storage Provider, and Storage Services.
Provides services for creating and managing virtual machines that emulate physical computers. Virtual machines have separate operating system environments from the host server.
Network Policy and Access Services (NPAS)
Provides essential services for managing network access policies. Includes these role services: Network Policy Server (NPS), Health Registration Authority (HRA), and Host Credential Authorization Protocol (HCAP).
Print And Document Services
Provides essential services for managing network printers, network scanners, and related drivers. Includes these role services: Print Server, LPD Service, Internet Printing, and Distributed Scan Server.
Provides services for managing routing and remote access to networks. Use this role if you need to configure Virtual Private Networks (VPN), Network Address Translation (NAT), and other routing services. Includes these role services: DirectAccess and VPN (RAS) and Routing.
Remote Desktop Services
Provides services that allow users to run Windows-based applications that are installed on a remote server. When users run an application on a terminal server, the execution and processing occur on the server and only the data from the application is transmitted over the network.
Volume Activation Services
Provides services for automating the management of volume license keys and volume key activation.
Used to host websites and web-based applications. Websites hosted on a web server can have both static content and dynamic content. You can build web applications hosted on a web server by using ASP.NET and .NET Framework 4.5. When you deploy a web server, you can manage the server configuration using IIS 8 modules and administration tools. Includes several dozen role services.
Windows Deployment Services (WDS)
Provides services for deploying Windows computers in the enterprise. Includes these role services: Deployment Server and Transport Server.
Windows Server Update Services (WSUS)
Provides services for Microsoft Update, allowing you to distribute updates from designated servers.
Table 2-2 provides an overview of the primary features you can deploy on a server running Windows Server 2012. Unlike early releases of Windows, Windows Server 2012 does not install some important server features automatically. For example, you must add Windows Server Backup to use the built-in backup and restore features of the operating system.
FEATURE
DESCRIPTION
Background Intelligent Transfer Service (BITS)
Provides intelligent background transfers. When this feature is installed, the server can act as a BITS server that can receive file uploads from clients. This feature isn’t necessary for downloads to clients using BITS. Additional subfeatures include BITS IIS Server Extension and BITS Compact Server.
BitLocker Drive Encryption
Provides hardware-based security to protect data through full-volume encryption that prevents disk tampering while the operating system is offline. Computers that have Trusted Platform Module (TPM) can use BitLocker Drive Encryption in Startup Key or TPM-Only mode. Both modes provide early integrity validation.
BitLocker Network Unlock
Provides support for network-based key protectors that automatically unlock BitLocker-protected operating system drives when a domain-joined computer is restarted.
Provides services needed for BranchCache client and server functionality. Includes HTTP protocol, Hosted Cache, and related services.
Provides functionality for accessing files on UNIX-based NFS servers.
Data Center Bridging
Supports a suite of IEEE standards for enhancing LANs and enforcing bandwidth allocation.
Provides support for Enhanced Storage Devices.
Provides clustering functionality that allows multiple servers to work together to provide high availability for services and applications. Many types of services can be clustered, including file and print services. Messaging and database servers are ideal candidates for clustering.
Group Policy Management
Installs the Group Policy Management Console (GPMC), which provides centralized administration of Group Policy.
Ink and Handwriting Services
Provides support for use of a pen or stylus and handwriting recognition.
IP Address Management Server
Provides support for central management of the enterprise’s IP address space and the related infrastructure servers.
Internet Printing Client
Provides functionality that allows clients to use HTTP to connect to printers on web print servers.
Internet Storage Naming Server (iSNS) Server Service
Provides management and server functions for Internet SCSI (iSCSI) devices, allowing the server to process registration requests, deregistration requests, and queries from iSCSI devices.
LPR Port Monitor
Installs the LPR Port Monitor, which allows printing to devices attached to UNIX-based computers.
Provides essential functionality for Windows Media Foundation.
Provides management and server functions for distributed message queuing. A group of related subfeatures is available as well.
Multipath I/O (MPIO)
Provides functionality necessary for using multiple data paths to a storage device.
.NET Framework 4.5
Provides APIs for application development. Additional subfeatures include .NET Framework 4.5, ASP.NET 4.5, and Windows Communication Foundation (WCF) Activation Components.
Network Load Balancing (NLB)
NLB provides failover support and load balancing for IP-based applications and services by distributing incoming application requests among a group of participating servers. Web servers are ideal candidates for load balancing.
Peer Name Resolution Protocol (PNRP)
Provides Link-Local Multicast Name Resolution (LLMNR) functionality that allows peer-to-peer, name-resolution services. When you install this feature, applications running on the server can use LLMNR to register and resolve names.
Quality Windows Audio Video Experience
A networking platform for audio video (AV) streaming applications on IP home networks.
RAS Connection Manager Administration Kit
Provides the framework for creating profiles for connecting to remote servers and networks.
Allows a remote user to connect to the server to provide or receive Remote Assistance.
Remote Differential Compression
Provides support for differential compression by determining which parts of a file have changed and replicating only the changes.
Remote Server Administration Tools (RSAT)
Installs role-management and feature-management tools that can be used for remote administration of other Windows Server systems. Options for individual tools are provided, or you can install tools by top-level category or subcategory.
Remote Procedure Call (RPC) over HTTP Proxy
Installs a proxy for relaying RPC messages from client applications to the server over HTTP. RPC over HTTP is an alternative to having clients access the server over a VPN connection.
Simple TCP/IP Services
Installs additional TCP/IP services, including Character Generator, Daytime, Discard, Echo, and Quote of the Day.
Simple Mail Transfer Protocol (SMTP) Server
SMTP is a network protocol for controlling the transfer and routing of email messages. When this feature is installed, the server can act as a basic SMTP server. For a full-featured solution, you need to install a messaging server, such as Microsoft Exchange Server.
Simple Network Management Protocol (SNMP) Services
SNMP is a protocol used to simplify management of TCP/IP networks. You can use SNMP for centralized network management if your network has SNMP-compliant devices. You can also use SNMP for network monitoring via network management software.
Subsystem for UNIX-Based Applications (SUA)
Provides functionality for running UNIX-based programs. You can download additional management utilities from the Microsoft website. (Deprecated)
Allows a computer to connect to a remote Telnet server and run applications on that server.
Hosts the remote sessions for Telnet clients. When Telnet Server is running on a computer, users can connect to the server with a Telnet client from a remote computer.
User Interfaces And Infrastructure
Allows you to control the user experience and infrastructure options (Graphical Management Tools And Infrastructure, Desktop Experience, or Server Graphical Shell).
Windows Biometric Framework
Provides functionality required for using fingerprint devices.
Windows Internal Database
Allows the server to use relational databases with Windows roles and features that require an internal database, such as AD RMS, UDDI Services, WSUS, Windows SharePoint Services, and Windows System Resource Manager.
Allows you to manage the Windows PowerShell features of the server. Windows PowerShell 3.0 and the PowerShell ISE are installed by default.
Windows PowerShell Web Access
Allows the server to act as a web gateway for remotely managing servers in a web browser.
Windows Process Activation Service
Provides support for distributed, web-based applications that use HTTP and non-HTTP protocols.
Windows Standards-Based Storage Management
Provides support for managing standards-based storage and includes management interfaces as well as extensions for WMI and Windows PowerShell.
Windows Server Backup
Allows you to back up and restore the operating system, system state, and any data stored on a server.
Windows System Resource Manager (WSRM)
Allows you to manage resource usage on a per-processor basis. (Deprecated)
Windows TIFF IFilter
Focuses on text-based documents, which means that searching is more successful for documents that contain clearly identifiable text (for example, black text on a white background).
WinRM IIS Extension
Provides an Internet Information Services (IIS)–based hosting model. WinRM IIS Extension can be enabled at either the website or virtual-directory level.
A name-resolution service that resolves computer names to IP addresses. Installing this feature allows the computer to act as a WINS server.
Wireless LAN Service
Allows the server to use wireless networking connections and profiles.
Supports WoW64, which is required on a full-server installation. Removing this feature converts a full-server installation to a Server Core installation.
A program you can use to view, search, set permissions for, and digitally sign XPS documents.
Desktop Experience is now a subfeature of the top-level feature called User Interfaces And Infrastructure. Desktop Experience provides Windows desktop functionality on the server. Windows features added include Windows Media Player, desktop themes, Video for Windows (AVI support), Windows Defender, Disk Cleanup, Sync Center, Sound Recorder, Character Map, and Snipping Tool. Although these features allow a server to be used like a desktop computer, they can reduce the server’s overall performance.
As an administrator, you might be asked to install or uninstall dynamic-link libraries (DLLs), particularly if you work with IT development teams. The utility you use to work with DLLs is Regsvr32. This utility is run at the command line.
After you open a Command Prompt window, you install or register a DLL by typing regsvr32 name.dll—for example:
regsvr32 mylibs.dll
If necessary, you can uninstall or unregister a DLL by typing regsvr32 /u name.dll—for example:
regsvr32 /u mylibs.dll
Windows File Protection prevents the replacement of protected system files. You can replace only DLLs installed by the Windows Server operating system as part of a hotfix, service pack update, Windows update, or Windows upgrade. Windows File Protection is an important part of the Windows Server security architecture.