Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy

Web Admittance Shelter is a new discipline included with Windows Computer 2008 that allows you to manipulate what machines are allowed to tie to otherwise machines on your mesh. Web Way Indorsement (or NAP) enables you to set system wellbeing policies that staleness be met before a machine is allowed system hit. If the machines check the requirements in the web accession policies, then they are allowed on the cloth. If not, then the organization may be disallowed from conjunctive to any organisation on the network, or you mightiness configure policies that yield the organisation to enter to remediation computer that appropriate the machine to repair and try to connect to the cloth again after remediation is made.

he are a amount of slipway you can compel a NAP policy. The simplest method is to use NAP with DHCP enforcement. Alas, this is also the minimal sure method, since a soul can manually configure an IP label on a organisation and avoid the NAP DHCP insurance enforcement. The most bonded method of NAP enforcement is IPsec. When using IPsec NAP enforcement, when a organization is compliant with NAP access insurance, the organization is issued a welfare certification that allows the tool to make a protected IPsec shape to another machines involved on the NAP "virtual" material. Alas, NAP with IPsec enforcement is the most construction plan.

NAP by itself is an extremely difficult discipline with hundreds of "hurling parts". If you misconfigured any of these hundreds of unwinding parts, the deployment will break and it can purchase quite a piece to image out what when dishonourable. When using NAP with IPsec enforcement, you find that there are straight more "heartwarming parts" and troubleshooting becomes smooth writer difficult Insurance when surround onward on a NAP deployment.

So, with all the reveal of quality and innumerable "poignant parts", it strength channel same I'm disagreeable to advise you from implementing NAP with IPsec policy enforcement. No! That's no legitimate. I honorable require you to eff that it's a complicated falsehood and plan and that you should be forbearing with your testing and deployment. The solon dimension you spend tryout and apprehension how the answer complex, the amend possibleness you'll soul at your deployment existence a success.

NAP with IPsec insurance enforcement is a really ruling method of deploying your NAP resolution. You actually get two solutions in one: first, you get the NAP scheme access check that enables you to closure sallow machines from connecting to your meshing and sec, you get the nation of IPsec land separation that prevents villain machines from conjunctive to your scheme. NAP with IPsec orbit solitariness allows you to create a "realistic network" within the confines of your carnal networks. Machines in the IPsec "realistic network" can be on the self textile part or VLAN section, but virtually segmented from one other by IPsec. Machines without IPsec Upbeat Certificates testament be unable to covenant with hearty

What is Internet Protocol security (IPsec)

Ipsec is the internet security protocol this protocol is used to the transfer the data more secure between the network IPSec is the most popular standard for securing data over a network. ip protocol is responsible to transfer the data from source to destination and provide end to end security of the data in private. IPSec (short for IP Security) is a set of security standards designed by the Internet Engineering Task Force (IETF) to provide end-to-end protection of private data. Implementing this standard allows your enterprise to transport data across an untrustworthy network such as the Internet while preventing hackers from corrupting, stealing, or spoofing your communication. As part of a continuing effort by Microsoft Corp. to move toward industry security standards, Windows Server makes IPSec easier to configure.

Ipsec securing packets it work with the Network Layer, IPSec provides end to end encryption services . as well as other access protections for secure networking. when we send data source to destination then encript the data then send For example, IPSec can provide for end-to-end security from client-to-server, server-to-server, and client-to-client configurations using IPSec transport mode. IPSec also delivers machine-level authentication and encryption for VPNs based on the Layer 2 Tunneling Protocol. if we configure ipsec then should be must configure both site otherwise user can't communicate with server.

IPSec is a service of protocols that provides powerful protection, authentication, and optional privacy and replay protection services. The IPSec protocols encompass packet format, key exchange, and transforms that are defined by IETF

The IPSec packets are comprised of the following types:

IP Protocol 50: This is the "Encapsulating Security Payload (ESP)" format. It defines privacy, authenticity, and integrity.

IP Protocol 51: This is the "Authentication Header (AH)" format. It defines authenticity and integrity, but not privacy.

IPSec Modes
IPSec operates in two modes, which are defined as follows:

Transport Mode: In this mode, AH and ESP protect the transport payload. Transport mode defines end to end communication between source and destination computers.

Tunnel Mode: IPSec is implemented in tunnel mode when the final destination of the packet differs from the security termination point. This mode is used when the security is provided by a device that did not originate the packets, such as in VPNs or router forwarding.

IPSec Encryption:
The ESP protocol provides for data privacy using encryption. it is encrypt the data between source to destination Under Windows Server, IPSec utilizes encryption based on either DES (Data Encryption Standard), which is 56 bits, or 3DES (Triple DES), which is 3x56 or 168 bits in strength. nowadays's mostly use 3DES because it is make very secure data.

The ESP and AH protocols is that they define an path framework for packet header formats and processing rules although leaving the transforms unspecified. although, the cryptographic algorithms can be updated as old algorithms become relatively weaker and less secure. This section introduces the practical steps to configure IPSec on Windows Server.


Source: http://www.informit.com/guides/content.aspx?g=security&seqNum=24

Active Directory Auditing in Windows Server 2008

Windows operating system (OS), the features available to enable and monitor auditing for Active Directory (AD) have been relatively limited. Nine general categories of auditing have traditionally been available, all of which result in a fairly coarse level of logging to the Microsoft Windows server Event Log. By combined only a little number of log categories, the result of enabling logging is a lengthy amount of extra data that must be managed in order to capture modify actions of interest. At the same time, auditing requirements brought about by industry and governmental compliance regulations have increased the criticality for effective and consistent logging in many network environments.

Microsoft’s release of Windows Server 2008, modify logging benifit new levels of granularity associated with configurable event categories and subcategories, although a new Windows Event Log improves the process of clarify for and locating events of interest. AD itself gains four new logging subcategories that assist with the monitoring of configuration changes and replication in addition to object accesses.

we are explaining these paragraph will discuss the new audit capabilities specific to AD gained through an upgrade to Windows Server 2008. It will provide specific guidance and step-by-step instructions to assist user's, the administrator, with making best use of AD’s new auditing features.

Enabling Auditing in Windows Server 2008:
The mathode to enable modifying in Windows Server 2008 arrives comparatively unchanged from its updation in previous OS versions. Enabling the basic auditing of AD events on domain controllers is most often performed using Group Policy through modification of the native Default Domain Controllers Policy. Enabling auditing in this manner ensures that auditing settings are configured consistently across all domain controllers. Figure 1 shows a configured policy as seen within the Group Policy Management Editor.

Windows Server 2008 New Auditing Subcategories:
The problem with these nine categories in previous versions of the Windows OS was that they didn’t provide the level of granularity needed by many administrators. Enabling the Audit account management category effectively turned on auditing for all types of account management activities. If you were interested in only auditing for user account management and had no interest in computer account management, we were stuck with wading through the extra data associated with its Event Log entries.

With Microsoft Windows Server 2008, the real nine contain are beaked into 50 audit policy subcategories. These subcategories allow for exact control over the types of

events logged into the Security Event Log. The various each of some new subcategories and their relation to the original nine audit policies. As you’ll learn, knowing the name of each subcategory and its relation to its category is important for the command-line tool used to enable them.


Source: http://cc.realtimepublishers.com/tips/understanding-active-directory-auditing-in-windows.php

HOW TO Audit Active Directory Objects in Windows Server 2003

When we are use Windows Server 2003 auditing, this feature is very important we can track both user activities and Windows Server 2003 activities which are named events, on a computer. When we are use auditing, we can specify particular which events are written to the Security log.

An audit entry in the Security log contains the following information:
* The action that was performed.
* The user who performed the action.
* The success or failure of the event and the time that the event occurred.

The audit policy setting defines the categories of features that Windows Server 2003 logs in the Security log on each computer. The Security log makes it possible for we to track the events that we specify.

When we audit Active Directory feature, Windows Server 2003 writes an event to the Security log on the domain controller.This feature come up. because it is the domain controller that tried to authenticate the log on attempt but could not do so.

To enable auditing of Active Directory objects:
* Configure an audit policy setting for a domain controller. When you configure an audit policy setting, you can audit objects but you cannot specify the object you want to audit.
* Configure auditing for specific Active Directory objects. After you specify the events to audit for files, folders, printers, and Active Directory objects, Windows Server 2003 tracks and logs these events.

How to Configure an Audit Policy Setting for a Domain Controller:
By default, auditing is turned off. For domain controllers, an audit policy setting is configured for all domain controllers in the domain. To audit events that occur on domain controllers, configure an audit policy setting that applies to all domain controllers in a non-local Group Policy object for the domain. You can access this policy setting through the Domain Controllers organizational unit. To audit user access to Active Directory objects, configure the Audit Directory Service Access event category in the audit policy setting.

NOTES:

* we must grant the Manage Auditing And Security Log user right to the computer where you want to either configure an audit policy setting or review an audit log. By default, Windows Server 2003 grants these rights to the Administrators group.
* The files and folders that you want to audit must be on Microsoft Windows NT file system ( NTFS) volumes.

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. On the View menu, click Advanced Features.
3. Right-click Domain Controllers, and then click Properties.
4. Click the Group Policy tab, click Default Domain Controller Policy, and then click Edit.
5. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
6. In the right pane, right-click Audit Directory Services Access, and then click Properties.
7. Click Define These Policy Settings, and then click to select one or both of the following check boxes:
Success: Click to select this check box to audit successful attempts for the event category.
Failure: Click to select this check box to audit failed attempts for the event category.
8. Right-click any other event category that you want to audit, and then click Properties.
9. Click OK.
10.Because the changes that we make to our computer's audit policy setting take effect only when the policy setting is propagated or applied to your computer, complete either of the following steps to initiate policy propagation:

Type gpupdate /Target:computer at the command prompt, and then press ENTER.
Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

11.Open the Security log to view logged events.

Note: If we are either a domain or an enterprise administrator, we can enable security auditing for workstations, member servers, and domain controllers remotely.

Configure Auditing for Specific Active Directory Objects:
After you configure an audit policy setting, you can configure auditing for specific objects, such as users, computers, organizational units, or groups, by specifying both the types of access and the users whose access that you want to audit. To configure auditing for specific Active Directory objects.

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Make sure that Advanced Features is selected on the View menu by making sure that the command has a check mark next to it.
3. Right-click the Active Directory object that you want to audit, and then click Properties.
4. Click the Security tab, and then click Advanced.
5. Click the Auditing tab, and then click Add.
6. Now Complete one of the following:
Type the name of either the user or the group whose access you want to audit in the Enter the object name to select box, and then click ok.

In the list of names, double-click either the user or the group whose access you want to audit.

7. Click to select either the Successful check box or the Failed check box for the actions that you want to audit, and then click OK.
8. Click OK, and then click OK.


Source: http://support.microsoft.com/kb/814595

Microsoft offers server targeted at small businesses

Microsoft is offering up a strip under version of its Server 2008 product, and partnering with HP to supply the hardware that will run it. For small offices in the Toronto forest life Centre, it offers money savings although continue providing the real services a business needs to get the job done.

A new, strip under version of Microsoft Windows Server 2008 is being alert as an ideal first sever for a small business or branch office by Microsoft and its hardware partner Hewlett Packard . Windows Server 2008 Foundation edition begin in April, but HP was the first to bring it to the Canadian market in May, with two lines of server hardware supporting the bare bones operating system.

Microsoft organization goal the small business market with a low price point that requires less expensive hardware. The server offers all the functions a small office might required– thus as file and printer sharing, and remote desktop connections.The server will support up to 15 users and there's no need to buy client license, says product manager for Windows Server at Microsoft Canada.

It is the describe everything of Windows Server 2008, and it's giving a small business the organization they need,” she says. it doesn't come with Hyper-V. Server visualization is not a key priority for a really small business, especially when this is probably their first server.

The organization is run on a 64-bit system architecture (x64) and doesn't support 32-bit components (x86). It allows 50 network access connections through RRAS and 10 through IAS, compared to 250 and 50 connections respectively on the Standard edition. It also allows 50 connections through Terminal Services Gateway instead of 250.

Hewlett Packard is offering two lines of server hardware that will support organization. It's HP ProLiant Tower Servers ML series, and the ProLiant Rack Optimized Servers DL series. these all solution is perfect for small business or home office environment, and that's the market we're going after,” says product manager for HP ProLiant. “Small business demand the same stuff that our large ones do. Security, reliability, stability it's all here.


Source: http://www.itbusiness.ca/it/client/en/home/News.asp?id=53498

What Windows 7 and Server 2008 R2 can do for your business

The Microsoft Windows 7 and Windows Server 2008 R2 in the release condition and getting close to general availability, it's a good time to sort out the believable benefit these two new operating systems will have on our enterprise.

First, we will want to identify oneself with the new features of each product, then classify where in our infrastructure we need improvements, and then make a return on investment analysis. After that, decide which of the new features could potentially solve our current problems.

Microsoft can't provide a Simple way problems that everyone can solve easily , but we can identify oneself with some removal features in both products and explain how they might benefit a given environment.

Some new features in Windows 7 and Windows Server R2 are only available if the enterprise uses both operating systems together. you should Remember that Windows 7 and Windows Server 2008 R2 are developed from the same code. Server 2008 R2 is a new OS and not an upgrade from 2008. In fact, currently, there is no upgrade path from 2008 to 2008 R2. In addition, R2 is only available on x64 plat forms. Windows 7 does have an upgrade path from Vista " but it has new features.

The removal features for these new products are Direct Access and Branch Cache. in reality, both of these features require Windows 7 and a 2008 R2 server.

Direct Access is a networking feature that provides we improved remote access for remote users. Once it's set up, it eliminates the narrow procedure of starting up a VPN connection and logging on to get access to personal network resources. In addition, managing remote clients is easier for the IT staff because Direct Access does not need a VPN connection to the intranet, which makes it easier for patch and anti virus definition management of all clients.


Source: http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1359267,00.html

Windows Server Operating System Performance information

It is very important hardware and software reduces operational costs and directly effect an organization’s. we are in the midst of developing Windows Server 2008 R2, and one of our goals for the product is to build a server operating system that is more power efficient than all of our previous releases. Further more, to help IT administrators better understand server power management and optimize their current Windows Server 2008 installations, we’re releasing a comprehensive white paper called “Power In, Dollars Out: Reducing the Flows in the Data Center” today. The white paper gives detailed explanations of many factors affecting server power efficiency, and contains a list of best practices for optimization.

It is the best mathode is to properly configure Windows Server 2008 and power management features.because it is reduce power consumption, we just turning on PPM features in the operating system can dicrease power consumption by 20%. In Windows Server, this can be done simply by choosing the Balanced or Power Saver power policies (found in the Power Options applet in the Control Panel). PPM is a hard technology, with many more toggles than a simple power switch on/off. We’ve done quite a part of work on the Windows Server processor power management (PPM) algorithms and parameters during R2 development. One of the results of this work was the development of a set of parameters that can boost power efficiency by up to 10% on standard level workloads.

If we don’t need to wait until R2 to deploy these new parameters on our servers. This paragraph will describe PPM technology, we just explain the parameters involved, and show level test results for the parameter changes on a commodity server. It will also give you a handy command-line walkthrough of the powercfg.exe commands necessary to implement these changes in our environment.

The Power management need help from the hardware and the operating system to work carefully. like hardware might support low power states, but the operating system schedule responsibility work and is in the best position to decide when low power states can be leveraged. The Advanced Configuration and Power Interface defines an interface between the operating system and server hardware to be used for power management purposes.


source: http://blogs.technet.com/winserverperformance/archive/2008/12/04/configuring-windows-server-2008-power-parameters-for-increased-power-efficiency.aspx

Microsoft: Upgrade to Windows Server 2008 SP2 RTM with Hyper-V

Microsoft the end of May 2009, Microsoft provide free of cost and download and started offer as an update the second service pack for Windows Vista and Windows Server 2008. since the RTM of Vista SP2 and Windows Server 2008 SP2, provide in the same package, the Redmond company revealed that it had seen “great adoption” of the new release. In this regard, the software giant is inviting customers running Windows Server 2008 SP1/RTM to upgrade to Service Pack 2, especially those running Hyper-V, as SP2 RTM brings consistent ehancements,compared with the plain vanilla release of the Windows server operating system.

Microsoft Windows Server 2008 SP2, Hyper-V final bits are included so there’s we don't need to particular indivisual, downloads which speeds up deployments. because there microsoft include all some other update. There are also some notable updates in SP2, including scalability enhancements for running on systems with up to 24 logical processors which enables support for up to 192 running virtual machines, update for Hyper-V when managed with System Center Virtual Machine Manager 2008 and updates for backup/restore of virtual machines with the Volume Shadow Copy Service. a member of the Windows Server Division revealed.

When second service pack for Windows Vista and Windows Server 2008. it launched Windows Server 2008 RTM/SP1, Microsoft was yet to finalize its hypervisor role for the platform. This is why the company only included the Beta version of Hyper-V and released the finalized virtualization solution as an update later on. This is no longer the case for SP2. Microsoft indicated that customers looking to upgrade Hyper-V Beta would first have to move to the RTM version, and only after that to SP2. At the same time, the advice is to uninstall any previous release of SP2 before implementing the final bits.

If we are fresh SP2 installed is being done and we’d like to move VMs to it, export the VMs from the begining point Windows Server 2008 host and import them on the SP2 host. Integration Components for the child virtual machines must be updated to the SP2 version.

If we are doing a fresh install or upgrade of SP2 on the parent partition, it never update the integration components inside the virtual machine. Be sure to update the VM ICs after SP2 is installed. If you have virtual machines created on the Beta version of the Windows Server 2008 Hyper-V role, and you installed the Beta version of the integration components on those machines, you must uninstall the integration components and reinstall the latest SP2 integration components,” the Windows Server Division team representative said.



Source: http://news.softpedia.com/news/Microsoft-Upgrade-to-Windows-Server-2008-SP2-RTM-with-Hyper-V-114539.shtml

Windows Server 2008 most of the drastic changes

The Microsoft Windows Server 2008, most of the important changes that were made, we'll never see, we can will feel these changes. And I really believe that in the future, we will look back at the Windows Server 2008 release and say wow that was a milestone, very similar to the way we look back on Windows 2000 and the introduction of Active Directory right now.

The most of the architectural changes that Microsoft chose to make on the Windows Server 2008 product is going to open the new mathode and lay the foundation for some pretty significant lurches forward if we will on this platform. First off, they made some significant kernel
changes to provide better processor virtualization support. And this is just going to give you faster, better, leaner operation.

The some of driver model changes, this just makes our drivers more stable and more secure. this is very protective feature. Obviously, drivers are a huge thing, almost anything we attach to the computer has to have a driver. And so to make these drivers more secure, more stable means less restarts, less lock ups, and so forth.

The Microsoft fully re-write the TCP/IP protocol stack, now we are going to hear me mention this a more million times in the course of this entire series because this is a huge thing. They did it for better performance, we should remember, as bandwidth goes up, we keep moving more and more data.

Now we going to begin the consume more and lot of XML, because there is a many work being asked of processors. So want more efficient ways to transfer larger packet of data, more reliable transportation of that data, so they've rewritten that TCP/IP stack to help with that.windows server 2008 also support IP version 6. we can say This is going to be a milestone.

Now we discousing about IP version 6, but that's huge. Now, Microsoft made some major architectural changes to the way memory is managed and the many way is manage. Now if we don't know what the heap is, don't worry about it, but as the amount of memory that we require on our machines and that our machines are being asked to manage and deal with, as that goes up, obviously it becomes more important that we handle it faster and more reliably so that's what's happened here.

Microsoft's has been many changes to the registry to make it perform better, they've also given it transactional support for reads and writes, and they've made some other changes, but again, the registry is a fundamental part of the Microsoft Operating System and quite honestly, it can turn into a bottle neck really quickly and a registry can become a problem and so they've made some pretty serious enhancements there.

Now, let's talk about probably the number 1 change that has been made to this operating system, you will notice this one, you may not realize why it's such a big deal but it is the introduction and the inclusion of the .NET Framework 3.0 version. Now, this is what gives
Vista its distinctive slicker, sexier, graphical look and you're going to see this in Windows Server 2008.

It's not as apparent in Windows Server, but what's going on underneath is what's making the difference. And there's 4 basic parts to the .NET Framework. The biggest thing about the .NET Framework is that it totally absolutely separates the client aspects of anything to do with the Windows Server platform from the services that the platform of the server provides.

Now, those services have been totally separated, totally object oriented so they can be easily distributed across machines across the Internet around the world, there does not absolutely need to be all the servers in the same room anymore by any standards. The first one up
is the WCF, this is codenamed Indigo, it is the Windows Communication Foundation, and this is where the new IPC Communication Stack resides. This gives the system the ability to communicate across different typologies and architectures.

This specifically gives the Windows Operating System to retain backward compatibility with older products, and again, it gives you that generic treatment of what's going on in the computer world now, that everybody needs to compete. And everybody needs to communicate on a level playing field. The second aspect on the .NET Framework is the WPF and this was codenamed Avalon and that is the Windows Presentation Foundation.



Source: http://www.vtc.com/products/MicrosoftWindowsServer2008/WindowsServer2008Basics/75471

Proxy Server for Windows server.

The proxy server is a machine which it is between the computers of a local area network and the Internet. it is server which is is "proxy" for an application by making a request on the Internet in its stead. This way, whenever a user connects to the Internet using a client application configured to use a proxy server, the application will first connect to the proxy server and give it its request. The proxy server then connects to the server which the client application wants to connect to and sends that server the request.

Proxy Server is easy-to-use and powerful Internet connection sharing software. Proxy can support broadband, DSL, dial-up, optical fiber, satellite, ISDN and DDN connections, it helps we build our own proxy server and share Internet access within the LAN efficiently and easily. The Proxy Server can act as an HTTP, mail, FTP, SOCKS, etc.

It is user account management functions and include Internet access control means how many website can open user and how many speed provide, bandwidth control, Internet web filtering, content filtering and time control. we can manage each and every thing. It also provides web caching, online access monitoring, access logging and bandwidth usage statistics functions. the Proxy is compatible with Win98, WinME, WinNT, Win2000, WinXP, Win2003 and Vista etc.

web filtering and content filtering function can restrict clients'which websites open and which website can't open. access to particular sites. It will help you to ensure that employees concentrate on their work or that children are unable to visit unsuitable sites. The time schedule function is used to control the users' online time.

Source: http://www.youngzsoft.net/ccproxy/

Setup and instalation windows x64 edition based computer

The Microsoft Windows operating systems x64 bit installation process is same to the installation process for the Windows x86 operating system. The x64 bit installation still copies the needed files to temporary folders, we restarts the computer into graphics user interface, performs Plug and Play detection and installation, and then finish the set up process. However, some graphics user interface mode graphics have been updated to profile new features in x64. To the end user, the installation procedure appears almost the same as the Windows x86 installation.


The Microsoft Windows floppy disks can not be use to install x64 Edition-based version of Windows Server 2003 and Windows XP Professional. because the kernel that is supplied it is x64 Edition-based operating systems is now over 2 MB and does not fit on a standard floppy disk. we can not use Winnt.exe to install Windows x64 Edition. Winnt.exe is not included on the Windows x64 Edition installation CD-ROM.

The Microsoft Windows installation x86 32-bit operating systems can not be start from with the x64 operating system environment. because we can not install Windows XP x64 Edition from within the 32-bit version of Windows XP Professional. this is very important point. The x86 versions of the Windows operating system cannot be upgraded to the x64 Edition version of the Windows operating system.

However, Windows Server 2003 x64 Standard Edition can be upgraded to Windows Server 2003 x64 Enterprise Edition. The installation process for x64 Edition operating systems does not support MS-DOS based mechanisms. For example, you cannot install Windows XP Professional x64 Edition from a command prompt.

The Microsoft Windows x64 Edition-based version of Windows Server and XP installation CD-ROM has been changed.this changes is very big changes as a technical view. The installation folder for Windows x64 Editions is the AMD64 folder. but, the i386 folder still exist and contain files that are required to install the Windows x64 Edition-based operating system.

we can successfully start the installation of the Windows x64 Edition operating system either locally or from a network share, we must make sure that the AMD64 folder and the other folders that are contained on the Windows x64 Edition installation CD-ROM are either copied locally or copied to the network share.

Microsoft Windows installation x64 bit Edition OS should be performe begining the computer by using the Windows x64 Edition. installation CD-ROM or by starting the installation from within another Windows 64-bit operating system. it is very important, Nowadays Microsoft Windows x64 Edition operating system is not currently available as a retail product. At release the Windows x64 Edition operating system will only be distributed for evaluation or through MSDN, Software Assurance, volume channels and OEM channels.

The Microsoft Windows x64 bit operating systems supports "sticky" hotfixes. if we use original OS and then face any problem with OS, then should we install any update if available. "Sticky" hotfixes are not overwritten or uninstalled when other updates are applied unless those updates are a more current version than the file that is currently installed on the computer. Because of these changes, we recommend that we perform a clean installation of the Windows x64 Editions operating systems from the CD-ROM.


Source: http://support.microsoft.com/kb/896334

Additional Active Directory Improvements

The Active Directory Installation under windows server. Wizard add some improvements over earlier versions in windows server 2008. These improvements make it easier for an administrator to control the installation of domain controllers within the domain. Enhancements include:

The Administrator easily and secure Manage The Server. the new Windows Server 2008 server management tool, give facility administrator to pre-stage domain controllers. and then administrator can be use. When the domain controller role is added from the Server Manager console, the files that are needed to perform the installation of the directory service are copied to the server. When an administrator starts the Installation Wizard,Through dcpromo.exe command. the files are already cached and available. This is very benificial of an administrator.

The Answer File Creation very easily in windows server 2008. If several domain controllers use the same settings when they are installed, because this file already available there. the Summary page allows you to export the settings from the current installation into an answer file. The password used for your Directory Services Restore Mode administrator account is not exported with the answer file, and you can specify that the user who is installing the domain controller is always prompted for the administrator password. This way, passwords are not accessible to users who have access to the location where the answer files are stored.

The Read-Only Domain Controller Installation. That is very easy in windows server 2008. The new Read-Only Domain Controller role can be installed using the Installation Wizard. When installing a Read-Only Domain Controller, you can define who is allowed to install and manage the domain controller. In the first phase of the installation, a domain administrator can define the account that can install the Read-Only Domain Controller. Once defined, the user that is associated with the Read-Only Domain Controller will have the rights to install the directory service.

Source: http://www.microsoft.com/windowsserver2008/en/us/active-directory.aspx

management windows server

The Microsoft windows server. Administrators always responsible for Windows server management need to be aware of the shortcuts and workarounds that can help maintain the performance of those Windows servers. Microsoft has released several versions of its server enterprise operating systems, including Windows 2000 Server, Windows Server 2003 and Windows Server 2008.

The Windows Server our company uses, we have got our covered. because in my company never face any critical problem. This topic section provides the best Windows Server tutorials and advice for all aspects of sever management, ranging from remote server management and Active Directory to Windows server clustering and consolidation. we will also find the latest news on Windows Server 2008, plus the hottest new server management tools for Windows enterprises.
The microsoft windows server while clustering offers several benefits to IT Department running Windows Server 2008, IT pros should also be aware of the potential disadvantages before implementing them. The key to Windows server performance often comes down to whether or not administrators are using the right tools.New server monitoring and management tools are coming out all the time, and our experts know the best free tools for Windows environments. This topic page features the top.

The Windows Server virtualization is the making of server resources. some feature including in this feature the number and identity of individual physical servers, processors and operating systems from server users. then user can easily use and access each and every thing This topic page features server virtualization tips, guides and news for administrators working in Windows.
The microsoft windows server capacity to quickly troubleshoot a faulty server. because it is very user friendly. it is important part of Windows administration. Because this is very familier most people compare to unix and linux. Because of the complexity of Windows server components, however, this is often easier said than done. This paragraph page features troubleshooting tips and tricks for a wide variety of common.

Controlling Service Security Using Windows Server 2008

The Windows Server 2008 Microsoft has added some new control over services. microsoft always make secure his product. When we combine all of the control that Microsoft provides for services in a Group Policy Object you can ensure that your services are protected.

Microsoft mostly every server that we have in our environment is running some sort of service. These services provide access to data, resources, applications, and other important of the server and network functionality. These some services make very easily comunicate his servcer. If these services are not protected, they become ideal candidates for an attacker.

When a service is attacked, attack his network and may be face big problems. which could result in down time and loss of money due to the server performing the services functions. With Windows Server 2008 Microsoft has added some fantastic new control over services. When you combine all of the control that Microsoft provides for services in a Group Policy Object, you can ensure that your services are protected.

Microsoft windows server Services are inherent dangerous to our servers and network due to the fact that they provide holes in the server for users, applications, and other servers to access resources. Windows Server and additional technologies always goal small business with a complete technology solution. When the hole is too large or the service is not protected, an attacker could be granted access to the server with elevated privileges. Therefore, it is essential that services be protected so that access is only granted to what the service is designed for.

Microsoft know very well what needs to be protected, we need to look backend the basic requirements that are created and think about the potential attacks that can be performed against services and their related settings. because microsoft make very power full his server day by day. The following is a list of capacity related to services.

that need to be protected:
Access Control List of the service
Startup mode for the service
Service account for the service
Service account password for the service

All of these security related areas of the service can now be controlled using Group Policy in a Windows Server 2008/Vista enterprise.
In order for you to take full advantage of the settings discussed in this article, you need to have one of the following running on your network:
Windows Server 2008 domain controller
Windows Vista SP1, with the Remote Server Administrative Tools installed, running in a Windows Active Directory domain.

Source: http://www.windowsecurity.com/articles/Controlling-Service-Security-Windows-Server-2008.html

Windows Server 2008 command-line tools

Windows Server 2008 provides command-line tools for managing our Microsoft Windows systems. we can use Icacls to update and back up access control lists, Wbadmin or Robocopy for system backups, and WinRS to open a secure command window with a remote host. Oclist and Ocsetup are tools that work only with Server Core installations. Server Manager Cmd, a command-line version of Windows Server 2008's Server Manager.


User Like every release of the Windows Server oprating systems, Windows Server 2008 includes a set of new command-line tools, some of which come from previous resource kits or support tools and others are new. Although Server 2008 includes Windows PowerShell, none of these new commands are PowerShell commands.


10. Oclist—Microsoft added the command-oriented Server Core as an installation option for Server 2008, and it has its own commands. Oclist queries the installed roles on our Server Core system. we can run the command oclist


9. Ocsetup—The Ocsetup command is used to install and remove roles and features from a our Server Core system.

8. Bcdedit—Like Windows Vista, Server 2008 uses a new boot process that saves the system boot configuration in the Boot Configuration Data store. The primary tool for editing Server 2008’s BCD store is the Bcdedit command, which supports many command-line options. To list the contents of the store, run bcdedit /enum


7. Icacls—The Icacls command replaces the older Cacls and Xacls commands. Icacls lets you list, update, and back up the ACLs for files and directories. The following example shows how we can save the ACLs for the C:\temp directory: icacls c:\temp /save tempacl


6. Mklink—The Mklink command creates a symbolic link in the file system that redirects all requests to a location you specify. Symbolic links are transparent to users, appearing as normal files or directories.

5. Robocopy—A staple in the Windows Resource Kit for years, Robocopy is more capable than the standard Windows Copy and Xcopy commands, and it’s able to resume after network outages as well as correctly copy file attributes, alternate streams, and security information.


4. Wbadmin—Wbadmin is used for Server 2008 backup and restore operations.


3. WinRS—The WinRS command lets you open a secure command window with a remote host. All communications between the client and the host are encrypted using Kerberos or NT LAN Manager (NTLM) keys.


2. Appcmd—Appcmd.exe is a new command-line tool that can be found in the \%WinDir%\System32\InetSrv directory. Appcmd is used to query, create, and configure Microsoft IIS 7.0 server properties, Web sites, and application pools. To list all sites on the system, we can use the following command: appcmd list sites

1. ServerManagerCmd—Without a doubt, the coolest commandline tool in Server 2008 is ServerManagerCmd.exe, which is the command-line version of the new Server Manager.

Source: http://windowsitpro.com/article/articleid/99119/command-line-tools-in-windows-server-2008.html

Windows server 2003 edition and support

Windows Server 2003 it is a brand name of microsoft there is number of editions, each are particular size and type of business. In general, all variants of Windows Server 2003 have the capacity of to the share files and printers, act as an application server, provide email services, authenticate users, befoure 2003 we are use windows 2000 and now we are using windows 2008 server

Windows Small Business Server
SBS includes Windows Server and additional technologies always goal small business with a complete technology solution. this technologies are integrated to enable small business with goal solutions such as the Remote Web Workplace, and offer management benefits enhanced monitoring, a unified management console, and remote access. then we can easily manage our network.

The Standard Edition of SBS includes Windows SharePoint Services for collaboration, because microsoft want make his windows always popular Microsoft Exchange server for e-mail, Fax Server, and the Active Directory for user management. The product also provides a basic firewall, DHCP server and NAT router using either two network cards or one network card in addition to a hardware router. when use two network card then we can share internet then we can use only single another system internet.




SBS server has the following design limitations:

Only one computer in a domain can be running Windows Server 2003 for Small Business Server.
Windows Server 2003 for Small Business Server must be the root of the Active Directory forest.
Windows Server 2003 for Small Business Server cannot trust any other domains.
Windows Server 2003 for Small Business Server is limited to 75 users or devices depending on which type of CAL.
Windows Server 2003 for Small Business Server is limited to 4GB of RAM
A Windows Server 2003 for Small Business Server domain cannot have any child domains.

Terminal Services only operates in remote administration mode on the server running SBS 2003, and only two simultaneous RDP sessions are allowed. this is very benificial feature in windows server.

Web Edition
Microsoft makes Windows Server 2003, mainly Web Edition is mainly hosting Web applications, Web pages, and XML Web services. It is designed to be used primarily as an IIS 6.0 Web server and provides a platform for rapidly developing and deploying XML Web services and applications that use ASP.NET technology, a key part of the .NET Framework. This edition does not require Client Access Licenses and Terminal Server mode is not included on Web Edition. However, Remote Desktop for Administration is available on Windows Server 2003, Web Edition. Only 10 concurrent file-sharing connections are allowed at any moment. It is not possible to install Microsoft SQL Server and Microsoft Exchange software in this edition. However MSDE and SQL Server 2005 Express are fully supported after service pack 1 is installed. Despite supporting XML Web services and ASP.NET, UDDI cannot be deployed on Windows Server 2003, Web Edition. The .NET Framework version 2.0 is not included with Windows Server 2003, Web Edition, but can be installed as a separate update from Windows Update


Standard Edition
Microsoft makes Windows Server 2003, Standard Edition is aimed towards small to medium sized businesses. Standard Edition supports file and printer sharing, offers secure Internet connectivity, and allows centralized desktop application deployment. the release of Windows Server 2003 was available solely for 32-bit processors; a 64-bit version supporting the x86-64 architecture (AMD64 and EM64T, called collectively x64 by Microsoft) was released in April 2005. The 32-bit version will run on up to 4 processors with up to 4 GB RAM; the 64-bit version is capable of addressing up to 32 GB of RAM. something the 32-bit version does not do. The 32-bit version is available for students to download free of charge as part of Microsoft's DreamSpark program.


Enterprise Edition
Microsoft makes Windows Server 2003, Enterprise Edition is aimed towards medium to large businesses. It is a full-function server operating system that supports up to eight processors and provides enterprise-class features such as eight-node clustering using Microsoft Cluster Server software and support for up to 32 GB of memory through PAE. Enterprise Edition also comes in 64-bit versions for the Itanium and x64 architectures. The 64-bit versions of Windows Server 2003, Enterprise Edition are capable of addressing up to 1 TB of memory. Both 32-bit and 64-bit versions support Non-Uniform Memory Access . It also provides the ability to hot-add supported hardware. Enterprise Edition is also required to issue custom certificate templates.


Datacenter Edition
Microsoft makes Windows Server 2003, Datacenter Edition is designed[8] for infrastructures demanding high security and reliability. Windows Server 2003 is available for x86, Itanium, and x86_64 processors. It supports a maximum of up to 32 processors on 32-bit or 64 processors on 64-bit hardware. 32-bit architecture also limits memory addressability to 64 GB, while the 64-bit versions support up to 1 TB. Windows Server 2003, Datacenter Edition, also allows limiting processor and memory this is depend upon application uges.

Server 2008 Security Compliance Management Toolkit

Windows Server 2008 Security Guide and the GPOAccelerator tool to provide you with prescriptive information and automated tools to establish and deploy your security baseline. This toolkit also provides you with 6 DCM Configuration Packs to use with the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 Service Pack 1 (SP1). Use this functionality to help you monitor the implementation of your security baseline for Windows Server 2008. The Windows Server 2008 Security Guide offers a choice of preconfigured security baselines for the following two different environments.


The Windows Server 2008 Security Compliance Management Toolkit includes the following components: Security guide, Attack Surface Reference workbook, Security Baseline Settings workbook, Security Baseline XML, GPOAccelerator tool, INF Files, Baseline Compliance Management Overview, DCM Configuration Pack User Guide, DCM Configuration Packs.


Windows Server 2003 Security Guide and the GPO Accelerator tool to provide you with prescriptive information and automated tools to establish and deploy your security baseline. This toolkit also provides you with 6 DCM Packs to use with the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 SP1. Use this functionality to help you monitor the implementation of your security baseline for Windows Server 2003 SP2. The Windows Server 2003 Security Guide offers a choice of preconfigured security baselines for the following two different environments:


The Windows Server 2008 Security Compliance Management Toolkit includes the following components: Security guide, Attack Surface Reference workbook, Security Baseline Settings workbook, Security Baseline XML, GPOAccelerator tool, INF Files, Baseline Compliance Management Overview, DCM Configuration Pack User Guide, DCM Configuration Packs.


Enterprise Client. This security baseline is best for most organizations in which functionality is evenly balanced with security.
Specialized Security – Limited Functionality. This security baseline is best for organizations in which concern for security is so great that a significant loss of functionality is acceptable. For example, military and security agency organizations operate in this type of environment.


Windows Vista Security Guide and GPO Accelerator tool to provide we with prescriptive information and automated tools to establish and deploy our security baseline. This toolkit also provides us with 6 DCM Configuration Packs to use with the desired configuration management feature in Microsoft System Center Configuration Manager 2007 SP1. Use this functionality to help us monitor the implementation of your security baseline for Windows Vista SP1. The Windows Vista Security Guide offers a choice of preconfigured security baselines for the following two different environments.


The Windows Server 2008 Security Compliance Management Toolkit includes the following components: Security guide, Attack Surface Reference workbook, Security Baseline Settings workbook, Security Baseline XML, GPOAccelerator tool, INF Files, Baseline Compliance Management Overview, DCM Configuration Pack User Guide, DCM Configuration Packs.


Source: http://technet.microsoft.com/en-us/library/cc514539.aspx

Configure printer pooling in Windows Server 2008

Printer pooling can consolidate print operations for Windows-based printing, which can lead to increased performance and cost savings. we can discribe how to use this feature for Windows Server 2008 systems.


Managing printers can be the bane of a Windows administrator. One feature that may assist you with this task is the Windows printer pooling feature. Windows Server 2008 (as well as previous versions of Windows Server) offers functionality that permits a collection of multiple like-configured printers to distribute the print workload.

Printer pooling makes one share that clients print to, and the jobs are sent to the first available printer. Configuring print pooling is rather straightforward in the Windows printer configuration applet of the Control Panel.

we should use logical guidelines when implementing printer pooling. In the line-of-business world, it makes great sense to use printer pooling where any batch, order, or other large print jobs are frequent. Slower printers, especially high-quality color laser units, may have a slower page per minute (ppm) rate than traditional black laser or ink devices. Printer pooling makes sense in that situation if the number of print jobs warrant two of the high-cost devices.

To use pooling, the printer models need to be the same so that the driver configuration is transparent to the end device; this can also help control costs of toner and other supplies. But plan accordingly — you don’t want users essentially running track to look for their print jobs on every printer in the office.

Source: http://blogs.techrepublic.com.com/datacenter/?p=964

Windows Server 2008 R2 offers better terminal services

With the R2 release, Microsoft's VDI play involves the integration of several components with which you're likely already familiar. The most notable of these components are Hyper-V and Terminal Services or, as it is now known, Remote Desktop Services (RDS). This tip examines how familiar components of Terminal Services have been integrated into Windows Server 2008 R2 to better orchestrate and manage Microsoft VDI deployments.

Hyper-V and RDS: Two critical components of hosted desktops:
In Windows Server 2008 R2, Hyper-V provides the virtualisation platform for hosting desktops. As a result, the first step in any Microsoft VDI deployment is to determine -- and then deploy -- the number of Hyper-V servers you'll need to support your virtual machines (VMs).The second necessary component is Microsoft's Remote Desktop Services. The re-named RDS expands on Terminal Services by supporting connections to traditional presentation virtualisation servers while also supporting hosted desktops.

Remote Desktop Gateway and Remote Desktop Web Access:
Windows Server 2008 R2 contains other Terminal Services featuers. Terminal Services Gateway and Terminal Services Web Access have now been re-named as Remote Desktop Gateway (RD Gateway) and Remote Desktop Web Access (RD Web Access), respectively. The combination of these two services provides a Web-based mechanism for presenting a list of assigned applications and hosted desktops to users. As previously, adding the RD Gateway to an environment enables you to traffic applications and desktops across the Web through an encrypted connection.


Provisioning virtual machines in Microsoft VDI deployments:
In data centers, changes have occurred in how VMs are provisioned to users. Administratively speaking, VMs can be made available to users in one of two ways. The first is through a direct assignment called a personal virtual desktop. Using this mechanism, the administrator can create a VM on a Hyper-V host. That VM is then directly assigned to a user through the RemoteApp and Desktop (RAD) Connection Manager console. Once a VM is created, the user assigned to it will then see his personal desktop available as a link in RD Web Access.

In both cases, user profiles are abstracted from individual VM instances through the use of Remote Desktop Services roaming profiles. These roaming profiles are similar to the traditional Terminal Services roaming profiles that have been used with Terminal Services for years.
Much like Citrix's recent move to VDI with XenDesktop, Microsoft's foray into the VDI space is brilliant in how it takes mature technologies and repurposes them for a more advanced use. In the next article of this series, I'll give you click-by-click instructions on how to begin building a VDI deployment with Windows Server 2008 R2, Hyper-V and RDS.

Source: http://searchnetworking.techtarget.com.au/articles/32424-Windows-Server-2-8-R2-offers-better-terminal-services

Basic new infromation about windows server 2008 and vista

Last week windows vista and windows server 2008 service pack 2. we initially made it available for technet and msdn. today available to anyone interested in testing sp2 for windows vista nds server 2008 prior to final release. customer can download the windows vista and windows server 2008 service pack 2 RC.
Microsoft Windows Server 2008 R2 will be the next version of the Windows Server operating system from Microsoft. Building on the features and capabilities of the current Windows Server 2008 release version, Windows Server 2008 R2 allows you to create organization solutions that are easier to plan, deploy, and manage than previous versions of Windows Server. Developing upon the increased security, reliability, and performance provided by Windows Server 2008, Windows Server 2008 R2 extends connectivity and control to local and remote resources. This means your organizations can benefit from reduced costs and increased efficiencies gained through enhanced management and control over resources across the enterprise.Evaluate Windows Server 2008 R2 RC (available in English, German, French, Spanish and Japanese) by downloadable ISO format. Editions for evaluation include Datacenter, Enterprise, Standard and Web.
Microsoft's new entry-level server edition, Windows Server 2008 Foundation, is aimed squarely at Linux, and the software giant says its "simplicity" is expected to give it the edge over Linux as the choice server OS for the small business segment. By competing with Linux on a lower price point and touting Windows' familiar interface, Microsoft said it hopes to make both servers and its server OS an easy choice for small businesses looking to deploy a server. Each server, preloaded with the OS, will cost below S$1,500 (US$1,029).
The word server is used widely in information technology. Consider the multiplatform software known as the "Apache HTTP Server". This software runs on many modern computers which may not normally be called servers but the host computer is also a server. Specifically, the combination of the hardware computer and the Apache software can be called a web server. the hardware sense, the word server typically designates computer models intended for running software applications under the heavy demand of a network environment. In this client-server configuration one or more machines, either a computer or a computer appliance share information with each other with one acting as a host for the other.