10 Chapter 1 Windows 101: Its Origins, Present, and the
Services It Provides
The new Web edition was a much-scaled-back version of the Windows
Server product and aimed at combating the trend of using free Linux-
based services for hosting web sites.
You might run Windows 2000 servers today, so the following list covers
the new features of Windows 2003. These features carried into Windows
Server 2008, so they are still reasons to migrate to the latest server OS.
■ The Microsoft .NET Framework became a core part of the OS.
■ New Active Directory features provided prune and graft functional-
ity, allowing you to move and rename domains within an Active
Directory forest.
■ Domain controllers were added via a system state backup of anoth-
er domain controller, instead of copying all domain information over
the network.
■ Internet Information Services (IIS) 6.0 offered improved security
with its default state of lockdown and new management features.
IIS 6.0 also featured improved reliability and allowed consolidation
where appropriate.
■ Updated Terminal Services allowed access to and control of the
server console via the /console switch of the mstsc application.
■ Virtual Disk Service (VDS) provided single interface for disk man-
agement.
■ Volume Shadow Copy Service (VSS) allowed point-in-time copies of
information known as shadow copies and provided client side-access
to previous “versions” of a share, enabling clients to restore deleted
information without administrators performing time-consuming
tape restorations.
■ Windows Server 2003 included the visual style of Windows XP but
disabled it by default. It is accessible if the Themes service is
enabled and the Windows XP theme is selected for the display prop-
erties.
An important term to mention here is service pack. Feature packs
deliver new features to the OS; however, as with every piece of software,
errors creep into the released product. These errors require fixing and
Microsoft often releases repairs as hot fixes. After some interval, Microsoft
combines the fixes into a service pack, which might also contain customer-
requested updates. Microsoft makes each service pack available from its
web site at no charge. The user installs the service pack onto an installed
OS (or directly onto installation media in later versions of Windows). This
brings the OS up-to-date with the latest set of fixes and sometimes adds
Origin of the Windows Operating System 11
new functionality, although not features or changes that cause compatibil-
1. WINDOWS 101: ITS ORIGINS, PRESENT, AND THE
ity issues. In Service Pack 1 for Windows 2003, Microsoft added the
Security Configuration Wizard, which was a core part of helping to lock
down server installations. Service packs are cumulative, so Service Pack 2
contains everything in Service Pack 1. If you install a new computer, only
SERVICES IT PROVIDES
install the latest service pack—you don’t need to install all the previous
service packs. In the past, if you added new OS components to an installed
OS (for example, enabling domain name service [DNS] on a server), you
had to reapply the service packs. This is no longer required because the
content of the service pack is stored locally on the server to ensure that the
newest code is always used.
Microsoft continued to add new features to Windows 2003 via down-
loadable feature packs. Major new features were not made available in
service packs due to past complications, so feature packs were a great com-
promise. Users who didn’t want to wait for the next major release could get
features as Microsoft released them. Other users were free from installing
features they did not want and that could introduce complexity or poten-
tial security considerations. Feature packs available for download include
the following:
■ Active Directory Application Mode (ADAM). Active Directory
“lite,” enabling multiple directories to exist on a single Windows
2003 or XP machine without the full infrastructure of DNS and
other components normally required for a domain. ADAM stores
data related to an application that does not require the availability
associated with data stored in an AD-based domain.
■ Group Policy Management Console (GPMC). Enables policy
backup and restoration of policies, task scripting, better manage-
ment, and HTML reports.
■ Identity Integration Feature Pack (IIFP). Allows replication
among AD, ADAM, and Exchange directory service (2000 and
2003). This is useful in multiforest situations to sync the Global
Address List (GAL). IIFP is MS Identity Integration Server (MIIS)
lite!
■ ISCSI support. Enables IP-based storage area network (SAN) con-
nectivity via the Internet Small Computer System Interface (iSCSI).
■ Windows Software Update Services (SUS). Deploys critical
updates throughout a company in a manager manner.
■ Windows Rights Management Services (RMS). Provides rights
management protection with RMS-enabled applications to
12 Chapter 1 Windows 101: Its Origins, Present, and the
Services It Provides
safeguard digital info when online or offline. Controls, for example,
what a person can do when received (cut/paste, forward, and so on).
■ Windows Services for NetWare/UNIX. Offers greater integra-
tion and migration capabilities than previous versions.
■ Windows SharePoint Services (WSS) update. Improved
SharePoint capabilities and security.
■ Windows Automated Installation Kit. Contains tools and infor-
mation for the deployment of Windows Vista from a Windows
2003–based infrastructure including Windows Deployment
Services (WDS), which replaces Remote Installation Service (RIS)
and forms a core part of Windows Server 2008.
R2 on Disk 2, R2D2
At the end of 2005, Microsoft started a new tradition, releasing Windows
2003 R2 (short for Release 2). There are two important factors for this R2
release:
■ Windows 2003 R2 is Windows 2003 with Service Pack 1 built in.
■ It has no new kernel changes or modifications to the core OS. The
R2 relates to a second supplied CD that contains new features orig-
inally slated for and built in to the Windows Server 2008 OS.
R2 releases will be seen in other products in the Microsoft line.
Windows 2003 R2 comprises two CDs: the first CD contains Windows
2003 with SP1, and the second contains the new content. After installation
of the first disc, the installer prompts the user to insert the second CD. If
a server is already running Windows 2003 SP1, only the second CD has to
be inserted.
The only actual change made to the core OS is that a new version of
the MMC (3.0) is installed before the second CD is executed and new fea-
tures are added. The new version of the MMC allows for new functionali-
ty provided by the updated management console, which some of the R2
component snap-ins require. Add/Remove Programs is updated to allow
for the installation of the new R2 components, and the Manage/Configure
Your Server Wizard introduces a new SharePoint role and updates the File
and Printer Server roles. View the R2 as a collection of useful feature
packs, but installing them does not affect the core OS. There are no sepa-
rate service packs for Windows 2003 and Windows 2003 R2 because they
are the same core OS. You don’t need to retest your software and recerti-
fy applications any more than if you installed a feature pack on a server.
Origin of the Windows Operating System 13
The only testing to perform is to ensure that any MMC snap-ins run with
1. WINDOWS 101: ITS ORIGINS, PRESENT, AND THE
MMC 3.0.
You run a mixture of Windows 2003 and Windows 2003 R2 systems in
your environment. Upgrade to R2 only those servers that require some of
the new features R2 contains—don’t upgrade every server. For an existing
SERVICES IT PROVIDES
Windows 2003 Service Pack 1 system, only use the second CD of R2,
which “upgrades” it to R2. (It updates the MMC and modifies
Add/Remove Programs to let you add the new R2 features.)
R2 contains a mixture of brand new features and features previously
available as feature pack downloads (for example, ADAM and SharePoint
services). The new features are summarized as follows:
■ The new Distributed File System Replication (DFSR) engine facil-
itates simplified branch office management by performing delta
replication of files between locations. Delta replication means that
only the changes to a file replicate instead of replicating the whole
file. This saves bandwidth between locations. DFSR is also more
self-fixing and tolerant than FRS, making it far less likely to “break”
and require administrative effort to restart replication. Although the
engine’s name is DFSR, use it separately from Distributed File
System (DFS) name spaces to replication information in many dif-
ferent scenarios. A new Print Management Console allows a cen-
tralized view and management of printers in distributed environ-
ments, allowing centralized driver upgrades, printer discovery on
remote subnets, form configuration, and notification options if a
printer becomes unavailable, which includes executing a script or
sending an e-mail.
■ Active Directory Federated Services (AD FS) extends the visibility
of a trusted organization’s directory service to allow its users access to
Web-based applications in another organization. For detailed infor-
mation, see www.windowsitpro.com/Windows/Article/ArticleID/
48252/48252.html.
■ WSS SP2 is .NET 2.0–compatible and certified to run on 64-bit. (It
is 32-bit code but is certified to run in Windows on the Windows
subsystem that 64-bit OSs use to run 32-bit code.) SharePoint
Services SP2 supports Kerberos authentication and fully integrates
with Windows (now shows as a Server role and in Add/Remove
Windows Components).
Add all R2 components as entries in the Windows Components
dialog.
14 Chapter 1 Windows 101: Its Origins, Present, and the
Services It Provides
■ Improved UNIX integration and management capabilities, includ-
ing password synchronization between UNIX and Windows. Mixed
mode support enables a mixture of Windows and Interix libraries.
■ .NET 2.0 is included as well as the Common Log File System
(CLFS), a callable driver that provides a robust sequential logging
environment for use by applications as required.
■ Improved hardware management. A Simple SAN MMC snap-in
enables full life-cycle control of most small-to-medium SAN envi-
ronments via the Virtual Disk Service (VDS), which includes cre-
ation and assigning of logical unit numbers (LUNs), configuring
connections, creating partitions, and so on. A WS-Management
(Web Services) implementation is included—for supported hard-
ware that means remote access to servers, even in a crash or pre-
boot scenario. Interaction with the Baseboard Management
Controller (BMC) allows Windows-based reading and writing of
hardware configuration, reading of the hardware’s equivalent of the
event log (System Event Log [SEL]) via the Windows Event Viewer,
and triggering actions using standard Windows mechanisms, if
required.
■ A new Quota Management component comprising three technolo-
gies. One component is a new quota system based on the physical
space (rather than logical size) used on a disk. If users compress
files, they store more data, which was not the case in a logical size
quota. The quotas can be set on a folder or disk level, so you can
configure a specific folder not to exceed 500MB. A file-screening
component allows for real-time file type checking. If a type of file
tries to write to a folder that has a rule stopping that type, an I/O
error generates and the file write stops. One useful scenario for this
technology is for blocking video/audio files to company file shares.
For both quotas and file screening, comprehensive actions occur
when a user attempts to breach policy. Actions could include e-mail-
ing the offender, e-mailing an administrator/manager, and perform-
ing an action. Storage reports are the third technology, providing
detailed reports of file system status in a variety of formats.
Why put out an R2 release? Microsoft already set a precedent with fea-
ture packs that added functionality to the Windows 2003 product as free
downloads from the Microsoft site, so why not just have the R2 features
provided as downloads as separate feature packs? There are two trains of
thought on this issue. It’s important to realize that Windows 2003 R2 is a
separate product; there is no upgrade version or free update. You have to
Origin of the Windows Operating System 15
purchase Windows 2003 R2, even if you already own Windows 2003.
1. WINDOWS 101: ITS ORIGINS, PRESENT, AND THE
However, after release, Windows 2003 R2 replaced Windows 2003 in the
retail channel. So, if you purchased Windows 2003 on or after December
6, 2005, you automatically got Windows 2003 R2.
The first and probably official reason for the R2 version is that the
SERVICES IT PROVIDES
functionality added by the R2 release is too significant to give away as a
free download, requires more support, and warrants a new “version.” The
second reason is slightly more sinister, but understandable. Before you
look at it, however, let’s review how Microsoft sells software.
Purchasing Windows
The most basic way to purchase server products is as needed. When a new
version releases, you can go to the store or a web site and purchase a new
or upgrade version. This gives you control over the upgrade purchase;
however, you must buy each update. If many new versions come out, this
method of buying upgrades gets expensive and hard to budget for.
To alleviate this complicated method of purchasing, Microsoft has two
other methods for licensing procurement:
■ Software Assurance is a part of the Volume Licensing program for
which a company signs an agreement of x years and pays a fee.
Software Assurance gives the company the right to any upgrades to
software covered under the agreement without purchasing per
product upgrades for each version. It is available for most products,
including the Windows line and Office. Additionally, Software
Assurance customers get free training, at-home rights for employ-
ees, additional phone support, access to the Windows Pre-
Installation Environment (now part of the Windows Automated
Installation Kit—a free download), and access to Windows Vista
Enterprise Edition, which is available only to Software Assurance
clients. By default, Software Assurance is a three-year contract with
one-year or three-year renewals.
■ Like Software Assurance, Microsoft offers Enterprise Agreement
for organizations with more than 250 desktop PCs. It bundles soft-
ware products and client access licenses over a three-year term,
including Software Assurance benefits based mainly around Office
and Windows desktops and the core client access license.
The transition to selling subscriptions of services from selling boxes of
software is important for any software company. When you consider just
16 Chapter 1 Windows 101: Its Origins, Present, and the
Services It Provides
how good the existing versions are, why pay a lot of money for a new ver-
sion?
Software Assurance has a cost, so it’s a benefit only if new versions
release during the term of the agreement. Likewise, one great benefit of
an Enterprise Agreement is the Software Assurance feature. To help sell
these three-year, contract-based products, clients need to know that a new
version is going to release within the three years of their coverage!
This is where the R2 versions help. Previously, a new version of the OS
might or might not release within three years. With R2 releases, Microsoft
is committing to a set release cycle, which Figure 1-3 illustrates.
~ 4 years 4 years
~ 2 years 2 years
Windows Windows Windows Windows Windows
Server 2003 Server 2003 Server Server Server Vienna
R2 Longhorn Longhorn R2
FIGURE 1-3 Microsoft now promises a new OS every two years.
This new OS release schedule promises, every four years, a major ver-
sion that contains a new kernel and, therefore, supports additional types of
hardware and technology. A major release might change fundamental con-
cepts (such as security and application compatibility) and the behavior of
core services such as Active Directory. Major versions require significant
testing to ensure that the new major version coexist cleanly with existing
OSs and applications and that hardware still correctly functions. Two years
after release of the major version, a minor or update version will release,
the R2, which consists of the last major version with the latest service pack
integrated, any relevant feature packs available for download, and new fea-
tures that do not conflict with existing core functionality. Because the
update release is just the last major release with extra features, there are
no compatibility problems, and it integrates easily into the existing infra-
structure.
Note, however, that it is already believed Microsoft will skip the R2 for
Windows Server 2008 and release a major version sometime in 2009/2010
(Windows 7), with the next version arriving sometime in 2011 or later.
Why does this matter? Customers now have a defined schedule
of when new products will be available. If you sign up for a three-year
Origin of the Windows Operating System 17
agreement, at least one new OS will release in that time. This fact makes
1. WINDOWS 101: ITS ORIGINS, PRESENT, AND THE
it easier to justify purchasing the agreement, which makes it easier for
Microsoft to sell it. However, this is good news for customers, too. From
planning, manpower, and budget perspectives, it’s useful to know when
new OSs will be available.
SERVICES IT PROVIDES
Windows Vista
Microsoft released Windows Vista at the end of 2006. The next chapter
covers Vista but, in brief, it introduced many new features, new editions,
and another new interface style. The new interface, Aero, features translu-
cent borders of Windows and cool sharpshooting of running applications,
which you see in Chapter 2, “Windows Server 2008 Fundamentals:
Navigating and Getting Started.” For organizations, one of Vista’s biggest
draws is file system and Registry redirection, which improves application
compatibility for applications that write to otherwise protected areas of the
file system or Registry. With redirection, the application thinks it’s writing
to the area but is redirected to a lower privilege area. Other draws include
user access control (lowers privileges of users by default), better support
for low rights users (thanks to the redirection technologies), and new
BitLocker technology (encrypts entire drives). Protected mode in Internet
Explorer 7 restricts ActiveX control execution, and a new granular USB
Group Policy setting suite helps control the use of USB devices.
Deployment of Vista radically changed. Gone is the structure of many
files installed and registered during setup in favor of a new imaging format
that is a SYSPREPd image of a deployed installation. This image format
leads to a much faster installation time with only a mini-setup wizard exe-
cuting during setup. Thanks to the image format, a separate image for each
HAL type is no longer necessary. You can choose the HAL during the final
installation phases because the image contains all HALs. boot.ini, which
has existed since the start of Windows, was removed in favor of boot con-
figuration data (BCD) and its management tool.
Windows Server 2008
At the end of 2007, Microsoft released Windows Server 2008. Some of the
major new features include but are not limited to the following:
■ Network Access Protection (NAP). This feature is also part of
Windows Vista and available as an update for Windows XP SP2. It
requests a statement of health (SoH) from each connecting
18 Chapter 1 Windows 101: Its Origins, Present, and the
Services It Provides
machine, and checks the SoH against health policies for the net-
work. If the connecting machine does not meet the network health
level, Windows Server quarantines it and, optionally, sends updates
to bring it up to required health levels.
■ Internet Information Services (IIS) 7. IIS fully integrates with
Windows Communication Foundation (WCF), Windows
SharePoint Services, and Web Services. IIS is highly componen-
tized, allowing the installation of specific modules, and is managed
via an IIS Manager interface.
■ Initial Configuration Tasks (ICT). ICT shortens the time
between installation and enterprise use by giving administrators a
more intuitive interface for the initial configuration of items. ICT
absorbs the Post-Setup Security Updates (PSSU) stage that
Windows 2003 SP1 introduced. ICT locks down a server until the
latest fixes are applied and the firewall is configured, as shown in
Figure 1-4.
FIGURE 1-4 ICT provides a single interface to perform all initial server configurations
instead of trawling through multiple dialogs and locations.
Origin of the Windows Operating System 19
■ Server Manager MMC snap-in. This snap-in gives a single portal
1. WINDOWS 101: ITS ORIGINS, PRESENT, AND THE
to view and administers nearly all information relating to a server’s
production health and functionality status.
■ Windows PowerShell. This command-line shell and scripting
technology will be the standard foundation for most future
SERVICES IT PROVIDES
Microsoft service technologies. Use PowerShell for any task you do
via a GUI. Exchange 2007 and System Center are just two of the
back office products built on PowerShell.
■ Server Core. As Microsoft adds functionality to Windows, the
overhead gets higher and more maintenance is necessary. Server
Core is an install mode for a Windows Server 2008 that at installa-
tion time allows a server to be nominated as a server core installa-
tion. As a result, only the services and components needed for the
supported server functions are installed. Any services or compo-
nents not needed for any of the eight supported roles are not
installed, including the Windows GUI—the command prompt is the
default interface for a server core’s management. Because of the
scaled-down installation, the server requires fewer updates and less
maintenance. Because there are fewer components, security risks
and attack vectors are minimized. A server core installation requires
only about 1GB of disk space for the OS components.
■ Read-Only Domain Controller (RODC). Before Active
Directory, a single primary domain controller held a fully writeable
copy of the SAM database. One or more backup domain controllers
held a read-only copy of the SAM database for fault-tolerance and
load-balancing purposes. With Active Directory, all domain con-
trollers have fully writeable copies of the database that are kept syn-
chronized through multimaster replication. With Windows Server
2008, you can designate a domain controller as read-only. This is
useful for remote locations that lack the physical security to place a
traditional domain controller but whose performance benefits from
having a local authentication source. In addition, configures a read-
only domain controller to store security information of only particu-
lar accounts and not to store certain sensitive attributes.
■ Terminal Services (TS). Third-party terminal server technologies
have the capability to stream remote applications instead of entire
sessions. For example, assume that Word is running on a terminal
server. Instead of a user having a complete session to run Word, he
uses an application window on the terminal server running Word.
To the user, Word appears to be running locally but is running on
the remote terminal server in a seamless window fashion. Windows