Installing Windows Server 2003 with Group Policy and Systems Management Server
</objective> <objective> </objective> <objective>Preparing a System and Installing the Windows 2003 R2 Components
</objective> </feature>This chapter describes the process for installing the Microsoft Windows Server 2003 operating system (32-bit and 64-bit), Windows 2003 Service Packs, and the Windows 2003 R2 update. With the advances in Microsoft technologies over the years, many steps in the installation process have been simplified. For example, you still must verify that your hardware is supported by the operating system, but the Plug and Play capability of the application automatically detects and configures most hardware items. Thankfully, the days of determining the IRQ, base I/O address, and memory range of your system devices are, for the most part, in the past. In fact, Windows Server 2003 has the easiest and most intuitive installation procedure of any Microsoft operating system to date.
The server, however, will not install itself. You still must make several decisions to ensure that your completed installation will meet your needs. This chapter walks you through these key decisions and helps you make the correct choices for your environment.
Before you begin the actual installation of Windows Server 2003, you must make several decisions. How well you plan these steps will determine how successful your installation is.
The first step of the installation is verifying that your hardware meets the system requirements. Keep in mind that, although there is a minimum requirement for the CPU and RAM, there is also a recommended CPU and RAM configuration. For the sake of performance, you should usually stay away from the minimum requirements and stick to the recommended settings (or better). Table 3.1 lists system recommendations for Windows Server 2003 (32-bit), and Table 3.2 lists system recommendations for Windows Server 2003 (x64-bit edition).
If you have an existing Windows environment, you may need to perform a new installation or upgrade an existing server. There are benefits to each of these options.
The primary benefit of a new installation is that, by installing the operating system from scratch, you are starting with a known good server. You can avoid migrating problems that may have existed on your previous server—whether due to corrupt software, incorrect configuration settings, or improperly installed applications. Keep in mind, however, that you will also lose all configuration settings from your previous installation. Make sure you document your server configuration information and back up any data that you want to keep.
When performing a new installation, you can install on a new hard drive (or partition) or in a different directory on the same disk as a previous installation. Most new installations are installed on a new or freshly formatted hard drive. Doing so removes any old software and gives you the cleanest installation.
Upgrading, on the other hand, replaces your current Windows files but keeps existing users, settings, groups, rights, and permissions. In this scenario, you don’t have to reinstall applications or restore data. Before choosing this option, keep in mind that you should test your applications for compatibility before migration. Just because they worked on previous versions of Windows does not mean they will work on Windows Server 2003.
As always, before performing any type of server maintenance, you should perform a complete backup of any applications and data that you want to preserve.
To upgrade to Windows Server 2003, you must be running a server-level operating system. You cannot upgrade Workstation or Home editions to Windows Server 2003. To upgrade your existing server, you must be running Windows 2000 or Windows NT 4.0 Server (Service Pack 5 or higher). Table 3.3 lists the available upgrade paths to Windows Server 2003.
Table 3.3. Upgrade Compatibility for Windows Server 2003
Previous Operating System | Upgrade to Windows Server 2003 Possible? |
|---|---|
Windows NT versions 3.51 and earlier | No, you must first upgrade to NT 4.0 Service Pack 5 or higher. |
Windows NT 4.0 Server | Yes, you must have Service Pack 5 or higher. |
Windows 2000 Server | Yes. |
Windows 2000 Advanced Server | Yes. |
Windows 2000 Professional | No, only server-level operating systems can be upgraded. |
Windows XP Professional | No, only server-level operating systems can be upgraded. |
Novell NetWare | No, but migration tools are available to migrate Novell Directory Services (NDS) information to a Windows domain. |
Note
When considering installing or updating to Windows 2003 R2, the R2 update merely adds components on top of an existing Windows 2003 SP1 or higher server configuration. Windows 2003 R2 is not a new or separate operating system. Therefore, when referencing the upgrade of Windows, this chapter refers to the upgrade from Windows NT4 or Windows 2000 to Windows 2003, and not from Windows 2003 to Windows 2003 R2.
You have the choice of making your server a domain controller (DC), a member server, or a standalone server. After you determine the tasks the server will perform, you can determine the role you will assign to it.
Domain controllers and member servers play a role in a new or existing domain. Standalone servers are not joined to a particular domain.
As in Windows 2000, you are able to promote or demote server functions as you like. Standalone servers can be joined to the domain to become member servers. Using the DCPromo utility, you can promote member servers to domain controllers. And, by uninstalling the Active Directory service from a domain controller, you can return it to member server status.
During the installation of Windows Server 2003, you will have to tell the Setup Wizard how you want your server configured. The wizard will take the information you provide and will configure the server settings to meet your specifications.
Taking the time to gather the information described in the following sections before starting your installation will likely make your installation go faster and easier.
Each computer on a network must have a name that is unique within that network. Many companies have a standard naming convention for their servers and workstations. If not, you can use the following information as a guideline for creating your own. Although the computer name can contain up to 63 characters, workstations and servers that are pre–Windows 2000 recognize only the first 15 characters. It is widely considered a best practice to use only Internet-standard characters in your computer name. This includes the letters A–Z (upper- and lowercase), the numbers 0–9, and the hyphen (-).
Although it’s true that implementing the Microsoft domain name system (DNS) service in your environment could allow you to use some non-Internet standard characters (such as Unicode characters and the underscore), you should keep in mind that this is likely to cause problems with any non-Microsoft DNS servers on your network. You should think carefully and test thoroughly before straying from the standard Internet characters noted in the preceding paragraph.
During the server installation, the Setup Wizard will ask for the name of the workgroup or domain that the server will be joining. You can either enter the name of an existing organizational structure or enter a new name, creating a new workgroup or domain.
Users new to Microsoft networking may ask, “What is the difference between a workgroup and a domain?” Simply put, a domain is a collection of computers and supporting hardware that share the same security database. Grouping the equipment in this manner allows you to set up centralized security and administration. Conversely, a workgroup has no centralized security or administration. Each server or workstation is configured independently and locally for all security and administration settings.
When installing Windows Server 2003, you must install and configure a network protocol that will allow it to communicate with other machines on the network. Currently, the most commonly used protocol is called TCP/IP, which stands for Transmission Control Protocol/Internet Protocol. This protocol allows computers throughout the Internet to communicate. After you install the TCP/IP protocol, you need to configure an IP address for the server. You can choose one of the following three methods to assign an IP address:
Automatic Private IP Addressing (APIPA)—. APIPA can be used if you have a small network that does not have a Dynamic Host Configuration Protocol (DHCP) server, which is used for dynamic IP addresses. A unique IP address is assigned to the network adapter using the LINKLOCAL IP address space. The address always starts with 169.254 and is in the format 169.254.x.x. Note that if an APIPA is in use, and a DHCP server is brought up on the network, the computer will detect this and will use the address that is assigned by the DHCP service instead.
Dynamic IP address—. A dynamic IP address is assigned by a DHCP server. This allows a server to assign IP addresses and configuration information to clients. Some examples of the information that is distributed include IP address, subnet mask, default gateway, domain name system (DNS) server address, and Windows Internet Naming Service (WINS) server address. As the dynamic portion of the name suggests, this address is assigned to the computer for a configurable length of time, known as a lease. When the lease expires, the workstation must again request an IP address from the DHCP server. It may or may not get the same address that it had previously. Although servers and workstations can both be configured to use this method of addressing, it is generally used for workstations rather than servers.
Static IP address—. Using a static IP address is the most common decision for a server configuration. By static, we mean that the address will not change unless you change the configuration of the server. This point is important because clients and resources that need to access the server must know the address to be able to connect to it. If the IP address changed regularly, connecting to it would be difficult.
Whether you are performing a new installation on a previously used server or upgrading an existing server, you should perform a complete backup of the data and operating system before you begin your new installation. This way, you have a fallback plan if the installation fails or the server does not perform the way you anticipated.
When performing a new installation on a previously used server, you overwrite any data that was stored there. In this scenario, you will have to use your backup tape to restore any data that you want to preserve.
On the other hand, if you are going to upgrade an existing server, a known good backup will allow you to recover to your previous state if the upgrade does not go as planned.
Note
Many people back up their servers but never confirm that the data can be read from the backup media. When the time comes to recover their data, they find that the tape is unusable or unreadable, or that they do not know the proper procedures for restoring their server. You should perform backup/recovery procedures on a regular basis in a lab environment to make sure that your equipment is working properly and that you are comfortable with performing the process.
If you have installed Microsoft server operating systems before, you will be familiar with the look and feel of the Windows Server 2003 installation process. The familiar blue background with white text is still there for the first half of the installation and, for the most part, the questions are the same. You still have to press F8 to accept the license agreement, but unlike with some older versions, you aren’t required to page down to read the whole thing first anymore. The next step is to set up the hard drive and partitions you want to install to. Although the process is similar to previous versions, you have some new options to choose from. Follow the instructions to prepare and select your desired partition for installation.
With older versions of the Windows operating system, you had two options when partitioning the hard drive: NTFS or FAT. You still have these familiar options, but two new ones for quick formatting have been added to the list, as shown in Figure 3.1.
When you select NTFS or FAT to format the partition, the drive must be formatted. This process can take a significant amount of time.
The new “quick” option can format the partitions much faster—in some cases more than 25 times faster! But be aware, in this instance the drive is not being truly formatted. The Quick Format option performs only a high-level format of a disk—using the tracks and sectors already defined by an earlier formatting. This option is most helpful when you’re installing servers that did not previously contain any confidential information. And it really comes in handy when you’re installing a server over and over in the lab.
One of the most commonly asked questions when installing a Windows-based server is, “Should I select FAT or NTFS?” FAT (which stands for file allocation table) has been around for a long time—since the days of MS-DOS. It was upgraded with Windows 95 SR-2, when FAT16 became FAT32, giving us the functionality of long filenames and allowing us to create larger disk and volume sizes.
Although the theoretical partition size with FAT32 is up to 2 terabytes, Windows Server 2003 places a limitation that allows volumes only up to 32GB in size. Your file sizes are also limited; no file can be larger than 4GB (2GB in FAT16).
There are two scenarios in which you would have to use the FAT file system. First, you use it if you are building Windows 2003 on a machine that will have to dual-boot to an operating system that does not support NTFS (such as Windows 95). And second, you use it if you want the ability to boot the server to a floppy disk (such as a DOS or Win95 boot disk) to access the files on the root partition.
Caution
Keep in mind, however, that if you can boot your server to a floppy to access the files stored on the hard drive, so can someone else!
NTFS (NT File System) is the recommended file system for use with Windows Server 2003, as it was for Windows 2000 and Windows NT servers. NTFS is actually NTFS5 and was upgraded with NT 4.0 Service Pack 4. This file system is less likely to become corrupt and is able to recognize errors and bad sectors of a hard drive. When one of these problems is discovered, the file system repairs itself automatically.
Windows Server 2003 allows supported volume sizes up to 16 terabytes (minus 4KB), and the maximum file size is 16TB (minus 64KB). Additionally, NTFS has better file security, disk compression, and encryption capabilities, and it can use fault-tolerant disk configurations such as mirroring and disk striping. So, which file system do you use for Windows Server 2003? The rule of thumb is if you don’t have to use FAT for one of the reasons mentioned here, go with NTFS.
After the boot partition is configured, all the operating system files will be copied there. The system will reboot, and the GUI portion of the installation will commence.
When customizing the Regional Options section, you can configure the Standards and Formats. These settings control how the workstation formats numbers, currencies, dates, and times. The Location setting provides you with local information, such as news and weather.
In the Languages section, you can modify the text services and input languages. Additionally, you can install supplemental language support for East Asian languages and support for complex script and right-to-left languages, including Thai.
The Setup Wizard next asks for your name and that of your organization. This information is used during the setup to determine the default computer name. Additionally, it will be displayed on the Windows Server 2003 screen in the Registered To section.
Many companies have a policy in place detailing how these fields are to be filled out. A common practice is to put the department or location (such as Human Resources or Oakland) in the Name field and the name of the company in the Organization field.
If you have installed previous versions of the Windows operating systems, the process of inserting a product key will be familiar to you. In the past, server and workstation installations required the inserting of a product key to activate the software.
With Windows Server 2003, you still have to input a product key, but there are a few different scenarios. The Windows Server 2003 activation key initiative is described in the following sections.
When you purchase the installation media from a retail source, you will have to contact Microsoft (either online or by telephone) to activate your product key. This key is unique for each installation. Fortunately, you still can automate the installation by using technologies such as Windows Scripting Host (WSH) and Windows Management Instrumentation (WMI).
Another point of confusion for many installers is the topic of licensing modes. When installing Windows Server 2003, as in Windows 2000 and NT, you must select one of two licensing modes for the server. You can specify Per Server or Per Device.
Note
If you are not sure which licensing mode to use for your environment, select Per Server. If necessary, you can make a one-time switch from Per Server to Per Device, but the licensing does not allow the reverse switch from Per Device to Per Server.
In Per Server licensing mode, each server has a defined number of clients that are allowed to connect at any one time. Each server in the network that uses this mode must have enough client access licenses (CALs) purchased to cover the maximum number of concurrent connections the server is going to support. If the number of connections exceeds the configured number of CALs, clients may be locked out or receive Access Denied messages when they attempt to connect to network resources.
This option is typically selected by small companies with only one Windows Server 2003 system because smaller organizations have a smaller number of users. You may also want to select this option if you are configuring a Web server or Remote Access Service (RAS) server. You can configure the maximum number of users who will connect and, even if the client is not licensed as a Windows Server 2003 networking client, you are not breaking your licensing agreement.
In the Per Device licensing mode, a CAL is required for each workstation (or seat) that connects to any licensed server. This includes users running any Windows operating system, Macintosh, or Unix computers connecting to a Windows file server.
In this scenario, a workstation is not limited to connecting to only one server; client computers are allowed access to any server within a Windows network, as long as each client machine is licensed with a CAL.
This is the most common licensing option because most companies have more than one server. Although the cost of a CAL is more expensive than a Per Server client license, you have to pay only once for that user to access an unlimited number of Windows-based servers.
Next, you are prompted to enter a computer name and administrator password for your computer.
By default, the setup program suggests a computer name based on the information you provided earlier in the Organization field of the Personalize Your Software section. You can (and, in most instances, should) change that default name here. Insert the name you decided on earlier in the “Gathering the Information Necessary to Proceed” section of this chapter.
The Setup Wizard automatically creates a default account for the administrator called, surprisingly enough, Administrator. This account has local administrative privileges and enables you to manage all local configuration settings for the server. For the sake of security, you can (and should) rename this account after you complete the installation.
You need to decide on a password for this account. You must enter it twice—first in the Password box and then again in the Confirmation box.
As in previous Windows operating systems, the password is case sensitive and can contain up to 127 characters. You should choose your password carefully to ensure the security of the system.
If you enter a password that does not meet Microsoft’s criteria for strong passwords, you will receive a Windows Setup warning, as shown in Figure 3.2.
For security reasons, you should never choose a password that does not meet the minimum criteria listed.
The next step is to set the correct date and time, and select the appropriate time zone for your location. Additionally, if your location uses daylight saving time, make sure the box for that option is checked. A dialog box may or may not pop up, depending on installed hardware.
Next, you need to decide on the appropriate network settings for the server. These settings configure your computer so that it can connect to other computers, networks, and the Internet. You can select either Typical Settings or Custom Settings.
When you choose Typical Settings, the Setup Wizard automatically configures the default network settings for the server. These default settings include the installation of the Client for Microsoft Networks, file and print access, and TCP/IP as the default protocol. Additionally, when configuring the TCP/IP settings, the server searches for a DHCP server.
If it finds one, it will configure the server for a dynamic IP address. If no DHCP server is found, it will configure an Automatic Private IP Address (APIPA).
For most companies, the default client, services, and protocols selected will meet their needs, though you will likely want to change the TCP/IP settings and assign a static address for the server. See the earlier section “Network Protocol and IP Address of the Server” for more information.
Selecting Custom Settings allows you to manually configure the networking components. By default, the Client for Microsoft Networks, File and Printer Sharing for Microsoft Networks, and Internet Protocol (TCP/IP) are selected.
If you want to install additional clients, services, and/or protocols, or if you want to change the default configuration for these selections, selecting the Custom Settings option may be in order.
If you are joining an existing domain, you will need the login name and password for a domain administrator in that domain. Alternatively, you can have the administrator of the domain add your computer name into the domain so that your server can connect.
If you do not know the name of the domain that the server will be a member of, or if you do not have the administrative rights to join the server to the domain, select a workgroup installation. You can easily join the server to a domain at a later time.
After you click Next, the Setup Wizard will complete the installation of the server, apply all the configuration settings that you specified, and remove all temporary setup files. Upon completion, the computer will reboot and will load Windows Server 2003.
When you’re prompted, press Ctrl+Alt+Delete to log in to Windows Server 2003. The default administrator name should be displayed for you. You must type in the password that you assigned and click OK to continue.
If your copy of Windows Server 2003 needs to be activated, you can either click the icon in the system tray that looks like a pair of gold and silver keys, or you can choose Start, All Programs, Activate Windows. You have the choice of activating Windows via the Internet or by telephone.
To activate your system via the Internet, select that option and click Next. You then are asked whether you want to register with Microsoft. This step is optional and not required to activate Windows. If you register, Microsoft will (with your consent) notify you of product updates, new products, events, and special offers.
Selecting Yes, I Want to Register and Activate Windows at the Same Time brings you to the Collecting Registration Data screen, as shown in Figure 3.3.
Fill out the required information and click Next to continue. This begins the activation process as your server verifies connectivity to the Internet. Selecting No, I Don’t Want to Register Now; Let’s Just Activate Windows starts the activation process as your server verifies connectivity to the Internet. After connectivity is verified, you will see a window that confirms your copy of Windows has been activated. Click OK to close the Activation Windows Wizard.
To activate Windows Server 2003 by telephone, select Yes, I Want to Telephone a Customer Service Representative to Activate Windows and click Next to continue. The Activate Windows Wizard quickly generates a new installation ID and continues to the next phase.
You are then instructed to select your location and are given a number to call. When you speak with the customer service representative, give him the installation ID that was automatically generated. The representative will then give you the confirmation ID to enter in step 4, shown in Figure 3.4.
When upgrading to Windows Server 2003, all your configuration settings are retained from the previous installation. However, you still should complete several very important tasks before you perform the upgrade.
As with any major change on your server, something could go wrong. A complete backup of your operating system and data can make the difference between an inconvenient rollback and a complete disaster.
When you install the Windows Server 2003 CD-ROM into an existing server, the autorun feature should start the installation program. One of the options on the first page is Check System Compatibility. When you click this button, you have the choice of checking the system automatically or visiting the compatibility Web site.
When you check automatically, you next have the option to download any setup files that have been updated since your CD was released. The compatibility checker will connect to Microsoft via the Internet, download any updated software, and apply them to the setup upgrade.
Next, you will receive a report on the system compatibility. Any problems that Microsoft was able to detect will be shown here. An example would be that a service (such as IIS) will be disabled during the upgrade to prevent malicious attacks on the server. After you review the report, click Finish.
Before proceeding with the installation, you can also select Perform Additional Tasks. These tasks enable you to set up a Remote Desktop Connection (RDC), browse the contents of the installation CD, and review the setup instructions and release notes.
At this point, your data is backed up, you have verified compatibility with the new operating system, and you have read the release notes. It’s time to upgrade, so proceed with the following steps:
Select Install Windows Server 2003, Enterprise Edition Server to begin the Windows Server 2003 Setup Wizard.
From the setup screen, you need to select the installation type. Select Upgrade and click Next to continue.
After reviewing the license agreement, select I Accept This Agreement and click Next to continue.
If the installation media you are using require a product key, enter it here. The 25-character product key can be found on a sticker on the back of your Windows CD case. Enter the product key and click Next to continue.
The Setup Wizard next checks your computer for compatibility with Windows Server 2003. You can review details about each item by clicking the Details button. Also, you can save the compatibility report by clicking the Save As button.
After reviewing any discrepancies and ensuring that no show-stoppers exist on the list, click Next to continue.
The Setup Wizard then finishes copying installation files and restarts the computer.
Note
After installing the core Windows operating system but before adding the server to the production network, make sure to install the latest Service Pack and apply the most current security updates.
The process of completing the installation and activating Windows is the same for an upgrade as it is for an initial installation.
Several alternative methods can be used to install Windows Server 2003. By using deployment tools such as Remote Installation Services (RIS), System Preparation (Sysprep), Remote Installation Preparation (RIPrep), Unattend files, and Group Policy (with Systems Management Server, or SMS), you can create images and scripts to match your server installation with various scenarios. Table 3.4 shows the available methods of installation.
The following sections will give you some information about these other installation options.
Using scripting, you can automate the installation process of Windows Server 2003 and minimize the need for user intervention. Using an answer file (unattend.txt), you can provide all the information needed to complete the installation. Items such as the computer name, IP address, product key, and DNS settings can be written into the file.
Unattended installations can be performed on fresh installations or on upgrades and on similar or dissimilar hardware. You can deploy Windows Server 2003 from a centralized installation point, and after you install the operating system, you can easily modify it.
Organizations frequently use an unattended installation when they need to deploy multiple systems that are configured in a similar manner. Unlike imaging technologies, unattended installations work well with dissimilar hardware platforms. You can create one answer file, make a few modifications, and apply it to another server that you want configured similarly.
This process is also useful for deploying remote systems that need to be built onsite when you may not be able to configure it yourself. The system configured at the remote site will be configured just like you want it to be.
The Setup Manager is located in the deploy.cab file in the support ools directory on the Windows product CD. The Setup Manager can be used to create and modify the answer files for your unattended installations.
Enhancements to the Setup Manager for Windows Server 2003 include the capability to encrypt the administrator password, which was formerly stored as plain text in the answer file. The Setup Manager also has an improved interface and an improved help file.
To prepare for an unattended installation, you must first install and run the Setup Manager. Although this application is included with the Windows Server 2003 installation media, it is not installed by default.
To install the Setup Manager, perform the following steps:
Insert the Windows Server 2003 CD-ROM into the CD-ROM drive of your computer. If you hold down the Shift key as you do so, you can bypass the CD’s autorun feature.
Open My Computer, right-click the CD-ROM drive, and select Explore.
Open the
support oolsdirectory and double-click thedeploy.cabfile to open it.Select all the files that are in the right pane, right-click, and select Extract.
Select the folder where you want to place the files (or make a new folder) and click Extract.
Open the folder where you placed the files and double-click the
Setupmgr.exefile.When the Setup Manager Wizard starts, follow the instructions to create your answer file.
To create an unattended answer file, open the folder where you placed the files you extracted. Double-click the Setupmgr.exe file and follow the instructions in the Setup Manager Wizard.
The unattend.txt file can be extremely simple or extremely complex, ranging in size from a few dozen lines of code to a few hundred.
The following is a sample unattend.txt file that was created in about five minutes using the Setup Manager:
;SetupMgrTag
[Data]
AutoPartition=1
MsDosInitiated="0"
UnattendedInstall="Yes"
[Unattended]
UnattendMode=FullUnattended
OemSkipEula=Yes
OemPreinstall=Yes
TargetPath=WINDOWS
[GuiUnattended]
AdminPassword=xxxxxxxx
EncryptedAdminPassword=Yes
OEMSkipRegional=1
TimeZone=4
OemSkipWelcome=1
[UserData]
ProductKey=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
FullName="Rand Morimoto"
OrgName="Convergent Computing"
ComputerName=WNS-Server-One
[Display]
Xresolution=800
YResolution=600
[LicenseFilePrintData]
AutoMode=PerServer
AutoUsers=10
[TapiLocation]
CountryCode=1
Dialing=Tone
AreaCode=510
[SetupMgr]
DistFolder=C:windist
installation
DistShare=windist
[Components]
accessopt=On
calc=On
charmap=On
clipbook=On
deskpaper=On
templates=On
mousepoint=On
paint=On
freecell=Off
hearts=Off
zonegames=Off
minesweeper=Off
solitaire=Off
spider=Off
indexsrv_system=On
msnexplr=Off
certsrv=Off
certsrv_client=Off
certsrv_server=Off
iis_www=Off
iis_ftp=Off
iis_smtp=Off
iis_smtp_docs=Off
iis_nntp=Off
iis_nntp_docs=Off
reminst=Off
rstorage=Off
TerminalServer=On
wms=Off
wms_admin_asp=Off
wms_admin_mmc=Off
wms_server=Off
chat=On
dialer=On
hypertrm=On
cdplayer=On
mplay=On
media_clips=On
media_utopia=On
rec=On
vol=On
[Identification]
JoinDomain=companyabc
DomainAdmin=companyabcadministrator
DomainAdminPassword=password
[Networking]
InstallDefaultComponents=No
[NetAdapters]
Adapter1=params.Adapter1
[params.Adapter1]
INFID=*
[NetClients]
MS_MSClient=params.MS_MSClient
[NetServices]
MS_SERVER=params.MS_SERVER
[NetProtocols]
MS_TCPIP=params.MS_TCPIP
[params.MS_TCPIP]
DNS=No
UseDomainNameDevolution=No
EnableLMHosts=Yes
AdapterSections=params.MS_TCPIP.Adapter1
[params.MS_TCPIP.Adapter1]
SpecificTo=Adapter1
DHCP=No
IPAddress=10.100.100.10
SubnetMask=255.255.255.0
DefaultGateway=10.100.100.1
DNSServerSearchOrder=10.100.100.50,10.100.100.51
WINS=Yes
WinsServerList=10.100.100.60
NetBIOSOptions=0
As you customize and begin using unattended script files, you will find that they can save you an enormous amount of time installing Windows Server 2003 on multiple systems.
When the Setup Manager creates the unattend.txt file, it will also create a batch file called unattend.bat. The batch file gives the name of the answer file (unattend.txt) and the location of the source files (\WINSERVERwindistI386). Next, the installation process is kicked off by the winnt32 command and the switches to call the files.
Note
Because the setup files (in this case) are located on a Windows server, you will need network connectivity before starting the batch file.
The unattend.bat file is the batch file used to launch the unattended installation. The steps of the batch file can be executed manually; however, if the process is repeated several times, running a batch file like the following one will simplify the process:
@rem SetupMgrTag @echo off set AnswerFile=.unattend.txt set SetupFiles=\WINSERVERwindistI386 \WINSERVERwindistI386winnt32 /s:%SetupFiles% /unattend:%AnswerFile%
To deploy multiple servers that are configured the same way and that have similar hardware, you can’t beat using an image-based installation. You can use Remote Installation Services (RIS) with the Remote Installation Preparation Wizard (RIPrep), the System Preparation tool (Sysprep) to prepare a server for imaging using Xcopy or third-party imaging software, or use the Feature Pack add-in Automated Deployment Services.
An image-based installation might be the answer for you if you have the following needs:
Installing identical operating systems, applications, and configurations on multiple servers
Performing clean installations (no upgrades)
Using Remote Installation Services, better known as RIS, allows for a setup that is network initiated. When you combine this service with the Remote Installation Preparation Wizard (RIPrep), you can install a clean, imaged installation.
This method of installation, combined with PXE network cards, allows the setup program to be initiated with minimal user intervention. Boot floppy disks can also be used for certain PCI network interface cards that are not PXE compliant.
When using RIS, the client requests an IP address from a DHCP server. The client then contacts the RIS server, which in turn checks Active Directory to see whether the client has been prestaged. The RIS server either responds to the client or forwards the request to another RIS server. When the proper RIS server has been contacted, it sends Startrom.com to the client, which then launches OSChoice. OSChoice begins the remote installation service process.
With Windows Server 2003, Microsoft has enhanced RIS technology. RIS now has support for deploying all versions of Windows 2000, Windows XP Professional, and all 32-bit versions of the Windows Server 2003 family. And there is a significant performance improvement when compared to all previous versions.
Several security enhancements have been made as well. When a system is configured with RIS and is joined to the domain, the Domain Administrators group is added to the Local Administrators group; then the local administrator account is disabled. Also, as stated in the “Performing an Unattended Windows Server 2003 Installation” section, there is the ability to encrypt the administrator password.
In the past, one problem with imaging systems was that when the new (copied) system was brought online, there were conflicts with the old (original) system. The security identifier (SID), computer name, and IP address all were identical on the image and the original, and all of them are supposed to be unique on your network.
One way to resolve this problem is to use the System Preparation tool—otherwise known as Sysprep. This tool prepares a system for imaging by removing certain configuration details, such as the SID, IP address, and computer name. The system is then imaged and, when the image is deployed, a mini-setup is run instead of the normal full setup. The user can answer just a few questions, and the installation is on its way.
To use Sysprep, you perform the installation once on the source computer, installing the operating system and any applications that you want deployed. After the source system is installed and configured, Sysprep is run on that system, which then powers off. Using an imaging tool, the system is then copied to a network location for distribution. A new system is booted using an imaging tool, connected to the network, and the image is copied from the network. When this new system is powered on, the mini-setup is run, and the installer is asked a few configuration questions. When the setup application is complete, the server can be turned off and is ready to distribute.
Sysprep has been around for a while, and Microsoft has added some improvements that have made it easier to deploy imaged installations. One such enhancement, the –factory switch, allows updated drivers to be picked up by the image before the system is fully set up. Also, you can now image products in the Windows Server 2003 family running IIS. And, as a time-saver, you no longer have to use the –PnP switch to force Plug and Play enumeration on the next restart. In the past, this process added 5 to 10 minutes to the mini-setup.
For organizations looking to deploy identically configured Windows Server 2003 images to multiple servers, the Automated Deployment Services (ADS) tool simplifies the imaging task.
ADS uses the Preboot Execution Environment (PXE), which is similar to the Remote Installation Service (RIS), to deploy images to new servers. The significant benefit of ADS over RIS is the administrative tool that comes with ADS. The ADS administration tool provides administrators with a centralized view of stored images, the flexibility to automatically reconfigure images from a central location, and the ability to process images based on the needs of the organization.
ADS can be downloaded from the Microsoft Feature Pack Downloads page at http://www.microsoft.com/windowsserver2003/downloads/featurepacks/default.mspx.
As a final note, you can use Group Policy to upgrade Windows Server 2003 in the existing Active Directory or Systems Management Server (SMS) infrastructure. You can perform complete operating system upgrades or just install service packs.
You can also use SMS to inventory and confirm system compatibility before you upgrade and then to confirm that the upgrade to Windows Server 2003 was successful.
The combination of Group Policy and SMS can use a central installation point to perform upgrades on similar or dissimilar hardware. It can be used for the prestaging of servers as well, and is easy to reconfigure if your needs change.
As with all Microsoft applications, Windows 2003 has periodic updates that become available for the software. Interim updates can be downloaded and installed via the Windows Update option on the system, or a visit to the Windows Update website (http://update.microsoft.com) will initiate the installer to check for the latest updates for Windows.
Major updates come in Service Packs that roll up patches and updates into a single installation. Installing a Service Pack brings a server up to date with all the updates to the point in time when the Service Pack was issued. The Service Packs for Windows 2003 are cumulative, so the installation of Service Pack 2 includes all the updates released prior to Service Pack 2, including the Service Pack 1 update.
There are three ways to install a Service Pack update:
Windows Update—. You can download and automatically install the Service Pack as part of the normal update process.
Download and Install—. You can download the Service Pack as a file and then launch it to install the update. Do this when your system is not connected to the Internet, or when you prefer to schedule an installation instead of performing an immediate installation after you’ve downloaded the file from the Internet.
Slipstream Installation—. For a new installation of Windows, you can merge the Service Pack into an existing copy of the Windows 2003 code, and then install the updated Windows 2003 code with Service Pack updates on your system.
The Windows Update method and the download and install method of updating a server with a Service Pack merely requires a copy of the Service Pack to be installed on an existing Windows 2003 server. The installation process will overwrite any old versions of drivers and files, and will update the system with the latest version that comes in the Service Pack.
If the Service Pack was downloaded, the file must be executed to install the files. The execution might be as follows:
WindowsServer2003-KB889101-SP1-x86-enu.exe
If the Service Pack is to be installed by the use of Windows Update to automatically install the Service Pack from the update screen, then choosing to “update” from the Windows Update screen will initiate the installation process of the Service Pack onto the system.
Like many other Microsoft products, Windows 2003 allows Service Packs to be merged into the original application code so that the installation can be a single process, instead of installing the original code and then applying the Service Pack. This merging of the service pack into the original code is called slipstreaming. Effectively, the updated code overwrites the original code and then is burned to a new CD that becomes the updated version of the installation software.
To prepare a slipstream copy of Windows 2003, do the following:
Insert the Windows 2003 disc into the CD-ROM drive and copy the contents of the i386 directory into an empty directory on a hard drive.
Extract the contents of the Service Pack into a different empty directory on the hard drive so that the files for the Service Pack are available. The following is an example of the command to extract the files:
WindowsServer2003-KB889101-SP1-x86-enu.exe /x
Go into the update folder of the Service Pack directory and run the following command to slipstream the contents of the Service Pack into the original code directory (where
c:win2003is the location of the original Windows 2003 software, andc:sp1is the directory of the Service Pack software):c:sp1i386updateupdate.exe –s c:win2003
The resulting files in the original Windows 2003 directory (c:win2003 in this example) will be the original code updated with the Service Pack updates. This entire directory can now be burned back to a bootable CD-ROM as a CD that is now a Windows 2003 SP1 installation disc.
Windows 2003 R2 is a series of add-on components to Windows 2003 and is not a new operating system installation. The operating system off which Windows 2003 R2 runs is Windows 2003 SP1 or higher. If a system needs to be updated to support the Windows 2003 R2 components, a Service Pack version of Windows should be installed. If a system already has a Service Pack installed, the Windows 2003 R2 components can be installed right on the service packed system.
There are three scenarios of configurations where Windows 2003 R2 would be installed. One scenario is where a system either already has Windows 2003 installed but without a Service Pack; another scenario is where a system has Windows 2003 with a Service Pack installed; and the third scenario is where a system is being installed from scratch with the Windows 2003 R2 CDs.
For a Windows 2003 system that does not have a Service Pack installed, the system will first need to be updated with the latest Service Pack. See the “Updating a Windows 2003 Server with a Service Pack” section, earlier in this chapter, for instructions on installing a Service Pack for Windows 2003. When the system has Service Pack 1 or higher installed, the Windows 2003 R2 components can be added to the system.
If a Windows 2003 server already has Service Pack 1 or higher installed, the Windows 2003 R2 components can be installed right on the system.
For a system being configured from the Windows 2003 R2 media, you will notice Windows 2003 R2 comes with two CDs. One CD is the core operating system, which is the Windows 2003 operating system that has a slipstream copy of the Service Pack on the media. When installing Windows from the Windows 2003 R2 CD-1, the Service Pack will automatically be installed at the time of installation.
After CD-1 has been installed, the Windows 2003 R2 CD-2 can be inserted and the Windows 2003 R2 update can be installed on the system.
After the base configuration of a system has been installed that includes Windows 2003 with Service Pack 1 or higher, the Windows 2003 R2 components can be installed. Not all the Windows 2003 R2 components need to be installed on the system at the same time. In fact, it is better to install only the desired components; otherwise, a system will have unneeded components that can take up system CPU performance or will open up a security “surface area” that can be attacked by worms and viruses. By selectively installing only the necessary components for Windows 2003 R2, the organization can limit its security exposure and also keep a system configured to have only necessary components operating on the system.
To access the Windows 2003 R2 components, do the following:
Insert the Windows 2003 R2 CD-2 disc into the disc drive.
Autoplay will launch a installation window that will allow you to install the Windows 2003 R2 components. Choose Continue Windows 2003 R2 Setup.
Depending on whether the server has a Service Pack installed, you might get a warning notifying you that you will not be able to uninstall the Windows 2003 R2 update once you proceed with the installation. Click Yes if you do not plan to downgrade the server of its Service Pack.
From the Welcome screen of the Windows 2003 R2 component installer, choose Next to proceed.
A Setup Summary screen will appear, notifying you that it will begin copying the Windows 2003 R2 components onto the system. Click Next to continue.
After all the Windows 2003 R2 files have been copied, click Finished when prompted.
Note
Although the Windows 2003 R2 components will now be copied to the system, none of the R2 components will have been installed or activated on the server yet. The specific R2 components will need to be added and configured to make them work properly. See the next section, “Installing Specific Windows 2003 R2 Components.”
After the Windows 2003 R2 components have been copied onto the server, the server administrator can choose which Windows 2003 R2 components should be installed and enabled on the server. To install Windows 2003 R2 components, do the following:
Determine which Windows 2003 R2 components you want to be enabled.
From the desktop of the Windows 2003 server, click Start, Control Panel, Add/Remove Programs.
Click the Add/Remove Windows Components option.
Select the desired Windows components to add (those familiar with the normal list of Windows components to choose from will notice that new components now exist). After selecting the desired components to install, click Next to begin the installation process.
After the Windows components have been installed on the system, click Finished when prompted.
Note
Although selective components have now been installed on the server, each component typically needs to be configured before the component works. See the next section, “Configuring the Individual Windows 2003 R2 Components,” for more details.
With the Windows 2003 R2 components installed and enabled on the server, each of the new components will typically need to be customized and configured. Sections throughout this book will cover the detailed component installation and configuration steps applicable to the component installed. The following chapters have more details on the configuration of individual Windows 2003 R2 components:
Active Directory Federation Services is covered in Chapter 8, “Integrating Active Directory with Novell, Oracle, Unix, and NT4 Directories.”
Active Directory in Application Mode is covered in Chapter 8.
Network File System (NFS) is covered in Chapter 8.
Print Management Console (PMC) is covered in Chapter 19, “Windows Server 2003 Administration.”
Distributed File System Replication (DFS) is covered in Chapter 30, “File System Fault Tolerance.”
SharePoint Services is covered in Chapter 36, “Windows SharePoint Services.”
File Server Resource Manager is covered in Chapter 19.
Subsystem for UNIX Applications/Identity Management for UNIX is covered in Chapter 8.
The Windows Server 2003 installation process and deployment tools bear similarities to those found in previous versions of Windows. However, feature and performance enhancements have improved the installation experience—whether you are installing a single system by hand or deploying thousands of systems across your corporate environment.
Verify that your hardware is supported.
Stick to using the recommended or better hardware and software requirements.
Make sure you document your server configuration information and perform a backup of any data that you want to keep.
Test your applications for compatibility before migration.
Use a consistent naming convention to name the servers and client machines.
Use only Internet-standard characters in your computer name. This would include the letters A–Z (upper- and lowercase), the numbers 0–9, and the hyphen (-).
Periodically verify that system backups can be used to recover a system in a lab environment.
Use the regular formatting option to perform a true format.
Use NTFS to create an efficient and secured filesystem.
If you are not sure which licensing mode to use for your environment, select Per Server.
Rename the Administrator account, for the sake of security, after you complete the installation.
Automate installation by using deployment tools such as RIS, Sysprep, RIPrep, Unattend files, and Group Policy (with SMS).
Choose and install Windows 2003 R2 components to a server to take advantage of new capabilities built in to Windows 2003.