3Issues Faced By Administrators Today What steps do I need to perform to configure my Windows Server machine?If I’m installing a component, what are its dependencies and how do I install them?What tools do I use to manage installed components and where do I find them?
4More Pressure than Ever on IT 3/25/ :42 AMTechnology ChangeRegulatory ComplianceCompetitionSecurityCost ReductionKeep Business Up & RunningTitle: More Pressure on IT than EverTalking Points: There are positive pressures and negative pressures on the typical IT infrastructure.There are positive pressures and there are negative pressures on the typical IT infrastructure.Positive Pressures: The positive, such as customer connection or end user productivity, usually result in more money and business productivity, while increasing business results and adding new value. The negative, such as cost reduction or regulatory compliance, represent the pressures that require IT groups to act in a reactionary mode.[BUILD1] Negative Pressures: Our Research indicates that of the $140 billion US spent every year on IT budgets, 70% of those budgets is being spent on administrative costs for IT personnel, reacting to situations that arise, and keeping the IT infrastructure up and running. This is opposed to the mere 30% of those budgets being spent proactively making improvements, automating processes, and adding business value. Windows Server 2008 contains a number of features that makes IT more efficient by providing better management and automation tools so that IT professional are able to keep the systems running and use their time efficiently.Additional Information:slide 6CustomerConnectionEnd UserProductivityBusiness Results & New Value
5When IT Services Go Wrong People and Process Play a Major Part Causes of DowntimeUntested applicationChange managementOverloadedWeak problem detectionForgot somethingLack of proceduresBackup errors/securityOperationsOperatorerror 40%Applicationfailure 40%Other 20%Hardware/platformNetworkPower and disasterGartner Group
6More Control Spend Less Time on Everyday Tasks 3/25/ :42 AMSpend Less Time on Everyday TasksEnhanced Scripting and Task AutomationMore ControlWeb Server ManagementWindows PowerShellIIS 7Title: Spend Less Time on Everyday TasksTalking Points: Windows Server 2008 lets IT Professionals spend less time on everyday tasks.Windows Server 2008 provides more control over your server and network infrastructure, allowing IT Professionals to focus on your most critical business needs. Next, we will discuss some of the areas where Windows Server 2008 provides more control.[BUILD1] Enhanced Scripting and Task Automation: Reduce time for common IT tasks by automating with a new powerful scripting environment, called Windows PowerShell.[BUILD2] Web Server Management: Simplify Web server management with advanced and easy-to-use options in Internet Information Services (IIS) 7.0. IIS 7.0 provides powerful customization, diagnostic, and troubleshooting tools.[BUILD3] Configuration and Role Management: Install and manage only the Windows services that you need with Windows Server 2008 Configuration and Role management. provided by Windows Server Manager and the Server Core installation options. The new Server Manager tool provides a great, out-of-the-box experience for adding, configuring, and managing server roles. Administrators can use the new Server Core installation to install Windows Server 2008 with only the features that the supported server roles require, and without any extra overhead. This limits the roles that the server can perform, but can improve security and reduce management.[BUILD4] Policy Based Networking: Control access to systems using the enhanced Windows Firewall and policy-based networking tools.Additional Information:Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)Policy Based NetworkingConfiguration and Role ManagementWindows Server Manager, Server CoreWindows Firewall
7Infrastructure Optimization 3/25/ :42 AMInfrastructure OptimizationTechnology framework to help maximize the value of your IT investmentsStructured way to drive cost reduction, security & efficiency gains and boost agilityBased on industry analyst and academic workProvides guidance and best practices for step-by-step implementationKEY MESSAGE:Infrastructure Optimization ModelSLIDE SCRIPT:The Infrastructure Optimization Model helps customers understand and subsequently improve the state of their IT infrastructure and describes what that means in terms of cost, security risk, and operational agility.Microsoft Infrastructure Optimization (IO) is structured around three information technology models: Core Infrastructure Optimization, Application Platform Infrastructure Optimization, and Business Productivity Infrastructure Optimization. Core IO focuses on the foundational elements of IT services and components and includes five key capabilities: Identity and Access Management, Desktop, Device and Server Management, Data Protection and Recovery, Security and Networking, and IT and Security Process.This clinic focuses on those technologies which support the Desktop, Server and Device Management category of the Core Infrastructure Optimization Model.
9Windows Server Setup Process • Post-Setup security updates• Manage your server• Configure your server wizard• Add/Remove components• Computer Management• Security Configuration Wizard• Operating system setup• Initial Configuration Tasks• Server ManagerWindows Server 2003Windows Server 2008
11Server Core Server Core Installation Active Directory, AD Lightweight Directory Services, DHCP Server, DNS Server, File Services, Print Services, Windows Media Services, Windows Virtualization ServicesServer CoreKEY MESSAGE:Server Core OverviewSLIDE SCRIPT:A server core installation supports specific server roles including Active Directory Domain Services, Active Directory Lightweight Directory Services, DHCP Server, DNS Server, File Services, Print Services, , Windows Media Services and Windows Virtualization Services. You can run Windows Server Virtualization (WSv) using a Server Core installation of Windows Server 2008 as a host system. This will allow you to benefit from Server Core’s reduced software maintenance and file management needs and its smaller footprint (less than 1GB of disk space is required for operating system installation).The server core installation option installs only the subset of the Server binaries that are required by these roles. For example, the Explorer shell is not installed as part of a server core installation. Instead, the default user interface for a server running a server core installation is the command promptBecause a server core installation installs only what is required run the supported server roles, less maintenance is required than on a full installation of Windows Server Fewer applications run on the server, therefore the attack surface is decreased and there is less to manage. In addition, less disk space is required, lowering the hardware requirements for the server.A server core installation of Windows Server 2008 requires initial configuration from the command line because it does not include the traditional full graphical user interface. Once configured, it can be managed locally from the command line or remotely using a Terminal Server connection. It can also be managed remotely using the MMC or command line tools that support remote use.There are no changes to your environment or infrastructure required.Remote Management tools do not require any changes, as long as they use one of the protocols supported in Server Core to communicate with the remote management workstation, such as RPC. Local Management tools and agents might require changes to work with Server Core, since they cannot have any shell or user interface dependencies, nor use managed code.Benefits of Server CoreReduced maintenanceReduced attack surfaceReduced managementLess disk space required
12Server Core - Recommendations Implement Server Core whenever possiblePublish cmd.exe using Terminal Services RemoteApp to allow you to run cmd.exe in a window on your local machine rather than in a full terminal services clientMinimize administrative access to the systemEnsure physical security of the serverKEY MESSAGE:Server Core RecommendationsSLIDE SCRIPT:To implement the best possible Server Core environment, you should keep the following in mind:Implement Server Core whenever possible to improve server security, increase server stability, reduce server management and maintenance needs, and reduce hardware requirements.Publish cmd.exe using Terminal Services Remote Programs to allow you to run cmd.exe in a window on your local machine rather than in a full terminal services client.Minimize administrative access to the system.Ensure physical security of the server.Implement BitLocker Drive Encryption when the physical security of the server cannot be guaranteed.Implement BitLocker Drive Encryption
13Server Core - SummaryServer Core provides a minimal installation optionServer Core supports the following roles: AD Domain Services, AD Lightweight Directory Services, DHCP Server, DNS Server, File Services, Print Services, Windows Media Services, and Windows Virtualization ServicesServer Core is managed:Locally and remotely through the command lineRemotely via MMCRemotely via Terminal ServicesRemotely via Windows Remote ShellServer Core provides a script for configuring settings that cannot be configured through a command-line or MMC snap-inKEY MESSAGE:Server Core SummarySLIDE SCRIPT:Server Core provides a minimal installation option for deploying Windows Server 2008 with a smaller footprint and attack surface, reducing management and maintenance needs.Initial installation of Server Core must be completed utilizing command-line tools or through an unattended installation process; however, ongoing administration can be managed locally and remotely through the command line or remotely via MMC, Terminal Services or the Windows Remote capabilities. Server Core also provides a script for configuring settings that cannot be configured through a command-line or MMC snap-in.
14Server RolesA role is logical grouping of a set of components based onUser scenariosTypical server workloadsDependenciesExamples of roles are Windows Media Services, Terminal Services
15Server Roles Role Description Active Directory Certificate Services (AD CS)Enables creation and management of digital certificates for users, computers, and organizations as part of a public key infrastructure.Active Directory Domain Services (AD DS)Stores information about objects on the network and makes this information available to users and network administrators.Uses domain controllers to give network users access to permitted resources anywhere on the network.Active Directory Federation Services (AD FS)Provides simplified, encrypted identity federation and Web single sign- on (SSO) capabilities.Active Directory Lightweight Directory Services (AD LDS)Provides a store for application-specific data, for directory-enabled applications that do not require the infrastructure of Active Directory Domain Services. Multiple instances of AD LDS can exist on a single server, each of which can have its own schema.Active Directory Rights Management Services (AD RMS)Information protection technology that works to help safeguard digital information from unauthorized use.Application ServerProvides central management and hosting of high-performance distributed business applications such as those built with Enterprise Services and .NET Framework 3.0.Dynamic Host Configuration Protocol (DHCP) ServerEnables the central provisioning, configuration, and management of temporary IP addresses and related information for client computers.Domain Name System (DNS) ServerTranslates domain and computer DNS names to IP addresses. DNS is easier to manage when it is installed on the same server as Active Directory Domain Services.Fax ServerSends and receives faxes and allows you to manage fax resources such as jobs, settings, reports, and fax devices on this computer or on the network.
16Server Roles Role Description File Services Provides technologies for storage management, file replication, distributed namespace management, fast file searching, and streamlined client access to files.Network Policy & Access ServicesProvides support for routing LAN and WAN network traffic, creating and enforcing network access policies, and accessing network resources over VPN and dial-up connections.Print ServicesProvides access to and manages network printers and printer driversTerminal ServicesProvides technologies that enable access to a server running Windows-based programs or the full Windows desktop. Users can connect to a terminal server to run programs, save files, and use network resources on that server.UDDI ServicesProvides Universal Description, Discovery, and Integration (UDDI) capabilities for sharing information about Web services within an organization’s intranet or between business partners on an extranet. Organizes and catalogs Web services and other programmatic resources. A UDDI Services site consists of a UDDI Web Application connected to a UDDI Database.Web Server (IIS)Provides a reliable, manageable, and scalable Web application infrastructure.Windows Deployment Services (WDS)Provides a simplified, secure means of rapidly deploying Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or install Windows components from CD or DVD media.Windows SharePoint ServicesHelps organizations increase productivity by creating Web sites where users can collaborate on documents, tasks, and events and easily share contacts and other information.
17How Server Manager uses the concept of Roles List of roles displayed maps 1x1 to the list of role modelsHierarchy within a role is captured from its modelSettings and defaults are captured in the role specific modelInformation is then submitted to SML Platform infrastructure to make updates to the server
18SML – Service Modeling Language Service Modeling Language (SML) (http://www.serviceml.org) is the XML Schema based modeling language that provides a rich set of constructs for modeling complex IT services and systemsService Modeling Language (http://www.serviceml.org)An XML Schema based language providing constructs for modeling the elements in complex IT services and systems, their relationships and constraintsProfile of XML Schema 1.0 is used for defining structural aspectsProfile of Schematron is used for defining constraintsSchematron is an ISO/IEC standard (http://standards.iso.org/ittf/PubliclyAvailableStandards/c040833_ISO_IEC_ _2006(E).zip)
19SML – Service Modeling Language Server Manger tool in Windows Server 2008SML models of “in the box” server roles are used for installation, configuration, and on-going management of these roles via Document Collection processingDesired Configuration Monitoring (DCM) feature in SCCM (ConfigMgr) 07SML models are used to define and verify the desired configuration of machines via Document Collection processingConfiguration Management Database in Service Manager v1Uses the SML-based Microsoft Model Library and the SQL store for defining and storing the past, present, and future planned configuration of IT assets in an enterpriseMuch other work in development
20SML Based Role Models An SML model of a role captures: Structure of the service: components and relationships, eg IIS Role HierarchyDesired configuration, eg Default SettingsConstraints, eg Domain Joined RequirementManagement information such as events and performance counters, rules for determining the operational health of the service, etc.
21Functional Behaviour With Dependencies When a role, role service or feature is specified to be uninstalled in the answer file, any other role, role service or feature that depends on the item being uninstalled will also be uninstalled. This matches what happens in the RMT UI for the equivalent scenario.Example from diagram: if the user specifies that B should be uninstalled, A1 and C3 will also be uninstalled if they are installed on the computer.When non-top level node is specified in the answer file, its default child nodes will be installed. Additionally, all its parents will be installed but the parents’ defaults will not.Example from diagram: if the user specifies that A1 should be installed, A will also be installed (it is A1’s parent) but A2 will not be installed (it is A1’s default child node)The default behavior when a container node is specified in the answer file is to install its default child nodes. If that container has no defaults, all child nodes will be installed.Example from diagram: if the user specifies that A should be installed, A2 will also be installed (it’s a default child of A) but A1 will not be installed (it is a non-default child of A)Example from diagram: if the user specifies that D should be installed, both D1 and D2 will be installed as D has no default child node.If InstallAllSubFeatures=”true” is specified for a given node, all its child nodes will also be installed. This is transitive, so if a top-level node has more than one level of child nodes, all its child nodes (at all levels) will be installed.Example from diagram: if the user specifies that A should be installed and InstallAllSubFeatures=”true” is specified, A1 and A2 will also be installed.If InstallAllSubFeatures=”false” is specified for a given node, only its default child nodes will be installed. This is transitive, so if a top-level node has more than one level of child nodes, its default child nodes (at all levels) will be installed.Example from diagram: if the user specifies that A should be installed and InstallAllSubFeatures=”false” is specified, A2 will be installed but A1 will not as the latter is not a default of A.If InstallAllSubFeatures is not specified, InstallAllSubFeatures=”false” is assumed.
22Server Manager New MMC snap in. Provides consolidated view of server including:ConfigurationStatus of Installed RolesLinks for adding/removing installed roles and featuresStarting and Stopping Servicesmanaging local user accountsdetermining server statusidentifying critical eventsanalyzing and troubleshooting configuration issues or failures.
24Print ManagementPrint Management provides centralized administration of all of the printers in the organization from any computer running:Windows Server 2003 R2Windows VistaWindows Server 2008 operating systems.Windows XP clients (x86 and x64).Print Management can:Up-to-the-minute details about the status of all printers and print servers on the network from one console.Help find printers that have error conditionsSend notifications or run scripts when a printer or print server needs attention.On printer models that provide a Web interface, it can access this additional data allowing information such as toner and paper levels to be managed easily.
25Servermanagercmd.exe (command line interface) To facilitate scripting and unattended role deployment/removal scenarios, the ServerManagerCmd.exe command line tool can be used.ServerManagerCmd exposes the key functions of Server Manager, such as installation/removal of roles, role services and features, command validation, and querying the current state of the machine.ServerManagerCmd also allows for:installation/removal of multiple server roles,role services and features together using XML answer filessupports a set of command-line arguments to allow additional control over how the answer file should be executed.Full listing of the available ServerManagerCmd commands:ServerManagerCmd –help (or -?)
26Servermanagercmd Commands -query [<query.xml>] (Short form: -q)Display a list of all roles, role services, and features available, and shows which are installed. If <query.xml> is specified, the information is also saved to a query.xml file-install <name> (Short form: -i)Install the role, role service, or feature that is specified by the <name> parameter.-allSubFeatures (Short form: -a)Used with the -install parameter to install all subordinate role services and features along with the role. role service, or feature named with the -install parameter.-remove <name> (Short form: -r)Remove the role, role service, or feature that is specified by the <name> parameter.-restartRestart the computer automatically, if restarting is necessary to complete the operation.-logPath <log.txt> (Short form: -l)Specify the non-default location for the log file (ServerManager.log).
27MMC 3.0A new pane called the actions pane is available; it displays available commands for the selected nodeProvides Windows forms hosting capabilityFull integration with WinForm, unlike the older OCX views in MMC 2.0Standard Visual Studio® designer and design guidelines available for view designPossible to isolate process and application domainsFunctionally rich views can be created using one of the four available view types: list, Windows Forms, HTML, and messageIncreased ReliabilityImproved detection and reporting of snap-in problemsBecause actions are logged, it is easier to debug and incrementally improve snap-in codeAbility to isolate suspended snap-ins from the console
28Task Scheduler 2.0 Isolating user actions in separate sessions Credentials managements using new security services (S4U and CredMan)Removed limitations on the number of registered tasksAPI additions:Scripting Support: Interfaces are now derived from IDispatch providing full support for scripted developmentTask Scheduler Schema: Allows you to create/manage tasks through XML-formatted docs.New Triggers: New time/calendar/event triggers. All triggers support repetition, delay, start, and stop.Task Settings: Can now prioritize tasks, define multiple instance policies, starting a task only if the network is available, reset on failure, execution time limit, etc.New actions: Send an message, show a message box, start an executable, or fire a COM handler.
42Windows Deployment Services (WDS) 3/25/ :42 AMWDSRapidly deploy Windows operating systemsUpdated and redesigned version of Remote Installation Services (RIS)Server componentsClient componentsManagement componentsWindows Deployment Services provides several enhancements to RISTitle: Windows Deployment ServicesTalking Points: Windows Deployment Services (WDS) is a suite of components that work together on Windows Server 2008 to provide a simplified, secure means of rapidly deploying Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or install Windows components from CD or DVD media. It contains a number of new or enhanced features that will save IT staff time.The Windows Deployment Services Process: Windows Deployment Services allow IT staff to rapidly deploy the Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or install Windows components from CD or DVD media. WDS can also be used to quickly repurpose existing computers.[BUILD1] Windows Deployment Services: Windows Deployment Services, the updated and redesigned version of Remote Installation Services (RIS), is the feature name for a suite of components that work together on Windows Server 2008 to enable the deployment of Windows operating systems, particularly Windows Vista. These components are organized by the following three categories: server, client and management components.[BUILD2] Server components: These components include a Pre-Boot Execution Environment (PXE) server and Trivial File Transfer Protocol (TFTP) server for network booting a client to load and install an operating system. Also included is a shared folder and image repository that contains boot images, installation images, and files that you need specifically for network boot.[BUILD3] Client components: These components include a graphical user interface that runs within the Windows Pre-Installation Environment (Windows PE) and communicates with the server components to select and install an operating system image.[BUILD4] Management components: These components are a set of tools that you use to manage the server, operating system images, and client computer accounts.[BUILD5] Enhancements to Windows Deployment Services: Windows Deployment Services includes the Windows Deployment Services MMC snap-in, which provides rich management of all Windows Deployment Services features. Windows Deployment Services also provides several enhancements to the RIS feature set. These enhancements support the deployment of the Windows Vista and Windows Server 2008 operating systems. With Windows Deployment Services, IT staff can:Use the Windows Deployment Services snap-in to create a "capture image" that can create a custom image from a computer that has been prepared with Sysprep.exeUse the Windows Deployment Services Capture Wizard to create and add an image prepared with Sysprep.exeUse the Windows Deployment Services snap-in to associate unattended installation files with Windows imagesAssociate one or more language packs with an image, eliminating your need for unique images for each language your organization supportsUse the Windows Deployment Services snap-in to create a "discover image" for use with computers that do not support PXE bootAdditional Information:SVR322_Niehaus.pptChanges in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn) Windows Server 2008Windows Vista
43WDS - Components Server Components Pre-Boot Execution Environment (PXE) serverTrivial File Transfer Protocol (TFTP) servershared folder and image repository containingboot imagesinstallation imagesfiles that you may need specifically for network bootClient ComponentsGraphical user interfaceManagement Componentsa set of tools that you use to manage:the serveroperating system imagesclient computer accounts
44WDS - EnhancementsUse the Windows Deployment Services snap-in to create a "capture image" that can create a custom image from a computer that has been prepared with Sysprep.exeUse the Windows Deployment Services Capture Wizard to create and add an image prepared with Sysprep.exeUse the Windows Deployment Services snap-in to associate unattended installation files with Windows imagesAssociate one or more language packs with an image, eliminating your need for unique images for each language your organization supportsUse the Windows Deployment Services snap-in to create a "discover image" for use with computers that do not support PXE boot
45New Command-line shell & Scripting Language Powershell3/25/ :42 AMNew Command-line shell & Scripting LanguageImproves productivity & controlAccelerates automation of system adminEasy-to-useWorks with existing scriptsPartnersFuturesTitle: Windows PowerShellTalking Points: Windows PowerShell accelerates automation of system administration.Windows PowerShell is a new command-line shell and task-based scripting technology that provides comprehensive control and automation of system administration tasks, with the goal of increasing IT productivity. Windows PowerShell includes many system administration utilities, consistent syntax and naming conventions, and improved navigation of common management data, such as the registry, certificate store, or WMI. Windows PowerShell also includes an intuitive scripting language specifically designed for IT administration.PowerShell is based on the .NET Framework, and takes advantage of the features presented by .NET. This allows IT staff to do such things as create system objects and have access to methods and properties of these objects, to build things like WinForms applications in the shell, or have access to Active Directory or SQL Server™. Even with all of the new features, an organization’s existing tools and scripts, such as PERL, batch files, or Visual Basic® scripts will still work. If an organization is using COM or WMI for automation, those scripts will also continue to work the same as before.In larger enterprises, management of multiple servers can be automated using Windows PowerShell. Windows PowerShell provides these benefits:Improve productivity: Allows IT organizations to automate tasks that are manual and time-consuming. It also improves the developer experience by making it easier to add command-line management capabilities, using .NET.Accelerate automation: Accelerates automation of system administration by enabling administrators to write secure automation scripts.Works with existing scripts: Is easy to use and works with existing scripts. It improves the administrative experience by enabling IT Pros to write secure automation scripts that can run locally or remotely.Windows PowerShell FeaturesWindows PowerShell is an extensible scripting technology that is interactive, programmable, secure, and production-oriented. It provides the following components:A scripting languageAn interactive shellA way to produce task-oriented commandsA set of domain-independent utility commandsThe following is an example of how an administrator might use PowerShell with Exchange. The goal of Windows PowerShell is to simplify an administrator’s view of Exchange using these tasks: recipient management tasks, organization management tasks, server management tasks, and diagnostic tasks. Tasks are further broken into categories based on server role and features:Roles: Edge/Hub Transport, CAS, Mailbox, UMFeatures: AntiSpam, Managed , Transport, Rules, etc.Windows PowerShell uses the Monad engine, which is a common management platform.All Exchange Management Console (E12) data access business logic is packaged as cmdlets. The graphical user interface is shielded from Monad by an ADO abstraction layer that makes writing Winforms applications easier. In this model, cmdlets are similar to SQL stored procedures. The unit of operation in Windows PowerShell is a cmdlet .NET class (e.g. remove-server). All Exchange operations are implemented as Monad cmdlets as follows: Namespace providers enable groups or families of related cmdlets (that is, namespaces)File System, Registry, Local Certificate Store, Alias Provider, Environmental Variables, and VariablesPipelines are composed of classes (cmdlets) passing structured objectsExtended Type System (ETS) simplifies developer experienceCommon interfaces for operating on pipeline objects independent of type (for example, .NET, WMI, XML, ADO, ADSI etc)[BUILD1] PartnersIndividuals and organizations seeking to get the most out of Windows Server 2008 can choose from a wide range of offerings from independent software vendors (ISVs), original equipment manufacturers (OEMs), and other vendors outside Microsoft. Some of these partners include:Fullarmer: FullArmor is adopting Windows PowerShell, Microsoft's new command-line shell and scripting language, to improve control over and accelerate automation of Group Policy settings. Future FullArmor products will enable customers to navigate and modify Group Policy settings directly from the command line and using scripts./n Software: The /n software NetCmdlets extend the features of Microsoft Windows PowerShell with a broad range of network management and messaging capabilities.PowerGadgets: PowerGadgets is a Windows PowerShell snap-in, and lets you easily explore, visualize, and monitor enterprise data from virtually any data source, including traditional databases and text files, with little or no coding involved.Quest Software: Quest Software has created a graphical user interface for Windows PowerShell—PowerGUI. Quest Software has built PowerShell commands (cmdlets) for Active Directory, and is sponsoring a new independent online community dedicated to Windows PowerShell, PowerGUI.org.PrimalScript 4: PrimalScript 4.1 introduces support for Microsoft Windows PowerShell. Launched simultaneously with Windows PowerShell itself, the Professional and Enterprise editions provide a visual development environment for Microsoft's next-generation Windows automation platform.[BUILD2] FuturesShip in Windows: Windows PowerShell will be included with Windows Server 2008.Admin GUIs layered over PowerShell: While many aspects of Windows Server 2008 and other Microsoft applications will be manageable from PowerShell, admin GUIs layered over PowerShell will also be available. For example, Exchange 2007 is completely manageable by means of a Windows PowerShell, an admin GUI is also available to perform some tasks.One-to-many remote management using WS-MGMT: Microsoft plans for to leverage Web Service Management (WS-MGMT), the remoting protocol recently standardized through the Distributed Management Task Force (DMTF), to provide remote capability.Additional Information:MSG305_sharma.ppt, Session2-PowerShell-PACITProWill ship in WindowsAdmin GUIs layered over PowerShellOne-to-many remote management using WS-MGMT
46Books & Training Materials Powershell3/25/ :42 AMMore ControlTechNet ScriptCenterExchange Server 2007Terminal ServerWMI, Registry, Hardware, etc.Community-Submitted scriptsMyITForum.comHundreds of ScriptsBooks & Training MaterialsManning PublicationsO’Reilly MediaSapien Press & others…Title: Windows PowerShell ResourcesTalking Points: Support for Windows PowerShell is available in the form of scripts, books, training, and community support.Scripts:Scripting for Windows PowerShell brings together resources for system administrators who are interested in learning about the Windows PowerShell command line and scripting environment. The TechNet ScriptCenter provides a one-stop shop for all of your Windows PowerShell scripting needs.The TechNet ScriptCenter contains scripts for items such as: Exchange Server 2007, Terminal Services, WMI, Registry, Hardware, and Community submitted scripts among others.myITforum.com, Inc. is the premier online destination for IT Professionals responsible for managing their corporations' Windows-based systems, especially for IT Pros working with Microsoft Systems Management Server (SMS), System Center, Microsoft Operations Manager (MOM), Scripting, Windows Mobile, Group Policy (GPO), and patching and security. The centerpiece of myITforum.com, Inc. is a collection of member forums, lists, blogs, and technical articles where IT Professionals actively exchange technical tips, share their expertise, and download utilities that help them better manage their Windows environments. Any member of myITforum.com can upload files and utilities to help Admins across the world to get the job done in less time. Visit:[BUILD1] Books and Training Materials:There are a number of good books from these and other publishers that will help you use and get the most out of Windows PowerShell. A few such books are:Windows PowerShell in Action by Bruce Payette, from Manning Publications. Bruce is one of the founding members of the Windows PowerShell team, co-designer of the PowerShell language, and is the principal author of the PowerShell language implementation. You will gain a deep understanding of the language and how best to use it, and gain insights into why PowerShell works the way it does.Monad (AKA PowerShell) Introducing the MSH Command Shell and Language by Andy Oakley, from O’Rielly Media,Windows PowerShell, formerly known by its codename "Monad," is available now for Windows Server® 2003, Windows® XP, and Windows Vista™; and soon for Exchange Server 2007 and MOM. PowerShell is the future of Windows administration. Monad, Oakely’s innovative, hands-on introduction to the tool is an exciting tour of some of the new capabilities that PowerShell puts into the hands of system administrators and power users, and is the perfect complement to existing PowerShell documentation.Windows PowerShell: TFM by Don Jones and Jeffery Hicks, from Sapien Press.Authors Don Jones (Managing Windows with VBScript and WMI, Advanced VBScript for Windows Administrators) and Jeffery Hicks (Advanced VBScript for Windows Administrators) teach you PowerShell scripting from the ground up: You don't need any prior PowerShell, VBScript, or any other scripting or programming experience. You'll learn about cmdlets, snap-ins, scripts, PowerShell's security model, and the .NET Framework. Written in an easygoing, casual style, with plenty of examples, you'll find yourself producing useful PowerShell scripts after the second chapter![BUILD2] Community Support:There are a variety of different support options and information from different community sources.MS MVPs: Microsoft Most Valuable Professionals (MVPs) are exceptional technical community leaders from around the world, who are awarded for voluntarily sharing their high-quality, real-world expertise in offline and online technical communities. Microsoft MVPs are a select group of experts that represent the technical community's best and brightest, and they share a deep commitment to community and a willingness to help others. MVPs represent a broad spectrum of Microsoft product users.PowerShell Team Blog: Keep up to date with the latest announcements directly from the team responsible for building Windows PowerShell with the PowerShell Team blog.Active Newsgroup: There is the very active newsgroup microsoft.public.windows.powershell that is patrolled by most of the PowerShell MVPs. Channel 9 DFO Show: Channel 9 is designed to facilitate communication between Microsoft and its developer and customer constituencies. The site uses video clips, moblog technology, RSS feeds; wikis, and forums to reach out to users. Design for Operations, or DFO, is a key element of the Microsoft Dynamic Systems Initiative, that will lead to the ability to build self-managing dynamic systems. The DFO show has started a series about PowerShell which can be found at channel9.msdn.com/shows/The_DFO_Show.IIS.net: The IIS.net site is a portal site for the IIS.NET development community. This site contains new PowerShell information in regards to IIS.NET.Additional Information:manning.com/powershell/mvp.support.microsoft.com/communities/mvp.aspxblogs.msdn.com/PowerShell/channel9.msdn.com/tags/MonadMS MVPsPowerShell Team BlogActive NewsgroupChannel 9: DFO ShowIIS.netCommunity Support
47What is Powershell?Revolutionary new interactive shell and scripting languageBased on .NETNew set of built-in tools (+120)New language to take advantage of .NETA new “object-pipeline” system viewCan continue to use current toolsCan continue to use current automation (COM)
48BenefitsAutomate administration of multiple servers through a task-oriented scripting languageAccelerate script authoring, testing and debugging and write customer tools in a new command shell environmentUtilize new scripts and CmdletsManage command-line services, processes, registry, and WMI dataManage and/or automate administration tasks for server roles such as IIS and Active DirectoryAutomate Terminal Server configuration changes by means of PowerShell scripts, and examine configuration similarities and differences across a Terminal Server farm.Manage an Internet Information Services 7.0 environment.Remotely manage servers.
49No Fear, Uncertainty or Doubt Do I need to learn .NET before I can use PowerShell?No - you can continue to use existing tools.Do I need to rewrite all my existing tools?No - existing tools will run just fine.Do I need to learn the new language?No - You can easily run existing commands without modification.Learning the newOnline help is full of examples that are ready to useThe new language elements make interacting with .NET a snap.Using .NET can help you where new tools don’t exist and opens a vast space of productivityLearn at your own pace, PowerShell will be ready for you
50CMDlets A cmdlet (pronounced "command-let") is a single-feature command that manipulates objects in Windows PowerShell.You can recognize CMDlets by their name format –a verb and noun separated by a dash (-),Get-HelpGet-ProcessStart-Service.
51Powershell - Recommendations Start using Windows PowerShell immediately!Don’t throw away any existing scripts or batch files – they can still be used!Don’t forget the power of the wildcard, such as “*”Don’t deploy Windows PowerShell on any machine where it is not actually neededKEY MESSAGE:Windows PowerShell RecommendationsSLIDE SCRIPT:To get the greatest benefits from Windows PowerShell, administrators should keep the following in mind:Start using Windows PowerShell immediately. Because it is backward-compatible, existing knowledge and experience can be used while learning to use the new cmdlets and scripting language.Don’t throw anything away! Existing batch files and scripts will all still run in the PowerShell environment.When using cmdlets, don’t forget the power of the wildcard.While security was a design priority of PowerShell, like any other powerful administrative tool is should only be deployed on administrator machines where it will be utilized.Immediately deploy a Group Policy Object to centrally-control security settings for Windows PowerShell, even if PowerShell is not yet being used in the organization.Centrally-Control Windows PowerShell security settings through GPOs – do it now!
52Remote Management Remote Hardware Management Windows Remote Management KEY MESSAGE:Windows Remote Management OverviewSLIDE SCRIPT:Remote hardware management is intended to reduce overall IT administration costs by providing monitoring and control of remote hardware components, especially before the system is started and after an operating system failure. Original Equipment Manufacturers (OEMs) have developed a common architecture to address the need for hardware management. An important piece of this architecture is the baseboard management controller (BMC). A BMC is a specialized device that monitors the state of the server computer. The BMC provides remote control of server hardware, retrieves status data, and receives notifications about critical errors and other hardware state changes. A script or application that is monitoring a remote server can obtain data from the server either in-band, through the remote operating system, or out-of-band, directly from the BMC. A BMC has sensors that can detect, for example, when the server computer is overheating or when voltage is out of the acceptable range. Several standards exist to define the architecture of BMC. The Intelligent Platform Management Interface (IPMI) is one such standard that is used frequently. However, despite the IPMI standard, management access to server hardware is proprietary and requires use of management tools supplied by OEMs. Also, remote access to a BMC is provided using a specialized wire protocol, Remote Management Control Protocol (RMCP), which has non-standard security mechanisms for authentication of access. The Microsoft IPMI provider and IPMI driver, allow you to obtain BMC data from remote server computers through a standard WMI provider with WMI classes. While you can write a normal WMI script that obtains remote data through DCOM, in many cases the preferred method of obtaining IPMI data is through the WinRM command line utility, the WinRM Scripting API, or WinRM C++ API. The BMC also has an event database called the System Event Log (SEL) which records events in the monitored computer. You cannot subscribe to have these events delivered to a script as you can with WMI event classes. However, you can use the Wecutil.exe command line tool to subscribe to them.Windows Remote Management is the Windows implementation of WS-Management, an industry-standard Web services-based protocol. Windows Remote Management provides a secure, efficient way for management applications and scripts to communicate with local and remote computers. The Windows service that Windows Remote Management installs and uses is called WinRM.When a server is connected to a BMC that supports the WS-Management standard, applications and scripts can use Windows Remote Management to communicate directly with the BMC, even when the operating system is offline (pre-boot or post-failure).When a server is not connected to a BMC, Windows Remote Management can still be used to connect to WMI remotely in situations where DCOM communication is impeded (for example, across a firewall). This is possible because the WS-Management standard is firewall-friendly and uses a single port configurable by the system administrator.Windows Remote Management exposes its own application programming interface (API) for scripting, which can be used by scripts written in any Windows Script Host-compatible language.Winrm.cmd. The command-line tool provided as the primary administrative interface for managing WinRM is a batch file (Winrm.cmd) that runs a Visual Basic Scripting Edition (VBScript) script named Winrm.vbs. Because it is a script, you can open it as a text file and view the code to learn how it works. You can also write your own VBScript scripts that take advantage of the WinRM scripting API. Winrm.vbs runs under Cscript.exe, the command-line scripting engine of Windows Script Host.Prerequisites. Winrm.vbs enables system administrators to configure and manage WinRM. Because WS-Management is a Web service that uses XML as its message format, Winrm.vbs output is natively XML as well. The tool provides switches to output more readable XML or plain text.Prerequisites. WinRM is part of the operating system. However, to obtain data from remote computers, you must configure a WinRM listener. If a BMC is detected at system startup, then the IPMI provider loads; otherwise, the WinRM scripting objects and the WinRM command-line tool are still available.Benefits. With Windows Remote Management you can:Perform local and remote server management by accessing multiple data management stores such as WMI, ADSI, COM, Certificates, Registry, and XML configuration filesAutomate the management of local and remote serversObtain management data from local and remote computers that may have baseboard management controllers (BMCs)Utilize WMI on Windows systemsUtilize WS-Management Protocol for non-windows systemsRemote Hardware ManagementWindows Remote ManagementWinrm.cmdPrerequisitesBenefits
53Remote Management Installation and Configuration KEY MESSAGE:Windows Remote Management Technical Background OverviewSLIDE SCRIPT:Remote Management Architecture.WinRM Scripting API. This scripting API enables you to obtain data from remote computers using scripts that perform WS-Management protocol operations.Winrm.cmd. This command–line tool for system management is implemented in a Visual Basic Script file (Winrm.vbs) written using the WinRM scripting API. This tool allows an administrator to configure WinRM and to get data or manage resources.Winrs.exe. This command line tool allows administrators to remotely execute most Cmd.exe commands using the WS-Management protocol. For more information, see the online help provided by the command line Winrs /?.Intelligent Platform Management Interface (IPMI) driver and WMI provider. Hardware management through the Intelligent Platform Management Interface (IPMI provider and driver allows you to control and diagnose remote server hardware through BMCs when the operating system is not running or deployed.WMI service. The WMI service continues to run side-by-side with WinRM and provides requested data or control through the WMI plug-in. You can continue to obtain data from standard WMI classes, such as Win32_Process, as well as IPMI-supplied data.WS-Management protocol. WS-Management protocol, a SOAP-based, firewall-friendly protocol, was designed for systems to locate and exchange management information. The intent of the WS-Management protocol specification is to provide interoperability and consistency for enterprise systems that have computers running on a variety of operating systems from different vendors.Remote Management Installation: If Windows Remote Management is not installed and configured, WinRM scripts do not run and the WinRM command line tool is unable to carry out data operations. The Windows Remote Shell command line tool, WinRS, and event forwarding also depend on WinRM configuration. WinRM and Intelligent Platform Management Interface (IPMI) WMI provider components are installed by default with Windows Server 2008 and the WinRM service starts automatically. On Windows Vista, the service must be started manually. On Windows Server 2003 R2, WinRM is not installed by default but is available as the Hardware Management feature through the Add/Remove System Components feature in the Control Panel under Management and Monitoring Tools. By default, no WinRM listener is configured. Even if the WinRM service is running, WS-Management protocol messages that request data cannot be received or sent. Internet Connection Firewall (ICF) blocks access to required ports by default.Scripting in WinRM: The Scripting API in WinRM and the accompanying COM API for C++ are designed to reflect closely the operations of the WS-Management protocol. The WinRM Scripting API in Windows Remote Management supports all the WS-Management protocol operations except one. It does not allow subscriptions to events. To subscribe to events from the BMC System Event Log, you must use the Wecutil or Wevtutil command-line tools. The WinRM Scripting API is called by Winrm.vbs, a command-line tool, which is written in Visual Basic Scripting Edition (VBScript). Winrm.vbs provides examples of how to use the WinRM Scripting API.Authentication for Remote Connections: Windows Remote Management maintains security for communication between computers by supporting several standard methods of authentication and message encryption. The default credentials, user name and password, are the credentials for the logged-on user account that runs the script. Kerberos is the default method when the client is in a domain and the remote destination string is not one of the following: localhost, , or [::1]. Negotiate is the default method when the client is not in a domain. Negotiate is also the default method when the client is in domain, but the remote destination string is one of the following: localhost, , or [::1]. Basic and Digest Authentication are also available.Remote Management ArchitectureInstallation and ConfigurationScripting in Windows Remote ManagementAuthentication for Remote Connections
54Usage ScenariosManage PCs in restricted environments (e.g. DMS, Internet, through firewalls/NATs)Remotely connect WMI instrumentation for asset and configuration managementExecute remote scripts or command-line utilities with Windows Remote ShellKEY MESSAGE:Summary of Windows Remote Management Implementation/Usage ScenariosSLIDE SCRIPT:Windows Server 2008 administrators will have the need to manage PCs in restricted environments, collect information for asset and configuration management, remotely manage servers, and monitor PC health. With Windows Remote Management you can do all of these things. You can:Perform local and remote server management by accessing multiple data management stores such as WMI, ADSI, COM, Certificates, Registry, and XML configuration files.Automate the management of local and remote servers.Obtain management data from local and remote computers that may have baseboard management controllers (BMCs).Utilize WMI on Windows systems.Utilize WS-Management Protocol for non-windows systems.Monitor PC health by forwarding events to a central collector.Monitor PC health by forwarding events to a central collector
55Group Policies Feature Description Benefit XML-based policy definition filesAdministrative template files are replaced by an XML-based file format that incorporates multilanguage support and strong versioning.Group Policy tools display in the administrator's operating system language• Managing registry-based policy settings while accommodating automated or fully manual change management processesCentral store of ADMX filesThe central store is a domain-wide directory created in the Sysvol.Reduces the need for additional storage and greater replication traffic resulting from increasing numbers of GPOsGroup Policy administrative tools read both ADMX and ADM filesGroup Policy administrative tools use the core operating system ADMX files from the local machine before the creation of the central store. In addition, the administrative tools can read any other ADM file stored locally or in a GPOEnsures interoperability with earlier platforms for administering Group PolicyKEY MESSAGE:
56General Recommendations For single server administration, use xxTo manage roles from a command prompt, use xxFor multiple server administration, use Windows xxFor Remote Management, use xx (based on xx Standard)KEY MESSAGE:Server Management RecommendationsSLIDE SCRIPT:You should use Server Manager to manage single servers, but for multiple server management or for remote management, you should use Windows PowerShell and Windows Remote Management. Use the ServerManagerCmd.exe utility to manage roles from a command-line environment. Take advantage of the new Event Subscription capabilities in Windows Server 2008 for collecting data from Event Viewer event logs on multiple servers. Use Microsoft’s System Center family of tools for enterprise-wide management.Use xx to collect Event Viewer logs from multiple serversUse xx for enterprise-wide management