Shulou(Shulou.com)05/31 Report--

This article shows you how to get started with Windows Server 2008 R2. The content is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Now you have heard and may even have installed Windows Server 2008 R2, which I usually refer to as R2 for short in this article. Because R2 is an incremental version, much of what you already know about Windows Server 2008 and Windows 7 applies to it. Windows Server 2008 R2 is built on the enhancements provided by Microsoft in Windows Server 2008 and has the same kernel as Windows 7. Because R2 and Windows 7 have the same kernel, they have many of the same features and components, so whether you are using Windows 7 or R2, you can manage these functions and components in much the same way.

Like Windows Server 2008, R2 continues to use modularization to achieve language independence and disk imaging. Microsoft uses Windows Image format (WIM) disk images to distribute Windows Server 2008 R2 on the media. Like Windows 7, R2 uses Windows preinstallation environment 3.0 (Windows PE 3.0) to provide preinstallation services and boot manager to provide preboot services, through which you can choose to run a boot application to load the operating system. On systems with multiple operating systems, use an earlier operating system entry to access the operating system before Windows Vista in the boot environment.

The installer for Windows Server 2008 R2 also installs the Windows recovery Environment (Windows RE) on your server. You can access the command line through Windows RE for troubleshooting, reinstalling based on the system image, and performing memory diagnostics.

Unlike Windows 7, Windows Server 2008 R2 does not include Windows Aero enhancements (Aero Glass, Flip, 3D Flip, etc.), Windows sidebar, Windows gadgets, or other appearance enhancements. However, you can install the desktop experience feature to add Windows 7 desktop features to the server. Additional Windows 7 features include character mapping, desktop themes, disk cleanup, screenshot tools, tape recorders, sync center, Windows video (AVI support), Windows Defender and Windows Media Player. Although the server has these features to make it available like a desktop computer, these features reduce the overall performance of the server.

Introduction to R2 version

Except that the core is the same, Windows R2 is very different from Windows 7. For beginners, R2 is an operating system that only supports 64-bit systems currently released by Microsoft. Specifically, R2 supports 64-bit systems designed for x64 architectures. Support for Itanium 64-bit (IA-64) processors is no longer a standard in Windows operating systems. Microsoft has developed a separate R2 version for Itanium-based computers.

The R2 series operating system includes the following versions:

Windows Server 2008 R2 Foundation Edition provides a cost-effective entry-level foundation for small businesses. The Active Directory Federated Authentication Service (ADFS) or Hyper-V is not supported in this release. It can be used to deploy a certification authority, but cannot host other related services. This version supports all other roles, but there are some limitations. In addition, DirectAccess management and failover clustering features are not supported. Foundation Edition supports up to 8GB RAM and 1 base-separated processor.

Windows Server 2008 R2 Standard Edition provides the necessary services and resources to other systems on the network. This version supports Hyper-V, has some restrictions on other services, but does not support ADFS. It can be used to deploy a certification authority, but cannot host other related services. In addition, the failover clustering feature is not supported. Standard Edition supports up to 32GB RAM and up to 4 base-separated processors.

Windows Server 2008 R2 Enterprise Edition provides enterprise-level scalability and availability. This release supports all server roles and has no restrictions on Foundation Edition or Standard Editon, and it also adds support for other features, including failover clustering. Enterprise Edition supports up to 2TB RAM and up to 8 base-separated processors.

The Windows Server 2008 R2 Datacenter Edition provides global data center-class scalability and availability with enhancements that support hot-added memory, hot-add processors, hot-swap memory, and hot-swap processors. Datacenter Edition supports RAM with up to 2TB and processors with up to 64 base separations.

Windows Server 2008 R2 for Itanium-based systems provides an enterprise-class platform for hosting business-critical applications and implementing large-scale virtualization solutions. This release is not designed to provide core services, it only supports application server and Web server (IIS) roles, as well as failover clustering features. At the time of this writing, other roles are not supported. This version supports up to 2TB RAM and up to 64 base-separated processors.

Windows Web Server 2008 provides Web services for deploying Web sites and Web-based applications. This release includes only Microsoft .NET Framework, IIS, ASP.NET, application server and network load balancing features, as well as DNS server, Windows Server Update Services, and Media Services. This version supports 32GB's RAM and up to 4 base-separated processors.

Now that I've briefly introduced this product line, let's take a look at how R2 works and what new features it provides.

Take a course worth $5

The operations center (shown in figure 1) is the center of all functions related to security and maintenance. If the built-in diagnostics detect problems, information about these issues can be found in the Operations Center, and you can choose to get more information about each problem. Typically, when you get more information about a problem, you get a possible solution at the same time. In the example shown in figure 1, there is a problem with the server's sound card and Intel active management device. Clicking the View message details button displays a detailed message and provides a link to download the updated driver, as shown in figure 2.

Built-in diagnostics do not always find problems or provide solutions, but the process has been improved compared to earlier implementations. On the maintenance panel, you can also click the check solution link to check for problems that have not been automatically identified.

The network and sharing center continue to be used as the center for configuring the network. For Windows Server 2008 R2, networks are divided into the following categories:

Domain network

Work network

Public network

Each network category has an associated network profile. R2 saves network discovery, sharing, and firewall settings for each network category so that the server can use different network discovery and sharing settings for each network category. Windows Firewall also handles inbound rules, outbound rules, and security rules separately for each network profile, and R2 can have multiple active firewall profiles, depending on the network to which the server is connected.

Like Windows Server 2008, R2 supports TCP Chimney offload so that the networking subsystem can offload TCP/IP connection processing from the server processor to its network adapter as long as the network adapter supports TCP/IP offload processing. Both TCP/IPv4 and TCP/IPv6 connections can be uninstalled. By default, the TCP connection is offloaded to the 10Gbps network adapter, but not to the 1Gbps network adapter. You can use Netsh to adjust the settings.

Windows Server 2008 R2 adds support for DNS Security extensions (DNSSEC). Both Windows 7 and R2's DNS clients can send queries that indicate support for DNSSEC, process the relevant records, and determine whether the DNS server validates the records on its behalf. By supporting DNSSEC, your DNS server can safely sign and host DNSSEC signed zones. In addition, the DNS server can handle related records as well as validate and authenticate records.

R2 replaces Terminal Services and all related components with updated and enhanced products called remote Desktop Services. Users can access session-based desktops, virtual machine-based desktops, and applications hosted by remote servers through remote desktop services. In R2, all remote Desktop Service role services have been renamed and have related administrative tools. Figure 4 provides the previous and new names of each role service. Figure 5 provides the previous and new names of each administrative tool.

Previous role Service name New role Service name Terminal Server remote Desktop session Host (RD session Host) Terminal Services Authorization (TS Authorization) remote Desktop Authorization (RD Authorization) Terminal Services Gateway (TS Gateway) remote Desktop Gateway (RD Gateway) Terminal Services session Agent (TS session Agent) remote Desktop connection Agent (RD connection Agent) Terminal Services Web access (TS Web access) remote Desktop Web access (RD Web access)

Several features and services have been added to the R2 active Directory authentication service (AD CS), which makes it easier to deploy the public key infrastructure (PKI) and provides better support for network access protection (NAP). Certificate enrollment Web and Certificate enrollment Policy Web services support certificate registration through HTTP and cross-forest registration. This allows you to merge certification authorities (CA) in multiple forest deployments and reduce the size of the CA database for some NAP deployments.

Windows AppLocker replaces the software restriction policy function. AppLocker helps administrators control how users access and use files, such as executables, DLL, scripts, and Windows Installer files. AppLocker does this because it allows you to define rules to specify which files are allowed to run. Files that are not included in the rule will not be allowed to run.

Old tool name New tool name Terminal Services Manager remote Desktop Service Manager Terminal Services configuration remote Desktop session Host configuration TS Gateway Manager TS Licensing Manager remote Desktop Licensing Manager TS RemoteApp Manager RemoteApp Manager

R2 Enterprise Edition, Database Edition, and versions for Itanium all support failover clustering. A failover cluster is a set of independent servers that work together to enhance the availability of applications and services. Each server in the cluster (called a node) can be configured to take over failed applications or services on other servers in the cluster. R2 added Windows PowerShell cmdlet to failover clustering, improving the cluster verification process and management of clustered virtual machines (supported by Hyper-V), which can now use clustered shared volumes.

In addition to services and applications that were previously configurable in a failover cluster, you can now configure remote Desktop connection agents for load balancing and reconnecting sessions in a load-balanced remote desktop server farm. You can also configure DFS replication to keep folders synchronized between servers over network connections with limited bandwidth. You can aggregate all member servers in a replication group.

In addition to the clustering I mentioned, R2 has added some new features for burdensome hardware and data center solutions, including the iSCSI software initiator and multipath iPink O (MPIO). You can use the Microsoft iSCSI software initiator to connect the Windows server to an iSCSI-based external storage array through an Ethernet network adapter. In R2, the iSCSI initiator user interface has been redesigned to make it easier for users to access the most commonly used settings, and several new features have been added, including Quick Connect, which allows you to connect to a basic storage device with one click. ISCSI boot supports up to 32 paths to boot, and R2 now supports cyclic redundancy check headers and data summary offload.

MPIO supports multiple data paths to and from storage and improves the fault tolerance of storage connections. R2 provides improved MPIO health reports and now provides configuration reports. With these two changes, path data can be obtained more easily. Alternatively, you can use the MPClaim command line utility to configure load balancing policies.

Hyper-V has also been greatly improved. Improvements to Hyper-V include new live migration capabilities, support for dynamic virtual machine storage, enhanced processor support, and enhanced network support.

In this concise course, I will focus on the Active Directory Management Center. This new tool provides a task-oriented interface for managing Active Directory. Use this tool to perform the following tasks:

Connect to one or more domains

Create and manage user accounts

Create and manage groups

Create and manage organizational units

Perform an Active Directory global search

The Active Directory Management Center uses Windows PowerShell to perform administrative tasks and relies on Microsoft .NET Framework 3.5.1. Therefore, these two features must be installed and configured correctly before they can be managed using the Active Directory Administration Center. In addition, the Active Directory Management Center uses the Web services provided by the Active Directory Web Service (ADWS). At least one domain controller in each Active Directory domain to be managed must have ADWS installed and the associated services running. By default, a connection will be established through TCP port 9389, and the firewall policy must set this port as an exception to open to ADWS.

Windows PowerShell 2.0 and WinRM 2.0

Do you want to know how to get all these powerful and useful Windows PowerShell cmdlet? By default, Windows PowerShell 2.0 is installed in most R2 configurations. For a full server installation, the Windows PowerShell console is available on the Quick launch toolbar, and you can install the graphical scripting environment using the add Features wizard. For core server installations, you can now also choose to install Windows PowerShell.

After you start Windows PowerShell, you can enter the name of cmdlet at the prompt, which works very similar to command-line commands. You can also execute cmdlet from a script. Cmdlet is named in the form of "verb-noun pair". The verb describes the general operation of cmdlet. Nouns refer to specific operands of cmdlet. For example, start-service cmdlet starts a Windows service, while stop-service cmdlet stops a Windows service.

In addition, some useful cmdlet is provided to enhance the functionality of the Active Directory management center. To use these cmdlet, you must enter Import-Module ActiveDirectory at the Windows PowerShell prompt to import the ActiveDirectory module. After you import the module, you can use it in the currently running Windows PowerShell instance. The next time you start Windows PowerShell, if you want to use the functionality of the module, you need to import it again. Alternatively, you can choose "Active Directory Module of Windows PowerShell" on the Administrative tools menu

You can also use Windows PowerShell for remote administration. The WS-Management protocol and the Windows remote Management (WinRM) service support remoting capabilities, which implement WS-Management in Windows. R2 contains WinRM 2.0. Both Windows 7 and Windows Server 2008 R2 use WinRM to provide built-in remote management support. In earlier versions of Windows, you could install Windows Management Framework, which includes Windows PowerShell 2.0 and WinRM 2.0.

To use Windows PowerShell for remote administration, you must start it as an administrator. You also need to ensure that WinRM is configured correctly on both the management computer and the target server. Enter winrm quickconfig to check and update the WinRM configuration.

As long as the remote computers are in the same domain, or you are working in a workgroup and have added remote computers in a domain as trusted hosts, you can use Server Manager (and other Microsoft management consoles) to perform some administrative tasks on these remote computers. You can connect to a server running a full server and a core server installation.

After you enable remote management for the server manager, you can use the server manager to perform remote administration tasks, including:

View and manage roles, role services, and features (but cannot add or remove them)

View and manage Advanced Windows Firewall

View and manage Windows events and services

View and manage performance monitoring

View and manage scheduled tasks

View and manage disks

Configure error reporting and customer experience status

View automatic update status

Remote administration uses Windows PowerShell and relies on correctly configured WinRM. For both full server and core server installations, you must enable remote management specifically through the server manager.

For a full server installation, you can use the configure Server Manager remote Administration option or use the Configure-SMRemoting.ps1 script when logging in locally. For core server installations, you can use the server configuration (Sconfig.exe) utility.

R2 also provides a cmdlet that can be used to manage group policies from Windows PowerShell. Enter Import-Module GroupPolicy at the Windows PowerShell prompt to import the Group Policy module. After you import the module, you can use the Group Policy cmdlet in the currently running Windows PowerShell instance.

Windows PowerShell scripts can also be run during login, logout, startup, and shutdown. As shown in figure 8, you can configure Windows PowerShell scripts to run before other types of scripts. You can also choose to run Windows PowerShell scripts after other types of scripts. In the script, don't forget to set up the work environment by importing all the modules you need.

Introduction to Core Parking

You may have heard of the Core Parking feature in R2. However, you may not know where this feature comes from and how it works. Core Parking limits or idle the operation of the processor core based on server load to reduce energy consumption. This feature is feasible because both Windows 7 and Windows Server 2008 R2 support the Advanced configuration and Power Interface (ACPI) 4.0 specification (developed in June 2009). Considering that you are unlikely to want to read all 700-plus pages of formal specifications, I will provide you with some key points related to power management.

Windows uses ACPI to control system and device power state transitions. Windows reduces energy consumption by switching devices between full power (operating), low power, and off. When the processor is in a low power or limited state, the operating frequency of the processor is reduced. When off or idle, the processor is put to idle sleep.

The power settings for the server come from the active power plan. The default active power plan in Windows Server 2008 R2, called balanced, takes advantage of ACPI's enhancements to reduce energy consumption. The ACPI 3.0 specification defines minimum and * * values for processor state to limit processors, and the specification applies only to base-separated processors and not to logical processor cores. ACPI 4.0 happens to provide a solution for limited and idle logical processor cores (in addition, there are other things that have nothing to do with it).

According to ACPI 4.0, when you specify processor states and minimum limits in your power policy, Windows knows that these states are applied to logical processor cores as well as to processors with separate bases. The * and minimum values define the limits of the allowed performance state. For example, if the upper limit is 100% and the lower limit is 5%, Windows can limit the processor within this range to reduce energy consumption if the workload allows. On computers with multiple 4GHz processors, Windows adjusts the operating frequency of those processors to between .25 GHz and 4GHz.

Is an example of processor limitations and idleness, for illustrative purposes only. Here, the computer has four base-separated processors, each with four logical processors. The processor core that is not needed by the current workload is idle, while the processor core that only needs partial performance is in a limited state. For example, logical core 1 of processor 1 runs at 90% performance level, and its logical cores 2, 3, and 4 run at 80% performance level. In a 4GHz processor, this means that logical core 1 runs at the frequency of 3.6GHz, and logical cores 2, 3, and 4 run at the frequency of 3.2GHz. You can also see that processors 3 and 4 have cores that are completely idle and asleep.

To force Windows to maintain a specific performance state, use an equal * value and minimum value. In this case, Windows does not adjust the operating frequency of the processor. It is important to note that fixed processor work at one frequency reduces the efficiency of this feature, so you need to plan carefully before configuring fixed processing settings for your application.

Roadmap for Active Directory Chan

Active Directory Domain Services (AD DS) in R2 has many new features. If you are using R2 and have deployed the operating system on all domain controllers for all domains in the Active Directory forest, your domain can run at the R2 domain functional level, and the forest can run at the R2 forest functional level. With these new runlevels, Active Directory enhancements can be used to improve manageability, performance, and supportability.

The Active Directory Recycle Bin is one of the most important enhancements. This feature enables administrators to undo accidental deletions of Active Directory objects. When you enable the Recycle Bin, all linked and unlinked value properties of the deleted object are retained, so you can restore the object to the state it was before it was deleted without initiating an authoritative restore operation. This approach is fundamentally different from previous implementations, which use authoritative restoration of deleted objects. Previously, when you deleted an object, most of its non-linked value properties were cleared, and all of its linked value properties were deleted, meaning that even if the deleted object could be restored, it could not be fully restored to its previous state.

Managed accounts are another important enhancement. Service accounts are often used by mission-critical applications. On the local computer, you can configure the application to run as a built-in user account, such as Local Service or Local System. However, these accounts are shared by multiple applications and services and cannot be managed at a domain level. If you configure your application to use a domain account, you can isolate the permissions of the application, but you must manually manage the account password and all service principal names (SPN) required for Kerberos authentication.

To reduce the overhead required to maintain service accounts, R2 supports two new managed accounts:

Managed service account

Managed virtual account

A managed service account is a special domain user account for a managed service, and service disruptions and other problems can be reduced by letting Windows automatically manage the password and related SPN for this account. A managed virtual account is a special local computer account for a managed service that can be used to access the network through computer identity in a domain environment.

For managed service accounts, create an actual account, which is stored by default in the managed Service account OU in Active Directory. Next, install the managed service account on the local server and add it to the actual account as a local user. * configure the local service to use the account.

Using a virtual account, you can configure local services to access the network through computer identity in a domain environment. Because the computer identity will be used, there is no need to create an account or manage passwords.

R2 does not have a user interface for creating and managing these accounts. You will need to use Windows PowerShell's Active Directory module to manage them.

In R2, you can also use the new authentication control. The authentication mechanism ensures that the authentication process is improved by allowing administrators to control user access to resources based on whether the user uses a certificate-based login method. In this way, users have different access rights when logging in with a smart card than when they do not log in with a smart card.

*, you can join the domain offline in R2, but this feature does not need to promote the domain or forest function level. By joining the domain offline, administrators can preconfigure computer accounts in the domain to prepare the operating system for deployment. The preconfigured computer can then be added to the domain without contacting the domain controller. The command line utility used to preconfigure accounts is called Djoin.exe.

Introduction to branch cach

Windows BranchCache is a file caching feature used in conjunction with the background Intelligent transfer Service (BITS). If in a domain environment, the desktop computer is running Windows 7 and the server is running R2, the administrator can enable branch caching to enable the desktop computer to retrieve documents and other types of files from the local cache without having to retrieve files from a remote server.

Because branch cache is used to cache files transferred through HTTP and server message blocks (SMB), files transferred from Intranet Web servers or internal file servers can be cached. Basically, branch caching works as follows:

If branch caching is enabled, when * accesses a file from an Intranet website or file server, Windows transfers the file from the source server and caches the file locally in the branch.

Then, when the same user or another user at the branch accesses the file, Windows looks for the file in the local cache. If the file is found, Windows queries the source server to confirm that the file has changed since the cache.

If the file has not changed, Windows retrieves the file from the local cache, so it does not need to be transferred over the WAN. If the file has changed, Windows retrieves the file from the source server and updates a copy of the file in the cache.

Branch caching can be configured by using distributed cache mode or host cache mode. If you use distributed caching mode, desktop computers running Windows 7 will host distributed file caching. Because each local computer caches and sends files, a branch server is not required. If host cache mode is used, the server running R2 in the branch office hosts the local file cache. The server caches the file and sends it to the client. It can be expected that branch caching can greatly reduce response time and greatly reduce the number of transfers of documents, web pages, and multimedia content.

The above is how to get started with Windows Server 2008 R2. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.