IIS 6 Administration

In this section, we’ll look at various general planning issues related to preparing to install or upgrade to Windows Server 2003. These issues are general in the sense that they apply whether you are preparing to deploy IIS web servers or other kinds of servers, such as remote access servers or file/print servers. After considering these general issues, I’ll conclude the chapter with a look at some planning issues specifically related to deploying IIS web servers. The general issues we’ll consider are as follows:

Product Editions

An important up-front planning issue for your deployment is which edition of Windows Server 2003 to deploy. Several things figure into this decision:

If you need to review the capabilities of the various editions of Windows Server 2003, refer back to Chapter 1, “Introducing IIS 6.” You can also find more information about the features of various editions at http://www.microsoft.com/windowsserver2003/ on Microsoft’s website.

Note 

Web Edition, designed primarily for service providers running web hosting data centers, is available only through special Microsoft partner channels, not retail. To find a Microsoft partner channel for this product, see http://www.microsoft.com/serviceproviders/net/server.asp on Microsoft’s website.

Installation vs. Upgrade

Let’s move on to consider the pros and cons of doing clean installs vs. upgrades. Both have their advantages and disadvantages, and which method you select is an important part of the deployment planning process.

Why Do a Clean Install?

There are many good reasons for doing a clean install wherever possible instead of an upgrade. First off, your existing hardware may not meet the requirements for running Windows Server 2003, and it may be more costly to upgrade and maintain it than to switch to an entirely new system. This is especially an issue if you are running older Windows server software like Windows NT Server 3.51 (rare) or Windows NT Server 4 (common). Hardware running these platforms may be five years old or older, and hence

In such cases, it’s clear that older hardware can severely limit the performance of a system running Windows Server 2003 and may prevent many of the new hardware- related features of this operating system from functioning. So if you want maximum performance and want to take full advantage of the features of Windows Server 2003, it’s often best to do a clean install on new hardware purchased from your vendor instead of trying to upgrade your existing hardware. This is especially true when moving from Windows NT 3.51 or 4 to Windows Server 2003—upgrading Windows 2000 Server systems is generally simpler as hardware that supports Windows 2000 will support most (but not all) features of Windows Server 2003. Clearly, upgrading servers is not like upgrading classic cars! After all, would you trade in a classic 1967 Mustang Shelby GT 500 for a BMW Z8 or Mercedes-Benz CL 600? I wish I could even dream about making that decision¼

What if your existing server environment developed in a relatively unplanned fashion and you have a variety of different hardware platforms to manage from different vendors? If you’re planning on upgrading everything to Windows Server 2003, then now’s the time to start thinking about standardizing your hardware platform across your business. Standard hardware platforms (motherboard, chipset, BIOS, and so on) makes management of your servers easier, simplifies troubleshooting, and reduces cost by enabling you to stock fewer replacement parts. If you have the budget for it, buy the best hardware you can and stock up with parts to keep your server environment running continuously.

Another reason for installing instead of upgrading has to do with deploying new applications. If you’re planning on deploying major new applications (ERP, CRM, database, ASP applications, whatever), then you should consider doing clean installs of Windows Server 2003 instead of upgrading your earlier Windows NT or Windows 2000 servers to minimize incompatibility issues with existing applications. So it’s not just new hardware that is a consideration as to whether to upgrade or install, but also new software.

Clean installs also often result in better OS and application performance than an upgrade. The reason for this is that NTFS drives tend to become fragmented after a time, and the disk defragmenter included with Windows Server 2003 doesn’t completely defragment your drive (due to protected system sectors). By installing on a new system (or reformatting your existing system’s drive) you may get a slight improvement in performance over upgrading—and even a slight performance increase can be significant in high-transaction scenarios such as e-commerce websites. This issue is particularly important if you previously upgraded your system, for example, from Windows NT 4 to Windows 2000, and now are considering upgrading it again.

Another disk-related reason for doing a clean install is that it gives you a chance to repartition your drives to better meet your requirements. Of course, Windows 2000 dynamic disks can be resized without reformatting, but see the section “Disk Partitions,” later in the chapter, for important info regarding upgrading dynamic disks.

Why Upgrade?

I’ve talked about why you might want to do a clean install of Windows Server 2003; now I’ll talk a bit about why you might want to upgrade instead. The major reason for performing an upgrade instead of a clean install is to maintain the existing configuration settings of your operating system and applications. The second reason companies sometimes upgrade is because it can be faster than doing a clean install, especially if you have lots of applications running on your server, since a clean install would also mean reinstalling (and reconfiguring) all your applications. The final reason companies sometimes prefer upgrading is because it’s cheaper—you don’t need to go out and buy new hardware.

An issue to consider is the scope of your deployment. Are you just migrating a few web servers from IIS 4 or 5 to IIS 6, or are you migrating your whole network infrastructure from Windows NT or Windows 2000 to Windows Server 2003? The latter is more complicated, especially the NT case, which requires a good understanding of the process for migrating Windows NT security models to Active Directory forests, domains, and organizational units. That kind of mass deployment is beyond the scope of this book, and you should use the Windows Server 2003 Deployment Resource Kit as your final guide in making such deployment decisions.

One more thing to consider—the operating system you’re upgrading from. If your servers are currently running Windows 2000 Server, upgrading to Windows Server 2003 should be a snap in most cases, and this makes upgrading a viable alternative to doing a clean install. On the other hand, if you’re running Windows NT Server 4, you’ll likely want to do a clean install, not an upgrade (because of previously discussed hardware considerations). Nevertheless, for the sake of completeness, I’ll discuss every possible upgrade path next.

Upgrade Paths

If you’re considering upgrading your existing servers to Windows Server 2003, you need to know which upgrade paths are possible. These upgrade paths depend on the edition of Windows Server 2003 under consideration: Standard Edition, Enterprise Edition, Datacenter Edition, or Web Edition. Let’s look at the various upgrade paths for each edition separately.

Note that you can’t upgrade from Windows NT Server 3.51 to Windows Server 2003. Instead, you need to first upgrade from Windows NT Server 3.51 to Windows NT 4, apply Service Pack 5 or later, and then upgrade to Windows Server 2003. Of course, if anyone reading this is still running Windows NT Server 3.51 on your servers, you’ll probably want to keep running that wonderful OS for the next 50 years or so¼

Note that you can’t upgrade from Windows NT Server 4, Enterprise Edition, to Windows Server 2003, Standard Edition, only to Windows Server 2003, Enterprise Edition (or Datacenter Edition). Note also that you can also upgrade from Windows Server 2003, Standard Edition, to Windows Server 2003, Enterprise Edition.

I’ll conclude by summarizing the upgrade paths again in Table 3-3. Note that S = Standard Edition and E = Enterprise Edition. I left out Web Edition (because it requires a clean install) and Datacenter Edition (because of its specialized nature). This table omits some of the finer points just discussed.

Table 3-3: Possible Upgrade Paths to Standard and Enterprise Editions of Windows Server 2003

Current OS

S

E

Windows NT Server 3.51

Upgrade to NT 4 first

 

Windows NT Server 4

Ö

Ö

Windows NT Server 4, Terminal Edition

Ö

Ö

Windows NT Server 4, Enterprise Edition

 

Ö

Windows 2000 Server

Ö

Ö

Windows 2000 Advanced Server

 

Ö

Windows Server 2003, Standard Edition

 

Ö

Hardware Issues

This section describes various hardware issues to consider prior to installing or upgrading your system to Windows Server 2003. In addition to what’s discussed here, you should also check the release notes and other information on your Setup CD. These may include

BIOS

The first thing you should do before performing a clean install or upgrade is to make sure your system BIOS has been updated to its latest revision. This is important to ensure that installation proceeds smoothly and full support for ACPI 1.0b is provided for your machine. Visit the website for your system BIOS manufacturer for help on upgrading your flash BIOS. BIOS is used on x86-based platforms only; 64-bit Itanium platforms use an Extensible Firmware Interface instead. You can view your current system BIOS information by pressing DEL or sometimes ESC during the initial text portion of the boot process.

Drivers

Another important task to perform prior to starting your install or upgrade is to make sure you have the latest versions of device drivers from manufacturers. This is particularly important for:

Make sure you have the latest drivers on hand for all your devices, in case the Windows Update site doesn’t have them available for downloading by Dynamic Update. It’s particularly important to have copies on hand (on floppies) of any mass storage (SCSI) drivers and HAL files as these may be required to complete Setup. To use mass storage device drivers during Setup, press F6 when prompted to do so. To use a HAL file during Setup, press F5 instead when you are prompted to press F6.

Using Winmsd to Inventory Hardware

If you have non-PnP devices on your system, it’s also a good idea to do a system inventory to record configuration settings for such devices. You can use WinMSD for this purpose by typing winmsd at the command prompt. On Windows 2000 platforms, this command opens the System Information console (part of Computer Management) and allows you to save your hardware/software configuration info as a text file or Msinfo.Document (.nfo) file (the .nfo file is preferred). On Windows NT 4 platforms, this command runs Windows NT Diagnostics, which can also be started from the Administrative Tools menu and lets you either save your information to a text file or print it out directly.

Tip 

The updated version of WinMSD on Windows 2000 is really MSinfo32.exe, which is in the folder Program Files\Common Files\Microsoft Shared\MSInfo. When you type winmsd at the command line, this simply invokes a stub that executes msinfo32.exe instead. Note, however, that the folder in which msinfo32 is located is not in the default system path, so when you want to run WinMSD from a command prompt (or using Start | Run), it’s easiest to type winmsd—typing msinfo32 won’t work.

Check Event Logs

An important step to take prior to starting your upgrade is to check your System log in the Event Viewer for any hardware-related events. Look for event messages that might indicate problems with hardware devices and their drivers, and consider updating drivers or even replacing these devices before upgrading.

You might also consider checking Device Manager when upgrading Windows 2000 servers to see if you have any obvious device conflicts such as two devices sharing an IRQ or memory address setting—although, if you’ve been running your server with disabled hardware for some time, you might want to have your brain examined, too!

Checking System Compatibility

Before you upgrade a Windows NT 4 Server or Windows 2000 Server system to Windows Server 2003, it’s important to check that your current hardware configuration is supported by the Windows Server 2003. You can do this by performing a preinstallation compatibility check using the Setup CD. Simply insert the CD into your CD-ROM drive and, when the display screen comes up, select the option for Checking System Compatibility. This will test your hardware for compatibility with the new OS without actually starting the upgrade process. For example, if you try this on a machine running Windows 2000 Professional, you will receive a message that this form of upgrade (from Windows 2000 Professional to Windows Server 2003) is not supported. You can save the results of your test as a text file for later review, which is useful if the process has detected device or driver incompatibilities. Another way of running the compatibility check is from the command line: simply open a command prompt, change to the i386 folder on your CD-ROM drive, and type winnt32 /checkupgradeonly to start the process. For more information on Winnt and Winnt32 switches, see Tables 3-1 and 3-2, earlier in this chapter.

If you elect not to perform a preinstallation compatibility test, the system compatibility test is automatically performed anyway when you begin the upgrade process. Note also that different editions of Windows Server 2003 may have different support for certain hardware, so running the compatibility test using the Setup CDs for different editions may give different results. Make sure you use the correct Setup CD when testing a system for hardware compatibility!

Dynamic Update

If you have Internet connectivity on a system you plan to upgrade to Windows Server 2003, you can make use of a feature called Dynamic Update when you run Setup. Dynamic Update lets the system automatically download the latest Setup files and device drivers from the Windows Update website. Microsoft recommends using Dynamic Update whenever possible to ensure your upgrade runs smoothly and successfully. All updated drivers and files on the Windows Update site have been extensively tested, and no personal information is collected or sent to the site during the Dynamic Update process (the process does query your system concerning its configuration, but this information is not saved or sent to Microsoft).

You can even use Dynamic Update with unattended (automatic) installations of Windows Server 2003. For information on how to do this, see the Windows Server 2003 Deployment Kit from Microsoft.

Hardware Requirements

The minimum hardware requirements for running Windows Server 2003 depend on the edition selected. Table 3-4 summarizes the minimum requirements to install and run each edition, but real-word systems should comply with the stronger recommended requirements in the next section because systems meeting only minimum requirements will run too slowly for any practical use. The abbreviations used in the table are S = Standard Edition, E = Enterprise Edition, D = Datacenter Edition, and W = Web Edition. Note that the figures shown in the table are for x86-based platforms. 64-bit Itanium platforms may have different hardware requirements; consult the Microsoft website for the latest information. Note also that Datacenter Edition requires an SMP machine with a minimum of 8 CPUs (see the upcoming section “Multiprocessor Support”).

Table 3-4: Minimum Hardware Requirements for Windows Server 2003 Editions

Requirement

S

E

W

D

CPU speed

133MHz

133MHz

133MHz

400MHz

RAM

128MB

128MB

128MB

512MB

Disk space

1.5GB

1.5GB

1.5GB

1.5GB

If you are performing a network install (running Setup across a network connection to a shared distribution point) or if you are upgrading a FAT or FAT32 partition to NTFS during Setup, you should allow an additional 0.5GB of free disk space on your server.

As far as video and network card minimum requirements are concerned, VGA is supported but SVGA (800×600) is recommended. Some features of fancy video cards are not supported by Windows Server 2003—for some reason Microsoft decided that servers aren’t used for playing games, so video driver support for Windows Server 2003 is pretty minimal as far as many vendors are concerned. Check the Hardware Compatibility List (HCL) on the Windows Hardware Driver Quality (WHDQ) website at http://www.microsoft.com/hwdq/hcl/ for more info about supported video cards (also read the earlier section “Checking System Compatibility”). When in doubt, you can try installing the Windows XP driver for a video card to get better results, but this is not supported and could cause hardware instability. Note also that Terminal Services, which is installed by default on Windows Server 2003, can cause problems with higher resolution displays and features for some video cards, especially those that have TV tuners and play DVD movies. Watching TV or playing DVD movies on your server would be a bit strange, don’t you think?

I’ll talk about supported network cards later in this chapter in the section “NIC Compatibility.” As far as other fancy hardware is concerned, Microsoft has taken the stance that servers should be used as servers, and this can impact the use of certain hardware. For example, if you have a sound card installed on a machine and install Windows Server 2003, you might find that your sound doesn’t work. This is because the Windows Audio Service is disabled by default on Windows Server 2003 because, according to Microsoft, why would you want a sound card on a server anyway? A similar problem can occur when you try to use USB digital cameras with Windows Server 2003 because the Windows Imaging Service is also disabled by default. Remember Microsoft’s promise to provide Windows Server 2003 in a locked-down configuration out of the box for improved security? Still another example is that IR (infrared) is not supported by Windows Server 2003, which may cause issues for running the product on a laptop—but then why would you want to run it on a laptop? Except perhaps if you were a Microsoft spokesperson wanting to demonstrate features of the product on a TechNet Tour!

Be aware that some of the drivers for hardware support in Windows 2000 Server have been deliberately removed from Windows Server 2003, again with the idea that servers are servers and shouldn’t be used for fancy stuff like watching TV, burning CDs, scanning photos, running a multifunction printer/copier/fax machine, or synchronizing your PDA (if you want to do any of this kind of stuff, use a Windows XP machine instead!). Another reason Microsoft dropped support for many peripherals and drivers was to streamline and improve the performance of Windows Server 2003, which is hard to argue against. The key is to check the compatibility of your hardware before upgrading your all-in-one server-cum-fancy-peripheral setup to Windows Server 2003.

Tip 

You can also run Windows Server 2003 without a monitor, keyboard, or mouse on supported hardware. This kind of operation is called headless operation, and it is even possible to perform automated installs on headless servers. For more information on this new feature of Windows Server 2003, refer to the chapter on Emergency Management Services (EMS) in the Windows Server 2003 Resource Kit.

Hardware Recommendations

As mentioned previously, running Windows Server 2003 on systems that satisfy only minimum hardware requirements is not advisable for production systems. Instead, make sure that your production systems meet at least the hardware recommendations shown in Table 3-5. In most cases, you will want to exceed these hardware recommendations to ensure applications on your servers run free of bottlenecks. The best way of doing this is usually by adding more RAM—though for processor-bound applications, adding additional CPUs is another option. Note again that these figures are for x86-based systems. For hardware recommendations for Itanium systems, see Microsoft’s website.

Table 3-5: Recommended Hardware Requirements for Windows Server 2003 Editions

Recommendation

S

E

W

D

CPU speed

550MHz

733MHz

550MHz

773MHz

RAM

256MB

256MB

256MB

1GB

Disk space

1.5GB

1.5GB

1.5GB

1.5GB

Each edition also has a maximum amount of RAM it can support. These maximums are shown in Table 3-6. On certain OEM systems, it may be possible for these limits to be exceeded. Note also that the figures in Table 3-7 are for x86-based systems only; Itanium systems generally have higher limits (see Microsoft’s website for Itanium recommendations and maximum RAM). Also, if you want to install more than 4GB of RAM on a machine running Enterprise or Datacenter Edition, first make sure that your hardware platform (motherboard, chipset, BIOS, and so on) allows this by checking the HCL on the WHDQ website. Also, remember that network installs require additional free disk space, as discussed in the preceding section. It’s really a good idea to allow yourself extra free disk space (3–4GB should be sufficient) for installing Windows Server 2003. Even more free disk space may be required if you are upgrading a domain controller from Windows NT 4 Server to Windows Server 2003, due to the process of migrating accounts from the SAM database to Active Directory. Finally, the amount of free disk space you need depends on the amount of RAM you have installed, as the paging file is set by default to be 1.5 times the size of RAM. For example, if you are installing Windows Server 2003 on a system running 4GB of RAM, you should allow an additional 6GB of free disk space so Setup can complete properly!

Table 3-6: Maximum RAM for Windows Server 2003 Editions

Edition

Maximum RAM

Standard

4GB

Enterprise

32GB

Web

2GB

Datacenter

64GB

Multiprocessor Support

Different editions of Windows Server 2003 support different numbers of CPUs on symmetric multiprocessing (SMP) hardware platforms. Table 3-7 shows the SMP support for each edition of the product. Datacenter Edition can only be installed on SMP systems with a minimum of 8 CPUs.

Table 3-7: Multipro8cessor Support for Windows Server 2003 Editions

Edition

Number of CPUs

Standard

1 to 4

Enterprise

1 to 8

Web

1 or 2

Datacenter

8 to 32

Table 3-8 compares the SMP support for Windows 2000 Server editions and Windows Server 2003 editions. Note that this information applies to x86-based systems only. For information on the hardware requirements of Itanium systems, contact your OEM supplier.

Table 3-8: Maximum Number of CPUs for Windows 2000 Server and Windows .NET Server 2003 Compared

Windows 2000 Server Edition

Maximum # CPUs

Windows Server 2003 Edition

Maximum # CPUs

Server

4

Standard

4

Advanced Server

8

Enterprise

8

Datacenter Server

32

Datacenter

32

Disk Partitions

The important thing to remember is back up all your drives before modifying the partition scheme on your system! If you’re upgrading a Windows NT machine to Windows Server 2003, make sure you review your disk partitioning scheme before starting the upgrade. If your existing boot and system partitions are too small, you may not be able to perform the upgrade and may need to do a clean install instead. Also, if your existing boot and system partitions are FAT, you should consider converting them to NTFS before upgrading (see the next section, “File System”).

If you’re upgrading a Windows 2000 machine to Windows Server 2003, what you can do concerning your partition scheme depends on whether you have basic or dynamic disks. Basic disks are traditional disks, as in Windows NT, and they can be partitioned into partitions of fixed sizes (up to four partitions per disk) that can then be formatted using FAT, FAT32, or NTFS. Dynamic disks are disks that have been converted to dynamic using Disk Management, and they can be partitioned into volumes that can be formatted using NTFS and then dynamically resized without losing data. Also, to implement RAID technologies like mirroring or stripe sets in Windows 2000, you must use dynamic disks. If you want to upgrade a Windows 2000 system that has dynamic disks to Windows Server 2003, you should have no problem doing so (although you should check the Help and Support Center for certain restrictions on installing or upgrading systems with dynamic disks). However, if you want to perform a clean install of Windows Server 2003 on a drive on a Windows 2000 (or Windows XP) system that was converted directly to dynamic without any partitions created on it, you must revert the disk to basic first (back up your data!) before doing the install.

The bottom line is, if you’re upgrading, you can’t change your partition scheme during Setup (though after the upgrade is complete you can modify your partition scheme using Disk Management). If you’re performing a clean install, however, Setup gives you the option of deleting existing partitions and creating new ones. This is one good reason clean installs are generally preferred over upgrades.

File System

You should use NTFS for all your drives for maximum security. The only possible reason for wanting to use a FAT drive on your server would be if you wanted to support multibooting to some earlier operating system like Windows 98 or Me—but this is a pretty silly option for a production machine on a business network, so I won’t even discuss it here. You should use NTFS for all partitions on clean installations and convert all FAT or FAT32 partitions to NTFS prior to, after, or during upgrading (to convert from FAT to NFTS you can use the convert tool from the command line). Better yet, back up FAT/FAT32 partitions, reformat as NTFS, and restore the data to avoid the degree of fragmentation that occurs when converting partitions from FAT/FAT32 to NFTS.

Note 

The Web Edition of Windows Server 2003 only supports NTFS volumes.

Security Alert! 

Some Itanium systems require a small FAT partition of around 100MB to enable the operating system to be loaded—don’t delete this partition!

RAID

As shown in Table 3-9, both Windows NT Server 4 and Windows 2000 Server support various fault-tolerant disk technologies based on RAID technologies. Different names are used for these technologies on the two platforms, and implementing RAID on Windows 2000 requires that basic disks first be converted to dynamic disks. In addition to the RAID levels listed in Table 3-9, Windows NT also supports volume sets (called spanned volumes in Windows 2000), a technology that lets you combine multiple free areas on different disks together into a single logical volume.

Table 3-9: RAID Levels for Windows NT and Windows 2000

RAID level

Windows NT

Windows 2000

0

Stripe set

Striped volume

1

Mirror set

Mirrored volume

5

Stripe set with parity

RAID-5 volume

If you plan to upgrade a Windows NT 4 server that has a stripe set, mirror set, or stripe set with parity to Windows Server 2003, you need to perform some preliminary steps before running Setup, specifically,

Of course, before you perform any of these actions, make sure you perform a backup so that none of your data will be lost!

Tip 

If you neglect these steps and upgrade anyway, your mirror sets, volume sets, stripe sets, and stripe sets with parity created under Windows NT will be inaccessible under Windows Server 2003. If you open Disk Management to try to view these volumes, they will show up as Failed volumes that have drive letters but cannot be accessed by the file system. All is not lost, however—there is a command-line utility called Ftonline in the \Support\Tools folder on the product CD that may let you recover the data on these failed volumes and back it up to good volumes. Once you’ve recovered the data, delete the failed volumes in Disk Management, convert your drives to dynamic disks, and create new fault-tolerant volumes as desired.

Compressed Drives

Don’t install Windows Server 2003 on a compressed drive unless it was compressed using the compression feature of NTFS. For example, if you have a system whose drive was compressed using DriveSpace or DoubleSpace (legacy MS-DOS and Windows 9x compression technologies), uncompress it using these tools first before running Setup for Windows Server 2003.

Clustering

Upgrading a cluster running Windows NT 4 Server, Enterprise Edition, or Windows 2000 Advanced Server to Windows Server 2003, Enterprise Edition, is a complex procedure and beyond the scope of this book. See the Setup text files in the \Docs folder on your product CD for more information on how to perform these actions.

UPS

If you have a UPS device connected to your server, make sure you physically disconnect it before starting the upgrade process. The reason for this is that Setup checks for devices connected to serial ports, and a connection UPS device can cause problems with the hardware-detection process.

Backups

In addition to anticipating the various hardware issues just discussed, it’s important to back up your data prior to starting an upgrade. What data you actually back up depends on your drive configuration and server’s role, but at the very least you should perform a complete backup of the following:

Often the system and boot partitions may be the same partition (usually the C: drive). System State information consists of the Registry, system boot files, any files under Windows File Protection, COM+ Class Registration database, and performance counter configuration information; and for domain controllers, also Active Directory, SYSVOL, and the DNS database.

You should regularly perform a full backup of these items along with any other important data, either to tape or to a network file server. Burn yourself a CD copy also. Be prepared!

Security Alert! 

New to Windows Server 2003 is Automated System Recovery, an advanced feature of the Backup administrative tool that lets you periodically make a complete backup of all data necessary to quickly restore your boot and system partitions in the event of catastrophic hard disk failure.

Network

You should consider a few planning issues related to network connectivity before beginning your deployment of Windows Server 2003, to ensure your clean install or upgrade goes successfully.

NIC Compatibility

A major consideration if you are planning to upgrade an older system to Windows Server 2003 is that Microsoft has removed support for many older network interface cards (NICs) in Windows Server 2003, especially in Enterprise Edition, which has stricter hardware requirements and less legacy hardware support than other editions of Windows Server 2003—so don’t expect that old NE2000-compatible NIC to work! In fact, support for many for 10Mbps Ethernet cards has been removed from this platform, probably because most servers today have 100 Mbps or 1 Gbps connections to network backbones. Again, make sure you run the System Compatibility Check from your product CD prior to upgrading to ensure older hardware will support Windows Server 2003.

Internet Connectivity

As discussed earlier in the section “Checking System Compatibility,” it’s a good idea to have live Internet connectivity for your server when upgrading from Windows NT or Windows 2000 to Windows Server 2003. This allows Setup to automatically connect to the Windows Update website and use Dynamic Update to download new Setup files or updated devices drivers for your hardware. This may not be an option in some enterprise environments, however, because corporate firewalls may prevent such connections—Windows Update may not be desirable from a security or management perspective. To satisfy the needs of its corporate customers for something more manageable than traditional Windows Update, Microsoft originally developed a Corporate version of Windows Update for Windows 2000 that allowed IT admins to manage the downloading of updates and patches and how they were applied to servers on the company’s network. This system has now been retired, and Microsoft has replaced it with the Microsoft Software Update Service (SUS), which simplifies the process of keeping your Windows-based computers up-to-date. Using SUS, administrators can quickly and reliably deploy software patches and updates to machines running Windows 2000 Server or Professional, Windows XP Professional, and Windows Server 2003.

The way it works is that you install an SUS server on your network, and this server automatically downloads critical updates from Microsoft and informs the administrator of their presence. The administrator can then test the updates by installing them manually on selected machines and can then schedule when these updates will be applied and to which machines. Updates are sent from the SUS server to machines on the network using HTTP at the scheduled time, and the whole process is managed by a web-based administration tool on the SUS server. For more information about SUS, see http://www.microsoft.com/windows2000/windowsupdate/sus/ on Microsoft’s website.

Choosing a Computer Name

When performing a new installation, you need to specify a computer name for your system. Computer names must be unique within a domain or workgroup, so make sure you choose a different name for each computer on your network. Setup will suggest a name for your computer, but these randomly specified names are hard to remember and go against the whole idea of computer names in the first place—friendly alphanumeric names that are easier to remember than cryptic IP addresses. The maximum length you can specify for a computer name is 63 bytes, but you should generally restrict computer names to 15 bytes or less because legacy systems running Windows NT or earlier versions of Windows can only recognize the first 15 bytes of computer names (if you gave your new Windows Server the name REALLYSUPERNEWMACHINE, legacy Windows clients on your network would see it as REALLYSUPERNEWM instead).

Most large companies have devised special rules for naming their computers. For example, a computer in the Marketing Department might have the name MK12, indicating machine number 12 in that department. Another approach is to use the geographical location in the computer name—for example, BLDG5FL4NUM166 would be machine number 166 on the fourth floor of Building 5. Sometimes large companies append the vendor serial number to the name of each computer to simplify their asset management; for example, DESK11924235S35 might be the name for a desktop computer with the serial number 11924235S35. The idea behind friendly names is not just to make them easier to remember, but more functional than IP addresses, which if assigned by a DHCP server are nonpermanent and can change with time.

Tip 

Try to use only DNS-standard characters in your computer name, that is, letters A–Z (case doesn’t matter), digits 0–9, and the dash (-) character. Note that you cannot use only numbers for a computer name.

IP Addressing

Servers should generally have static IP addresses, but you can also create DHCP reservations to ensure they receive a specific IP address from a DHCP server. The method you use depends on how many servers you have to manage on your network. IIS machines may need several IP addresses assigned to them if they are hosting multiple websites for different departments or companies, so make sure you plan your addressing scheme well before deploying your web servers.

Tip 

If you choose to assign an IP address to your machine using DHCP but there is no DHCP server available on the network during Setup (or if network communications fail and prevent your machine from contacting the DHCP server), your server will automatically assign itself a randomly chosen IP address from the range 169.254.0.1 through 169.254.255.254 using the Automatic Private IP Addressing (APIPA) feature of Windows Server 2003. If this is the case, you will be unable to communicate with your machine over the network after Setup is complete. To check if this is what happened, open a command prompt on the machine and type ipconfig, and see if APIPA assigned an address from the range above. Once the DHCP server can be contacted, type ipconfig /release to release the address assigned by APIPA and ipconfig /renew to obtain a proper address from the DHCP server.

Role

Another network-related issue is planning the role you will assign to your new server. After installing Windows Server 2003 and logging on for the first time, you are presented with the Manager, Your Server screen, which lets you add new roles to your server and manage existing ones. Possible roles include

Adding the web application role to your server allows you to install IIS on your machine, something we’ll discuss further in this chapter in the section “Installing IIS.”

Security

Planning for security is another important part of the deployment planning process. The following sections deal briefly with security issues related to Windows Server 2003 in general—security issues related specifically to IIS 6 will be covered in a later chapter of this book.

Administrator Password

During a clean install, you’ll be prompted to specify a password for the default Administrator account on the machine. If you choose a password with too few characters, you’ll be prompted to enter a more complex one. Strong passwords should have at least 7 characters and contain a mixture of upper- and lowercase letters, numbers, and special symbols like * or $. Of course, if you make a password too complex, you may have to write it down to remember it—just don’t put it on a sticky note under your keyboard! In Windows Server 2003, passwords can be up to 127 characters long. A good way of creating a complex password that’s easy to remember is to use the first letter of each word in a line from a song and append a string of numbers to the end, for example, the line “Winter, spring, summer, or fall, all you have to do is call” (from Carole King’s “You’ve Got a Friend”) would give a password like WssfAyhtdic4321. Mind you, you might want to choose a more obscure song to create your password!

Security Alert! 

You can further secure your Administrator account by renaming it. You should rename the Guest account also, and leave it disabled. You can rename these accounts manually or use Group Policy; see article Q320053 in the Knowledge Base on the Microsoft Product Support Services (PSS) site at http://support.microsoft.com for more details.

Physical Security

It’s important to ensure that your servers are physically secure during clean installs or upgrades because they can be vulnerable to attack during the Setup process. For example, an unsupervised install could allow a malicious user to interrupt the text-mode portion of Setup and copy files to the server or perform some other action. One way of preventing this is to do all server installs in a “clean room” that only administrators can access, and then move servers to their proper network locations afterward. This may not be feasible in an enterprise environment, but security should always be on your mind when deploying new systems or upgrading existing ones.

Licensing

Licensing is another planning issue to consider when upgrading to or installing Windows Server 2003. The two licensing modes supported by this platform are

Licensing is a complex issue. In most cases, you won’t only be deploying IIS 6 web servers, you’ll also be migrating large parts of your network to Windows Server 2003, so you’ll need to plan your licensing strategy well prior to starting your deployment. Each Windows Server 2003 machine on your network requires a server license. In addition, each client that needs authenticated access to your servers or access to Windows Server 2003 services running on your servers needs a CAL. Authenticated users are users who either use Windows Server 2003 authentication methods or whose credentials are stored in Active Directory. If your users need to be authenticated by websites running on IIS 6, then you have two possible ways of licensing them to do so (licensing policies change frequently, so check this information on Microsoft’s licensing site at www.microsoft.com/licensing to be sure). These two methods are to do one of the following:

If your IIS 6 websites are only going to be accessed by anonymous users (no Windows Server 2003 authentication), then no licenses are required. Anonymous access is often used for public Internet websites, but authenticated access is usually required for internal (intranet) sites, so the type of IIS deployment you are planning determines whether you need additional licenses or not. If you do need authentication for an external website, you may be able to save money by reducing your licensing costs and using a third-party authentication tool or having authentication performed by a UNIX or Linux machine instead of using Active Directory and Windows Server 2003 authentication methods.

Large companies generally have special agreements called volume licensing that save them money over small companies that buy additional licenses separate from their product CDs, but a full discussion of volume licensing options is beyond the scope of this book. For further information on licensing Microsoft products, contact your VAR or see www.microsoft.com/licensing for details. Whatever you do, make sure you’re properly licensed, or you might find law enforcement officials at your company’s door some day!

Windows Product Activation

If you installed or upgraded to Windows Server 2003 using commercially purchased individual media (product CD), you must activate your software after installing it. Microsoft included Windows Product Activation (WPA) in Windows Server 2003 to thwart the ever-increasing software piracy occurring in the industry. Despite the inconvenience of using it, I support them in their efforts—it’s not about Microsoft getting richer, it’s about being legal and protecting a whole software industry from rampant piracy, something that affects our whole economy and ultimately our jobs as IT professionals.

When Setup is finished and you log on to your machine, you will be prompted to activate immediately. If you have a live Internet connection, this is a simple process that takes only a few seconds, and no personal information is sent to Microsoft (product activation is secure and uses SSL for communicating between your machine and Microsoft’s secure WPA servers). When you activate Windows, your product key is associated with a random hash of the specific hardware configuration you’ve installed Windows on (activation ignores other software you may have installed on your machine— the process is not snooping to discover pirated software on your system, it’s just ensuring that you use your Windows Server 2003 product CD on only a single system as the EULA requires). After activating your system, if you then try to install the same copy of Windows (using the same product CD) on a different system, you won’t be allowed to activate it, because Microsoft keeps a database of associations between customer product keys and activated systems. Similarly, if someone steals your product CD (or you burn a copy for a friend), they won’t be able to activate it after installing it. Microsoft keeps a random one-way hash (not the raw information) of your hardware configuration along with your product key on its WPA servers. Microsoft does not keep a record of your computer’s hardware configuration on the servers—they don’t know what hardware you’re using, and they don’t care. They’re not snooping, they just want to enforce your product’s EULA, which essentially says, “You buy one copy of the product, you can install it on one machine.” For more information about what WPA is and what it isn’t, see http://www.microsoft.com/piracy/basics/activation/ on Microsoft’s website.

If you don’t have a live Internet connection, you can also activate by telephoning Microsoft and following the steps displayed on your screen. If you choose not to activate immediately after Setup, you have a grace period (30 days) in which you can choose to activate. Once this period expires, you can still log on but you will only be able to use the Active Windows Wizard.

If you change your hardware configuration significantly, you may be required to reactivate your system to prove to Microsoft that you haven’t gone and installed Windows on another system. Reactivation is only required when multiple significant changes have been made simultaneously to your hardware, and it’s usually done by phone. This is the only potential hassle with product activation, and it’s one of the main reasons people griped about activation when Microsoft first introduced it: when you have accumulated a certain number of product changes within a given time period, you are required to phone Microsoft to reactivate. These changes are counted different ways depending on what kind of hardware you are adding or replacing. For example, changing a video card once counts as a change, but changing it a second time doesn’t. Replacing a hard drive counts as a change, but adding an additional drive doesn’t. And adding RAM counts as a change, but adding more RAM doesn’t. If you reach a certain number of changes within the 120-day period after you install or upgrade your system to Windows Server 2003, you have to reactivate. If you haven’t reached the limit after 120 days, your system baseline is reset to its new hardware configuration and you start with zero changes again.

Tip 

If you make a major change like upgrading the motherboard of your machine and find you have to reactivate Windows but can’t do so, it may be that your BIOS clock is set incorrectly. If this is the case, set the clock, reboot, and try reactivating again.

Volume Licensing

Volume licensing customers, that is, enterprise customers who purchase large numbers of licenses directly from Microsoft or through their VAR, don’t have the hassles of product activation that smaller customers buying individual CD media have. Also, special customers like MSDN subscribers and Microsoft-approved educational institutions also may have different activation requirements.

Note 

Product activation is not the same as product registration, which is an optional post-installation procedure for providing Microsoft with personal and contact information that enables them to send you product updates and special offers.

Категории