windows 2008 server manger

AIDAN FINN 14/01/2008

Windows 2008 Server Manger Using Server Manager To Configure Your Server

Abstract

Using Server Manager to manage your Windows Server 2008 servers.

Windows 2008 Server Manger 2

Copyright Aidan Finn 2008

http://joeelway.spaces.live.com/ [email protected]

Table of Contents

Table of Contents ................................................................................................................................................................. 2

Introduction ........................................................................................................................................................................... 3

Server Configuration ........................................................................................................................................................... 7

Roles and Features .......................................................................................................................................................... 8

The Rest of Server Manager ....................................................................................................................................... 49

Summary ............................................................................................................................................................................... 60




Introduction

Windows Server 2008 brings about many changes for administrators to get used to. One of these is

Server Manager. Server Manager is exactly what it says on the tin: it allows administrators to

configure, monitor and manage their server. We’re going to look at two aspects of Server Manger.

The most important aspect is that of Roles and Features. This allows us to add or remove

functionality on our Windows 2008 servers. I’ll describe how we can manage Roles and Feature

using the MMC console and by using the command line utility SERVERMANAGERCME.EXE. We’ll then

wrap up the document by briefly looking at the tools that are integrated into Server Manger.

One of the first things you notice when you first install Windows Server 2008 is that it is locked

down. In fact, it doesn’t do very much because it has almost no functionality. You configure your

password, login and if you’re like me you’ve skipped past all those annoying windows that

automatically open to get in under the covers to see how this thing ticks. I wanted to add those

components that I’m used to playing with in work and in labs. That’s when I originally noticed that

things were different … very different. Change isn’t necessarily a bad thing. Once you start trying

things out you soon understand what is going on and why Microsoft has designed it the way they

have.

A brief recap on what Microsoft has been doing in previous versions of Windows Server will give us a

clue of what is happening. Firstly, Microsoft has been trying to develop a single tool approach to

managing our servers. They’ve tried to get us to see servers as having specific functions that would

be installed in a modular manner. We were given tools to do this but other than knowing about them

for MCP exams we had little use for them. It was just quicker for us to get into Control Panel and

install what we wanted plus we had 100% control over the process. The other thing that Microsoft

has recently being aiming towards was the locked down initial installation that we had to add

functionality to as and when we required it. Windows Server 2003 edged slowly towards this.

Windows Server 2008 has firmly achieved this.

So our new server is sitting there and it doesn’t do very much. We’ve closed all those pesky windows

that automatically opened when we logged in. We’ve gone into Control Panel to try change things

and noticed that … well … we don’t know how to do it. Well, one of those pesky windows that did

open automatically was Server Manager, a new tool that Microsoft has added to allow us to

add/remove functionality to our server, monitor its performance, health and status and to manage it

and other servers. So if you were patient, go back to the Server Manager window. And if you are like

me, we’ll need to launch it again.

So, enough talk! Let’s get a look at Server Manager. Like I said, it does open automatically when you

log in. This functionality is controlled by the registry value “DoNotOpenServerManagerAtLogon” in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Server Manager.

Value = 0 The window will open automatically. This is the default setting. Value = 1 The window will not open automatically.




I’m thinking that people who are constantly logging into servers will want to take note of that setting

and probably want to apply it to every server they manage. Having Server Manager always open

automatically could get a little annoying even if it is a legitimately important tool.

We’ve got a few ways to manually launch Server Manager. Firstly, it is pinned to the Start Menu so it

is always easy to find.

Secondly, it is in Administrative Tools:




Thirdly, go into “Programs and Features” in Control Panel where you can click on “Turn Windows

features on or off” to launch Server Manager.




Using one of those methods you should have been able to get Server Manager to open.

Command line junkies should not fret at all this talk of GUI’s and windows. Microsoft has hooked you

up. One of their big plans has been to make every thing you can do in the GUI possible from




command line. This is important for scripted customizations which are common using off the shelf

server cloning solutions. You’ll also find you can do some of these setup tasks faster using command

line options. We’ll see this as we progress through the document. We can do everything from

command line that we can do with the Server Manager GUI using the SERVERMANAGERCMD.EXE

command. We’ll be looking at the syntax of that command as we go through the functionality of

Server Manager.

Server Configuration

Under Server Summary we can see that we have some general configurations that we can manage.

We have the following under Computer Information

Item Where? Computer Name Change System Properties Workgroup/Domain membership Change System Properties Local Area Connection View Network Connections Remote Desktop Configure Remote Desktop

If you’ve done a manual installation then you are likely to use these settings to customise your

server:

Rename the server;

Add it to a domain of your choosing;

Configure the IP settings and

Enable Remote Desktop for administrators so that you can remotely manage your server.

We can use the settings under Security Information to manage the security configuration of the

server:

Item Where? Windows Firewall Go to Windows Firewall Windows Updates Configure Updates Last Checked for Updates Configure Updates Last Installed Updates Configure Updates IE Enhanced Security Configuration Configure IE ESC

After you’ve configured the naming, membership and IP settings for the server you will likely

configure the security settings, e.g. allow remote access to local services, configure automatic updates

and configure Internet Explorer. In addition, you may also run the Security Configuration Wizard to

apply your security hardening policies on the server.

It is possible that you will need to run each of these security configuration tools on each server in a

small network. But any network with a well designed and implemented Active Directory should

configure these settings automatically using Group Policy once the server is a member of a domain

and located in the correct organisational unit.




Roles and Features

As I’ve already mentioned, our new Windows 2008 server doesn’t do very much. We’re likely going

to want to add functionality so that we can use it as a file server, domain controller, web server, etc.

Each of these can be described as a role. Microsoft defines a role as a “primary function”, i.e. some

sort of function that can be used to uniquely identify a server. The complete listing of roles available

for a Windows 2008 server is as follows:

Role Description Active Directory Certificate Server Provide a Certificate Authority for a Public Key

Infrastructure. Active Directory Domain Services To build a domain controller. Active Directory Federation Services To allow single sign-on for inter directory

applications. Active Directory Lightweight Directory Services

To run Active Directory Application Mode.

Active Directory Rights Management Services Provide document level access rights and encryption.

Application Server .NET 3 and Windows Process Activation Service. DHCP Server Dynamic Host Configuration Protocol Server DNS Server Domain Name System Server Fax Server Send and receive faxes File Server Folder sharing, UNIX integration and file

replication. Network Policy and Access Services Control access to the network using policies. Print Services Manage and share printers. Terminal Services Provide server based computing services to full

or thin clients. UDDI Services Universal Description, Discovery and Integration

services. Web Server IIS 7. Windows Deployment Services An image based operating system deployment

service. Windows SharePoint Services WSS3 is the engine for Microsoft’s collaboration

services.

Looking at that list you’re probably thinking “Hey! That’s not all that different to what I used to see in

Control Panel. I thought you said Windows 2008 was stripped down when it’s initially installed”. OK.

Let’s have a look at features. Features are much more granular components of the operating system.

Rather than changing the major function of a server, they add smaller amounts of functionality that

can assist a role. Microsoft has described them as providing “auxiliary or providing functions to

servers”. The complete listing of features is below:

Role Description .NET Framework 3.0 Features Version 3.0 of the API framework used by

developers.




BitLocker Drive Encryption Adds the ability to secure drives and their contents by encrypting them.

BITS Server Extensions Optimise available bandwidth during bulk transfer of data to client computers.

Connection Manager Administration Kit Create profiles to automate the creation of connections for VPN’s or ISP’s on client computers.

Desktop Experience Adds some functionality from Windows Vista such as photo management, themes and Media Player.

Failover Clustering Provide active/passive clustering of applications. Group Policy Management The GPMC is used to manage group policy. Internet Printing Client Allows clients to print using printers on the

network or internet using the Internet Printing Protocol.

Internet Storage Name Server Provides a discovery service for available storage that is hosted by iSCSI devices.

LPR Port Monitor Line print Remote Port Monitor allows the server to use printers on servers that use Line Printer Daemon, e.g. UNIX.

Message Queuing A service used by applications to messages or jobs to a collection of application servers.

Multipath I/O MPIO allows support of redundant data paths between the server and storage devices.

Network Load Balancing Allows servers to share client loads for applications and to converge if one server fails.

Peer Name Resolution Protocol Allows applications to register names on the computer so that they can be contacted by other computers.

Quality Windows Audio Video Experience Provides audio and video streaming for IP home networks.

Remote Assistance Allows a remote user to provide interactive assistance to a local user.

Remote Differential Compression A protocol that optimises data transfer by only transferring the differences between two objects.

Remote Server Administration Tools Administration tools for managing server roles and features.

Removable Storage Manager Manage and catalog media and storage/backup devices.

RPC over HTTP Proxy Allows RPC to be encapsulated in HTTP from a client computer and relays the RPC connection to an application server.

Simple TCP/IP Services Provides some backwards compatibility services such as “Quote of the Day”.

SMTP Server Simple Mail Transfer Protocol is a mail transfer service.

SNMP Services Simple Network Management Protocol is used for many server monitoring applications.

Storage Manager for SANS Create and manage volumes on Fibre Channel and iSCSI SAN’s that support Virtual Disk Service.




Be sure to check with your vendor before installing or using this.

Subsystem for UNIX-Based Applications Compile and run UNIX-based applications. Telnet Client Connect to remote computers via Telnet. Telnet Server Allow remote computers to connect to this

server via Telnet. TFTP Client Connect to a remote Trivial File Transfer

Protocol server. Windows Internal Database A relational database that is used by other

Windows roles and features. Windows PowerShell The new Windows scripting engine. Windows Process Activation Service Manages application pools and worker processes

in IIS7. Allows you to host non-HTTP sites. Windows Recovery Disc Provides system recovery in the event of a

failure. Windows Server Backup Features Backup/recover your server, applications and

data. Windows System Resource Manager Manage how CPU and memory resources are

allocated to processes. WINS Server Provide NetBIOS name resolution services using

Windows Internet Naming Service. Wireless LAN Service Manages Wi-Fi connections and profiles to

connect the server to a wireless network.

As you can see, you may wish to add certain roles to a server and then add some features to add

additional functionality without changing the actual purpose of the server. This is possible by adding

some of these features.

Adding a Role Using the Server Manager MMC This will probably be the next thing you will do after performing your initial configurations such as

naming and security. That’s where we stop next.

Fire up Server Manager and scroll down to “Roles”.




Under the summary we can see that we have 0 of the 17 available roles installed. I want to install a

web server that will have IIS7 and .NET 3.0 functionality. I know from the above listing that this

includes 2 roles. To start installing them I’ll click on <Add Roles>.




We get the little splash screen that gives us some warnings about configuring passwords, network

settings and applying security updates. Pay attention to this. Some of the roles you will install will

require a static IP address, e.g. DNS, DHCP, etc.

You can choose not to see this screen again by ticking the “Skip this page by default” tick box. Click

on <Next> to continue.

We are now presented with a full listing of the available roles. Tick those ones that you wish to

select. The first one I selected was “Web Server (IIS)”.

Now we get to see some of the clever engineering that Microsoft has done. Server Manager knows

that if I install the Web Server role then I will require some additional features. Without these

features I cannot have a functioning web server. This is possible because Microsoft has modelled all

the features and roles and how they are related.




Clicking on <Cancel> will cancel my selection of the Web Server role. I’ve clicked on <Add Required

Features> to confirm that I want these additional features. The wizard can now go ahead with the

selection of the Web Server role.

The role is now selected. I now proceed with selecting my next role, Application Server.

Role and feature modelling kicks in once again. The displayed features are displayed and I confirm

my approval by clicking on <Add Required Features>.




Both of my required roles are now selected. Clicking on <Next> will continue the wizard.

We get an introduction to the Application Server role. Click on <Next> to continue.




The “Role Service” screen allows us to install the sub components of a role. We can add additional

services to add functionality to this role. This is the default screen for Application Server. I’ve

decided that I need to add “Web Server (IIS) Support”

I’m now warned that my new selection of a role service requires additional role services, including

those in other roles, to be installed. Only by clicking on <Add Required Role Services” can this new

role selection be allowed.




-

Notice how my new role service selection is selected? Also note that an additional role service was

selected to be installed because of this selection and the previous approval. This is role and feature

modelling in action. Basically, it allows us to perform a minimal installation and lets Windows decide

for us what components need to be installed. We just have to start with our high level requirements.




I’m now finished selecting role services for the Application Server role and now move onto the Web

Server role.




As we can see, there’s a whole lot more involved in web servers! I’m actually going to stick with the

default selections. What’s there meets my requirements and I can see that I’ve got ASP.NET

functionality installed and enabled.

Clicking on <Next> brings me to this summary screen. You should double check everything and then

select <Install> to continue with the installation. You can backtrack through the wizard to alter your

selections by clicking on <Previous>. And you can cancel the installation of your roles by clicking on

<Cancel>.

I clicked on <Next> and the installation started.




As we can see, I was a naughty boy and didn’t have my Automatic Updates configured. That gave me

a warning but my selected roles were successfully installed.

Note that now that I have installed additional functionality to the server I should most definitely

make sure that the server has all security updates installed. New functionality on the server means

that the attack surface has been increased with un-patched components. These components may

have published vulnerabilities that require additional patching. Only by forcing an update will you be

sure that your newly modified server is secure.




I closed the wizard and then I’m brought back to Server Manager. We can see that we now have 2 of

27 roles installed. And we also see that 3 of 36 features are installed. We now have a functioning

web server with .NET 3.0 functionality with a minimal attack surface to meet my technical and

business requirements.

Adding a Role Using the Server Manager Command OK, we’ve had a look at using the MMC to add a role. Let’s throw a bone to our friends who prefer the

command line interface. Now don’t go skipping to the next part of the document if command line

isn’t your thing! I promise you won’t regret reading and working through this section.

I’m starting off with another new server so we can repeat the above steps of installing a web and

application server. Start off by running Command Prompt or CMD.EXE. Then run

SERVERMANAGERCMD.EXE. This will give you a listing of the syntax for this command. As you will

see, there’s lots that we can do!

We should start off by checking what roles and features are already installed. I know this server has

nothing installed but this is good practice anyway. You can do this by running the

SERVERMANAGERCMD –QUERY command. We can see the results below.

C:\Users\Administrator>ServerManagerCmd.exe -query ..................................................




----- Roles ----- [ ] Active Directory Certificate Services [AD-Certificate] [ ] Certification Authority [ADCS-Cert-Authority] [ ] Certification Authority Web Enrollment [ADCS-Web-Enrollment] [ ] Online Responder [ADCS-Online-Cert] [ ] Network Device Enrollment Service [ADCS-Device-Enrollment] [ ] Active Directory Domain Services [ ] Active Directory Domain Controller [ADDS-Domain-Controller] [ ] Identity Management for UNIX [ADDS-Identity-Mgmt] [ ] Server for Network Information Services [ADDS-NIS] [ ] Password Synchronization [ADDS-Password-Sync] [ ] Administration Tools [ADDS-IDMU-Tools] [ ] Active Directory Federation Services [ ] Federation Service [ADFS-Federation] [ ] Federation Service Proxy [ADFS-Proxy] [ ] AD FS Web Agents [ADFS-Web-Agents] [ ] Claims-aware Agent [ADFS-Claims] [ ] Windows Token-based Agent [ADFS-Windows-Token] [ ] Active Directory Lightweight Directory Services [ADLDS] [ ] Active Directory Rights Management Services [ ] Active Directory Rights Management Server [ ] Identity Federation Support [ ] Application Server [Application-Server] [ ] Application Server Foundation [AS-AppServer-Foundation] [ ] Web Server (IIS) Support [AS-Web-Support] [ ] COM+ Network Access [AS-Ent-Services] [ ] TCP Port Sharing [AS-TCP-Port-Sharing] [ ] Windows Process Activation Service Support [AS-WAS-Support] [ ] HTTP Activation [AS-HTTP-Activation] [ ] Message Queuing Activation [AS-MSMQ-Activation] [ ] TCP Activation [AS-TCP-Activation] [ ] Named Pipes Activation [AS-Named-Pipes] [ ] Distributed Transactions [AS-Dist-Transaction] [ ] Incoming Remote Transactions [AS-Incoming-Trans] [ ] Outgoing Remote Transactions [AS-Outgoing-Trans] [ ] WS-Atomic Transactions [AS-WS-Atomic] [ ] DHCP Server [DHCP] [ ] DNS Server [DNS] [ ] Fax Server [Fax] [ ] File Services [ ] File Server [FS-FileServer] [ ] Distributed File System [FS-DFS] [ ] DFS Namespaces [FS-DFS-Namespace] [ ] DFS Replication [FS-DFS-Replication] [ ] File Server Resource Manager [FS-Resource-Manager] [ ] Services for Network File System [FS-NFS-Services] [ ] Windows Search Service [FS-Search-Service] [ ] Windows Server 2003 File Services [FS-Win2003-Services] [ ] File Replication Service [FS-Replication] [ ] Indexing Service [FS-Indexing-Service] [ ] Network Policy and Access Services [NPAS]




[ ] Network Policy Server [NPAS-Policy-Server] [ ] Routing and Remote Access Services [NPAS-RRAS-Services] [ ] Remote Access Service [NPAS-RRAS] [ ] Routing [NPAS-Routing] [ ] Health Registration Authority [NPAS-Health] [ ] Host Credential Authorization Protocol [NPAS-Host-Cred] [ ] Print Services [Print-Services] [ ] Print Server [Print-Server] [ ] LPD Service [Print-LPD-Service] [ ] Internet Printing [Print-Internet] [ ] Terminal Services [Terminal-Services] [ ] Terminal Server [TS-Terminal-Server] [ ] TS Licensing [TS-Licensing] [ ] TS Session Broker [TS-Session-Broker] [ ] TS Gateway [TS-Gateway] [ ] TS Web Access [TS-Web-Access] [ ] UDDI Services [ ] UDDI Services Database [ ] UDDI Services Web Application [ ] Web Server (IIS) [Web-Server] [ ] Web Server [Web-WebServer] [ ] Common HTTP Features [Web-Common-Http] [ ] Static Content [Web-Static-Content] [ ] Default Document [Web-Default-Doc] [ ] Directory Browsing [Web-Dir-Browsing] [ ] HTTP Errors [Web-Http-Errors] [ ] HTTP Redirection [Web-Http-Redirect] [ ] Application Development [Web-App-Dev] [ ] ASP.NET [Web-Asp-Net] [ ] .NET Extensibility [Web-Net-Ext] [ ] ASP [Web-ASP] [ ] CGI [Web-CGI] [ ] ISAPI Extensions [Web-ISAPI-Ext] [ ] ISAPI Filters [Web-ISAPI-Filter] [ ] Server Side Includes [Web-Includes] [ ] Health and Diagnostics [Web-Health] [ ] HTTP Logging [Web-Http-Logging] [ ] Logging Tools [Web-Log-Libraries] [ ] Request Monitor [Web-Request-Monitor] [ ] Tracing [Web-Http-Tracing] [ ] Custom Logging [Web-Custom-Logging] [ ] ODBC Logging [Web-ODBC-Logging] [ ] Security [Web-Security] [ ] Basic Authentication [Web-Basic-Auth] [ ] Windows Authentication [Web-Windows-Auth] [ ] Digest Authentication [Web-Digest-Auth] [ ] Client Certificate Mapping Authentication [Web-Client-Auth] [ ] IIS Client Certificate Mapping Authentication [Web-Cert-Auth] [ ] URL Authorization [Web-Url-Auth] [ ] Request Filtering [Web-Filtering] [ ] IP and Domain Restrictions [Web-IP-Security] [ ] Performance [Web-Performance]




[ ] Static Content Compression [Web-Stat-Compression] [ ] Dynamic Content Compression [Web-Dyn-Compression] [ ] Management Tools [Web-Mgmt-Tools] [ ] IIS Management Console [Web-Mgmt-Console] [ ] IIS Management Scripts and Tools [Web-Scripting-Tools] [ ] Management Service [Web-Mgmt-Service] [ ] IIS 6 Management Compatibility [Web-Mgmt-Compat] [ ] IIS 6 Metabase Compatibility [Web-Metabase] [ ] IIS 6 WMI Compatibility [Web-WMI] [ ] IIS 6 Scripting Tools [Web-Lgcy-Scripting] [ ] IIS 6 Management Console [Web-Lgcy-Mgmt-Console] [ ] FTP Publishing Service [Web-Ftp-Publishing] [ ] FTP Server [Web-Ftp-Server] [ ] FTP Management Console [Web-Ftp-Mgmt-Console] [ ] Windows Deployment Services [WDS] [ ] Deployment Server [WDS-Deployment] [ ] Transport Server [WDS-Transport] [ ] Windows SharePoint Services [Windows-SharePoint] ----- Features ----- [ ] .NET Framework 3.0 Features [NET-Framework] [ ] .NET Framework 3.0 [NET-Framework-Core] [ ] XPS Viewer [NET-XPS-Viewer] [ ] WCF Activation [NET-Win-CFAC] [ ] HTTP Activation [NET-HTTP-Activation] [ ] Non-HTTP Activation [NET-Non-HTTP-Activ] [ ] BitLocker Drive Encryption [BitLocker] [ ] BITS Server Extensions [BITS] [ ] Connection Manager Administration Kit [CMAK] [ ] Desktop Experience [Desktop-Experience] [ ] Failover Clustering [Failover-Clustering] [ ] Group Policy Management [GPMC] [ ] Internet Printing Client [Internet-Print-Client] [ ] Internet Storage Name Server [ISNS] [ ] LPR Port Monitor [LPR-Port-Monitor] [ ] Message Queuing [MSMQ] [ ] Message Queuing Services [MSMQ-Services] [ ] Message Queuing Server [MSMQ-Server] [ ] Directory Service Integration [MSMQ-Directory] [ ] Message Queuing Triggers [MSMQ-Triggers] [ ] HTTP Support [MSMQ-HTTP-Support] [ ] Multicasting Support [MSMQ-Multicasting] [ ] Routing Service [MSMQ-Routing] [ ] Windows 2000 Client Support [MSMQ-Win2000] [ ] Message Queuing DCOM Proxy [MSMQ-DCOM] [ ] Multipath I/O [Multipath-IO] [ ] Network Load Balancing [NLB] [ ] Peer Name Resolution Protocol [PNRP] [ ] Quality Windows Audio Video Experience [qWave] [ ] Remote Assistance [Remote-Assistance] [ ] Remote Differential Compression [RDC]




[ ] Remote Server Administration Tools [RSAT] [ ] Role Administration Tools [RSAT-Role-Tools] [ ] Active Directory Certificate Services Tools [RSAT-ADCS] [ ] Certification Authority Tools [RSAT-ADCS-Mgmt] [ ] Online Responder Tools [RSAT-Online-Responder] [ ] Active Directory Domain Services Tools [RSAT-ADDS] [ ] Active Directory Domain Controller Tools [RSAT-ADDC] [ ] Server for NIS Tools [RSAT-SNIS] [ ] Active Directory Lightweight Directory Services Tools [RSAT-ADLDS] [ ] Active Directory Rights Management Services Tools [RSAT-RMS] [ ] DHCP Server Tools [RSAT-DHCP] [ ] DNS Server Tools [RSAT-DNS-Server] [ ] Fax Server Tools [RSAT-Fax] [ ] File Services Tools [RSAT-File-Services] [ ] Distributed File System Tools [RSAT-DFS-Mgmt-Con] [ ] File Server Resource Manager Tools [RSAT-FSRM-Mgmt] [ ] Services for Network File System Tools [RSAT-NFS-Admin] [ ] Network Policy and Access Services Tools [RSAT-NPAS] [ ] Routing and Remote Access Services Tools [RSAT-RAS] [ ] Health Registration Authority Tools [RSAT-HRA] [ ] Print Services Tools [RSAT-Print-Services] [ ] Terminal Services Tools [RSAT-TS] [ ] Terminal Server Tools [RSAT-TS-RemoteApp] [ ] TS Gateway Tools [RSAT-TS-Gateway] [ ] TS Licensing Tools [RSAT-TS-Licensing] [ ] UDDI Services Tools [RSAT-UDDI] [ ] Web Server (IIS) Tools [RSAT-Web-Server] [ ] Windows Deployment Services Tools [RSAT-WDS] [ ] Feature Administration Tools [RSAT-Feature-Tools] [ ] BitLocker Drive Encryption Tools [RSAT-BitLocker] [ ] BITS Server Extensions Tools [RSAT-Bits-Server] [ ] Failover Clustering Tools [RSAT-Clustering] [ ] Network Load Balancing Tools [RSAT-NLB] [ ] SMTP Server Tools [RSAT-SMTP] [ ] WINS Server Tools [RSAT-WINS] [ ] Removable Storage Manager [Removable-Storage] [ ] RPC over HTTP Proxy [RPC-over-HTTP-Proxy] [ ] Simple TCP/IP Services [Simple-TCPIP] [ ] SMTP Server [SMTP-Server] [ ] SNMP Services [SNMP-Services] [ ] SNMP Service [SNMP-Service] [ ] SNMP WMI Provider [SNMP-WMI-Provider] [ ] Storage Manager for SANs [Storage-Mgr-SANS] [ ] Subsystem for UNIX-based Applications [Subsystem-UNIX-Apps] [ ] Telnet Client [Telnet-Client] [ ] Telnet Server [Telnet-Server] [ ] TFTP Client [TFTP-Client] [ ] Windows Internal Database [Windows-Internal-DB] [ ] Windows PowerShell [PowerShell] [ ] Windows Process Activation Service [WAS] [ ] Process Model [WAS-Process-Model] [ ] .NET Environment [WAS-NET-Environment]




[ ] Configuration APIs [WAS-Config-APIs] [ ] Windows Recovery Disc [Recovery-Disc] [ ] Windows Server Backup Features [Backup-Features] [ ] Windows Server Backup [Backup] [ ] Command-line Tools [Backup-Tools] [ ] Windows System Resource Manager [WSRM] [ ] WINS Server [WINS-Server] [ ] Wireless LAN Service [Wireless-Networking] C:\Users\Administrator>

I’m just going to go on a quick tangent here. A lot of administrators have a requirement to document their server configurations to satisfy the needs of things like industrial regulations, security officers or internal auditors or maybe just for best practice documentation. There are a lot of tools out there that can do this, many of which will put a reasonable dent into your annual budget. So we always like to look for economical alternates. Looking at the results we just got from our Server Manager query, we’ve just listed the components of the operating system that have been installed. You can go ahead and document them by piping the results into a text file:

C:\Users\Administrator>ServerManagerCMD –query > C:\Config.txt Or maybe you could run a scheduled task and store these results on a file share?

C:\Users\Administrator>ServerManagerCMD –query > \\ITFileServer\Configs\%computername%.txt

Using this you can quickly dump the configurations of all of your Windows 2008 servers into a single documentation store that can be quickly referenced. Now we will return to our regularly scheduled programming. In the above results we can see that nothing is ticked. This confirms that no roles or features have been installed on this server. I now want to install the Web Server and Application server roles on this server. We’ll use the SERVERMANAGERCMD command again but this time with the –INSTALL parameter. I know that I want to install the Web Server (IIS) and the Application Server roles. The SERVERMANAGERCMD command will not accept roles with spaces in their names. By checking the results of the query command we can see the codes accepted by SERVERMANAGERCMD, e.g. “Web-Server” and “Application-Server”. And remember that I added an additional role service under the Application Server role? It was “Web Server (IIS) Support”. Looking at the query results I can see it’s code it “AS-Web-Support”. I’m going to add that as well to directly replicate what I did using the MMC.

C:\Users\Administrator>ServerManagerCMD -install Application-Server AS-Web-Support Web-Server .. Start Installation... [Installation] Succeeded: [Application Server] Windows Process Activation Service Support. [Installation] Succeeded: [Web Server (IIS)] Management Tools. [Installation] Succeeded: [.NET Framework 3.0 Features] WCF Activation. [Installation] Succeeded: [Web Server (IIS)] Web Server.




[Installation] Succeeded: [Web Server (IIS)] Application Development. [Installation] Succeeded: [Web Server (IIS)] Security. [Installation] Succeeded: [Web Server (IIS)] Performance. [Installation] Succeeded: [Web Server (IIS)] Common HTTP Features. [Installation] Succeeded: [Web Server (IIS)] Health and Diagnostics. [Installation] Succeeded: [Windows Process Activation Service] Configuration API s. [Installation] Succeeded: [.NET Framework 3.0 Features] .NET Framework 3.0. [Installation] Succeeded: [Windows Process Activation Service] .NET Environment. [Installation] Succeeded: [Windows Process Activation Service] Process Model. [Installation] Succeeded: [Web Server (IIS)] IIS Management Scripts and Tools. [Installation] Succeeded: [Web Server (IIS)] IIS Management Console. [Installation] Succeeded: [Web Server (IIS)] Static Content Compression. [Installation] Succeeded: [Web Server (IIS)] Digest Authentication. [Installation] Succeeded: [Web Server (IIS)] Dynamic Content Compression. [Installation] Succeeded: [Web Server (IIS)] Default Document. [Installation] Succeeded: [Web Server (IIS)] Static Content. [Installation] Succeeded: [Web Server (IIS)] Directory Browsing. [Installation] Succeeded: [Web Server (IIS)] HTTP Redirection. [Installation] Succeeded: [Web Server (IIS)] HTTP Errors. [Installation] Succeeded: [Web Server (IIS)] Windows Authentication. [Installation] Succeeded: [Web Server (IIS)] Basic Authentication. [Installation] Succeeded: [Web Server (IIS)] Client Certificate Mapping Authentication. [Installation] Succeeded: [Web Server (IIS)] ISAPI Extensions. [Installation] Succeeded: [Web Server (IIS)] Tracing. [Installation] Succeeded: [Web Server (IIS)] HTTP Logging. [Installation] Succeeded: [Web Server (IIS)] ISAPI Filters. [Installation] Succeeded: [Web Server (IIS)] Request Monitor. [Installation] Succeeded: [Web Server (IIS)] Logging Tools. [Installation] Succeeded: [Web Server (IIS)] IP and Domain Restrictions. [Installation] Succeeded: [Web Server (IIS)] URL Authorization. [Installation] Succeeded: [Web Server (IIS)] Request Filtering. [Installation] Succeeded: [Web Server (IIS)] IIS Client Certificate Mapping Authentication. [Installation] Succeeded: [Web Server (IIS)] Management Service. [Installation] Succeeded: [Web Server (IIS)] .NET Extensibility. [Installation] Succeeded: [.NET Framework 3.0 Features] HTTP Activation. [Installation] Succeeded: [Web Server (IIS)] ASP.NET. [Installation] Succeeded: [Application Server] Application Server Foundation. [Installation] Succeeded: [Application Server] HTTP Activation. [Installation] Succeeded: [Application Server] Web Server (IIS) Support. <100/100> Success: Installation succeeded. C:\Users\Administrator>

Running a query now should show us that I’ve successfully installed a server that is identical to the one I set up using the Server Manager MMC, except I did it using 1 command. We can see that the modelling process automatically selected the required components based on the roles and role services that I listed to be installed.




C:\Users\Administrator>servermanagercmd -query ...................... ----- Roles ----- [ ] Active Directory Certificate Services [AD-Certificate] [ ] Certification Authority [ADCS-Cert-Authority] [ ] Certification Authority Web Enrollment [ADCS-Web-Enrollment] [ ] Online Responder [ADCS-Online-Cert] [ ] Network Device Enrollment Service [ADCS-Device-Enrollment] [ ] Active Directory Domain Services [ ] Active Directory Domain Controller [ADDS-Domain-Controller] [ ] Identity Management for UNIX [ADDS-Identity-Mgmt] [ ] Server for Network Information Services [ADDS-NIS] [ ] Password Synchronization [ADDS-Password-Sync] [ ] Administration Tools [ADDS-IDMU-Tools] [ ] Active Directory Federation Services [ ] Federation Service [ADFS-Federation] [ ] Federation Service Proxy [ADFS-Proxy] [ ] AD FS Web Agents [ADFS-Web-Agents] [ ] Claims-aware Agent [ADFS-Claims] [ ] Windows Token-based Agent [ADFS-Windows-Token] [ ] Active Directory Lightweight Directory Services [ADLDS] [ ] Active Directory Rights Management Services [ ] Active Directory Rights Management Server [ ] Identity Federation Support [X] Application Server [Application-Server] [X] Application Server Foundation [AS-AppServer-Foundation] [X] Web Server (IIS) Support [AS-Web-Support] [ ] COM+ Network Access [AS-Ent-Services] [ ] TCP Port Sharing [AS-TCP-Port-Sharing] [X] Windows Process Activation Service Support [AS-WAS-Support] [X] HTTP Activation [AS-HTTP-Activation] [ ] Message Queuing Activation [AS-MSMQ-Activation] [ ] TCP Activation [AS-TCP-Activation] [ ] Named Pipes Activation [AS-Named-Pipes] [ ] Distributed Transactions [AS-Dist-Transaction] [ ] Incoming Remote Transactions [AS-Incoming-Trans] [ ] Outgoing Remote Transactions [AS-Outgoing-Trans] [ ] WS-Atomic Transactions [AS-WS-Atomic] [ ] DHCP Server [DHCP] [ ] DNS Server [DNS] [ ] Fax Server [Fax] [ ] File Services [ ] File Server [FS-FileServer] [ ] Distributed File System [FS-DFS] [ ] DFS Namespaces [FS-DFS-Namespace] [ ] DFS Replication [FS-DFS-Replication] [ ] File Server Resource Manager [FS-Resource-Manager] [ ] Services for Network File System [FS-NFS-Services] [ ] Windows Search Service [FS-Search-Service] [ ] Windows Server 2003 File Services [FS-Win2003-Services]




[ ] File Replication Service [FS-Replication] [ ] Indexing Service [FS-Indexing-Service] [ ] Network Policy and Access Services [NPAS] [ ] Network Policy Server [NPAS-Policy-Server] [ ] Routing and Remote Access Services [NPAS-RRAS-Services] [ ] Remote Access Service [NPAS-RRAS] [ ] Routing [NPAS-Routing] [ ] Health Registration Authority [NPAS-Health] [ ] Host Credential Authorization Protocol [NPAS-Host-Cred] [ ] Print Services [Print-Services] [ ] Print Server [Print-Server] [ ] LPD Service [Print-LPD-Service] [ ] Internet Printing [Print-Internet] [ ] Terminal Services [Terminal-Services] [ ] Terminal Server [TS-Terminal-Server] [ ] TS Licensing [TS-Licensing] [ ] TS Session Broker [TS-Session-Broker] [ ] TS Gateway [TS-Gateway] [ ] TS Web Access [TS-Web-Access] [ ] UDDI Services [ ] UDDI Services Database [ ] UDDI Services Web Application [X] Web Server (IIS) [Web-Server] [X] Web Server [Web-WebServer] [X] Common HTTP Features [Web-Common-Http] [X] Static Content [Web-Static-Content] [X] Default Document [Web-Default-Doc] [X] Directory Browsing [Web-Dir-Browsing] [X] HTTP Errors [Web-Http-Errors] [X] HTTP Redirection [Web-Http-Redirect] [X] Application Development [Web-App-Dev] [X] ASP.NET [Web-Asp-Net] [X] .NET Extensibility [Web-Net-Ext] [ ] ASP [Web-ASP] [ ] CGI [Web-CGI] [X] ISAPI Extensions [Web-ISAPI-Ext] [X] ISAPI Filters [Web-ISAPI-Filter] [ ] Server Side Includes [Web-Includes] [X] Health and Diagnostics [Web-Health] [X] HTTP Logging [Web-Http-Logging] [X] Logging Tools [Web-Log-Libraries] [X] Request Monitor [Web-Request-Monitor] [X] Tracing [Web-Http-Tracing] [ ] Custom Logging [Web-Custom-Logging] [ ] ODBC Logging [Web-ODBC-Logging] [X] Security [Web-Security] [X] Basic Authentication [Web-Basic-Auth] [X] Windows Authentication [Web-Windows-Auth] [X] Digest Authentication [Web-Digest-Auth] [X] Client Certificate Mapping Authentication [Web-Client-Auth] [X] IIS Client Certificate Mapping Authentication [Web-Cert-Auth] [X] URL Authorization [Web-Url-Auth]




[X] Request Filtering [Web-Filtering] [X] IP and Domain Restrictions [Web-IP-Security] [X] Performance [Web-Performance] [X] Static Content Compression [Web-Stat-Compression] [X] Dynamic Content Compression [Web-Dyn-Compression] [X] Management Tools [Web-Mgmt-Tools] [X] IIS Management Console [Web-Mgmt-Console] [X] IIS Management Scripts and Tools [Web-Scripting-Tools] [X] Management Service [Web-Mgmt-Service] [ ] IIS 6 Management Compatibility [Web-Mgmt-Compat] [ ] IIS 6 Metabase Compatibility [Web-Metabase] [ ] IIS 6 WMI Compatibility [Web-WMI] [ ] IIS 6 Scripting Tools [Web-Lgcy-Scripting] [ ] IIS 6 Management Console [Web-Lgcy-Mgmt-Console] [ ] FTP Publishing Service [Web-Ftp-Publishing] [ ] FTP Server [Web-Ftp-Server] [ ] FTP Management Console [Web-Ftp-Mgmt-Console] [ ] Windows Deployment Services [WDS] [ ] Deployment Server [WDS-Deployment] [ ] Transport Server [WDS-Transport] [ ] Windows SharePoint Services [Windows-SharePoint] ----- Features ----- [X] .NET Framework 3.0 Features [NET-Framework] [X] .NET Framework 3.0 [NET-Framework-Core] [ ] XPS Viewer [NET-XPS-Viewer] [X] WCF Activation [NET-Win-CFAC] [X] HTTP Activation [NET-HTTP-Activation] [ ] Non-HTTP Activation [NET-Non-HTTP-Activ] [ ] BitLocker Drive Encryption [BitLocker] [ ] BITS Server Extensions [BITS] [ ] Connection Manager Administration Kit [CMAK] [ ] Desktop Experience [Desktop-Experience] [ ] Failover Clustering [Failover-Clustering] [ ] Group Policy Management [GPMC] [ ] Internet Printing Client [Internet-Print-Client] [ ] Internet Storage Name Server [ISNS] [ ] LPR Port Monitor [LPR-Port-Monitor] [ ] Message Queuing [MSMQ] [ ] Message Queuing Services [MSMQ-Services] [ ] Message Queuing Server [MSMQ-Server] [ ] Directory Service Integration [MSMQ-Directory] [ ] Message Queuing Triggers [MSMQ-Triggers] [ ] HTTP Support [MSMQ-HTTP-Support] [ ] Multicasting Support [MSMQ-Multicasting] [ ] Routing Service [MSMQ-Routing] [ ] Windows 2000 Client Support [MSMQ-Win2000] [ ] Message Queuing DCOM Proxy [MSMQ-DCOM] [ ] Multipath I/O [Multipath-IO] [ ] Network Load Balancing [NLB] [ ] Peer Name Resolution Protocol [PNRP]




[ ] Quality Windows Audio Video Experience [qWave] [ ] Remote Assistance [Remote-Assistance] [ ] Remote Differential Compression [RDC] [X] Remote Server Administration Tools [RSAT] [X] Role Administration Tools [RSAT-Role-Tools] [ ] Active Directory Certificate Services Tools [RSAT-ADCS] [ ] Certification Authority Tools [RSAT-ADCS-Mgmt] [ ] Online Responder Tools [RSAT-Online-Responder] [ ] Active Directory Domain Services Tools [RSAT-ADDS] [ ] Active Directory Domain Controller Tools [RSAT-ADDC] [ ] Server for NIS Tools [RSAT-SNIS] [ ] Active Directory Lightweight Directory Services Tools [RSAT-ADLDS] [ ] Active Directory Rights Management Services Tools [RSAT-RMS] [ ] DHCP Server Tools [RSAT-DHCP] [ ] DNS Server Tools [RSAT-DNS-Server] [ ] Fax Server Tools [RSAT-Fax] [ ] File Services Tools [RSAT-File-Services] [ ] Distributed File System Tools [RSAT-DFS-Mgmt-Con] [ ] File Server Resource Manager Tools [RSAT-FSRM-Mgmt] [ ] Services for Network File System Tools [RSAT-NFS-Admin] [ ] Network Policy and Access Services Tools [RSAT-NPAS] [ ] Routing and Remote Access Services Tools [RSAT-RAS] [ ] Health Registration Authority Tools [RSAT-HRA] [ ] Print Services Tools [RSAT-Print-Services] [ ] Terminal Services Tools [RSAT-TS] [ ] Terminal Server Tools [RSAT-TS-RemoteApp] [ ] TS Gateway Tools [RSAT-TS-Gateway] [ ] TS Licensing Tools [RSAT-TS-Licensing] [ ] UDDI Services Tools [RSAT-UDDI] [X] Web Server (IIS) Tools [RSAT-Web-Server] [ ] Windows Deployment Services Tools [RSAT-WDS] [ ] Feature Administration Tools [RSAT-Feature-Tools] [ ] BitLocker Drive Encryption Tools [RSAT-BitLocker] [ ] BITS Server Extensions Tools [RSAT-Bits-Server] [ ] Failover Clustering Tools [RSAT-Clustering] [ ] Network Load Balancing Tools [RSAT-NLB] [ ] SMTP Server Tools [RSAT-SMTP] [ ] WINS Server Tools [RSAT-WINS] [ ] Removable Storage Manager [Removable-Storage] [ ] RPC over HTTP Proxy [RPC-over-HTTP-Proxy] [ ] Simple TCP/IP Services [Simple-TCPIP] [ ] SMTP Server [SMTP-Server] [ ] SNMP Services [SNMP-Services] [ ] SNMP Service [SNMP-Service] [ ] SNMP WMI Provider [SNMP-WMI-Provider] [ ] Storage Manager for SANs [Storage-Mgr-SANS] [ ] Subsystem for UNIX-based Applications [Subsystem-UNIX-Apps] [ ] Telnet Client [Telnet-Client] [ ] Telnet Server [Telnet-Server] [ ] TFTP Client [TFTP-Client] [ ] Windows Internal Database [Windows-Internal-DB] [ ] Windows PowerShell [PowerShell]




[X] Windows Process Activation Service [WAS] [X] Process Model [WAS-Process-Model] [X] .NET Environment [WAS-NET-Environment] [X] Configuration APIs [WAS-Config-APIs] [ ] Windows Recovery Disc [Recovery-Disc] [ ] Windows Server Backup Features [Backup-Features] [ ] Windows Server Backup [Backup] [ ] Command-line Tools [Backup-Tools] [ ] Windows System Resource Manager [WSRM] [ ] WINS Server [WINS-Server] [ ] Wireless LAN Service [Wireless-Networking] C:\Users\Administrator>

Adding a Feature Using the Server Manager MMC So we’ve build a web and application server. We’re feeling very happy with ourselves and are getting

ready to put our feet up for the rest of the day … Oh! If only it was ever like that! Now we’ve been

told that our shiny new web server must be added to an existing Network Load Balanced web server

farm. I don’t remember anything in the Web Server (IIS) role installation about Network Load

Balancing. But I do remember there being a feature for Network Load Balancing. It looks like we’ll

have to customise our new server with a feature.

Fire up Server Manager again.

Click on <Add Features>. This will launch a new wizard.




All of the available features on the server are listed. Select the feature you wan to install. In this case

I’ve ticked “Network Load Balancing”.

We get a summary of our selection before we go any further. Click on <Install> to start the

installation or <Cancel> to terminate the process.




The installation starts. Note that this may actually take a while.

The installation completes after a few moments. You can see that Windows is still reminding me to

activate my automatic updates and gives me a warning because of it.




Back in the MMC, the status of the server is updated to reflect the new feature, Network Load

Balancing.

Adding a Feature Using the Server Manager Command Let’s have a look at adding the Network Load Balancing feature via command line. Pay attention

mouse and GUI fans. You’ll love how quick you can do this from the command line. We’ll be using the

SERVERMANAGERCMD command once again. A quick run of the –QUERY parameter shows us that

we need to install “NLB”:

C:\Users\Administrator>ServerManagerCmd.exe -install NLB

..

Start Installation...

[Installation] Succeeded: [Network Load Balancing].

<100/100>

Success: Installation succeeded.




How quick and easy was that? Network Load Balancing is now installed and ready to be configured.

Please tell me that you aren’t tempted to try this command line approach now! By now you should

see how you could write a simple script containing the commands to install of your required role and

feature installations. This could be saved and reused whenever you want to build a server of a

specific type. You could then deploy a single simple image to your new hardware and then run the

required role/feature installation script as required to complete the installation before you perform

the server specific customisations, e.g. adding content.

Managing Roles and Features Using Server Manager Server Manager is much more than just a tool for installing and removing features on your servers.

You can actually use it as a tool to monitor the roles and features that you’ve installed. Not only this,

but you can also use it as a tool to access the administrative tools for those roles and features. We’re

going to have a look at this now.

I’ve opened the Server Manager MMC console and I’ve noticed something is wrong.

We can see under Roles Summary that each of my installed roles is reporting a problem. I’m going to

drill down to the cause by clicking on <Go to Roles>.




In Roles I can scroll down and see that both the Application Server and the Web Server are each

reporting services as not running. This is causing each of the roles to fail. I now click on <Application

Server> to see what is happening.




I can see the cause of my problem under “System Services”. The “World Wide Web Publishing

Service” has a status of “stopped”. This has caused both the Application Server and the Web Server

roles to fail. The solution is pretty easy in this example. I select the failed service and click on

<Start> on the right-hand side of the console.

The service starts up successfully. I’m hoping that this has cleared up my problems so I navigate

back to the top of Server Manager.




I can clearly see under “Roles Summary” that both of my roles are now running normally.

This is probably a good time to have a look at how we can diagnose problems with out roles. As

you’ve just seen, we can navigate into each role in Server Manager. You should click on one of you

installed roles now. I’ve navigated into “Application Server”.




We can see there is an “Events” section under “Summary”. This presents each of the events that have

occurred on the server in relation to the selected role. This is extremely convenient when

investigating role specific issues and saves you having to search through the endless listing of events

that can exist within Event Viewer.




You can double-click on an event entry to get more specific detail related to the event you are

investigating.

Great! So now we can investigate issues and resolve problems using Server Manager. Is there

anything more? Well as it just so happens …

When a role is installed on a server there is also an MMC snap in added to the system to manage it.

Normally we’ve always gone into Administrative Tools to find it. Microsoft really wants us to see

Server Manager as just that … the primary tool for managing a server. If you want to manage a role

then you should be able to access the MMC snap-in from Server Manager. And that’s what Server

Manager allows us to do.

Navigate to a role on your server in Server Manager and expand the node. I’ve selected “Web Server

(IIS)”.

Inside the role, I’ve now got access to the related MMC snap-in and I can use this from within Server

Manager to manage my IIS7 installation. This means that Server Manager truly is a centralised

administrative tool for all roles installed on the server.

Removing a Role/Feature Using the Server Manager MMC Just typical! You’ve added your new network load balancing feature to the server and resolved your

server’s issues when your boss has decided that this new server will be a standalone machine. That’s

OK; we can remove it pretty quickly. This time around, I want you to pay attention to how much

work there is when we remove the feature using the MMC and when we remove it using the




command line. I think you may find yourself drifting towards the command line option for future

administration tasks related to server manager roles and features after reading this.

Let’s get Server Manager up and running again. We can see that Network Load Balancing is still

listed as a feature that is installed.

Click on <Remove Features> and a wizard will launch.




All of the features are listed. Those that are installed have a tick beside them and those that are not installed are greyed out. Deselect the feature you want to uninstall; in this case Network Load Balancing and then click on <Remove>.




We get a summary of the actions to be completed. Click on <Remove> when you are ready to uninstall the displayed features or click on <Cancel> to terminate the process.




The process may take a few moments so you may want to take one of those coffee breaks that we “progress bar engineers” are used to.




The removal process is completed and we can click on <Close> to return to the Server Manager MMC.

We can now see the feature is removed. That’s how we remove a feature. The process of removing a role is exactly the same. Instead of “Remove Features” you select “Remove Roles”. It’s a process that Microsoft has made very easy for us. They’ve allowed us to concentrate on what we want to install or remove instead of worrying about how to do it.

Removing a Role/Feature Using the Server Manager Command This is pretty easy. Instead of using the –INSTALL parameter we will be using the –REMOVE

parameter with the SERVERMANAGERCMD command. I’m going to uninstall the Network Load

Balancing feature:

C:\Users\Administrator>ServerManagerCmd.exe -remove NLB

.......................

Start Removal...

[Removal] Succeeded: [Network Load Balancing].




<100/100>

Success: Removal succeeded.

Some features or roles may require a restart at the end of the uninstall to complete the process. You

can automate this by adding the –RESTART parameter at the end of the command.

ServerManagerCmd.exe -remove Print-LPD-Service –restart

Removing the LPD printing service does require a reboot and you are warned about this if you run a

remove command. Adding the –RESTART parameter causes the server to reboot automatically,

something you will find quite handy if you deploy your uninstall command remotely or run it by

using a scheduled task.

Unattended Installations Using Answer Files I’ve already alluded to the process of an unattended installation. You could simply write a batch file

that includes a series of SERVERMANGERCMD commands. Microsoft has given us an alternative

using XML based answer files. Using an answer file, we can run the SERVERMANAGERCMD

command once and supply it with a listing of roles, role services and features to install.

I’m going to repeat the above scenario where I want to install 2 roles, a role service and a feature to

create a network load balanced web server with .Net support. The XML file I’m going to use is below:

<?xml version="1.0" encoding="utf-8" ?>

<ServerManagerConfiguration Action="Install"

xmlns="http://schemas.microsoft.com/sdm/Windows/ServerManager/Configuration/2007/1"

xmlns:xs="http://www.w3.org/2001/XMLSchema">

<Role Id="Application-Server" />

<RoleService Id="AS-Web-Support" />

<Role Id="Web-Server" />

<Feature Id="NLB" />

</ServerManagerConfiguration>

You can see that each role is listed using “Role ID”, each role service is listing using “RoleService ID”

and each feature is listed using “Feature ID”. I’ve saved this as C:\Media\WebServer.XML.

If you are automating an installation like this then it is likely that you’d like to see what the results

will be before you run the command as some sort of a basic test. SERVERMANAGERCMD allows you

to do this with the –WHATIF parameter:

ServerManagerCmd.exe -inputPath C:\Media\WebServer.XML –whatIf




This parses my XML file to check the syntax and simulates the installation without modifying my

server. It then lists the actions that will be performed. I can actually go ahead and run my command

once I’ve got my syntax cleaned up and I’m happy with the actions:

C:\Users\Administrator>ServerManagerCmd.exe -inputPath C:\Media\WebServer.XML

..

Start Installation...

[Installation] Succeeded: [Application Server] Windows Process Activation Servic

e Support.

[Installation] Succeeded: [Web Server (IIS)] Management Tools.

[Installation] Succeeded: [.NET Framework 3.0 Features] WCF Activation.

[Installation] Succeeded: [Web Server (IIS)] Web Server.

[Installation] Succeeded: [Web Server (IIS)] Health and Diagnostics.

[Installation] Succeeded: [Web Server (IIS)] Performance.

[Installation] Succeeded: [Web Server (IIS)] Application Development.

[Installation] Succeeded: [Web Server (IIS)] Security.

[Installation] Succeeded: [Web Server (IIS)] Common HTTP Features.

[Installation] Succeeded: [Windows Process Activation Service] Configuration API

s.

[Installation] Succeeded: [Windows Process Activation Service] Process Model.

[Installation] Succeeded: [Windows Process Activation Service] .NET Environment.

[Installation] Succeeded: [Network Load Balancing].

[Installation] Succeeded: [.NET Framework 3.0 Features] .NET Framework 3.0.

[Installation] Succeeded: [Web Server (IIS)] IIS Management Scripts and Tools.

[Installation] Succeeded: [Web Server (IIS)] IIS Management Console.

[Installation] Succeeded: [Web Server (IIS)] ISAPI Extensions.




[Installation] Succeeded: [Web Server (IIS)] HTTP Logging.

[Installation] Succeeded: [Web Server (IIS)] HTTP Redirection.

[Installation] Succeeded: [Web Server (IIS)] Static Content.

[Installation] Succeeded: [Web Server (IIS)] Client Certificate Mapping Authenti

cation.

[Installation] Succeeded: [Web Server (IIS)] Default Document.

[Installation] Succeeded: [Web Server (IIS)] HTTP Errors.

[Installation] Succeeded: [Web Server (IIS)] Directory Browsing.

[Installation] Succeeded: [Web Server (IIS)] ISAPI Filters.

[Installation] Succeeded: [Web Server (IIS)] IIS Client Certificate Mapping Auth

entication.

[Installation] Succeeded: [Web Server (IIS)] Digest Authentication.

[Installation] Succeeded: [Web Server (IIS)] Request Filtering.

[Installation] Succeeded: [Web Server (IIS)] URL Authorization.

[Installation] Succeeded: [Web Server (IIS)] Windows Authentication.

[Installation] Succeeded: [Web Server (IIS)] Request Monitor.

[Installation] Succeeded: [Web Server (IIS)] Logging Tools.

[Installation] Succeeded: [Web Server (IIS)] Basic Authentication.

[Installation] Succeeded: [Web Server (IIS)] Tracing.

[Installation] Succeeded: [Web Server (IIS)] IP and Domain Restrictions.

[Installation] Succeeded: [Web Server (IIS)] Static Content Compression.

[Installation] Succeeded: [Web Server (IIS)] Dynamic Content Compression.

[Installation] Succeeded: [Web Server (IIS)] Management Service.

[Installation] Succeeded: [Web Server (IIS)] .NET Extensibility.

[Installation] Succeeded: [.NET Framework 3.0 Features] HTTP Activation.

[Installation] Succeeded: [Web Server (IIS)] ASP.NET.




[Installation] Succeeded: [Application Server] Application Server Foundation.

[Installation] Succeeded: [Application Server] HTTP Activation.

[Installation] Succeeded: [Application Server] Web Server (IIS) Support.

<100/100>

Success: Installation succeeded.

In just one command, I have installed all the components required for my standard web server build.

You have got to love that!

So that’s roles and features in Windows 2008. My advice to you is to try this out with some test

machines. Compare the process using the MMC and the command line. And keep in mind the process

of using an answer file for when you read about unattended installation of Windows Server 2008.

We’re going to leave this subject now and move on to the rest of Server Manager and have a quick

look around.

The Rest of Server Manager I think it’s safe to say the Server Manager is the successor to Computer Management that was present

in Windows Server 2000 and 2003. As such, a number of the tasks that you could do in Computer

Management are also present in Server Manager. Not only this, but there’s some new stuff in there

too. I keep saying this and you’re probably getting tired of it, but Server Manager is intended to be

your all-in-one management tool for the server that you’re working on.

Each of the tools included in Server Manager has been categorised based on the operations that they

are used for.

Diagnostics We’ve already seen how we can diagnose and repair role specific failures in Server Manager. But

sometimes problems are more complex than that and you’ll find that you need to do see the bigger

picture. We can use the tools that are linked in Server Manager under “Diagnostics” to help us

identify the cause of those problems.

The first tool we see in Diagnostics is an old friend: Event Viewer. Event Viewer has had a bit of work

done on it.




The root view gives us a very helpful summary of the different types of events that are available in

Event Viewer. How often have you gone into Event Viewer and found that you had to search through

thousands of entries to find Critical or Warning level events. You’ve probably gone and filtered the

view but a large log can take some time to process. Windows 2008 Event viewer makes this easy for

us. Just expand the Event Type under “Summary of Administrative Events” and you’ll get a listing of

your desired level of events.

Another task that you’ve probably done repeatedly is to filter the view based on certain criteria such

as all events of source “HttpEvent” and event type of either “Failure” or “Warning”. Isn’t it pretty

annoying that every time you revisit Event viewer that you have to filter for this query again?

Windows 2008 Event Viewer comes to the rescue with Custom Views. You can define and save your

query using a Custom View. Not only that, but you can export the view and import it onto another

computer! The file format is XML so you can quickly copy and modify the file to create a collection of

Custom Views that you can import onto all of your servers as you deploy them.

Windows Logs gives us access to our now familiar set of logs including System, Security and

Application. Two new entries are to be found in there by default. The first is Setup. This log will

collect events related to the installation and removal of Roles and Features on your server. This will

be useful to identify when, who and how your server configuration was modified. That’s something

that will be useful to enforce compliance and change control. The most interesting addition to Event

Viewer is Forwarded Events. Almost every week I am either asked or see someone on a forum asking

for a solution for basic monitoring of small server networks that won’t cost an annual budget.

Forwarded Events allows a single server to gather log entries from other computers using

subscriptions. These events are then collected onto your server and presented to you in Forwarded

Events. Note that this service requires that both the Windows Remote Management and the

Windows Event Collector services are running.




The Applications and Services Logs allows different applications to log their own specific details into

their own dedicated logs that an administrator can access via a single interface. The logs are broken

down into categories to make them easy to navigate. Of relevance to this document, you can find a

log for Server Manger in \Diagnostics\Event Viewer\Applications and Services

Logs\Microsoft\Windows\Server Manager. In here you can find log entries for every task you’ve run

using SERVERMANAGERCMD.EXE.

Subscriptions is where you define on how to collect log entries from target computers to a source

computer. You’ve got a number of options in here including selection targets, defining a query for

events to collect and what credentials to use to make the connection to the remote computers.

Reliability and Performance allows and administrator to monitor how a server is behaving. Instead

of querying log data, the administrator can get access to more tangible statistics such as resource

utilisation and server failure in this collection of tools.

Under Monitoring Tools we have Performance Monitor and Reliability Monitor. Performance

Monitor should be familiar to Windows administrators. It allows you to monitor current

performance metrics and to load a pre-existing data collector set to view historic data. Reliability

monitor is a new tool for analysing how change relates to failures in server reliability via a time chart

and collected events. It’s not uncommon for failures to be directly related to configuration changes.

This tool is Microsoft’s attempt to help us correlate these events.

Data Collector Sets allows us to collect data from the server that is not normally collected in Event

Viewer, i.e. performance and configuration information. It’s broken into two sets: System which is




the hard coded set of sets and User Defined which allows an administrator to define a query and

schedule to gather data. You can run these sets to gather data. The resulting data can be either

loaded in Performance Monitor to create a historic chart or in Reports so you can have a text

summary of the Data Collector Set execution.

Device Manager allows administrators of a server to install or remove devices and to manage their

drivers.




Configuration The Configuration section of Server Manager allows administrators to manage the configuration of

servers that is unrelated to Roles and Features, i.e. those components that are common to all

Windows 2008 servers.

Task Scheduler does exactly what it says on the tin. You can use it to schedule an operation that you

want to occur once in the future or on a recurring basis. You’ll notice that Microsoft has included a

set of tasks by default, including one to defrag your hard disks every week.




Windows Firewall with Advanced Security is where you can configure the Windows Firewall. Notice

that it’s on by default and it’s pretty water tight!




You can use the Services MMC to manage the services that are running on the server, including

changing their running status, their start-up type and the credentials they use to execute on the

server.




You will WMI Control to manage the WMI configuration of the server that you are working on,

including backup up/restoring the configuration, assigning permissions and changing the default

scripting namespace.




Local Users and Groups should be familiar to anyone who has worked with Microsoft operating

systems since Windows 2000. It is where you will manage local users and local groups on standalone

and member servers.

Storage We now wrap up our document on Server Manager by looking quickly at the Storage Section. There

are two aspects to this: Windows Server Backup and Disk Management.




Windows Server Backup allows an administrator to back up their server without the need for third

party applications. You’re going to need to install the Windows Server Backup feature in order to be

able to use Windows Server Backup.




Windows Server Backup is useful for smaller organisations with smaller budgets, those with

standalone servers or for administrators with an isolated test lab. Backing up our servers is one of

the most important things that we server administrators do and Windows Server Backup provides us

with a reliable tool for doing this, albeit not one that will be ideal for those who require cross

platform support, advanced storage or centralised management.




Administrators can use Disk Management to provision disks and volumes on the server. One of the

nice little improvements is the summary that tells us vital disk configuration information such as

which volumes are the system, boot, page file and crash dump partitions.

Summary

So that’s Server Manager. I think that it’s quite an impressive upgrade over Computer Management

and that Microsoft has given us a tool that probably does accomplish much of the lofty goal to create

a single point for managing a server. Add in SERVERMANAGERCMD.EXE and administrators have a

rapid, scriptable and easily repeatable way to manage the Role and Feature configurations of their

servers. If you are a server administrator then this is likely going to be the tool you use the most in

your day to day operations. If so, set up a test lab and try out some of the scenarios described in this

document. Then expand on your experiments by adding in the features that you are likely to

encounter in your job. Try to use SERVERMANAGERCMD.EXE and the answer file feature and you’ll

be pleasantly surprised how we command prompt fearing types will actually want to learn a bit more

of the dark side!

windows 2008 server manger

Documents