User Rating: / 26
PoorBest 

Just finished the Windows Server 2008 R2 Training (2Day). I have jot down few points which i hope will be useful for you all and thought of sharing.

For In-depth knowledge, i request you to please refer Microsoft Windows Bible: http://technet.microsoft.com/hi-in/default.aspx

Please READ!!!

First of all Windows Server 2008 R2 is a Robust OS which MS has introduced than previous server OS even than 2008. What a wonderful features and concepts. I had a great time and enjoyed it like anything.You should Have a look!!!!!

Windows Deployment Services. -- Replacing RIS.....
-- It Deploys Windows operating systems over the network.It has the ability to deploy vista,
Windows7 & Windows 2008.
-- Image Base installation using WIM. (It is file-based disk image format, not sector based.)
-- ImageX - it is command line tool to create, edit and deploy windows disk images into
WIM.It is distributed as a part of the free windows automated installation kit. It is just
same as Norton ghost but not wholly.
-- WinPE is a bootable and light version of Windows. Can use to start a PC from USB or
CD/DVD.
-- System Imagfe manager replacement of setup manager in previous OS. Used to create
unattended windows setup answer files.
-- You could even deploy OS via .VHD files. Great Features.

Migration Server Roles.
Superb feature.:
-- You could migrates role like DNS, DHCP and so on.....as far i have seen you could migrate
via Powershell only. (system has to have installed powershell and .netframework)
-- For Eg. to mirgate DHCP role which i did in lab and found great: Like wise there are many
too. http://technet.microsoft.com/en-us/libr ... 9483(WS.10).aspx

Best Practice Analyzers:
-- Reduces troubleshooting overhead
-- Scans roles on Windows Server 2008 R2

Windows Server 2008 R2 Backup
-- Backup files and folders
-- Backup management via Windows Powershell.
-- Incremental backup of System State Backup
-- One wonderful feature is that you could take AD database(not wholly) backup by using
ntdsutil after stopping the AD DS service. -- Then mounting the folder of the backup as it
creates a snapshot on C: local drive. Another good thing is that using this you could create
ADC in branch office and local office and allow sysvol replication later on.
(usingdsamain.exe you can view the snapshot).
-- When you mount you could actually view the NTDS.dit database for which i was longing to
see since many years. ( but you cannot delete while viewing the database.
-- Using NTDSUTIL actually you could take AD backup and backup for RODC to install in branch
office. (Amanzing feature)

Active Directory Administration Center:
-- Active Directory Administrative Center only available from Windows Server 2008 R2 servers
and Windows 7 workstations, when they install Remote Server Administrative Tools (RSAT -
likewise adminpak).
-- It is almost same like ADUC. You access ADAC via (http) for that you need to have AD Web
services installed. Once the service is stopped you will not be able to accest the ADAC.

Active Directory Recycle Bin
-- First of you all your forest functional needs to be at Windows 2008 R2 to enable this feature.
-- It is build on the existing tombstone reanimation infrastructure.
-- Minimizes directory service downtime.
-- Preserves all attributes of deleted objects which (adrestore.exe) and ldap tool does not
recovers all the attributes.
-- Feature needs to be enabled via powershell and restore also. No GUI support is available for
Recycle Bin feature at the moment.

Offline Domain Join.
-- Offline domain join is a process to add computers to a domain in locations where there is
no connectivity to a corporate network.
-- To perform an offline domain join, you can run the Djoin.exe command-line tool
-- Client computer does not require DC connectivity while joining.
-- Computer account is intially created on ADUC
-- This also has to be performed by CMDlets with the help of Djoin.exe utility.
-- It is quite funny to see this feature as i got project to migrate lotus to exchange 2k10, you
must be aware in Lotus to configure client profile you need to first create a User ID on
Server and through some media like pen drive/CD you import the ID in to lotus client to
configure the profile. I found it to be in same way and found interesting.

Group Policy preferences
-- By this you could create shortcuts on desktop, create folders, drive mapping, scripts,
schedule tasks, services and many more.
-- App Locker replaces software restriction policies and has many new capabilities. (Allow,
Deny & Exceptions). Please visit technet to see whole new feature deeply as it has many
features which i cant describe over here.
-- Fine Grained password policy - In windows 2008 MS has come out with this new feature
which is wonderful. You could create multiple password policies using adsiedit and give
preferences. (it is not applied on OU level but users and groups)
-- Advanced audit policies - Total 9 policies are found. Under these there are also sub-
categories which can be enable and visible only via cmdlets. ( Auditpol.exe is the tool to
check the sub category "auditpol.exe /get /category:*" )
-- Forwarding event viewer another great feature like forwarding event of remote
computers locally.

Remote Desktop Services - Replacement of Terminal Services
-- Run an application or an entire desktop from a central location
-- Provide users with an entire desktop environment, or with their individual applications and
data
-- Enable secure remote access to an entire desktop, remote application, or virtual machine
without establishing a VPN connection
-- Requires SSL certificate
-- It works on RDP over HTTPS
-- Publish remote applications on the first RDS session host
-- Remote Desktop gateway enables remote users to connect to internal network resources
over the Internet
-- Provides a secure and flexible RDP connection.

Hyper-Visor
-- Its a built-in features very strongly competing with VMware ESX server. It is almost
providing Live migration/Quick Migration/
-- Used to : Server consolidation, Disaster Recovery, testing and development, Datacenter,
NLB, Quick Migration, VM Snapshots,
-- R2 - Improved VHD performance, Live Migration, Dynamic VM storage, Enhanced processor
& Networking support.
-- You might sometime want to migrate your roles to new server for some reasons like -
Updating config of your existing server, Hardware maintenance, updating physical host OS,
If you want to change it to new server hardware and other reasons too.....
-- For live migration Req: 2008 R2, MS Cluster on all physical nodes, cluster with dedicated
N/w, Shared storage. ( For process please go to technet.)

[u]Windows Powershell :[/u]
-- You can do scripting, Remote management, Manage roles etc.....
-- It is .net framework based so you need to .net framework installed on the OS which is
inbuilt.
-- You can perform Active directory management task ( Create, Modify or delete objects
etc....but need to import active directory modules)
-- You can manage server roles, take backups, manage GPO, Manage IIS. And what else
boss.....almost like Linux!!! heehee...!

Read Only Domain Controller
-- RODC helps you easily deploy a domain controller in branch office with lower physical
security.
-- Read-only AD Database access.
-- RODC filtered attribute set
-- Unidirectional replication
-- No credential caching ( Password are not replicated of all the users accept the users in
branch office.
-- It can be installed on Server Core which is again beautiful
-- Administration role separation.

Server Core
-- Server Core installation provides a minimal environment for running specific server roles
that reduces the maintenance, management, and the attack surface
-- Reduced maintenance, reduced memory and disk requirements, reduced attack surface &
Greater stability.
-- Sconfig utility for user friendly and advanced utility available like GUI of MS and third-party
like core-configurator.I wonder why MS makes such things for server core when they wanted
it to be on CMDlets and why they provide third party compatibility.
-- I understand it is totally cmdlets and administrators have to remember but still we can
learn and providing GUI utilties makes work more easier and we find ourselves lazy to use
cmdlets.

Network Access protection
-- Planned with Windows Server 2003 R2 but not succeeded.
-- It validates the Client system health by check the updates, anti-virus, custom policies
complied by organization so that they abide.
-- It is not an agent but a service.
-- It is not a security solution but a Health.
-- It requires Server 2008, DHCP server V-6, Client- XP with Sp3, Win2K3 with SP1, Vista &
Windows7.
-- It can connect remedies server like anti-virus, WSUS etc to update the health status of
client systems.

Hope its been informative to you as it has been to me too a lot. Correction always welcome.

This article may also be found here on the forum.