• Chapter 1. Installing and Configuring Windows Server 2003
  • software development Company Server 2003
  • Chapter 1. Installing and Configuring Windows Server 2003
  • New Features in Windows Server 2003
  • Best Practices
  • Moving Forward
  • Version Comparisons
  • Hardware Recommendations
  • Installation Checklist
  • Functional Overview of Windows Server 2003 Setup
  • Installing Windows Server 2003
  • Post Setup Configurations
  • Functional Description of the Windows Server 2003 Boot Process
  • Correcting Common Setup Problems
  • Chapter 2. Performing Upgrades and Automated Installations
  • New Features in Windows Server 2003
  • NT4 Upgrade Functional Overview
  • Upgrading an NT4 or Windows 2000 Server
  • Automating Windows Server 2003 Deployments
  • Moving Forward
  • Chapter 3. Adding Hardware
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Architecture
  • Overview of Windows Server 2003 Plug and Play
  • Installing and Configuring Devices
  • Troubleshooting New Devices
  • Moving Forward
  • Chapter 4. Managing NetBIOS Name Resolution
  • New Features in Windows Server 2003
  • Moving Forward
  • Overview of Windows Server 2003 Networking
  • Name Resolution and Network Services
  • Network Diagnostic Utilities
  • Resolving NetBIOS Names Using Broadcasts
  • Resolving NetBIOS Names Using Lmhosts
  • Resolving NetBIOS Names Using WINS
  • Managing WINS
  • Disabling NetBIOS-over-TCP/IP Name Resolution
  • Chapter 5. Managing DNS
  • New Features in Windows Server 2003
  • Configuring a Caching-Only Server
  • Configuring a DNS Server to Use a Forwarder
  • Managing Dynamic DNS
  • Configuring Advanced DNS Server Parameters
  • Examining Zones with Nslookup
  • Command-Line Management of DNS
  • Configuring DHCP to Support DNS
  • Moving Forward
  • Overview of DNS Domain Structure
  • Functional Description of DNS Query Handling
  • Designing DNS Domains
  • Active Directory Integration
  • Configuring DNS Clients
  • Installing and Configuring DNS Servers
  • Configuring Secondary DNS Servers
  • Integrating DNS Zones into Active Directory
  • Chapter 6. Understanding Active Directory Services
  • New Features in Windows Server 2003
  • Active Directory Support Files
  • Active Directory Utilities
  • Bulk Imports and Exports
  • Moving Forward
  • Limitations of Classic NT Security
  • Directory Service Components
  • Brief History of Directory Services
  • X.500 Overview
  • LDAP Information Model
  • LDAP Namespace Structure
  • Active Directory Namespace Structure
  • Active Directory Schema
  • Chapter 7. Managing Active Directory Replication
  • New Features in Windows Server 2003
  • Replication Overview
  • Detailed Replication Transaction Descriptions
  • Designing Site Architectures
  • Configuring Inter-site Replication
  • Controlling Replication Parameters
  • Special Replication Operations
  • Troubleshooting Replication Problems
  • Moving Forward
  • Chapter 8. Designing Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Design Objectives
  • DNS and Active Directory Namespaces
  • Domain Design Strategies
  • Strategies for OU Design
  • Flexible Single Master Operations
  • Domain Controller Placement
  • Moving Forward
  • Chapter 9. Deploying Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Preparing for an NT Domain Upgrade
  • In-Place Upgrade of an NT4 Domain
  • In-Place Upgrade of a Windows 2000 Forest
  • Migrating from NT and Windows 2000 Domains to Windows Server 2003
  • Additional Domain Operations
  • Moving Forward
  • Chapter 10. Active Directory Maintenance
  • New Features in Windows Server 2003
  • Loss of a DNS Server
  • Loss of a Domain Controller
  • Loss of Key Replication Components
  • Backing Up the Directory
  • Performing Directory Maintenance
  • Moving Forward
  • Chapter 11. Understanding Network Access Security and Kerberos
  • New Features in Windows Server 2003
  • Windows Server 2003 Security Architecture
  • Security Components
  • Password Security
  • Authentication
  • Analysis of Kerberos Transactions
  • MITv5 Kerberos Interoperability
  • Security Auditing
  • Moving Forward
  • Chapter 12. Managing Group Policies
  • New Features in Windows Server 2003
  • Group Policy Operational Overview
  • Managing Individual Group Policy Types
  • Moving Forward
  • Chapter 13. Managing Active Directory Security
  • New Features in Windows Server 2003
  • Overview of Active Directory Security
  • Using Groups to Manage Active Directory Objects
  • Service Accounts
  • Using the Secondary Logon Service and RunAs
  • Using WMI for Active Directory Event Notification
  • Moving Forward
  • Chapter 14. Configuring Data Storage
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Data Storage
  • Performing Disk Operations on IA32 Systems
  • Recovering Failed Fault Tolerant Disks
  • Working with GPT Disks
  • Moving Forward
  • Chapter 15. Managing File Systems
  • New Features in Windows Server 2003
  • Overview of Windows Server 2003 File Systems
  • NTFS Attributes
  • Link Tracking Service
  • Reparse Points
  • File System Recovery and Fault Tolerance
  • Quotas
  • File System Operations
  • Moving Forward
  • Chapter 16. Managing Shared Resources
  • New Features in Windows Server 2003
  • Functional Description of Windows Resource Sharing
  • Configuring File Sharing
  • Connecting to Shared Folders
  • Resource Sharing Using the Distributed File System (Dfs)
  • Printer Sharing
  • Configuring Windows Server 2003 Clients to Print
  • Managing Print Services
  • Moving Forward
  • Chapter 17. Managing File Encryption
  • New Features in Windows Server 2003
  • File Encryption Functional Description
  • Certificate Management
  • Encrypted File Recovery
  • Encrypting Server-Based Files
  • EFS File Transactions and WebDAV
  • Special EFS Guidelines
  • EFS Procedures
  • Moving Forward
  • Chapter 18. Managing a Public Key Infrastructure
  • New Features in Windows Server 2003
  • Moving Forward
  • PKI Goals
  • Cryptographic Elements in Windows Server 2003
  • Public/Private Key Services
  • Certificates
  • Certification Authorities
  • Certificate Enrollment
  • Key Archival and Recovery
  • Command-Line PKI Tools
  • Chapter 19. Managing the User Operating Environment
  • New Features in Windows Server 2003
  • Side-by-Side Assemblies
  • User State Migration
  • Managing Folder Redirection
  • Creating and Managing Home Directories
  • Managing Offline Files
  • Managing Servers via Remote Desktop
  • Moving Forward
  • Chapter 20. Managing Remote Access and Internet Routing
  • New Features in Windows Server 2003
  • Configuring a Network Bridge
  • Configuring Virtual Private Network Connections
  • Configuring Internet Authentication Services (IAS)
  • Moving Forward
  • Functional Description of WAN Device Support
  • PPP Authentication
  • NT4 RAS Servers and Active Directory Domains
  • Deploying Smart Cards for Remote Access
  • Installing and Configuring Modems
  • Configuring a Remote Access Server
  • Configuring a Demand-Dial Router
  • Configuring an Internet Gateway Using NAT
  • Chapter 21. Recovering from System Failures
  • New Features in Windows Server 2003
  • Functional Description Ntbackup
  • Backup and Restore Operations
  • Recovering from Blue Screen Stops
  • Using Emergency Management Services (EMS)
  • Using Safe Mode
  • Restoring Functionality with the Last Known Good Configuration
  • Recovery Console
  • Moving Forward
  • Who Should Read This Book
  • Who This Book Is Not For
  • Conventions
  • Acknowledgments
  • About the Author
  • About the Technical Reviewers
  • Index
  • Index A
  • Index B
  • Index C
  • Index D
  • Index E
  • Index F
  • Index G
  • Index H
  • Index I
  • Index J
  • Index K
  • Index L
  • Index M
  • Index N
  • Index O
  • Index P
  • Index Q
  • Index R
  • Index S
  • Index SYMBOL
  • Index T
  • Index U
  • Index V
  • Index W
  • Index X
  • Index Z
  • Preface
  • Previous Section Next Section

    Upgrading an NT4 or Windows 2000 Server

    This section describes how to perform an upgrade and takes a detailed look at the upgrade process and what happens to the server. This is meant to help you anticipate potential problems and diagnose any that do occur. The upgrade is divided into two phases:

    • Initial assessment. In this phase, the Windows Server 2003 installation management utility, Winnt32.exe, asks about your plans for the server and gathers information about the current installation from the Registry. The result of this effort is a Setup Information File (SIF) called Winnt.sif that acts as a script for the upgrade.

    • Upgrade implementation. In this phase, Setup performs the installation based on the Winnt.sif script and the contents of the Registry.

    You have the option of running the upgrade from the CD or from a network share. If you upgrade from the CD, only those files necessary to recommence Setup are copied to the hard drive. They are located in a folder called $win_nt$.~bt. These are the same files as those used to boot to Setup from the CD. They take about 6MB of storage.

    If you upgrade from a network share, Winnt32 copies the Setup files and all the operating system files from the network share to the local hard drive into a folder called \$win_nt$.~ls. By default, this folder is located in the system partition. The folder needs just over 300MB of free space in addition to the free space you need for the upgrade.

    Initial Assessment Phase

    You must have administrator privileges on the server to do an upgrade. If the server is a member of a domain, you should be logged on to the domain rather than the local SAM. This ensures that you have full access to all existing NTFS files and Registry keys. When ready, proceed as shown in Procedure 2.1.

    Procedure 2.1 Performing Initial Setup Assessment for NT4 Upgrade

    1. Insert the Windows Server 2003 CD in the CD-ROM drive. Autorun initiates Setup.exe. The name is somewhat misleading. Setup merely manages the Windows Server 2003 CD. Winnt32 actually performs the upgrade chores.

    2. Click Install Microsoft Windows Server 2003 to initiate the upgrade. Setup launches Winnt32.exe, the Windows Server 2003 installation management utility. The Welcome to Windows window opens. There are two options, Upgrade and New Installation:

      • The Upgrade to Windows Server 2003 option obtains information about the current installation and uses that as a script for installing Windows Server 2003.

      • The New Installation option initiates a clean installation as covered in the preceding chapter. If you point the installer at a separate partition, it creates a dual-boot machine.

    3. Click Next. The License Agreement window opens. You really have no choice other than selecting I Accept This Agreement. Winnt32 will not let you proceed if you don't accept the licensing agreement.

    4. Click Next. The Product Key window opens. Enter the 25-character Product Key from the CD case. Later on, the Windows Product Activation (WPA) service will combine the Product Key with the Installation ID generated based on the server's hardware and submit this information to Microsoft to obtain a Confirmation ID that activates the installation. (WPA is not used for products obtained via Master License and Volume License Agreements.)

    5. Click Next. If you are connected to the Internet, the Performing Dynamic Update window opens. Click Yes to connect to Microsoft's Update web site and download current Setup files. This stage also includes a readiness scan. If incompatible software or drivers are found, Winnt32 reports them to you. You should exit Setup and de-install the applications before continuing.

      If you are not currently connected to the Internet, the Directory of Applications window opens. This gives you the opportunity to connect to the Internet and then view the master application compatibility database at Microsoft.

    6. Click Next. Winnt32 copies the Windows Server 2003 boot files into a folder named \$Win_nt$.~bt at the root of the existing boot partition. Winnt32 also changes Boot.ini to include this folder in the list of available boot options along with a special boot sector, Bootsect.dat, that has executable code for continuing with the next phase of Setup following restart.

    Upgrade Implementation Phase

    Following restart, Setup proceeds without further user intervention. There are four stages:

    • Device installation. Setup performs a PnP enumeration and copies the necessary drivers from the CD or the \$win_nt$.~ls folder.

    • Networking installation. Setup performs an additional scan for network devices and protocols and then installs and initializes the appropriate drivers.

    • Component installation. Setup uses the Winnt.sif script from the original NT4 Registry to select and install components and drivers.

    • Final tasks. Setup installs the START menu items, registers components, saves final settings, and removes the temporary files.

    After Setup finishes the upgrade, the machine restarts one last time and you can log on. The domain affiliation will be the same as before the upgrade, so you can use your normal domain credentials.

    Post-Upgrade Checks

    After you log on following the upgrade, verify that all services that were operational under NT4 are still operational under Windows Server 2003. Make this check using the Services console. The simplest way to open the console is to enter Services.msc from the command line. You can also select it from the menu using START | PROGRAMS | ADMINISTRATIVE TOOLS | SERVICES.

    If you disabled any services prior to upgrading, enable and start them now to verify that the new drivers work correctly. Make sure the service is Windows Server 2003 compatible or you may cause the machine to behave erratically.

    Verify that services that have already started did so without errors by checking the Event log. Open the Event Viewer from the ADMINISTRATIVE TOOLS menu or enter Eventvwr.msc at the command line. You can expect a few warnings but you should not see any critical errors.

    Application Compatibility Checks

    Now work your way through any applications loaded on the server. If you find one that refuses to run in Windows Server 2003, you can try running it using the Application Compatibility Tool, Apcompat. You must install the tool separately. The installation package, Act20, comes on the Windows Server 2003 CD in \Support\Tools. Figure 2.1 shows an example of the Apcompat window.

    Figure 2.1. Application Compatibility—Used for running applications that demand specific functions from previous operating systems.


    If you can find an operating mode that the application likes, you can lock down the Registry settings with the Make Permanent option.

    Apcompat will help you in situations where the programmer who designed the application hard-coded it to look for a specific version of Windows. It does not permit applications to access hardware (verboten in all members of the NT family) nor does it permit the application to run VxDs. Chapter 19, "Managing the User Operating Environment," has additional tips for using more advanced compatibility settings in the Act20 suite of tools.

    Security Checks

    One of the final actions taken by Setup during a clean install or an upgrade is to apply Registry and NTFS file permissions. The templates for setting these permissions are contained in the \Windows\Inf folder. They are as follows:

    • Defltdc.inf. The standard security settings for a domain controller.

    • Dcfirst.inf. Additional security settings applied to the first domain controller in a tree.

    • Dcup.inf. The security settings applied to a domain controller after upgrading from NT4.

    • Dcup5.inf. The security settings applied to a domain controller after upgrading from Windows 2000.

    • Defltsv.inf. The standard security settings applied to a server.

    • Dsup.inf. The security settings applied after upgrading a server to Windows Server 2003 from any previous version.

    • Dsupt.inf. The security settings applied after upgrading an NT4 Terminal Services Edition server or a Windows 2000 server running Terminal Services in Application mode.

    The NTFS and Registry permissions applied by these scripts play a crucial role in controlling access to a server or domain controllers. It is very important that the scripts run to completion. Sometimes a bug or outside incident causes the script to stop. There should be an Event log entry if this happens.

    If you peruse the entries in these scripts, you'll also find that the tight lockdowns in Windows Server 2003 are not applied to upgrades. If you want an upgraded server to have the same security settings as a clean install, you can apply the security settings manually. See Chapter 11, "Understanding Network Access Security and Kerberos," for details on the contents of the security templates and how to apply a template to a server.

      Previous Section Next Section