Upgrading an NT4 or Windows 2000 Server
This section describes how to perform an upgrade and takes a detailed look at the upgrade process and what happens to the server. This is meant to help you anticipate potential problems and diagnose any that do occur. The upgrade is divided into two phases:
In this phase, the Windows Server 2003 installation management utility, Winnt32.exe, asks about your plans for the server and gathers information about the current installation from the Registry. The result of this effort is a Setup Information File (SIF) called Winnt.sif that acts as a script for the upgrade.
In this phase, Setup performs the installation based on the Winnt.sif script and the contents of the Registry.
You have the option of running the upgrade from the CD or from a network share. If you upgrade from the CD, only those files necessary to recommence Setup are copied to the hard drive. They are located in a folder called $win_nt$.~bt. These are the same files as those used to boot to Setup from the CD. They take about 6MB of storage.
If you upgrade from a network share, Winnt32 copies the Setup files and all the operating system files from the network share to the local hard drive into a folder called \$win_nt$.~ls. By default, this folder is located in the system partition. The folder needs just over 300MB of free space in addition to the free space you need for the upgrade.
Initial Assessment Phase
You must have administrator privileges on the server to do an upgrade. If the server is a member of a domain, you should be logged on to the domain rather than the local SAM. This ensures that you have full access to all existing NTFS files and Registry keys. When ready, proceed as shown in Procedure 2.1.
Procedure 2.1 Performing Initial Setup Assessment for NT4 Upgrade
Insert the Windows Server 2003 CD in the CD-ROM drive. Autorun initiates Setup.exe. The name is somewhat misleading. Setup merely manages the Windows Server 2003 CD. Winnt32 actually performs the upgrade chores.
Click Install Microsoft Windows Server 2003 to initiate the upgrade. Setup launches Winnt32.exe, the Windows Server 2003 installation management utility. The Welcome to Windows window opens. There are two options, Upgrade and New Installation:
The Upgrade to Windows Server 2003 option obtains information about the current installation and uses that as a script for installing Windows Server 2003.
The New Installation option initiates a clean installation as covered in the preceding chapter. If you point the installer at a separate partition, it creates a dual-boot machine.
Click Next. The License Agreement window opens. You really have no choice other than selecting I Accept This Agreement. Winnt32 will not let you proceed if you don't accept the licensing agreement.
Click Next. The Product Key window opens. Enter the 25-character Product Key from the CD case. Later on, the Windows Product Activation (WPA) service will combine the Product Key with the Installation ID generated based on the server's hardware and submit this information to Microsoft to obtain a Confirmation ID that activates the installation. (WPA is not used for products obtained via Master License and Volume License Agreements.)
Click Next. If you are connected to the Internet, the Performing Dynamic Update window opens. Click Yes to connect to Microsoft's Update web site and download current Setup files. This stage also includes a readiness scan. If incompatible software or drivers are found, Winnt32 reports them to you. You should exit Setup and de-install the applications before continuing.
If you are not currently connected to the Internet, the Directory of Applications window opens. This gives you the opportunity to connect to the Internet and then view the master application compatibility database at Microsoft.
Click Next. Winnt32 copies the Windows Server 2003 boot files into a folder named \$Win_nt$.~bt at the root of the existing boot partition. Winnt32 also changes Boot.ini to include this folder in the list of available boot options along with a special boot sector, Bootsect.dat, that has executable code for continuing with the next phase of Setup following restart.
Upgrade Implementation Phase
Following restart, Setup proceeds without further user intervention. There are four stages:
Setup performs a PnP enumeration and copies the necessary drivers from the CD or the \$win_nt$.~ls folder.
Setup performs an additional scan for network devices and protocols and then installs and initializes the appropriate drivers.
Setup uses the Winnt.sif script from the original NT4 Registry to select and install components and drivers.
Setup installs the START menu items, registers components, saves final settings, and removes the temporary files.
After Setup finishes the upgrade, the machine restarts one last time and you can log on. The domain affiliation will be the same as before the upgrade, so you can use your normal domain credentials.
After you log on following the upgrade, verify that all services that were operational under NT4 are still operational under Windows Server 2003. Make this check using the Services console. The simplest way to open the console is to enter Services.msc from the command line. You can also select it from the menu using START | PROGRAMS | ADMINISTRATIVE TOOLS | SERVICES.
If you disabled any services prior to upgrading, enable and start them now to verify that the new drivers work correctly. Make sure the service is Windows Server 2003 compatible or you may cause the machine to behave erratically.
Verify that services that have already started did so without errors by checking the Event log. Open the Event Viewer from the ADMINISTRATIVE TOOLS menu or enter Eventvwr.msc at the command line. You can expect a few warnings but you should not see any critical errors.
Application Compatibility Checks
Now work your way through any applications loaded on the server. If you find one that refuses to run in Windows Server 2003, you can try running it using the Application Compatibility Tool, Apcompat. You must install the tool separately. The installation package, Act20, comes on the Windows Server 2003 CD in \Support\Tools. Figure 2.1 shows an example of the Apcompat window.
Figure 2.1. Application Compatibility—Used for running applications that demand specific functions from previous operating systems.
If you can find an operating mode that the application likes, you can lock down the Registry settings with the Make Permanent option.
Apcompat will help you in situations where the programmer who designed the application hard-coded it to look for a specific version of Windows. It does not permit applications to access hardware (verboten in all members of the NT family) nor does it permit the application to run VxDs. Chapter 19, "Managing the User Operating Environment," has additional tips for using more advanced compatibility settings in the Act20 suite of tools.
One of the final actions taken by Setup during a clean install or an upgrade is to apply Registry and NTFS file permissions. The templates for setting these permissions are contained in the \Windows\Inf folder. They are as follows:
The standard security settings for a domain controller.
Additional security settings applied to the first domain controller in a tree.
The security settings applied to a domain controller after upgrading from NT4.
The security settings applied to a domain controller after upgrading from Windows 2000.
The standard security settings applied to a server.
The security settings applied after upgrading a server to Windows Server 2003 from any previous version.
The security settings applied after upgrading an NT4 Terminal Services Edition server or a Windows 2000 server running Terminal Services in Application mode.
The NTFS and Registry permissions applied by these scripts play a crucial role in controlling access to a server or domain controllers. It is very important that the scripts run to completion. Sometimes a bug or outside incident causes the script to stop. There should be an Event log entry if this happens.
If you peruse the entries in these scripts, you'll also find that the tight lockdowns in Windows Server 2003 are not applied to upgrades. If you want an upgraded server to have the same security settings as a clean install, you can apply the security settings manually. See Chapter 11, "Understanding Network Access Security and Kerberos," for details on the contents of the security templates and how to apply a template to a server.