Previous Page
Next Page

2.1. Preparing to Install Windows Server 2003

As with any operating system, Windows Server 2003 comes with optional components that add or extend functionality in addition to the components that are required for everyday use. In this section, I'll outline these optional components, explain their function, and guide you as to whether you should install them.

2.1.1. Choosing Windows Components

An unwritten rule of system administration is to never install any components unless they are required. Although that might seem really basic at first, the point to take from this is that systems that operate only with the components required for their daily work are far easier to manage and considerably reduces your attack surface. There's less to go wrong, less to secure, and less to administer. Microsoft has embraced this maxim in a lukewarm sort of way by eliminating the ability to customize components (including adding them) at the time of a standard installation; you can add and remove Windows components only after installation is complete. (I'll cover ways around that limitation later in this chapter, but for now be aware that you can't customize an installation while it is in progress.)

However, even before you install the operating system, you should spend some time looking over its components to figure out which ones you need. Use Table 2-1 as a guide, which lists the components available for installation on machines with Windows Server 2003 loaded. Some of these options have submenus that deserve a look as well.

Table 2-1. Windows Server 2003 installation components

Option

Purpose

Accessories/Utilities

A collection of small applications and utilities such as WordPad and Paint

Certificate Authority

Secure authentication support for email, web site access, smart cards and LDAP directory services (among others) using X.509 authenticity certificates

Cluster Services

Provides for real-time failover in the event that one or more servers in a group stops working (only in EE and DE editions)

Indexing Services

Enables searching on both the text and properties of documents stored across the filesystem

Internet Information Services (IIS)

Provides support for web, FTP, news, and outgoing mail services

Management and Monitoring Tools

Tools to use with, among other things, the simple network management protocol (SNMP) to monitor systems and networks; Network Monitor is included within this group

Message Queuing

Provides a system for application developers to pool and queue messages across a diverse network

Microsoft Scripting Debugger

The development environment for scripts

Network Services

Networking components including DNS, DHCP, RADIUS (IAS), TCP/IP, and WINS

Other Network File and Print Services

Provide file and print services for Macintosh and Unix systems on the network

Remote Installation Services

Allows for remote installation of Windows 2000, XP, and Windows Server 2003 machines from the server

Remote Storage

Migrates local storage to remote and auxiliary storage devices

Terminal Services

Allows clients to run applications using a virtual session hosted by the server

Terminal Services Licensing

Automated licensing for Terminal Services (see preceding option)

Windows Media Services

Internet extensions to support server-side streaming media


Although actually installing Windows Server 2003 on your machines might be on the lighter side of your duties as an administrator, you still need to do some planning about both the architecture and organization of the computer and of your company's network. This section introduces you to the most common aspects of server installations and how you can make the appropriate decisions.

2.1.2. Partitioning Disks and Allotting Disk Space

You have a number of options when it comes to slicing and dicing the disk space on a machine that will run Windows Server 2003. You can, of course, create a new partition on either a nonpartitioned portion of a disk or by deleting an existing partition to make room for a new one. You also can install Windows Server 2003 on an existing disk partition if there's enough free disk space.

A single partition is the most common option for new Windows Server 2003 installations and is the simplest to use. However, some administrators like to create a separate partition, ranging from 4 to 10 GB in size, to hold the operating system files, and then another partition for the remainder of the disks in the server to hold user or application data. Additionally, if you choose to run Active Directory, Microsoft recommends keeping the Windows Server 2003 operating system separate from the Active Directory database and log files by using either a different disk or a different partition. During the Active Directory setup process you can specify an alternate location to store the Active Directory files. Finally, many administrators also like to create a separate partition that contains only the "page" file, the area of disk used by Windows Server 2003 to swap in and out pages of memory depending on server load and memory usage. In any case, segregating the operating system from your data makes it easier to perform upgrades to the operating system and to apply security updates and service packs without worrying about how it might affect the integrity of user data stored on the machine. You also might want to create other partitions to use Remote Installation Services, covered later in this chapter.

How much disk space? A general guide is that the partition on which Windows Server 2003 resides ought to be at least 1 GB in size, and preferably much larger. Always consider that your page file (if stored on the same partition as the Windows Server 2003 install files) might grow if managed by Windows Server 2003 and adequate space must be allocated to avoid virtual memory errors. Luckily, disk space these days is fairly cheap, so this shouldn't be too big of a hurdle to overcome. Most administrators also recommend that you keep the system files separate from user data filesat the very least, user data should be on a separate partition, and even better, on a separate disk. Having separate partitions ensures that user data won't be lost if the operating system ever becomes corrupted, whereas having separate physical disks affords that security as well as increased I/O performance because of less wear and tear on the disk controllers.

Along with partitioning comes the choice of filesystems. Windows Server 2003 supports three: NTFS, FAT, and FAT32. NTFS is the filesystem native to Windows NT-based operating systems, and it supports the full range of built-in security features, automatic file compression, disk space quotas, and file encryption. FAT and FAT32, although venerable standards that have a place in systems where legacy compatibility is crucial, do not offer NTFS security features and therefore should be used only if required. You can convert an existing FAT or FAT32 system to NTFS at a later time, but you cannot convert to either FAT filesystem from NTFS.

Table 2-2 shows the comparative advantages and disadvantages of the three filesystems.

Table 2-2. Comparison of supported filesystems

Feature

FAT

FAT32

NTFS

Granular security

  

Compatibility

Can read FAT32; cannot read NTFS

Can read FAT; cannot read NTFS

Can read both FAT and FAT32

Support for Recovery Console in emergencies

  

Support for becoming a domain controller

  

Can be converted

To FAT32 or NTFS

To NTFS

No conversion supported


The remainder of this book assumes that you have installed Windows Server 2003 on a disk or partition formatted with NTFS.


2.1.3. Assigning Licenses

Windows Server 2003 offers two licensing options for clients, and each has specific advantages depending on the computing environment in which the OS will be installed:

  • In per-seat mode, each connecting computer must have a CAL. However, any number of clients with CALs can connect to the server at any time.

  • In per-server mode, only clients with licenses can connect to the server simultaneously. For smaller businesses without roaming employees, however, per-server mode saves money on CALs because it's relatively easy to determine a peak load.

Those familiar with NT and Windows 2000 licensing schemes will note that Windows Server 2003 licensing hasn't changed much from earlier versions.


Per-server licensing almost always is the better choice among the two options, for a couple of reasons. First, the Windows Licensing Service will take care of enforcing the number of licenses you tell it you have in per-server mode. So, if you have 25 CALs, and user 26 tries to access a file on your machine, Windows will reject the connection. This takes away a big headache of license enforcement as long as you've configured the license service with accurate information. After you configure the license service, Windows takes care of policing the connections for you automatically. Second, it's a better way of tracking how your employees use the network. Under per-seat licensing , you need a license for your vice president of finance's home computer because he sometimes checks email there at night. You'd also need a license for desktop, laptop, and PDA devices if any of them use a server resource. Per-server licensing eliminates the need to go overboard with license purchases, and it doesn't make you distinguish and prioritize between licenses.

In some situations, per-client licensing makes sense, however. If you have a lot of Windows servers, buying a client license for each workstation eliminates the need to license clients for each server. If you also use Terminal Services in application mode, you'll probably find that per-client licensing is less expensive. However, if you're in doubt as to which licensing method to choose, you should pick per-server. Windows allows you to change once from per-server to per-seat licensing, but not from per-seat to per-server licensing.

Another issue also needs to be noted: as soon as you add a system running Windows Server 2003 to your network, you must purchase brand-new CALs to remain in compliance with the Windows Server 2003 license agreement. If you read Chapter 1, you'll be familiar with this requirement. That's really unfortunate from my point of view, mainly because traditionally, NT upgrades that require new licenses involve significant changes to the underlying operating system code; in many opinions, Windows Server 2003 just doesn't offer enough change to justify that expense. But regardless of whether any of us agree with the license terms, it is a necessary condition of using Windows Server 2003.

You can purchase CALs at any major vendor, including Computer Discount Warehouse (CDW) and PC Connection. You also can purchase CALs directly from Microsoft through an enterprise agreement. You can discuss how best to acquire licenses by speaking with a Microsoft licensing representative. They're more than happy to discuss options with you.

2.1.4. Joining Domains Versus Joining Workgroups

During the second half of the installation process, you'll be asked whether you want to create or join an existing workgroup or make this machine a member of an existing domain. A workgroup is a decentralized collection of computers designed to facilitate resource sharing among a handful of computers. There is no common security database, and all user files and folders, as well as profile information, are stored locally on each computer. A domain is a group of network resources delineated by the network administrator with a centralized and shared security database. Domains allow for a central logon and easier management of their member clients and servers. In Windows Server 2003, domains are administered as part of Active Directory forest. To join a new machine to a domain, that domain must already exist and a domain controller for that domain must be reachable (via the network) by the new machine. You can also create a new Active Directory domain after you've installed Windows Server 2003.


Previous Page
Next Page