2.1. Preparing to Install Windows Server 2003As with any operating system, Windows Server 2003 comes with optional components that add or extend functionality in addition to the components that are required for everyday use. In this section, I'll outline these optional components, explain their function, and guide you as to whether you should install them. 2.1.1. Choosing Windows ComponentsAn unwritten rule of system administration is to never install any components unless they are required. Although that might seem really basic at first, the point to take from this is that systems that operate only with the components required for their daily work are far easier to manage and considerably reduces your attack surface. There's less to go wrong, less to secure, and less to administer. Microsoft has embraced this maxim in a lukewarm sort of way by eliminating the ability to customize components (including adding them) at the time of a standard installation; you can add and remove Windows components only after installation is complete. (I'll cover ways around that limitation later in this chapter, but for now be aware that you can't customize an installation while it is in progress.) However, even before you install the operating system, you should spend some time looking over its components to figure out which ones you need. Use Table 2-1 as a guide, which lists the components available for installation on machines with Windows Server 2003 loaded. Some of these options have submenus that deserve a look as well.
Although actually installing Windows Server 2003 on your machines might be on the lighter side of your duties as an administrator, you still need to do some planning about both the architecture and organization of the computer and of your company's network. This section introduces you to the most common aspects of server installations and how you can make the appropriate decisions. 2.1.2. Partitioning Disks and Allotting Disk SpaceYou have a number of options when it comes to slicing and dicing the disk space on a machine that will run Windows Server 2003. You can, of course, create a new partition on either a nonpartitioned portion of a disk or by deleting an existing partition to make room for a new one. You also can install Windows Server 2003 on an existing disk partition if there's enough free disk space. A single partition is the most common option for new Windows Server 2003 installations and is the simplest to use. However, some administrators like to create a separate partition, ranging from 4 to 10 GB in size, to hold the operating system files, and then another partition for the remainder of the disks in the server to hold user or application data. Additionally, if you choose to run Active Directory, Microsoft recommends keeping the Windows Server 2003 operating system separate from the Active Directory database and log files by using either a different disk or a different partition. During the Active Directory setup process you can specify an alternate location to store the Active Directory files. Finally, many administrators also like to create a separate partition that contains only the "page" file, the area of disk used by Windows Server 2003 to swap in and out pages of memory depending on server load and memory usage. In any case, segregating the operating system from your data makes it easier to perform upgrades to the operating system and to apply security updates and service packs without worrying about how it might affect the integrity of user data stored on the machine. You also might want to create other partitions to use Remote Installation Services, covered later in this chapter. How much disk space? A general guide is that the partition on which Windows Server 2003 resides ought to be at least 1 GB in size, and preferably much larger. Always consider that your page file (if stored on the same partition as the Windows Server 2003 install files) might grow if managed by Windows Server 2003 and adequate space must be allocated to avoid virtual memory errors. Luckily, disk space these days is fairly cheap, so this shouldn't be too big of a hurdle to overcome. Most administrators also recommend that you keep the system files separate from user data filesat the very least, user data should be on a separate partition, and even better, on a separate disk. Having separate partitions ensures that user data won't be lost if the operating system ever becomes corrupted, whereas having separate physical disks affords that security as well as increased I/O performance because of less wear and tear on the disk controllers. Along with partitioning comes the choice of filesystems. Windows Server 2003 supports three: NTFS, FAT, and FAT32. NTFS is the filesystem native to Windows NT-based operating systems, and it supports the full range of built-in security features, automatic file compression, disk space quotas, and file encryption. FAT and FAT32, although venerable standards that have a place in systems where legacy compatibility is crucial, do not offer NTFS security features and therefore should be used only if required. You can convert an existing FAT or FAT32 system to NTFS at a later time, but you cannot convert to either FAT filesystem from NTFS. Table 2-2 shows the comparative advantages and disadvantages of the three filesystems.
2.1.3. Assigning LicensesWindows Server 2003 offers two licensing options for clients, and each has specific advantages depending on the computing environment in which the OS will be installed:
Per-server licensing almost always is the better choice among the two options, for a couple of reasons. First, the Windows Licensing Service will take care of enforcing the number of licenses you tell it you have in per-server mode. So, if you have 25 CALs, and user 26 tries to access a file on your machine, Windows will reject the connection. This takes away a big headache of license enforcement as long as you've configured the license service with accurate information. After you configure the license service, Windows takes care of policing the connections for you automatically. Second, it's a better way of tracking how your employees use the network. Under per-seat licensing , you need a license for your vice president of finance's home computer because he sometimes checks email there at night. You'd also need a license for desktop, laptop, and PDA devices if any of them use a server resource. Per-server licensing eliminates the need to go overboard with license purchases, and it doesn't make you distinguish and prioritize between licenses. In some situations, per-client licensing makes sense, however. If you have a lot of Windows servers, buying a client license for each workstation eliminates the need to license clients for each server. If you also use Terminal Services in application mode, you'll probably find that per-client licensing is less expensive. However, if you're in doubt as to which licensing method to choose, you should pick per-server. Windows allows you to change once from per-server to per-seat licensing, but not from per-seat to per-server licensing. Another issue also needs to be noted: as soon as you add a system running Windows Server 2003 to your network, you must purchase brand-new CALs to remain in compliance with the Windows Server 2003 license agreement. If you read Chapter 1, you'll be familiar with this requirement. That's really unfortunate from my point of view, mainly because traditionally, NT upgrades that require new licenses involve significant changes to the underlying operating system code; in many opinions, Windows Server 2003 just doesn't offer enough change to justify that expense. But regardless of whether any of us agree with the license terms, it is a necessary condition of using Windows Server 2003. You can purchase CALs at any major vendor, including Computer Discount Warehouse (CDW) and PC Connection. You also can purchase CALs directly from Microsoft through an enterprise agreement. You can discuss how best to acquire licenses by speaking with a Microsoft licensing representative. They're more than happy to discuss options with you. 2.1.4. Joining Domains Versus Joining WorkgroupsDuring the second half of the installation process, you'll be asked whether you want to create or join an existing workgroup or make this machine a member of an existing domain. A workgroup is a decentralized collection of computers designed to facilitate resource sharing among a handful of computers. There is no common security database, and all user files and folders, as well as profile information, are stored locally on each computer. A domain is a group of network resources delineated by the network administrator with a centralized and shared security database. Domains allow for a central logon and easier management of their member clients and servers. In Windows Server 2003, domains are administered as part of Active Directory forest. To join a new machine to a domain, that domain must already exist and a domain controller for that domain must be reachable (via the network) by the new machine. You can also create a new Active Directory domain after you've installed Windows Server 2003. |