Windows
Server 2008 R2 provides several new benefits that help organizations
better administer their networking environment. These new features
provide better file and data management, better performance monitoring
and reliability tracking tools to identify system problems and
proactively address issues, a new image deployment tool, and a whole new
set of Group Policy Objects that help administrators better manage
users, computers, and other Active Directory objects.
Improvements in the Group Policy Management
Windows Server 2008 R2 introduces
over 1,000 new Group Policy Objects specific to Windows Server 2008 R2
and Windows 7, along with several new components that expand on the core
capabilities of Group Policy management that have been part of Windows
2000/2003 Active Directory. The basic functions of Group Policy haven’t
changed, so the Group Policy Object Editor (gpedit) and the Group Policy
Management Console (GPMC) are the same, but with more options and
settings available.
As mentioned earlier, the
Group Policy Management Console can either be run as a separate MMC
tool, or it can be launched off the Features branch of the Server
Manager console tree, as shown in Figure 1.
Group policies in Windows Server 2008 R2 provide more granular
management of local machines, specifically having policies that push
down to a client that are different for administrator and
non-administrator users.
Additionally,
applications can now query or register with a network location
awareness service within Group Policy management, which provides the
identity where a user or computer object resides. As an example, a
policy can be written that allows users to have access to applications
and files if they are on a local network segment, but blocks users from
accessing the same content when they are on a remote segment for
security and privacy reasons. This addition to group policies adds a
third dimension to policies so that now administrators can not only
define who and what someone has access to, but also limit their access
based on where they are.
Note
When running the Group Policy
Management Console to manage a Windows Server 2008 R2 Active Directory
environment, run the GPMC tool from a Windows Server 2008 R2 server or a
Windows 7 client system to have access to all the editable objects
available. If you run the GPMC tool from a Windows 2003 server or
Windows XP client, you will not see all the features nor have full
access to edit all objects available.
This is because Windows
Server 2008 R2 now supports new template file formats (ADMX and ADML)
that are only accessible from Windows Server 2008, Windows Server 2008
R2, Windows Vista, and Windows 7 systems.
Introducing Performance and Reliability Monitoring Tools
Windows
Server 2008 R2 introduces new and revised performance and reliability
monitoring tools intended to help network administrators better
understand the health and operations of Windows Server 2008 R2 systems.
Just like with the Group Policy Management Console, the new Reliability
and Performance Monitor shows up as a feature in the Server Manager
console. By clicking on the Performance Diagnostic Console, the tool
shows up in the right pane, as shown in Figure 2.
The new tool keeps track
of system activity and resource usage and displays key counters and
system status on screen. The Reliability Monitor diagnoses potential
causes of server instability by noting the last time a server was
rebooted, what patches or updates were applied, and chronologically when
services have failed on the system so that system faults can
potentially be traced back to specific system updates or changes that
occurred prior to the problem.
By combining what used to
be three to four tools into a single console, administrators are able to
look at system performance, operational tasks, and historical event
information in their analysis of a server problem or system operations
instability.
Leveraging File Server Resource Manager
File Server Resource Manager
(FSRM) was a feature pack add-in to Windows 2003 R2 and has been
significantly improved with the release of Windows Server 2008 R2. FSRM
is a quota management system of files on network shares across an
enterprise. Rather than allowing
employees to copy the entire content of their laptop to a network, or
potentially back up their MP3 audio files onto a network, FSRM provides
the ability to not only limit the amount of content stored on network
shares, but also to set quotas (or limit storage altogether) on certain
file types. So, a user could be limited to store 200GB of files on a
network share, but of that limit, only 2GB can be allocated to MP3
files.
FSRM, shown in Figure 3,
in Windows Server 2008 R2 has been improved to allow the nesting of
quotas to ensure the most restrictive policy is applied. Quotas can also
transcend subfolders, so as new folders are created, or as policies are
applied at different levels in a folder hierarchy, the policies still
apply, and the rules are combined to provide varying levels of quota
allocation to user data. Additionally, quotas are now based on actual
storage, so if a file is compressed when stored, the user will be able
to store more files within their allocated quota.
Leveraging the Best Practice Analyzer
Included in Windows Server
2008 R2 is a built-in Best Practice Analyzer. Found in the Server
Manager console tool, the Best Practice Analyzer runs a series of tests
against Active Directory roles, such as the Hyper-V role, the DNS role,
and the Remote Desktop Services role, to assess whether the role has
been installed and configured properly and to compare the installation
with tested best practices.
Some
of the results from the Best Practice Analyzer could tell an
administrator they need to add more memory to a server, to move a role
to a separate server to improve role optimization, or to shift a
database to a different drive on the server to distribute disk
performance demands on the system.
Introduction of Windows Deployment Services
Windows Server 2008 introduced a
new tool called Windows Deployment Services (WDS), which was effectively
an updated version of the Remote Installation Services (RIS) that has
been available for the past several years. Unlike RIS, which was focused
on primarily scripted installations and client images, WDS in Windows
Server 2008 R2 can distribute images of Windows 7 clients or Windows
Server 2008 R2 servers in a significantly more flexible and modifiable
deployment process.
Like with RIS, Windows
Deployment Services allows a client system to initiate a Preboot
Execution Environment (PXE), effectively “booting” to the WDS server to
see a list of images that can be deployed on the system. Alternately, an
organization can create a Windows PE boot disc and have an image
initiated from a CD or DVD.
With Windows Server 2008 R2 and
Windows 7, the image can be created in Windows Imaging (WIM) format,
which allows for the injection of patches, updates, or even new code to a
WIM file without even booting the image file. This provides the
organization with more than just static images that get pushed out like
in RIS, but rather a tool that provides ongoing and manageable updates
to image files.
WDS also supports the imaging
of Windows 2003 servers and Windows XP client systems in the same manner
that RIS did in terms of pushing out images or using an unattend script
file to send images to systems.
