Lesson 2 Installation and Configuration of Windows Server 2003 and Active Directory
1
-
19
Figure 1-3 Summary Of Selections
9. After the system has restarted, log on as Administrator.
10. The Configure Your Server Wizard will summarize its final steps, as shown in
Figure 1-4.
Figure 1-4 The Configure Your Server Wizard
11. Click Next and then click Finish.
12. Open Active Directory Users And Computers from the Administrative Tools group.
Confirm that you now have a domain called contoso.com by expanding the
domain and locating the computer account for Server01 in the Domain Control-
lers OU.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1-20
Chapter 1 Introducing Microsoft Windows Server 2003
Lesson Review
1. Which of the following versions of Windows Server 2003 require product activa-
tion? (Select all that apply.)
a. Windows Server 2003, Standard Edition, retail version
b. Windows Server 2003, Enterprise Edition, evaluation version
c. Windows Server 2003, Enterprise Edition, Open License version
d. Windows Server 2003, Standard Edition, Volume License version
2. What are the distinctions among a domain, a tree, and a forest in Active Directory?
3. Which of the following is true about setup in Windows Server 2003? (Select all that
apply.)
a. Setup can be launched by booting to the CD-ROM.
b. Setup can be launched by booting to setup floppies.
c. Setup requires a non-blank password to meet complexity requirements.
d. Setup will allow you to enter all 1’s for the Product ID.

pany has decided to roll out Exchange Server 2003 as a unified messaging plat-
form for all the subsidiaries, and plans to use Microsoft Metadirectory Services
(MMS) to synchronize appropriate properties of objects throughout the organiza-
tion. Which edition of Windows Server 2003 will provide the most cost-effective
solution for this deployment?
Windows Server 2003, Enterprise Edition, is the most cost-effective solution that supports
MMS. Standard and Web editions do not support MMS.
3. You are rolling out servers to provide Internet access to your company’s e-com-
merce application. You anticipate four servers dedicated to the front-end Web
application and one server for a robust, active SQL database. Which editions will
provide the most cost-effective solution?
Windows Server 2003, Web Edition, provides a cost-effective platform for the four Web applica­
tion servers. However, Web Edition will not support enterprise applications like SQL Server; the
edition of MSDE included with Web Edition allows only 25 concurrent connections. Therefore,
Windows Server 2003, Standard Edition, provides the most cost-effective platform for a SQL
Server.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
1-22
Chapter 1 Introducing Microsoft Windows Server 2003
Page
Lesson 2 Review
1-20
1. Which of the following versions of Windows Server 2003 require product activa-
tion? (Select all that apply.)
a. Windows Server 2003, Standard Edition, retail version
b. Windows Server 2003, Enterprise Edition, evaluation version
c. Windows Server 2003, Enterprise Edition, Open License version
d. Windows Server 2003, Standard Edition, Volume License version
The correct answers are a and b.
2. What are the distinctions among a domain, a tree, and a forest in Active Directory?

Why This Chapter Matters
In the daily work of a systems administrator, you frequently use tools to configure
user accounts, modify computer software and service settings, install new hard-
ware, and perform many other tasks. As the computing environment expands to
include more computers, so expands the amount of work to be done. The
Microsoft Management Console (MMC) allows for the consolidation and organi-
zation of some of the tools used most often. In addition, MMC consoles can be
customized and tailored to fit the exact needs of the worker and the task at hand, so
tasks can be delegated to more junior administrators with fewer chances for error.
When more global control of a remote computer is required, beyond what can be
done remotely through the MMC, two key tools make administration of remote
computers possible: Remote Desktop for Administration and Remote Assistance.
Generally, you can regard Remote Desktop for Administration as a client-server
application that allows for a window on your desktop computer to show the local
console of a server computer, giving you the ability to control the keyboard and
mouse functions as if you were logged on locally at the console of the server.
Remote Assistance is similar in function, but is scoped for desktop computers running
an operating system from the Microsoft Windows Server 2003 or Windows XP
family. A user at that computer makes a request for assistance, and a remote con-
nection can be established from a remote computer to that desktop.
2-1
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
2-2
Chapter 2 Administering Microsoft Windows Server 2003
Lessons in this Chapter:
■
Lesson 1: The Microsoft Management Console . . . . . . . . . . . . . . . . . . . . . . . 2-3
■
Lesson 2: Managing Computers Remotely with the MMC. . . . . . . . . . . . . . . . 2-9
■

security principals (Users, Groups, and Computers) in a domain. The snap-ins within
the MMC—not the MMC itself—are the administrative tools that you use.
Note
MMC consoles will run on Windows Server 2003, Windows 2000, Windows NT 4,
Windows XP, and Windows 98.
After this lesson, you will be able to
■
Configure an MMC with individual snap-ins
■
Configure an MMC with multiple snap-ins
■
Save an MMC in Author or User mode
Estimated lesson time:
15 minutes
The MMC
The MMC looks very much like a version of Windows Explorer, only with fewer but-
tons. The functional components of an MMC are contained within what are called
snap-ins: Menus and a toolbar provide commands for manipulating the parent and
child windows, and the console itself (which contains the snap-ins) allows targeted
functionality. In addition, an MMC can be saved with and the various options and
modes appropriate to the situation.
Navigating the MMC
An empty MMC is shown in Figure 2-1. Note that the console has a name, and that
there is a Console Root. It is this Console Root that will contain any snap-ins that you
choose to include.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
2-4
Chapter 2 Administering Microsoft Windows Server 2003
Figure 2-1 An empty MMC
Each console includes a console tree, console menu and toolbars, and the detail pane.

are two types of snap-ins: stand-alone and extension.
You can combine one or more snap-ins or parts of snap-ins to create customized
MMCs, which can then be used to centralize and combine administrative tasks.
Although you can use many of the preconfigured consoles for administrative tasks,
customized consoles allow for individualization to your needs and standardization
within your environment.
Tip
By creating a custom MMC, you do not have to switch between different programs or
individual consoles.
Stand-Alone Snap-Ins
Stand-alone snap-ins are provided by the developer of an application. All Administra-
tive Tools for Windows Server 2003, for example, are either single snap-in consoles or
preconfigured combinations of snap-ins useful to a particular category of tasks. The
Computer Management snap-in, for example, is a collection of individual snap-ins use-
ful to a unit.
Extension Snap-Ins
Extension snap-ins, or extensions, are designed to work with one or more stand-alone
snap-ins, based on the functionality of the stand-alone. When you add an extension,
Windows Server 2003 places the extension into the appropriate location within the
stand-alone snap-in.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
2-6
Chapter 2 Administering Microsoft Windows Server 2003
Many snap-ins offer stand-alone functionality and extend the functionality of other
snap-ins. For example, the Event Viewer snap-in reads the event logs of computers. If
the Computer Management object exists in the console, Event Viewer automatically
extends each instance of a Computer Management object and provides the event logs
for the computer. Alternatively, the Event Viewer can also operate in stand-alone mode,
in which case it does not appear as a node below the Computer Management node.
Off the Record

2
-
7
Table 2-2
MMC User Modes
Type of User Mode Description
Full Access Allows users to navigate between snap-ins, open windows, and
access all portions of the console tree.
Limited Access, Prevents users from opening new windows or accessing a portion of
Multiple Windows the console tree, but allows them to view multiple windows in the
console.
Limited Access,
Single Window
Prevents users from opening new windows or accessing a portion of
the console tree, and allows them to view only one window in the
console.
Note
MMCs, when saved, have an *.msc extension. Active Directory Users And Computers,
for example, is named Dsa.msc (Directory Services Administrator.Microsoft Saved Console).
Practice: Building and Saving Consoles
In this practice you will create, configure, and save an MMC console.
Exercise 1: An Event Viewer Console
1. Click Start, and then click Run.
2. In the Open text box, type mmc, and then click OK.
3. Maximize the Console1 and Console Root windows.
4. From the File menu, choose Options to view the configured console mode.
In what mode is the console running?
5. Verify that the Console Mode drop-down list box is in Author mode, and then
click OK.
6. From the File menu, click Add/Remove Snap-In.

The MMC is a useful tool for organizing and consolidating snap-ins, or small programs
that are used for network and computer system administrative tasks. The hierarchical
display, similar to that of Windows Explorer, offers a familiar view of snap-in features
in a folder-based paradigm. There are two types of snap-ins, stand-alone and extension,
with extensions appearing and behaving within the MMC based on the context of their
placement. Any console can be configured to work in either of two modes, Author or
User, with the User mode offering some restricted functionality in the saved console.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Lesson 2 Managing Computers Remotely with the MMC
2
-
9
Lesson 2: Managing Computers Remotely with the MMC
Perhaps you work in a peer-to-peer network and need to help other users create user
accounts or groups on their computers to share local folders. You can save yourself a
trip to your coworkers’ offices by connecting to the users’ computers with your Com-
puter Management console (as shown in Figure 2-3). Or perhaps you need to format
drives or perform other tasks on a remote computer. You can perform almost any task
on a remote computer that you can perform locally.
Figure 2-3 Connecting to a user’s computer with the Computer Management console
After this lesson, you will be able to
■
Construct an MMC to manage a computer remotely
Estimated lesson time:
10 minutes
Setting Up the Snap-In for Remote Use
To connect to and manage another system using the Computer Management console,
you must launch the console with an account that has administrative credentials on the
remote computer. If your credentials do not have elevated privileges on the target com-
puter, you will be able to load the snap-in, but will not be able to read information

Lesson 2 Managing Computers Remotely with the MMC
2
-
11
4. Locate the Computer Management snap-in, and then click Add.
5. In the Computer Management dialog box, select Another Computer.
6. Type the name or IP address of the computer, or browse the network for it, and
then click Finish to connect.
7. Click Close in the Add Standalone Snap-In dialog box, then click OK to load the
Computer Management snap-in to your MyEvents console.
You can now use the management tools to administer the remote computer.
Lesson Review
The following questions are intended to reinforce key information presented in this
lesson. If you are unable to answer a question, review the lesson materials and try the
question again. You can find answers to the questions in the “Questions and Answers”
section at the end of this chapter.
1. What credentials are required for administration of a remote computer using
the MMC?
2. Can an existing MMC snap-in be changed from local to remote context, or must a
snap-in of the same type be loaded into the MMC for remote connection?
3. Are all functions within a snap-in used on a local computer usable when con-
nected remotely?
Lesson Summary
The MMC is able to load many different tools in the form of snap-ins. Some of these
snap-ins are programmed with the ability to connect either to the local computer or to
remote computers. The connection to a remote computer can be established when the
snap-in is loaded, or after loading by right-clicking the snap-in and choosing Connect.
You must have administrative privileges on the remote computer to use any tools
affecting the configuration of the remote computer.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

requirements.
Note
Because Terminal Services and its dependent Remote Desktop capability are default
components of Windows Server 2003, every server has the capability to provide remote
connections to its console. The term “terminal server” now therefore refers specifically to a
Windows Server 2003 computer that provides application sharing to multiple users through
addition of the Terminal Server component.
Other components—Terminal Server and the Terminal Server Licensing service—must
be added using Add Or Remove Programs. However, all of the administrative tools
required to configure and support client connections and to manage Terminal Server
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Lesson 3 Managing Servers with Remote Desktop for Administration
2
-
13
are installed by default on every Windows Server 2003 computer. Each of the tools and
their functions are described in Table 2-3.
Table 2-3
Default Components of Terminal Server and Remote Desktop
Installed Software Purpose
Terminal Services
Configuration
Terminal Services
Manager
Remote Desktop Client
Installation Files
Terminal Services
Licensing
Setting properties on the Terminal Server, including session, net-
work, client desktop, and client remote control settings

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
2-14
Chapter 2 Administering Microsoft Windows Server 2003
Tip
It is recommended to update previous versions of the Terminal Services client to the
latest version of Remote Desktop Connection to provide the most efficient, secure and stable
environment possible, through improvements such as a revised user interface, 128-bit
encryption and alternate port selection.
Figure 2-5 shows the Remote Desktop client configured to connect to Server01 in the
contoso.com domain.
Figure 2-5 Remote Desktop client
Configuring the Remote Desktop Client
You can control many aspects of the Remote Desktop connection from both the client
and server sides. Table 2-4 lists configuration settings and their use.
Table 2-4
Remote Desktop Settings
Setting Function
Client Settings
General Options for the selection of the computer to which connection should be
made, the setting of static log on credentials, and the saving of settings
for this connection.
Display Controls the size of the Remote Desktop client window, color depth, and
whether control-bar functions are available in full-screen mode.
Local Resources Options to bring sound events to your local computer, in addition to
standard mouse, keyboard, and screen output. How the Windows key
combinations are to be interpreted by the remote computer (for exam-
ple, ALT+TAB), and whether local disk, printer, and serial port connec-
tions should be available to the remote session.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Lesson 3 Managing Servers with Remote Desktop for Administration

disable various communication (I/O) ports.
Network Adapters Specifies which network cards on the server will accept Remote Desktop
for Administration connections.
General Set the encryption level and authentication mechanism for connections
to the server.
Terminal Services Troubleshooting
When using Remote Desktop for Administration, you are creating a connection to a
server’s console. There are several potential causes of failed connections or problem-
atic sessions:
■
Network failures Errors in standard TCP/IP networking can cause a Remote
Desktop connection to fail or be interrupted. If DNS is not functioning, a client
may not be able to locate the server by name. If routing is not functioning, or the
Terminal Services port (by default, port 3389) misconfigured on either the client or
the server, the connection will not be established.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
2-16
Chapter 2 Administering Microsoft Windows Server 2003
■
Credentials Users must belong to the Administrators or Remote Desktop Users
group to successfully connect to the server using Remote Desktop for Administration.
■
Policy Domain controllers will only allow connections via Remote Desktop to
administrators. You must configure the domain controller security policy to allow
connections for all other remote user connections.
■
Too many concurrent connections If sessions have been disconnected with-
out being logged off, the server may consider its concurrent connection limit
reached even though there are not two human users connected at the time. An
administrator might, for example, close a remote session without logging off. If