How to change Windows edition without reinstalling Windows? Deploying Active Directory.

A notable innovation in Windows Server 2003, unlike Windows 2000 Server, had a pre-installed .NET Framework shell, which made it possible to support the Microsoft .NET platform. Initially, Microsoft planned to call the new product “Windows .NET Server.” But later this name was rejected. Windows Server 2003 introduces many administration and management commands. Also included in the system for the first time is a shadow copy service, which allows you to automatically save previous versions of user files.

Editions

The operating system was released in four editions:

• Wed Edition. A "light" version of Windows Server 2003, designed primarily for web hosting and support of XML web services in small organizations and departments. This edition is provided only through Microsoft partners and is not sold as a "boxed product".
• Standard Edition. It is a publication aimed at use in medium and small businesses. The only features that are not available in the Standard Edition are those that Microsoft believes only large enterprises need. In addition, it is possible to use up to 4 processors simultaneously, as well as 4 GB random access memory.
• Enterprise Edition. A publication aimed at large and medium-sized businesses. Enterprise Edition allows you to use up to 1 terabyte of RAM, supports up to 8 processors simultaneously, adding RAM on the fly and clustering.
• Datacenter Edition. The most powerful of all editions of Windows Server 2003, designed for use in large organizations. This edition does not include some services, the use of which is only appropriate for small companies or groups.

There were also Enterprise Editions and Datacenter Editions for 64-bit systems based on Itanium 2 processors.

Server roles

Windows Server 2003 is a multitasking operating system that can manage different sets of roles centrally or distributedly, depending on user needs. Some of the server roles:

• file server and print server;
• web server and web application server;
• mail server;
• terminal server;
• remote access server/virtual private network (VPN) server;
• Directory service, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP) server, and Windows Internet Naming Service (WINS);
• streaming media server.

System requirements

• Minimum processor frequency 133 MHz (400 MHz for Datacenter Edition) for x86-based computers, 733 MHz for Itanium-based computers
• Minimum RAM 128 MB (512 MB for Datacenter Edition)
• Installation disk space 1.5 GB for x86-based computers, 2 GB for Itanium-based computers

OS End of Support

On July 14, 2015, official support for the Windows Server 2003 operating system ended. Microsoft says that many customers have already switched from the outdated server platform to a more recent one. However, there are quite a few companies that have not yet managed to update or do not intend to do so, putting their computer systems at risk.

As reported on the Microsoft website, the company will stop releasing security updates for Windows Server 2003/R2 and applications running on this OS, and will also stop providing online support to these users on July 14, 2015. All data centers running Windows Server 2003/R2 will not be compliant with security and government regulation, in connection with which Microsoft recommends migrating your equipment to the new OS as soon as possible. This is especially true for those companies that deal with sensitive data (for example, healthcare and financial institutions).

As of July 2014, as Microsoft reported then, there were about 24 million servers in the world managed by Windows Server 2003. The company did not provide more recent figures. Most likely, the number of such cars has decreased significantly over the year.

According to Mike Schutz, general manager of cloud platform marketing at Microsoft, an "overwhelming percentage" of the company's customers have already migrated their server workloads from Windows Server 2003. However, there still appear to be many companies that have retired their servers. Microsoft security patches, notes ComputerWorld.

One of these is the large American pharmaceutical company Sanofi, which has more than 12 thousand servers based on x86 architecture. Mike Stager, senior director of servers, storage and data recovery at Sanofi, said the company was too late in upgrading the systems, so the process would take several years.

Despite the end of support for Windows Server 2003, Microsoft will continue to release critical updates for this OS under the special Custom Support Agreement (CSA) program. Its subscribers will have to pay $600 per server in the first year of the program. Next year the cost will double and then triple.

The company offers Windows Server 2012 R2 as a new operating system.

Companies that have not planned to migrate to new OS versions may face a number of difficulties. The most serious ones include the lack of access to security updates for the operating system and the need to incur additional maintenance and security costs. In addition, servers based on Windows 2003/R2 will not be certified by regulators during an audit.

“In 2003, Windows Server 2003 was a modern operating system that took into account the realities and challenges of those times. A decade later, the OS is outdated and cannot meet all the requirements of modern IT needs, says Rodion Tulsky, manager for promoting infrastructure solutions for data centers, Microsoft in Russia. - Microsoft offers customers modern operating system, which fully meets today's challenges and trends and includes server virtualization capabilities, support cloud technologies, expanded functionality for working with storage facilities and new advanced security mechanisms.”

Microsoft offers specialized migration services from Microsoft Consulting Services to customers and actively collaborates with partners and developers to ensure that they can efficiently and effectively migrate and offer applications that support Windows Server 2012R2.

At the same time, companies planning a transition can purchase a new hardware server, install the Windows Server 2012 R2 operating system and transfer loads to the new server, or choose the virtualization path and transfer loads to a virtual machine running the Windows Server 2012 R2 operating system, reducing costs for equipment and electricity , cooling, place in the data center. Another alternative would be to migrate to virtual machines, for example, Microsoft Azure or service providers.

After support for Windows Server 2003 ends, companies should update not only the server OS, but also the hardware. Migration may take different times, which will depend on the number of servers, the role they play in the infrastructure, as well as the applications served. Migration to new and more modern operating systems will allow companies not only to update their fleet of operating systems, but also to modernize their infrastructure. Thus, when replacing hardware, the company will receive not only a new operating system, but also a completely different, more high level productivity.

The right migration strategy to newer and more modern operating systems includes several key elements. It requires identifying the remaining systems running Windows Server 2003, analyzing the workloads, and determining the appropriate path to move to new features and technologies. Microsoft suggests Windows Server 2012 R2 virtualization, Microsoft Azure, and Office 365 as the best systems to migrate from Windows Server 2003.

Migration includes:

• Consolidate physical servers or paid virtualization platforms into Hyper-V to save money.
• Migrate workloads such as Exchange or Office 365 to improve productivity and reduce workloads.
• Upgrade from SQL Server 2005 to SQL Server 2014 to solve critical performance problems and get faster access to any data.
• Migrate web applications to Microsoft Azure or Cloud OS Network to simplify access and scale applications, as well as improve and cost-effectiveness.
• Enhance consumer and business applications to meet the needs and mobile work environments of today's office workers.

Windows Server 2003 will continue to work after support ends, but it is important to note that software outside of support carries serious security risks and can lead to financial losses.

The migration process is usually divided into 4 steps. The duration of each of them depends on the specifics of the company’s infrastructure. The stages should be performed one after another and at each of them you should be attentive to detail.

Data collection

At the data collection stage, it is necessary to find out what state the IT infrastructure is in, what applications and their components are hosted on servers running the old operating system. The compiled catalog of servers and applications must also include information about the current loads on the system for their subsequent analysis.

Analysis

The analysis phase consists of the process of processing the received data and assessing the criticality of applications. It is necessary to find the most business-critical applications and think through approaches to their migration, as well as procedures for testing functionality after the migration itself.

This stage is also a good opportunity to create a list of applications and identify owners or responsibilities for them, eliminate applications that are no longer in use, or reallocate resources to the most loaded and critical tasks.

Choosing a path

The list obtained at the previous stage will allow you to determine the further vector of development of your IT infrastructure. At the stage of choosing a path, it is worth thinking about the use of new technologies. Perhaps at this point you will decide to reconsider your current capabilities and give preference to virtual environments, taking the first step towards a private cloud. This will save resources and avoid spending additional money on scalability or fault tolerance.

Migration The last step is the simplest and all that remains is to follow the planned migration process. Of course, we should not forget that before starting something large-scale, in our case this is migration, it is necessary to do backup copy infrastructure, and consider options for rolling back the system to its original state.

How can a team of experienced specialists help?

The migration process does not always go smoothly. There are many pitfalls that, without regular practical experience, cannot be taken into account when planning work. Therefore, during planning and testing, it is worth involving specialists from various fields to solve complex and non-trivial problems. For example, when migrating a database, it is advisable to keep a maintenance specialist on hand so that in the event of a malfunction or failure, he can quickly get involved in eliminating the consequences.

In addition, experienced server migration specialists in various business areas:

• will ensure that the migration process is maximally adapted to your IT infrastructure;
• will offer proven plans taking into account the specifics of your company and information systems, involved in it;
• taking into account the time allocated for the project, will be optimal road map on the migration of individual components, depending on their impact on the infrastructure;
• will be placed in in the right order priorities for migration of such critical parts of information systems as directory services, network infrastructure, file services, security components, etc.;
• use a flexible approach to project implementation, which will allow the involvement of experts from various IT areas at all stages of the project: from survey to support;
• optimize the infrastructure, identify weaknesses and make recommendations for eliminating them.

FSTEC does not plan to certify Windows Server 2003 after 2017

The Federal Service for Technical and Export Control (FSTEC) does not intend to extend the validity of certificates of conformity for the operating systems Windows Server 2003 and Windows Server 2003 R2 after August 2017.

This is due to the fact that Microsoft will stop supporting and releasing updates for these OSs, including those aimed at eliminating errors and vulnerabilities, starting July 15, 2015.

As FSTEC notes, at present, a significant part of the certified versions of the Windows Server 2003 and Windows Server 2003 R2 operating systems continues to be used to protect confidential information (including personal data) in the information systems of federal government agencies and government agencies of constituent entities Russian Federation, local governments and organizations. This is due, among other things, to the presence of a large amount of specific application software developed for these operating systems, used to implement their powers by government bodies and organizations.

The cessation of release of OS updates, combined with the likely discovery of new vulnerabilities in them, is fraught with threats to the security of confidential information. In addition, FSTEC predicts increased interest in unprotected operating systems from hackers.

To date, three versions of the operating systems Windows Server 2003 and Windows Server 2003 R2 have been certified according to information security requirements in the FSTEC certification system of Russia; licenses were issued until August 5, 2017.

FSTEC recommends that organizations working on these systems take into account additional information security threats associated with the end of the OS update, and also plan measures to transfer information systems to operating systems certified according to information security requirements and supported by their manufacturers before August 2017.

FSTEC also advises installing all current mandatory certified updates for certified versions of the Windows Server 2003 and Windows Server 2003 R2 operating systems, released by Russian manufacturers, then establishing a ban on automatic OS updates, and, if possible, excluding connections to the Internet and to departmental (corporate) networks. computer technology or segments of information systems running Windows Server 2003 and Windows Server 2003 R2 operating systems.

Today, alternatives to Windows for enterprise servers continue to gain market share, with Linux leading the way. However, the fact is that many users still stick with Windows for network applications, as a familiar (and often not so loved) companion.

In fact, many users have already connected two or more Windows computers to a network. This happens, say, when you need to provide public Internet access through a DSL router. Therefore, many users are already familiar with simple tasks such as sharing a directory, printer, or Internet connection.

However, the colorful Windows shell is not always as easy to configure as it might seem at first. Once you move from easy to use any functions to their network offer, there are many pitfalls that you simply need to be aware of. Today, the most powerful server tool in the Microsoft world is Windows Server 2003, which comes in three flavors (Web, Standard and Enterprise).

We purchased a disk with a standard version of Windows Server 2003 and prepared to do all the basic work of deploying the network. Throughout this article, we'll focus on implementing Active Directory because this directory service is essential for many high-level server applications, including the Exchange 2003 email server.

What to make the server on? Server hardware

A server does not always have to have two Xeon processors with expensive ECC memory and 64-bit PCI-X slots, as shown in the illustration. For a home or small office, a Pentium 4 or Athlon server with sufficient memory and a RAID array to protect against hard drive failure is sufficient.

In principle, any computer can operate as a Windows server provided that it meets the minimum requirements. At the same time, the tasks performed impose their own specific requirements. For example, database or mail servers are very sensitive to RAM, so the server must be equipped with a considerable amount of it. For file server The performance and capacity of the hard drive are important.

If some users do not spare money and can afford machines with four Itanium, Opteron or Xeon processors due to the requirements of some specific applications, then systems with one and two processors are most common in the server market. Today, AMD Opteron processors are gradually gaining popularity, although the most common choice for small servers is Intel Xeon.

Xeon and Pentium 4 processors have a lot in common, so for a single-processor server, we recommend the Pentium 4 with Hyper-Threading Technology because it delivers high performance and is supported by many proven platforms. AMD doesn't look so good here, as this chip is designed primarily for multimedia tasks. If in doubt, we recommend getting the lower-end Opteron model, as it performs on par with, and sometimes even better than, relatively expensive Intel processors, while also providing support for 64-bit computing.

Depending on the importance of continuous operation of the server, we recommend purchasing a UPS uninterruptible power supply, an additional power supply for redundancy, and also equipping the server with a RAID array.

In addition, the server's network interfaces should be mentioned. If the computer will operate within a local network, then for most cases one network controller will be sufficient. In any case, today we recommend taking a gigabit controller, which, by the way, is already integrated into many motherboards. If the server will also provide Internet access, then you will need a second network controller.

Installing Windows 2003 Server: Preparations

Any administrator who frequently installs Windows (and the second time is not so fun) should have a CD with the latest integrated Service Pack on hand. Instructions for integration can be found, for example, in the file winhelpline.info.

In principle, the installation CD can be supplemented with the latest drivers and modified so that the system installs itself, with virtually no user intervention. However, this approach makes sense only in certain conditions, because drivers change quickly, and new Windows updates appear too often. Therefore, the game is not worth the candle.

At the same time, the Service Pack can be integrated into the Windows distribution in a matter of minutes. SP rarely comes out, so we strongly recommend doing this operation.

Let's Get Started: Windows Server 2003 Options

Of course, creating multiple partitions does not provide protection against hardware failures, and this approach somewhat limits the system's flexibility when free space runs out. At the same time, it is better to separate data storages, both from the point of view of software problems and security. Therefore, we recommend creating the following sections:

• systemic;
• for the swap file (swap);
• user data;

Windows itself, along with all the necessary services, takes up less than 2 GB. Therefore, a system partition of 10 GB will be more than enough. Of course, for reliability, you can make it larger, especially if you will place the swap file on the system partition.

If this is not the case, then it is better to create a partition for the swap file first (2-4 GB is usually enough), since hard drives always write data starting from the outer tracks to the inner ones, so they slow down in this direction as the linear speed of the disk decreases .

The size of the partition for user data depends on many factors: how many users will store their data on the server, and what type of data it is.

Basic Windows 2003 settings

The first thing we did was return Windows to its usual appearance by selecting the classic menu. In our experience, most users prefer to work with the old menu. To do this, you need to right-click on the taskbar. Then select “Properties” and go to the Start Menu tab, where the desired option is present.

Then you need to customize the menu (by pressing the "Customize" key) to automatically open network connections and control panel options. We will skip personal menu settings, since they would be more of a disadvantage on the server.

To simplify server management, it is better to consolidate temporary files into one folder. Right-click on the "My Computer" icon, select "Properties", then go to the Advanced tab, click on the "Environment Variables" button - and now as a directory for temporary files (under the TMP and TEMP variables) you You can enter any one you wish. Now all temporary files will accumulate in it, which can be deleted as necessary.

It is best to set the paging file to a fixed size because it may become fragmented if the size changes. On the same Advanced tab, select the “Performance”, “Settings” button.

The delay when opening a submenu can get on your nerves. To get rid of it, we need a registry editor. Run the regedit.exe command. Then find the desired branch and parameter and enter the correct value as in the screenshot (see above).

In server-based systems, we have to manually manage everything that happens and when it happens. Automatic Windows Update runs counter to this philosophy, as Microsoft patches sometimes have a negative effect. Therefore, it is better to confirm automatic updates manually.

For server systems, visual effects are unlikely to be considered useful, so they should be disabled. Right-click on the desktop, then select Properties, Appearance and Effects. Turn off everything you can live without.

There, in the Settings tab and the Advanced item, you should change the resolution and refresh rate. In this case, we must take into account which monitor is connected to the server. Very old monitors do not support refresh rates above 60 Hz.

Setting up Internet Explorer

Security holes in Internet Explorer regularly bring surprises. For servers, it is better to apply the following rule: launch the browser only when necessary. Never go online without a firewall and antivirus protection.

Let's start by changing the Internet Explorer temporary directory (Tools, Internet Options, Setting for Temporary Internet files). Because the subdirectory for Internet Explorer files is created automatically, the browser has no way to access temporary system files. We usually limit maximum size this directory. By default, Internet Explorer caches so many files that it's like there's no tomorrow. However, for our needs, a few megabytes will be enough.

Internet Explorer security settings should be set to high.

...or maybe another browser: Mozilla Firefox 0.9

Firefox is emerging as a good alternative to Internet Explorer because it is small, fast and powerful without many security holes. In addition, it is safer for the reason that it is used much less frequently than Internet Explorer. Consequently, hackers are less interested in it.

The multi-function input bar in Firefox is really useful. You can download plugins that allow you to search directly on eBay, Amazon or Google. The choice is huge.

Windows 2003 Network Interface Configuration

Server systems often use multiple network cards, so it is better to change the standard interface names assigned by Windows to more understandable ones. In our example, only the network controller built into the board is available.

In the properties of the network adapter (Properties), which are displayed when you right-click, you can make all the necessary settings. Windows likes to install the QoS (quality of service) service, but on small networks it is hardly useful. By the way, don’t forget to check the box at the bottom of the dialog so that the connection icons are always visible on the taskbar.

Among other things, you can get all the necessary information about the network interface configuration.

Since we are installing a server, it must be reachable with the correct IP address. On a local network this is not so important, since you can always reach a computer by its name. But, as soon as it comes to providing services on the Internet (VPN, terminal services, FTP...), there must be a real IP address for the router.

We specified the IP address of our DSL router as the default gateway, since the server must have access to the Internet. We also specified the router as the DNS server.

Active Directory Deployment

The Active Directory (AD) directory service in Windows 2000 Server and Windows Server 2003 contains information about all the resources needed to run a network. It includes connections, applications, databases, printers, users, and groups. Microsoft is very specific that Active Directory provides a standard way to specify, describe, manage, and access resources.

Active Directory is not installed by default because it is not required for simple server tasks. But as the server begins to handle more and more tasks, AD becomes more and more important. Additional components, such as Microsoft's Exchange Server, for example, require a fully functional Active Directory.

The dcpromo command allows you to turn a regular server into an Active Directory controller. The process takes about ten minutes, and we will briefly describe it here.

We assume that there are no other servers on your network and therefore we need a controller for the new Active Directory infrastructure.

After this, we must determine whether the new AD domain will be integrated into the existing system.

Active Directory uses its own database to work with information most efficiently. Because your environment can quickly grow and the server can receive additional tasks, it is best to place databases and log files on a separate hard drive to maximize system performance.

The SYSVOL folder is another feature of Active Directory because its contents are duplicated by all Active Directory controllers in the domain. It contains login scripts, group policies and other options that should be available on all servers. Of course, the location of this folder can be changed.

This option will only be important if you have Windows computers NT with domain structure.

During installation, the AD wizard will complain that the DNS servers are not running. Therefore, it is necessary to install it too.

Setting up a DNS server

The DNS (Domain Name Service) system is the Achilles heel of the Active Directory structure. Since network communications are carried out by name for accessibility purposes (say, www.thg.ru), there must be a system for converting names to IP addresses - and vice versa. Forward requests convert the name to an IP address, and reverse requests convert the IP address to a name.

Installing a DNS server is quick (illustration above), although it usually doesn’t work right away.

This is how a reverse request works. Source: Microsoft

It's quite important to add a Reverse Lookup Zone. The DNS server will then be able to provide names based on IP addresses.

For our needs, we will need a primary zone, since we want to fully serve the local network with this DNS server. It is important to select the Active Directory integration option at the bottom of the window.

Of course, we need to enter the address space for the local network. In this case, the network ID will be 192.168.1.x. The subnet mask is 255.255.255.0, and the network can contain 254 computers. This amount will be enough for a home or small office. Switching to the mask 255.255.0.0 will increase the number of computers to 64,516.

We only need secure dynamic zone updates. Manual updates take too much effort.

Once confirmed, a reverse conversion zone will be created.

Finally, we will need a PTR record for our subnet 192.168.1.0.

Here you need to set the fully qualified domain name of the server. In our case it will be testserver.testdomain.com.

The best way to check correct settings DNS utilities are nslookup and ping. Since we plan to also access the Internet, we need to inform the DNS server how to resolve requests for other names.

For simplicity, we simply entered the IP address of our DSL router as the DNS forwarder. Our server will automatically redirect requests to the provider's DNS server.

10 Tips for Keeping Active Directory Security

Download and read the Windows Server 2003 Security Guide

made publicly available by Microsoft is designed to help administrators take additional measures to protect their Windows servers. From creating a member server baseline policy (MSBP) and domain controller hardening mechanisms to threat screening and countermeasures, this guide is an important and effective tool that every Windows administrator should have in their arsenal.

This article is devoted to the basics of the operating system. Here we will look at:

• Difference from previous versions;
• Editions of this OS;
• Installing Windows Server 2003;
• Server roles;
• Active Directory Basics;
• Command line functions;
• Setting up a remote desktop;
• Setting up a DHCP server.

Microsoft Windows Server 2003 is one of the most powerful server operating systems for PCs. Today there are newer versions of server operating systems, for example: Windows Server 2008, Windows Server 2008 R2, but today we will talk about this operating system because... During this time it has become so popular among system administrators, and many of them still do not want to switch to newer versions of the OS. This OS implements completely new system management and administration tools that first appeared in Windows 2000. Here are some of them:

• Active Directory - An extensible and scalable directory service that uses a namespace based on the standard Internet Domain Naming Service ( Domain Name System, DNS);
• InteiUMirror — a configuration environment that supports mirroring of user data and environment settings, as well as central administration of software installation and maintenance;
• Terminal Services - Terminal Services, which enables remote logon and management of other Windows Server 2003 systems;
• Windows Script Host - Windows script server to automate common administrative tasks such as creating user accounts and reporting on event logs.

Although Windows Server 2003 has many other features, these four are the most important for performing administrative tasks. This applies to the maximum extent to Active Directory, so for successful work The Windows Server 2003 system administrator must clearly understand the structure and procedures of this service.

If you already have experience with Windows 2000 servers, upgrading to Windows Server 2003 will be relatively easy because it is the next step in updating the Windows 2000 platform and technologies.

You can find an extensive list of new features in many books on new systems. Actually the list Windows changes Server 2003 is quite large compared to the previous version, and it has features that will interest almost any administrator.

In addition to its extensive list of new features, Windows Server 2003 is also exciting because it comes in 32-bit, 64-bit, and embedded ( embedded) options. However, most important differences concern four editions of the OS, which are listed below in order of functionality and, accordingly, price:

• Windows Server 2003 Web Edition;
• Windows Server 2003 Standard Edition;
• Windows Server 2003 Enterprise Edition;
• Windows Server 2003 Datacenter Edition.

Web Edition

To help Windows Server 2003 compete with other Web servers, Microsoft released a stripped-down but fully functional edition specifically for Web services. Feature set and licensing make it easy to deploy Web pages, Web sites, Web applications, and Web services.

Windows Server 2003 Web Edition supports 2 GB of RAM and dual-processor symmetric processing ( symmetric multiprocessor, SMP). This edition supports an unlimited number of anonymous Web connections, but only 10 incoming server message block connections ( server message block, SMB), and this is more than enough to publish content. Such a server cannot act as an Internet gateway, DHCP or fax server. Although the server can be managed remotely using Remote Desktop software, it cannot play the role of a terminal server in the traditional sense: it can belong to a domain, but cannot be a domain controller.

Standard Edition

This edition is a robust, feature-rich server that provides directory, file, print, application, multimedia and Web services for small and medium-sized businesses. Extensive ( compared to Windows 2000) the set of functions is supplemented by a number of components: MSDE ( Microsoft SQL Server Database Engine) - a version of SQL Server that supports five parallel connections to a database up to 2 GB in size; free pre-configured POP3 service ( Post Office Protocol v3), which together with the SMTP service ( Simple Mail Transfer Protocol) allows the node to play the role of a small stand-alone mail server; useful NLB tool ( Network Load Balancing), which was only present in Windows 2000 Advanced Server.

The Standard Edition supports up to 4 GB of RAM and four-processor SMP processing.

Enterprise Edition

Windows Server 2003 Enterprise Edition aims to be a powerful server platform for medium and large enterprises. Its enterprise features include support for eight processors, 32 GB of RAM, eight-node clustering including SAN-based clustering ( Storage Area Network, SAN) and geographically distributed clustering, plus compatibility with 64-bit computers based on Intel Itanium, which allows support for 64 GB of RAM and eight-processor SMP processing.
The following are other differences between the Enterprise Edition and the Standard Edition:

• MMS services support ( Microsoft Metadirectory Services), allowing you to combine directories, databases and files with the Active Directory directory service;
• « Hot» adding memory ( Hot Add Memory) - you can add memory to supported hardware systems without shutting down or rebooting;
• Windows System Resource Manager ( Windows System Resource Manager, WSRM), supporting the distribution of processor and memory resources between individual applications.

Datacenter Edition

The Datacenter Edition is available only as an OEM version, offered with high-end servers, and supports virtually unlimited scalability: for 32-bit platforms - 32-processor SMP processing and 64 GB of RAM, for 64-bit - 64 -processor SMP processing and 512 GB of RAM. There is also a version that supports 128-processor SMP processing based on two 64-processor sections.

64-bit editions

Compared to 32-bit editions, 64-bit editions of Windows Server 2003 running on Intel Itanium computers utilize processor speed more efficiently and perform faster floating point operations. Improvements in code and processing have significantly speeded up computing operations. Increased speed of access to a huge memory address space improves the performance of complex, resource-intensive applications, such as large database applications, research applications and high-load Web servers.

However, some features are not available in 64-bit editions. For example, 64-bit editions do not support 16-bit Windows applications, real-mode applications, POSIX applications, and print services for Apple Macintosh clients.

Installing and configuring Windows Server 2003

At Windows installation The Server2003 system is configured according to its role in the network. Servers typically become part of a workgroup or domain.

Working groups are loose associations of computers in which each computer is controlled independently.
As an administrator, you have undoubtedly spent a lot of time installing Windows platforms. The following are important features to consider when installing Windows Server 2003.

• Installation from bootable CD. Windows Server 2003 continues the tradition of installing from a CD. However, there is also an innovation: installation from floppy disks is no longer supported;
• Improved graphical user interface during installation. During installation, Windows Server 2003 uses a graphical user interface ( GUI), similar to the Windows XP interface. It more accurately describes the current state of the installation and the time remaining until it is completed;
• Product activation. Retail and trial versions of Windows Server 2003 require activation. Such mass programs licensing such as Open License, Select License or Enterprise Agreement do not require activation.

Once Windows is installed and activated, you can configure your server using the well-designed Manage this server page ( Manage Your Server), which automatically opens when you log in. This page simplifies the installation of some services, tools, and configurations depending on the server role. Click the Add or Remove Role button ( Add Or Remove A Role), the Server Configuration Wizard window will appear ( Configure Your Server Wizard).
If you select the Typical setup for the first server switch ( Typical Configuration For A First Server), the wizard will make the server a new domain controller, install Active Directory services and, if necessary, DNS services ( Domain Name Service), DHCP ( Dynamic Host Configuration Protocol) and RRAS ( Routing And Remote Access).

If you select the Special configuration switch ( Custom Configuration), the wizard can configure the following roles.

• File server (File Server). Provides centralized access to files and directories for users, departments and the organization as a whole. Selecting this option allows you to manage user disk space by enabling and configuring disk quota controls and speed up file system searches by enabling the Indexing Service ( Indexing Service).
• Print server (Print Server). Provides centralized management of printing devices, giving client computers access to shared printers and their drivers. If you select this option, the Add Printer Wizard will launch ( Add Printer), which allows you to install printers and related drivers. Additionally, the wizard installs IIS 6.0 ( Internet Information Services), configures the IPP printing protocol ( Internet Printing Protocol) and Web-based printer management tools;
• Application Server IIS, ASP.NET (Application Server IIS, ASP.NET). Provides the infrastructure components that are required to support hosting Web applications. This role installs and configures IIS 6.0, ASP.NET and COM+;
• Mail Server POPZ, SMTP (mail server POP3, SMTP). Installs POP3 and SMTP so that the server can act as a mail server for POP3 clients;
• Terminal Server (Terminal Server). Allows multiple users to use the Terminal Services client software ( Terminal Services) or Remote control desktop ( Remote Desktop) connect to server applications and resources, such as printers or disk space, as if those resources were installed on their computers. Unlike Windows 2000, Windows Server 2003 provides Remote Desktop Control automatically. Terminal server roles are required only when you want to host applications for users on a terminal server;
• Remote access server or VPN server (Remote Access/VPN Server). Provides multi-protocol routing and remote access services for switched, local area (LAN) and wide area network (WAN) networks. Virtual private network ( virtual private network, VPN) provides a secure connection between the user and remote nodes via standard Internet connections;
• Active Directory Domain Controller (Domain Controller Active Directory). Provides directory services to network clients. This option allows you to create a new or existing domain controller and set DNS. If you select this role, the Active Directory Setup Wizard ( Active Directory Installation Wizard);
• DNS Server (DNS server). Provides hostname resolution: DNS names are resolved to IP addresses ( direct search) and back ( reverse search). If you select this option, the DNS service is installed and the Setup Wizard starts. DNS servers (Configure A DNS Server Wizard);
• DHCP server (DHCP Server). Provides automatic IP address allocation services to clients configured to dynamically obtain IP addresses. If you select this option, DHCP services are installed and the Create Realm Wizard ( New Scope Wizard), allowing you to define one or more ranges of IP addresses on the network;
• Media Streaming Server (Streaming Media Server). Provides WMS services ( Windows Media Services), which allow the server to stream multimedia data over the Internet. Content can be stored and delivered on demand or in real time. If you select this option, the WMS server is installed;
• WINS server (WINS Server). Provides computer name resolution by resolving NetBIOS names to IP addresses. Install the WINS service ( Windows Internet Name Service) is not required unless you support older operating systems such as Windows 95 or NT. Operating systems such as Windows 2000 and XP do not require WINS, although older applications running on these platforms may need to resolve NetBIOS names. If you select this option, the WINS server is installed.

Domain controllers and member servers

When installing Windows Server 2003, the system can be configured as a member server, a domain controller, or a standalone server. The differences between these types of servers are extremely important. Member servers are part of a domain but do not store directory information. Domain controllers store directory data and run authentication and directory services within the domain. Isolated servers are not part of a domain and have their own user database, so the isolated server also authenticates login requests.

Windows Server 2003 does not differentiate between primary and backup domain controllers because it supports a multi-master replication model. In this model, any domain controller can process directory changes and then automatically replicate them to other domain controllers. In Windows NT's single-master replication model, things don't work like that: the primary domain controller keeps the master copy of the directory, and the backup domain controllers keep copies of it. Additionally, Windows NT only distributes the Security Account Manager database ( security access manager, SAM), and Windows Server 2003 - an entire directory of information called the data store ( datastore). It contains collections of objects that represent user, group, and computer accounts, as well as shared resources such as servers, files, and printers.

Domains that use Active Directory services are called Active Directory domains to distinguish them from Windows NT domains. Although Active Directory only works with one domain controller, additional controllers can and should be created in a domain. If ONE controller fails, others can be used to perform authentication and other critical tasks.

In an Active Directory domain, any member server can be promoted to the level of a domain controller without reinstalling the OS, as required by Windows NT. To turn a member server into a controller, you just need to install the Active Directory component on it. The opposite effect is also possible: demoting a domain controller to a member server if it is not the last domain controller on the network. Here's how to promote or demote a server using the Active Directory Setup Wizard.

Command Line Functions

Windows Server 2003 has a ton of command line utilities. Many of them use the TCP/IP protocol, so you should install it first.
As an administrator, you should be familiar with the following command line utilities.

• ARP - Displays and manages the hardware-software address binding used by Windows Server 2003 to send data over a TCP/IP network;
• FTP— launches the built-in FTP client;
• HOSTNAME— displays the name of the local computer;
• IPCONFIG— displays TCP/IP properties for network adapters installed on the system. Also used to update and release addresses issued by the DHCP service;
• NBTSTAT— displays statistics and current connection for the NetBIOS protocol over TCP/IP;
• NET— displays a list of subcommands of the NET command;
• NETSH— displays and manages the network configuration of local and remote computers;
• NETSTAT— displays current TCP/Ip connections and protocol statistics;
• NSLOOKUP— checks the status of a host or IP address when used with DNS;
• PATHPING— checks network paths and displays information about lost packets;
• PING— tests the connection with a remote node;
• ROUTE— manages routing tables in the system;
• TRACERT- while quoted and I defines the network path to the remote node.

To learn how to use these tools, type the command name at the command prompt without parameters; in most cases, Windows Server 2003 will provide help on how to use it.

Using the NET Command

Most of the tasks associated with the NET command subcommands are easier to accomplish using graphical administration tools and Control Panel tools. However, these subcommands are useful for quickly performing some actions or for quickly obtaining information, especially during Telnet sessions with remote systems.

• NET SEND— sends messages to users registered in the specified system;
• NET START— starts a service in the system;
• NET STOP— stops a service in the system;
• NET TIME— displays the current system time or synchronizes the system time with another computer;
• NET USE— connects and disconnects from a shared resource;
• NET VIEW— displays a list of available network resources.

To learn how to use the NET command, type NET HELP followed by a subcommand name, such as NET HELP SEND. Windows Server 2003 will display the required help information

Creating a Remote Desktop Connection

As an administrator, you can create remote desktop connections to Windows servers and workstations. On Windows 2003 Server, this requires installing Terminal Services ( Terminal Services) and configure them for use in remote access mode. In Windows XP, Remote Desktop connections are allowed by default and all administrators automatically have access rights. In Windows Server 2003, Remote Desktop is installed automatically, but is disabled by default, and you must manually enable this feature.
Here is one way to create a remote desktop connection to a server or desktop.

1. Click Start ( Start), then Programs ( Programs) or All programs ( All Programs), then Standard ( Accessories), then Communication ( Communications), then Remote Desktop Connection. A dialog box of the same name will open;
2. In the Computer field ( Computer) enter the name of the computer you want to connect to. If you don't know the name, use the drop-down list provided or select the Browse For More option in the list to open a list of domains and computers in those domains;
3. By default, Windows Server 2003 uses the current username, domain, and password to log on to a remote computer. If you need another account's information, click Options and step through the fields. Username ( User Name), Password ( Password) and Domain ( Domain);
4. Click Connect ( Connect). Enter a password if required and click OK. If the connection is created successfully, you will see the remote desktop window of the selected computer and will be able to work with the resources of this computer. If the connection failed, check the information you entered and try again

With the Remote Desktop Connection command ( Remote Desktop Connection) is simple to work with, but it is inconvenient if you have to create remote connections with computers quite often. Instead, it is recommended to access the Remote Desktops console ( Remote Desktops). It allows you to set up connections to multiple systems and then easily switch from one connection to another.

Introduction to DHCP

DHCP - means centralized management allocation of IP addresses, but its functions are not limited to this. The DHCP server provides clients with the basic information necessary for the operation of a TCP/IP network: IP address, subnet mask, information about the default gateway, primary and secondary DNS and WINS servers, as well as the DNS domain name.

DHCP Client and IP Address

A computer with a dynamic IP address is called a DHCP client. When the computer boots, the DHCP client requests an IP address from the pool of addresses allocated to that DHCP server and uses the address for a certain amount of time, called the lease period ( lease). After approximately half of this period, the client attempts to renew the lease and repeats these attempts until the renewal is successful or the lease expires. If the lease renewal fails, the client contacts another DHCP server. If the client successfully contacts the server, but its current IP address cannot be renewed, the DHCP server assigns a new IP address to the client.

The DHCP server usually does not affect the boot or login process. Loading a DHCP client and registering a user on the local system is possible even when the DHCP server is not running.

When the DHCP client starts, it tries to find a DHCP server. If this succeeds, the client receives the necessary configuration information from the server. If the DHCP server is unavailable and the client's lease has not yet expired, the client uses Ping to poll the standard gateway specified when receiving the lease. If successful, the client believes that he is probably on the same network he was on when he received the lease, and continues to use it. A failed poll means the client may be on a different network. Then autoconfiguration is applied. The client also resorts to it if the DHCP server is unavailable and the lease has expired.

Installing a DHCP Server

Dynamic allocation of IP addresses is only possible if there is a DHCP server on the network. DHCP components are installed using the Windows Component Installation Wizard, and the server is launched and authorized from the DHCP console. Only authorized DHCP servers can provide clients with dynamic IP addresses.

Installing DHCP Components

To enable a server running Microsoft Windows Server 2003 to act as a DHCP server, follow these steps:

1. In the Start menu ( Start) select Programs ( Programs) or All programs (All Programs), then click Administration ( Administrative Tools) and Server Configuration Wizard.
2. Click Next twice ( Next). The current server roles appear. Select the DHCP Server role and click Next twice. The wizard will install DHCP and launch the Create Realm Wizard;
3. If you want to immediately create the initial scope for the DHCP server, click Next ( Next) and follow the steps listed in the “ Managing DHCP scopes" Otherwise, click Cancel ( Cancel) and create the required areas later.
4. Click Finish ( Finish). To use the server, you must authorize it in the domain, as described in the section Authorizing a DHCP Server in Active Directory. Next, you need to create and enable all the necessary DHCP scopes.

After installing the DHCP server, dynamic IP addressing is configured and managed from the DHCP console. The command to run it is located in the Administration menu ( Administrative Tools). The main window of the DHCP console has two panels. On the left, all DHCP servers in the domain are listed by IP address, including the local computer if the window is open on the DHCP server. On the right is detailed information about the selected object.

That’s probably all I wanted to tell you about the basics of the Microsoft Windows Server 2003 operating system.

I wish you good luck in mastering this OS.

So, you have successfully installed the Windows Server 2003 operating system on your computer (you can read about the installation process). There's a fun setup process ahead, which you can easily accomplish with the help of this illustrated guide. Of course, you are free to choose the order of these procedures, but here they are presented in the optimal sequence, allowing you to achieve your goal in the shortest possible way. Let's get started.

First of all, let's disable the password request when logging in. In the "Start" menu, select "Run" and enter the command control userpasswords2:

The “User Accounts” dialog will appear, in which you need to uncheck the “Require username and password” checkbox:

After clicking OK, the system will ask for the current (valid) password.

The Windows 2003 security policy provides control over machine reboots and shutdowns. In everyday life this is unnecessary, so let's disable this function. Using the method described above, we issue the command gpedit.msc:

The MMC console will open, in which you need to find the option “Display event tracking dialog”. Look at the screenshot where to look for it:

It should be given the "Disabled" state.

You won't be able to just use additional storage devices such as USB Flash drives. They need to be forced to assign free letters from "Disk Management". However, you can enable the automatic volume mounting feature. Type diskpart

A command line will open in which you should type automount enable:

After pressing Enter a confirmation will appear

The automount parameter first appeared in Windows Server 2003. Do not try to set it in Windows XP, it will not work.

For convenience, you can disable driver signature verification. This is done from the "System Properties" dialog, which can be called up by pressing the key combination WIN+Break

Disabling the scan is done by selecting the appropriate item and pressing OK.

It should be remembered that this action carries a certain risk, which may lead to unstable operation of the equipment.

If you have an expensive or slow Internet connection, it may be wise to skip Windows Update services.

Select "Never use Windows Update to find drivers" and click OK.

After clicking on the “Options” button, we get to “Performance Options”, where on the “Visual Effects” tab you can customize the appearance. Experience shows that using the items "Using typical folder tasks"

",Casting shadows of icons on the desktop", ",Display window contents when dragging", and "Displaying a transparent rectangle when selecting", creates additional comfort when working without causing a noticeable decrease in performance.

After clicking the "Apply" button, go to the "Advanced" tab, where the main performance management parameters are located.

In the section "CPU time allocation", the choice should be made in favor of programs. For the “Memory Usage” section, not everything is so simple. For systems with a small amount of RAM, it is recommended to optimize the operation of programs. If the memory is 512 MB or more, it may be worth optimizing the system cache. In this case, switching between applications will be faster.

Let's go to the "Data Execution Prevention" tab. If you are experiencing problems with applications that cause "Memory cannot be read" messages, select "Turn on DEP for essential Windows programs and services only"

Using the "Error Report" function on home computer running Windows Server 2003, to put it mildly, it is doubtful...

You can disable the function like this:

Very different attitudes of users towards automatic system updates. Typically, users who do not have unlimited access to the Internet disable this function. We also adhere to this opinion. "System Properties", tab "Automatic Updates",

Now let's look at the desktop and screen settings. Right-click on the desktop to call up the context menu, in which we select “Properties”. Next, let's go to the "Screen" tab.

Using the "Desktop Settings" button, we will open a new dialog.

In it we will mark those elements whose presence on the desktop we need.

By going to the “Screensaver” tab, you should uncheck the “Password protection” checkbox if you don’t want to enter this same password again every time after several minutes of inactivity.

The "Power" button will open the energy saving settings.

In many cases, they can be skipped by owners of desktop computers, but if you have a laptop, a visit is required.

On the "Sleep mode" tab, check the box if necessary.

After that, return to the “Advanced” tab and uncheck the “Request a password when resuming from sleep mode” option that appears.

On the "Power Schemes" tab, make settings according to your needs. Clicking the OK button will take us back to the screen properties settings. Let's go to the "Options" tab, and then click on the "Advanced" button.

Attention! This is a very important part of the setup. If you skip it, you will not be able to use your computer’s video card to its full potential. Open the “Diagnostics” tab and set the “Hardware acceleration” slider to maximum.

In addition to hardware acceleration itself, thanks to this procedure, the video card settings become available to us; you will be able to see them later, after installing the drivers.

By default, Internet Explorer is configured quite aggressively. On a network server this is justified, since it reduces the risk of virus infection and hacker attacks, but for everyday use it is unacceptable. Therefore, you should remove the Enhanced Security Configuration. From the Control Panel, open "Add or Remove Programs".

By clicking the "Install Windows Components" button, we get a window for selecting components. Uncheck "Internet Explorer Enhanced Security Configuration"

What's next? For many programs, the presence of certain libraries that are not initially present in the system turns out to be critical. We recommend that you immediately, so as not to experience difficulties later, install the following components available for download (link):

If you want to install themes from other (non-Microsoft) manufacturers, you will need the following file to replace the existing one:

(dll files are installed by simply copying them to the %SYSTEMROOT%\System32 directory)
Today it’s just as difficult to do without the .NET Framework, so let’s install it too:

The latest version of NET.Framework 3.5 SP1 can be downloaded.
If you need support for version 4 of NET.Framework, download it.

Now you can install device drivers. Please note that not all equipment officially supports server systems, so if during the driver installation process you encounter a message like this

just click the "Yes" button. As a rule, there are no problems after this.

From the "Start" menu, go to administration, where select "Services". The corresponding equipment will open. You need to run Windows Audio, the Image Upload Service (WIA), and, if you want to use XP themes, the Themes service. How to do this can be seen below:

Finally, you need to enable DirectX acceleration. Type dxdiag in the "Run" dialog, after which the "DirectX Diagnostic Tool" will open, in which you need to go to the "Display" tab.

Press successively on all available acceleration buttons. Go to the "Sound" tab, where you enable full hardware audio acceleration.

Now in the Control Panel, find "Sounds and Audio Devices". Check the "Show icon in taskbar" checkbox.

The setup is complete.

When installing programs that are not intended for server platforms, you may encounter certain difficulties. As one of the possible solutions, you can try the utility NTSwitch, making changes to the system that mislead the program installer. Most likely, a custom boot will follow, then boot the computer in safe mode and install the program. Then put the system back into server mode. Attention! This is a violation of the license agreement! In addition, this action can lead to complete inoperability of the OS! Proceed at your own risk!

Solving problems with transfer already installed system for new equipment is described in the article