Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Note
This feature is not included on computers running the Microsoft® Windows® Server 2003, Web Edition,
operating system. For more information, see Overview of Windows Server 2003, Web Edition.
Server roles
The Windows Server 2003 family provides several server roles. To configure a server role, install the server role by
using the Configure Your Server Wizard and manage your server roles by using Manage Your Server. After you
finish installing a server role, Manage Your Server starts automatically.
To determine which server role is appropriate for you, review the following information about the server roles that
are available with the Windows Server 2003 family:
File server role overview
Print server role overview
Application server role overview
Mail server role overview
Terminal server role overview
Remote access/VPN server role overview
Domain controller role overview
DNS server role overview
DHCP server role overview
Streaming media server role overview
WINS server role overview
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 2 of 55
disk space limit or when a user exceeds the specified disk space warning level (that is, the point at which a user
is nearing his or her quota limit).
Use Indexing Service to quickly and securely search for information, either locally or on the network.
Search in files that are in different formats and languages, either through the Search command on the Start
menu or through HTML pages that users view in a browser.
For more information about implementing this server role, see File server role: Configuring a file server.
For more information about implementing this server role, see Print server role: Configuring a print server.
The Windows Server 2003 family includes an application server that contains all of this functionality and other
services for development, deployment, and runtime management of XML Web services, Web applications, and
distributed applications.
When you configure this server as an application server you will be installing Internet Information Services (IIS)
along with other optional technologies and services such as COM+ and ASP.NET. Together, IIS and the Windows
Server 2003 family provide integrated, reliable, scalable, secure, and manageable Web server capabilities over an
intranet, the Internet, or through an extranet. IIS is a tool for creating a strong communications platform of
dynamic network applications.
For more information about implementing this server role, see Application server role: Configuring an application
server.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 3 of 55
For more information about implementing this server role, see Mail server role: Configuring a mail server.
Important
In addition to configuring a terminal server, you must install Terminal Server Licensing and configure a Terminal
Server License Server. Otherwise, your terminal server will stop accepting connections from unlicensed clients
when the evaluation period ends 120 days after the first client logon. For more information about Terminal
Server Licensing, see Terminal Server Licensing.
For more information about implementing this server role, see Terminal server role: Configuring a terminal server.
For more information about implementing this server role, see Remote access/VPN server role: Configuring a
remote access/VPN server.
After configuring the domain controller role, you can do the following:
Store directory data and make this data available to network users and administrators. Active Directory stores
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 4 of 55
information about user accounts (for example, names, passwords, phone numbers, and so on), and enables
other authorized users on the same network to access this information.
Add additional domain controllers to an existing domain to improve the availability and reliability of network
services.
Improve network performance between sites by placing a domain controller in each site. With a domain
controller in each site, you can handle client logon processes within the site without using the slower network
connection between sites.
For more information about implementing this server role, see Domain controller role: Configuring a domain
controller.
After configuring the DNS server role, you can do the following:
Host records of a distributed DNS database and use these records to answer DNS queries sent by DNS client
computers, such as queries for the names of Web sites or computers in your network or on the Internet.
Name and locate network resources using user–friendly names.
Control name resolution for each network segment and replicate changes to either the entire network or globally
on the Internet.
Reduce DNS administration by dynamically updating DNS information.
For more information about implementing this server role, see DNS server role: Configuring a DNS server.
For more information about implementing this server role, see DHCP server role: Configuring a DHCP server.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 5 of 55
For more information about implementing this server role, see Streaming media server role: Configuring a
streaming media server.
For more information about implementing this server role, see WINS server role: Configuring a WINS server.
The typical setup for a first server will not run if any of the following conditions are met:
The computer is running Windows Server 2003, Datacenter Edition.
The computer is running Windows Server 2003, Web Edition.
The computer is joined to a domain.
The computer is already configured as a domain controller.
The computer is not a domain controller, but the Active Directory Installation Wizard has already been started.
The computer is a certification authority (CA).
The computer is already configured as a DNS server.
The computer is already configured as a DHCP server.
There are zero IP-enabled network adaptors.
There is only one IP-enabled network adaptor and the DHCP lease test succeeds.
The computer is already running Routing and Remote Access.
The computer does not have at least one NTFS partition.
The current session is a remote session.
When you promote a server to a domain controller, a domain is automatically created on the network. After you
promote a server to a domain controller, you can then promote other servers to domain controllers. For more
information, see Domain controllers.
When you configure your server using the typical setup for a first server, the local administrator's password is
automatically set as the Restore Mode Administrator password.
Sets up an application naming context in Active Directory on this domain controller for use by Telephony API
(TAPI) client applications. For more information, see Application directory partitions.
Installs Domain Name System (DNS) and creates a full domain name for your network.
DNS is a networking protocol for naming computers and network services that is organized into a hierarchy of
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 6 of 55
domains. TCP/IP networks, such as the Internet, use DNS naming to locate computers and services through
user-friendly names. When a user enters a DNS name in an application, DNS services can resolve the name to
other information associated with the name, such as an IP address.
For example, most users prefer a friendly name such as server1.example.microsoft.com to locate a computer
such as a mail server or Web server on a network. However, computers use numeric addresses to communicate
over a network. To make it easier to use network resources, DNS provides a way to map the user-friendly name
for a computer or service to its numeric address. For more information, see DNS domain names.
Changes the default NetBIOS name. You can change the default NetBIOS name on this page. For example, if
your Active Directory DNS domain name is yoursmallbusiness.local, the default NetBIOS domain name is
YOURSMALLBUSINE. You may want to change this to CORP or to your own abbreviation for your business name
for ease of use. For more information about NetBIOS, see NetBIOS name resolution.
Assigns a preferred DNS server with the same IP address that you specified for this server. For more
information, see How DNS query works.
Assigns a DNS forwarder. For more information, see Understanding forwarders.
Installs the DHCP Server service.
DHCP uses a client/server model. The network administrator establishes one or more DHCP servers that
maintain TCP/IP configuration information and provide it to clients. With a DHCP server installed and configured
on your network, DHCP–enabled clients can obtain their IP address and related configuration parameters
dynamically each time they start and join your network. DHCP servers provide this configuration in the form of
an address lease offer to requesting clients.
Assigns a static IP address, if one is not already assigned to the private network connection. For more
information, see Name resolution for TCP/IP.
Assigns a subnet mask (that is, if none has been configured on this server). By default, the Configure Your
Server Wizard assigns a subnet mask of 255.255.255.0. For more information, see Subnet masks.
Installs the Routing and Remote Access service (that is, if more than one network connection is detected).
The following table lists some of the additional tasks that you can perform on your server. To manage the new
services on this server, do the following:
To open Administrative Tools, click Start, click Control Panel, and then double-click Administrative Tools.
Note
If you demote this server so that it is no longer a domain controller, you must remove the TAPI application
partition by using the Tapicfg.exe utility. For more information, see To remove a TAPI application directory
partition.
Task Reference
Checklist: Installing a DNS server; To
Make additional configuration changes to the DNS server.
configure a new DNS server
Install additional domain controllers, if necessary. To create an additional domain controller
Configure additional options for the DHCP server. Checklist: Installing a DHCP server
(Optional) Monitor and measure various aspects of the DNS server
Monitoring DNS server performance
to prevent and troubleshoot performance degradation.
(Optional) Monitor and measure various aspects of the DHCP server Monitoring DHCP server performance; DHCP
to prevent and troubleshoot performance degradation. performance monitoring reference
Checklist: Creating an additional domain
(Optional) Install and configure additional domain controllers.
controller in an existing domain
(Optional) Select the appropriate security level for domain
Using the Active Directory Installation Wizard
administration.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 7 of 55
The following table lists the information that you need to know before you add a file server role.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 8 of 55
when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative
Tools, and then double-click Manage Your Server.
To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative
Tools, and then double-click Configure Your Server Wizard.
On the Server Role page, click File server, and then click Next.
This section covers:
File Server Disk Quotas
File Server Indexing Service
Summary of Selections
Using the Share a Folder Wizard
Completing the Configure Your Server Wizard
Removing the file server role
Settings Comments
If you want to enable disk quotas, so that you can limit and track disk space
usage on this file server, select this check box.
If you choose to enable disk quotas, you need to set the disk space limit. It is
Set up default disk recommended that you set moderately restrictive default limits for all user
quotas for new accounts, and then modify the limits to allow more disk space for users who work
users of this with large files. For example, users who work with scanned photographs or
server artwork might require large amounts of disk space.
You can also set the warning level so that users are notified when they exceed
the specified disk space limit. If you do not want to use a warning level, set this
number higher than the disk space limit.
Deny disk space to If you want to limit disk space usage on the file server, configure this setting. If
users exceeding you only want to track disk space usage on a per-user basis, leave this setting
disk space limit blank.
Log an event when If you want to log a system event when the user exceeds the disk space limit or
the user exceeds the warning level, configure these settings. You can view system events by using
any of the Event Viewer. To open Event Viewer, click Start, click Control Panel, double-
following click Administrative Tools, and then double-click Event Viewer.
After you finish, click Next.
Indexing Service provides a fast, easy, and secure way for users to search for information locally or on the
network. Users can search in files in different formats and languages, either through Search on the Start menu
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 9 of 55
Summary of Selections
On the Summary of Selections page, view and confirm the options that you have selected. If you selected File
server on the Server Role page, the following appears:
Install File Server Management
Run the Share a Folder Wizard to add new shared folders or share existing folders
To apply the selections shown on the Summary of Selections page, click Next.
This section describes the following steps in the Share a Folder Wizard:
Folder Path
Name, Description, and Settings
Permissions
Sharing was Successful
Folder Path
On the Folder Path page, specify the path to the folder that you want to share. To search for a folder, click
Browse.
After you finish, click Next.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 10 of 55
Permissions
On the Permissions page, specify the share permissions for the shared folder. To ensure that only authorized
users have access to the information in the folder, you must set permissions on the folder that you created.
Share permissions apply only to users who gain access to the resource over the network. They do not apply to
users who gain access to the resource from the computer where the resource is stored. Use the following table
to determine which share permissions are appropriate.
On the Server Role page, click File server, and then click Next. On the Role Removal Confirmation page,
review the items listed under Summary, select the Remove the file server role check box, and then click
Next. On the File Server Role Removed page, click Finish.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 11 of 55
The Configure Your Server Wizard automatically installs File Server Management, which you use to manage your
file server. To open File Server Management, click Start, click Control Panel, double-click Administrative Tools,
and then double-click File Server Management.
The following table lists some of the additional tasks that you can perform on your file server.
This document explains how to use the Configure Your Server Wizard to quickly meet the most basic requirements
of a print server. When you are done setting up a basic print server, you can complete additional configuration
tasks, depending on how you want to use this print server.
This topic covers:
Before you begin
Configuring your print server
Next steps: Completing additional tasks
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 12 of 55
server must be joined to a domain. If you do not need to perform either of these tasks, the print server does
not need to be joined to a domain.
All existing disk volumes use the NTFS file system. FAT32 volumes are less secure. For more information about
encrypting data stored on NTFS volumes, including spooled print jobs, see Storing Data Securely.
The following table lists the information that you need to know before you add a print server role.
On the Server Role page, click Print server, and then click Next.
This section covers:
Printers and Printer Drivers
Summary of Selections
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 13 of 55
Summary of Selections
On the Summary of Selections page, view and confirm the options that you have selected. If you selected
Windows 2000 and Windows XP clients only on the previous page, the following appears:
Add printers to this server using the Add Printer Wizard.
If you selected All Windows clients on the previous page, the following appears:
Add printers to this server using the Add Printer Wizard.
Add printer drivers to this server using the Add Printer Driver Wizard.
To apply the selections shown on the Summary of Selections page, click Next.
This section describes the following steps in the Add Printer Wizard:
Local or Network Printer
New Printer Detection
Select a Printer Port
Specify a Printer
Install Printer Software
Use Existing Driver
Name Your Printer
Printer Sharing
Location and Comment
Print Test Page
Completing the Add Printer Wizard
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 14 of 55
To configure this print sever to send print jobs directly to the printer, click Local printer attached to this
computer. Typically, print servers send print jobs directly to the printer. A printer with its own network
adapter is considered to be a local printer. If you want to send print jobs directly to a printer with its own
network adapter, click this option.
To configure this print server to forward print jobs to a second print server, click A network printer, or a
printer attached to another computer. For example, you can configure a print server at a branch office to
forward print jobs to a print server in the main office. You might do this if regulations require you to create
printouts of daily transaction logs and store them at the main office. If you want to do this, click this option.
Note
The A network printer, or a printer attached to another computer option is included here because
this dialog box is used on all computers running a Windows Server 2003 operating system so that users
can connect to a network printer. If you need to print from a computer that is not a print server, click A
network printer, or a printer attached to another computer.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 15 of 55
If the print server that you want to connect to belongs to another organization and is available on the
Internet, click Connect to a printer on the Internet or on a home or office network.
Important
Use the options on this page only if you want your print server to forward print jobs to another print
server. If this is not what you want, click Back, click Local printer attached to this computer, click
Next, and then follow the steps in Select a Printer Port.
If the manufacturer or model is not listed, try each of the steps outlined in the following table, in sequence, to
install the correct printer software.
Step Comments
Check the configuration
printout to confirm the exact
The Manufacturer and Printers lists show the official product names,
spelling of the name of your
which might be different from the names that you normally use.
printer manufacturer and
model.
Click Have Disk, locate the If you have printer driver files stored somewhere else, follow these
driver files, and then click steps. For example, the printer manufacturer might include a CD-ROM
OK. containing driver files in the packaging of the printer.
If you want to look for new or updated drivers that are available from
Microsoft as part of Windows Update, click this option. When you click
Windows Update, the Manufacturer and Printers lists change to
Click Windows Update.
show only the drivers that are available from Windows Update. If the
printer is not listed, return to the original list by clicking Back, and then
clicking Next.
Select the manufacturer and To determine which printers are compatible, consult the user guide for
model of a compatible your printer. Also, some manufacturers list compatibility information on
printer, and then click Next. their Web sites.
After you finish, click Next.
Printer Sharing
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 16 of 55
Important
You must share at least one printer for this server to act as a print server.
On the Printer Sharing page of the Add Printer Wizard, Share name is selected by default so that the printer
is shared. The default share name is the first 8 letters of the printer manufacturer and model, without spaces.
You can change this name so that the printer is easier to use and administer.
For compatibility with clients that run MS-DOS or earlier versions of Windows, type a share name that follows
these rules:
The share name contains only letters, digits, and the period (.).
The share name contains no more than eight letters and digits, and, optionally, followed by a period, which is
followed by no more than 3 letters and digits.
If you selected All Windows clients, the Add Printer Driver Wizard starts after you click Finish in the Add
Printer Wizard. You can use the Add Printer Driver Wizard to install client printer drivers onto the print server,
which can then automatically distribute them to clients.
Note
The Add Printer Driver Wizard does not communicate with the Add Printer Wizard. Therefore, the Add Printer
Driver Wizard does not automatically run once for each printer that you add, and it does not automatically
install drivers for the same manufacturer and model of printer. Instead, you must decide how many times to
run the Add Printer Driver Wizard, and each time it runs you must decide which manufacturer and model of
drivers to install.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 17 of 55
Wizard, the Print Spooler service remains installed, and any printers you have added remain, but the additional
client driver files are not installed on the server, and therefore the server cannot distribute those drivers to
clients.
This section describes the following steps in the Add Printer Driver Wizard:
Printer Driver Selection
Processor and Operating System Selection
Completing the Add Printer Driver Wizard
On the Server Role page, click Print server, and then click Next. On the Role Removal Confirmation page,
review the items listed under Summary, select the Remove the print server role check box, and then click
Next. On the Print Server Role Removed page, click Finish.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 18 of 55
You can use the Add Printer Wizard and Add Printer Driver Wizard to add more printers and client printer drivers.
These wizards are available through Manage Your Server.
The following table lists some of the additional tasks that you can perform on your print server.
The Windows Server 2003 family includes all this functionality, in addition to services for development,
deployment, and runtime management of XML Web services, Web applications, and distributed applications.
This topic explains the basic steps that you must follow to configure an application server. This process involves
using the Configure Your Server Wizard to configure the server as an application server. When you have finished
setting up a basic application server, you can complete additional tasks by using Manage Your Server.
This topic covers:
Before you begin
Configuring your application server
Next steps: Completing additional tasks
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 19 of 55
The following table lists the information that you need to know before you add an application server role.
On the Server Role page, click Application server (IIS, ASP.NET), and then click Next.
This section covers:
Application Server Options
Summary of Selections
Completing the Configure Your Server Wizard
Removing the application server role
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 20 of 55
build and deploy enterprise-class Web applications. ASP.NET offers a new programming model and
infrastructure for more secure, scalable, and stable applications that can target any browser or device. If your
Web site includes applications that have been developed by using ASP.NET, select this option. If you are not
sure that you need to enable ASP.NET, you can enable it later by using IIS Manager. This feature is not
available on Windows® XP 64-Bit Edition and the 64-bit versions of the Windows® Server 2003 family. For
more information, see Features unavailable on 64-bit versions of the Windows Server 2003 family. By
enabling ASP.NET, you can use your application server to host ASP.NET applications. Some of the features of
ASP.NET include the following:
ASP.NET can run side by side with Active Server Pages (ASP) code on Internet Information Services (IIS).
If you are already running ASP code you do not need to upgrade your ASP pages, and you can add
ASP.NET pages to your applications.
ASP.NET has enhanced performance.
ASP.NET supports many languages including Visual Basic .NET, C#, and JScript .NET.
Summary of Selections
On the Summary of Selections page, you can view and confirm the options that you have selected. If you
selected Application server (IIS, ASP.NET) on the Server Role page, the following appears:
Install Internet Information Services (IIS)
Enable COM+ for remote transactions
Enable Microsoft Distributed Transaction Coordinator (DTC) for remote access
If you selected FrontPage Server Extensions or ASP.NET, the following items also appear:
Install FrontPage Server Extensions
Enable ASP.NET
To apply the selections shown on the Summary of Selections page, click Next. When you click Next, the
Configuring Components page of the Windows Components Wizard appears, and then closes automatically.
You cannot click Back or Next on this page.
On the Server Role page, click Application server (IIS, ASP.NET), and then click Next. On the Role
Removal Confirmation page, review the items listed under Summary, select the Remove the application
server role check box, and then click Next. When you click Next, the Configuring Components page of the
Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this
page. On the Application Server Role Removed page, click Finish.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 21 of 55
The following table lists some of the additional tasks that you might want to perform on your application server.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 22 of 55
The following table lists the information that you need to know to before you add a mail server role.
On the Server Role page, click Mail server (POP3, SMTP), and then click Next.
This section covers:
Configure POP3 Service
Summary of Selections
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 23 of 55
Use this
When
authentication method
Your mail server is not an Active Directory member server, and you want to
Local Windows accounts
store user accounts on the server on which the POP3 service is installed
Active Directory-
Your mail server is a domain controller or a member server
Integrated
Your mail server is not using Active Directory, or you do not want to have
Encrypted Password File
user accounts for the POP3 service on the local computer
The authentication methods that are available to you depend on the configuration of your server:
If the computer on which the POP3 service is running is a member server in an Active Directory domain, all
three authentication methods are available.
If the computer on which the POP3 service is running is a domain controller, the available authentication
methods are Active Directory integrated authentication and encrypted password file authentication.
Otherwise, the available authentication methods are local Windows accounts authentication and encrypted
password file authentication.
Under E-mail domain name, type your registered e-mail domain name. You can create additional e-mail
domains later by using the POP3 service snap-in or the Winpop command-line tool.
After you finish, click Next.
Summary of Selections
On the Summary of Selections page, you can view and confirm the options that you have selected. If you
selected Mail server (POP3, SMTP) on the Server Role page, the following appears:
Install POP3 and Simple Mail Transfer Protocol (SMTP) to enable POP3 mail clients to send and
receive mail
To apply the selections shown on the Summary of Selections page, click Next. After you click Next, the
Configuring Components page of the Windows Components Wizard appears, and then closes automatically.
You cannot click Back or Next on this page.
Creating mailboxes
To send and receive e-mail, each user must have a unique mailbox in the e-mail domain. You can create
mailboxes from either the POP3 service MMC snap-in or at the command line. This procedure uses the POP3
service MMC snap-in. For more information about creating mailboxes or administering the POP3 service at the
command line, see Winpop. For more information about creating mailboxes, see To create a mailbox.
Step Comments
To open the POP3 service snap-in, click Start, click Control Panel, double-click
Administrative Tools, and then double-click POP3 Service.
Notes
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 24 of 55
If you are using Active Directory integrated authentication or local Windows accounts
authentication, select the Create associated user for this mailbox check box,
unless a user account already exists with the same name as the mailbox that you want
to create. If the check box is already selected, clear it only if an account already exists
with the same name as the mailbox that you want to create.
On the Server Role page, click Mail server (POP3, SMTP), and then click Next. On the Role Removal
Confirmation page, review the items listed under Summary, select the Remove the mail server role check
box, and then click Next. After you click Next, the Configuring Components page of the Windows
Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page. On the
Mail Server Role Removed page, click Finish.
The Configure Your Server Wizard automatically installs the POP3 service MMC snap-in, which you use to manage
your mail server. To open the POP3 service snap-in, click Start, click Control Panel, double-click Administrative
Tools, and then double-click POP3 Service.
The following table lists additional tasks that you might want to perform on your mail server.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 25 of 55
the procedure to
configure their e- To connect to the mail server, the user's e-mail client must be
Configure e-mail clients
mail clients to use configured specifically for the mail server.
the mail server.
Disk quotas ensure that the mail store does not use an excessive
or unanticipated amount of disk space, which could adversely
affect the performance of the server on which the POP3 service is
Implement disk Configuring disk quotas
running. You must have an NTFS partition to implement disk
quotas. for the POP3 service
quotas. NTFS partitions allow for greater directory and folder
security, which better protects e-mail stored on the local hard
disk.
The POP3 service supports Secure Password Authentication (SPA)
for Active Directory integrated authentication and local Windows
accounts authentication. Secure Password Authentication requires To configure the mail
Configure your mail that all e-mail clients transmit both the user name and password server to require Secure
server to require using secure authentication. Secure Password Authentication is Password Authentication;
secure e-mail client more secure than the default of plaintext and, therefore, is To configure Outlook
authentication. recommended over plaintext. Secure Password Authentication Express for Secure
must be configured on both the server on which e-mail services Password Authentication
are running and on every e-mail client that will connect to the
mail server.
Important
This step is required. If you do not install Terminal Server Licensing, your terminal server will stop accepting
connections from unlicensed clients when the evaluation period ends, 120 days after the first client logon.
Install client access licenses (CALs) on the Terminal Server License Server.
Install programs on the terminal server.
Distribute the latest version of Remote Desktop Connection to clients running earlier versions of Remote
Desktop Connection for Windows.
Specify which users have permission to connect to the terminal server.
After you have completed both the Configure Your Server Wizard and these additional required tasks, you will have
a basic terminal server.
This topic covers:
Before you begin
Configuring your terminal server
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 26 of 55
On the Server Role page, click Terminal server, and then click Next.
This section covers:
Summary of Selections
Completing the Configure Your Server Wizard
Confirm Internet Explorer Enhanced Security Configuration Settings
Configuring a Terminal Server License Server
Installing client access licenses on the Terminal Server License Server
Installing programs on the terminal server
Deploying client software
Giving users permission to access the terminal server
Removing the terminal server role
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 27 of 55
Summary of Selections
On the Summary of Selections page, view and confirm the options that you have selected. If you selected
Terminal server on the Server Role page, the following appears:
Install Terminal Server
To apply the selections shown on the Summary of Selections page, click Next. The following message
appears: "During this process, the Configure Your Server Wizard restarts your computer. Before continuing,
close any open programs." If you need to close open programs and you want to cancel the configuration of the
terminal server role at this time, you must click Cancel now. When you click Cancel, the Configure Your Server
Wizard displays the Cannot Complete page. To close the Configure Your Server Wizard, click Finish.
Otherwise, if you click OK, the Configure Your Server Wizard begins the configuration process.
Next, the Configure Your Server Wizard displays the message "Installing Terminal Server." The Configuring
Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click
Back or Next on this page. Then, the Configure Your Server Wizard shuts down the computer and restarts it to
accept the configuration changes that make the computer a terminal server.
During the restart process, a dialog box displays progress messages, for example, "Windows is starting up" and
"Preparing network connections." Depending on the size of your network, preparing network connections could
take some time. When the Welcome to Windows dialog box appears, press CTRL+ALT+DEL. In the Log on to
Windows dialog box, in Password, type your password. To complete the process, wait for the Configure Your
Server Wizard to appear on the screen.
A separate window displays checklists that provide information about these additional requirements. The same
information is covered in this document.
To run a terminal server, you need another computer that is configured to function as a Terminal Server License
Server. If a Terminal Server License Server is already installed, you can skip the steps for configuring a Terminal
Server License Server and installing CALs, and begin Installing programs on the terminal server. Otherwise, if
the Manage Your Server page displays a message indicating that a Terminal Server License Server was not
found, you must configure a Terminal Server License Server before you can use your terminal server.
By applying high security settings to the Internet and Local intranet security zones, you disable scripts, Microsoft
ActiveX® controls, and the Microsoft virtual machine (Microsoft VM) for HTML content in these zones. You also
prevent users from downloading files in these zones.
By applying medium security settings to the Trusted sites zone, you set standard browsing functionality. If you
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 28 of 55
use sites for administrative tasks and Web-based applications that an administrator cannot access after you
apply these settings, you can add the site addresses to the list of sites in the Trusted sites zone.
To review or change the Internet Explorer Enhanced Security Configuration settings, in Manage Your Server,
click Internet Explorer Enhanced Security Configuration.
In the Windows Server 2003 family, you can implement enhanced security settings for Internet Explorer for all
users and reduce the exposure of your server to Web sites that might pose a security risk. For more information,
see Internet Explorer Enhanced Security Configuration.
The easiest and quickest way to activate a Terminal Server License Server is by using the Automatic method. To
use this method, the computer running the Terminal Services Licensing service must have a direct connection to
the Internet. For information on activation methods for computers that are not connected to the Internet, see To
activate a Terminal Server License Server by using a Web browser and To activate a Terminal Server License
Server by using the telephone.
The following table shows the steps you must take to configure and activate a Terminal Server License Server by
using the Automatic method.
Task Comments
Open Add or Remove Programs in Control Panel, and then click Add/Remove
Windows Components. In the Windows Components Wizard, select the Terminal
Server Licensing check box, and then click Next. If your network includes several
domains, or if you are installing the Terminal Server Licensing service on a member
server, choose Your entire enterprise. If you want to maintain a separate Terminal
Install the Server License Server for each domain, or if your network includes workgroups or
Terminal Windows NT 4.0 domains, choose Your domain or workgroup. If you want to change
Server the location of the license server database, specify a new location, and then click Next.
Licensing The Configuring Components page displays the progress of configuration changes. On
service. the Completing the Windows Components Wizard page, click Finish, and then click
Close.
Note
To open Add or Remove Programs, click Start, click Control Panel, and then double-
click Add or Remove Programs.
Open Terminal Server Licensing, right-click the Terminal Server License Server you
want to activate, and click Activate Server. The Terminal Server License Server
Activation Wizard starts. On the Connection method page, under Activation method,
click Automatic connection, and then click Next. On the Company Information page,
provide the following required information:
First name
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 29 of 55
Postal code
Confirm that the information you typed is correct, and then click Next. On the
Completing the Terminal Server License Server Activation Wizard page, under
Status, the following message appears: "Your license server has been successfully
activated." If you want to install client licenses now, click Next. If you want to postpone
the installation of client licenses, clear the Start Terminal Server Client Licensing
Wizard now check box, and then click Finish.
Note
To open Terminal Server Licensing, click Start, click Control Panel, double-click
Administrative Tools, and then double-click Terminal Server Licensing.
CALs are digitally-signed certificates that each client stores locally. All CALs are installed on a Terminal Server
License Server. When a client logs on to a terminal server for the first time, the terminal server recognizes that
the client has not been issued a CAL and locates a Terminal Server License Server to issue a new CAL to the
client. For information about specific license requirements, see the Microsoft Web Site.
(http://www.microsoft.com/)
Before you install CALs, you must have your licensing agreement numbers ready, and know which method you
used to purchase them.
The easiest and quickest way to install CALs on a Terminal Server License Server is by using the Automatic
method. To use this method, the computer running the Terminal Services Licensing service must have a direct
connection to the Internet. For information on installing CALs for computers that are not connected to the
Internet, see To install client license key packs by using a Web browser and To install client license key packs by
using the telephone.
The following table shows the steps you must take to install CALs on a Terminal Server License Server by using
the Automatic method.
Task Comments
On the Terminal Server License Server, open Terminal Server Licensing. Verify that
the installation method for the Terminal Server License Server is set to Automatic by
right-clicking the Terminal Server License Server for which you want to install CALs, and
then clicking Properties. If necessary, on the Installation Method tab, change the
installation method to Automatic connection, and then click OK.
In the Terminal Server Licensing console tree, right-click the Terminal Server License
Install CALs Server on which you want to install CALs, click Install Licenses, and then click Next.
on the The Terminal Server CAL Installation Wizard starts. On the Licensing program page,
Terminal choose the license program under which you purchased your licenses, and then click
Server Next. On the License Code page, type the license code for each license you have
License purchased, and then click Add after each entry. After you have typed all of the license
Server. codes, click Next. The Completing the Terminal Server CAL Installation Wizard
page displays a message that the CALs were successfully installed. To close the wizard,
click Finish.
Note
To open Terminal Server Licensing, click Start, click Control Panel, double-click
Administrative Tools, and then double-click Terminal Server Licensing.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 30 of 55
Now you are ready to install programs on the terminal server. Add or Remove Programs in Control Panel is
the preferred method for program installation, and you should use this method whenever possible. This section
describes how to use Add or Remove Programs to install programs on a terminal server.
There are other program installation methods, such as the change user command, Windows Installer packages
(.msi files), and Group Policy Software Installation. For more information about the change user command, see
To install a program by using the change user command. For more information about using Windows Installer,
see Assigned and published programs. For more information about Group Policy, see Group Policy.
For improved performance and reduced network traffic, install programs on the local drive of the terminal server
instead of on a file server. Ensure that you have enough space to install programs on NTFS file system drives
instead of on FAT32 drives. NTFS drives allow you to set file permissions, which you cannot do on FAT32 drives.
If you are installing published programs, you must use another installation method, such as Group Policy
Software Installation.
For performance and security reasons, you should use 32-bit programs whenever possible. Most 32-bit programs
use the registry to read and write program settings and need to write only to specific registry values. Running
16-bit programs can reduce the number of users a processor supports by 40 percent and increase the memory
required for each user by 50 percent. In addition, some 16-bit programs must be able to write to the directory
where the program's .ini file is stored.
RAM and CPU requirements increase approximately linearly with the number of sessions running. To reduce RAM
and CPU requirements, consider restricting user or group access to certain program types, disabling unnecessary
program features, or installing programs on separate terminal servers.
Some programs have known installation issues in a multisession environment. For information about programs
that require installation scripts in order to work correctly in a multisession environment, see Optimizing
Applications for Windows 2000 Terminal Services and Windows NT Server 4.0, Terminal Server Edition at the
Microsoft Web site. (http://www.microsoft.com/)
The following table shows the steps you must take to install programs on a terminal server, using Add or
Remove Programs.
Task Comments
Ensure that no Send a message to all users who are logged on to the terminal server. Program
users are logged installation often requires restarting the computer, and their sessions will be
on to the disconnected. You should not allow users to access the terminal server until programs
terminal server. have been installed and tested.
Disable
Terminal
Services Right-click My Computer, click Properties, click the Remote tab, and then clear the
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 31 of 55
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 32 of 55
Share the Msrdpcli.msi file and use Microsoft IntelliMirror to distribute it to workstations running
Windows 2000.
Download Remote Desktop Connection directly from the Microsoft Web site.
(http://www.microsoft.com/downloads)
Place the .msi file in a shared folder residing on a server on the network.
This topic describes how to install the client software from a shared folder residing on a server on the network.
Before you deploy the client software, decide whether you want the software to be installed for the use of a
single user or for anyone who uses the client computer. You will make this choice during the deployment
process.
The following table shows the steps you must take to deploy the latest version of Remote Desktop Connection to
clients running earlier versions of either Windows or Remote Desktop Connection.
Task Comments
On the computer running a Windows Server 2003 operating system, open Windows
Explorer. Navigate to the systemroot\System32\Clients\Tsclient\win32 folder, right-click
Share the the win32 folder, click Sharing and Security. On the Sharing tab, click Share this
client setup folder, and then click OK.
folder. Note
To open Windows Explorer, click Start, point to All Programs, point to
Accessories, and then click Windows Explorer.
On the client computer, click Start, click Run, and then, in Open, type
\\ServerName\win32, where ServerName is the name of the computer where the
shared folder is located. Double-click the msrdpcli.msi file to start the InstallShield
Install Wizard for Remote Desktop Connection, and then click Next. Read the License
Remote Agreement, click I accept the terms in the license agreement, and then click Next.
Desktop Type your name and organization in the Customer Information page, click Anyone
Connection. who uses this computer (all users), and then click Next. On the Ready to Install
the Program page, either click Back to review or change any of your installation
settings, or click Install to begin the installation. To complete the installation, click
Finish.
Before you give users permission to access the terminal server, you must:
Check the membership of the Administrators group to ensure that you know who has access to the terminal
server.
Decide which users should have permission to access the terminal server.
Determine which users must also be added to the local Users group.
The following table shows the steps you must take to give users permission to access the terminal server.
Task Comments
Open Computer Management (Local), and in the console tree, click Local Users
and Groups. In the details pane, double-click the Groups folder, double-click
Remote Desktop Users, and then click Add. In the Select Users dialog box, click
Add users to the
Locations to specify the search location. To specify the types of objects that you
Remote Desktop
want to search for, click Object Types. In this case, you want to search for Users or
Users group.
Groups. Type the name that you want to add in the Enter the object names to
select (examples) box, and then click Check Names. When the name is located,
click OK.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 33 of 55
Note
To open Computer Management, click Start, click Control Panel, double-click
Administrative Tools, and then double-click Computer Management.
Open Computer Management (Local), and in the console tree, click Local Users
and Groups. In the details pane, double-click the Groups folder, double-click Users,
and then click Add. In the Select Users dialog box, click Locations to specify the
Add users to the search location. To specify the types of objects that you want to search for, click
local Users Object Types. In this case, you want to search for Users or Groups. Type the name
group, if they that you want to add in the Enter the object names to select (examples) box,
are not already and then click Check Names. When the name is located, click OK.
members.
Note
To open Computer Management, click Start, click Control Panel, double-click
Administrative Tools, and then double-click Computer Management.
On the Server Role page, click Terminal server, and then click Next. On the Role Removal Confirmation
page, review the items listed under Summary, select the Remove the terminal server role check box, and
then click Next. The following message appears: "During this process, the Configure Your Server Wizard restarts
your computer. Before continuing, close any open programs." If you need to close open programs and you want
to cancel the removal of the Terminal Server role at this time, you must click Cancel now. When you click
Cancel, the Configure Your Server Wizard displays the Cannot Complete page. To close the Configure Your
Server Wizard, click Finish. Otherwise, if you click OK, the Configure Your Server Wizard begins the removal
process.
Next, the Configure Your Server Wizard displays the "Removing Terminal Server" message. The Configuring
Components page of the Windows Components Wizard appears, displays messages about the configuration
changes being made to the computer, and then closes. The Configure Your Server Wizard shuts down the
computer and restarts it to accept the configuration changes that remove this role.
During the restart process, a dialog box displays progress messages, for example, "Windows is starting up" and
"Preparing network connections." Depending on the size of your network, preparing network connections could
take some time. When the Welcome to Windows dialog box appears, press CTRL+ALT+DEL. In the Log on to
Windows dialog box, in Password, type your password. To complete the process, wait for the Configure Your
Server Wizard to appear on the screen. On the Terminal Server Role Removed page, click Configure Your
Server log to see a record of your changes, and then click Finish.
After you remove the terminal server role, you should:
Reinstall all software.
Review any file or registry permissions for which you changed default values and, if necessary, make
changes.
Review any software restriction policies used to control programs running on the terminal server and, if
necessary, make changes.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 34 of 55
The following table lists some additional tasks you might want to perform on your terminal server.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 35 of 55
The following table lists the information that you need to know before you configure a remote access/VPN server.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 36 of 55
and clicking Properties. For more information, see Dial-in properties of a user
account and Active Directory Users and Computers.
On the Configuration Options page, click Custom configuration and click Next. On the Server Role page,
click Remote access/VPN server, and then click Next.
This section describes the steps in the Routing and Remote Access Server Setup Wizard for configuring a remote
access/VPN server that is not part of an Active Directory domain or part of a network with DNS or DHCP servers. If
you follow these steps, you will configure a remote access/VPN server that provides both dial-up and VPN access
for remote access clients, provides NAT for computers on your private network, generates and assigns IP addresses
for remote access clients, and locally authenticates connection requests.
This section covers:
Summary of Selections
Using the Routing and Remote Access Server Setup Wizard
Completing the Configure Your Server Wizard
Completing configuration in Routing and Remote Access
Removing the remote access/VPN server role
Summary of Selections
On the Summary of Selections page, you can view and confirm the options that you have selected. If you
clicked Remote access/VPN server on the Server Role page, the following line appears:
Run the Routing and Remote Access Server Setup Wizard to set up routing and VPN
To apply the selections shown on the Summary of Selections page, click Next. The Configure Your Server
Wizard starts the Routing and Remote Access Server Setup Wizard. If you cancel the Routing and Remote
Access Server Setup Wizard, your remote access/VPN server will not be configured, the Routing and Remote
Access service will not be started, and the Configure Your Server Wizard will display the Cannot Complete
page.
When you complete the Routing and Remote Access Server Setup Wizard and the Configure Your Server Wizard,
the Routing and Remote Access service is started automatically.
Configuration
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 37 of 55
On the Configuration page, click Virtual Private Network (VPN) access and NAT, and click Next.
Important
This document describes the Virtual Private Network (VPN) access and NAT configuration only. If you
decide to choose a different configuration, review the documentation for Routing and Remote Access before
you complete the Routing and Remote Access Server Setup Wizard. This document will not help you complete
any other role than Virtual Private Network (VPN) access and NAT. For more information about other
configurations, see Common configurations for remote access servers.
VPN Connection
On the VPN Connection page, click the network interface that connects this computer to the Internet. The
network interface that you choose will be configured to receive connections from VPN clients. Any interface that
you do not choose will be configured as a connection to your private network.
In Network Interfaces, the Enable security on the selected interface by setting up Basic Firewall check
box will already be selected. Do not clear this check box. This option configures Basic Firewall, a dynamic packet
filtering service that helps protect your private network from unsolicited network traffic.
After you finish, click Next.
IP Address Assignment
On the IP Address Assignment page, the Automatically option is selected automatically. Do not change the
selection. This selection configures your server to generate and assign IP addresses to remote clients.
After you finish, click Next.
If any of the summary information is incorrect, click Back, and then change the information.
If you click Finish, you will not be able to open the Routing and Remote Access Server Setup Wizard again,
unless you either remove the remote access/VPN server role from within the Configure Your Server Wizard or
disable Routing and Remote Access from the Routing and Remote Access snap-in.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 38 of 55
After you have ensured that the summary information is correct, click Finish. A message will appear informing
you that, to support the relaying of DHCP messages from remote access clients to a DHCP server, you must
open Routing and Remote Access on the remote access/VPN server and configure DHCP Relay Agent with the IP
address of a DHCP server. Click OK. The Routing and Remote Access service will be started automatically, and
the Configure Your Server Wizard will reappear.
On the Server Role page, click Remote access/VPN server, and then click Next. On the Role Removal
Confirmation page, review the items listed under Summary, select the Remove the remote access/VPN
server role check box, and then click Next. In the dialog box that asks you to confirm that you want to disable
the router and remove the remote access configuration, click Yes. On the Remote Access/VPN Server Role
Removed page, click Finish.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 39 of 55
If you have completed all of these tasks, you have created a basic remote access/VPN server that will allow remote
computers to connect to your server with a dial-up or a VPN connection and provide network address translation
(NAT) for your private network.
The following table lists additional tasks that you might want to perform on your remote access/VPN server.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 40 of 55
Click the type of domain controller role that you want to create:
i Creating an additional domain controller for an existing domain
j
k
l
m
n
j Creating a domain controller for a new forest
k
l
m
n
j Creating a domain controller for a new child domain
k
l
m
n
j Creating a domain controller for a new domain tree
k
l
m
n
The following table lists the information that you need to know before you add a DNS server role.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 41 of 55
If you are going to deploy Active Directory, then the DNS servers used to support
Determine if you are adding
Active Directory will be installed and configured automatically by the Active Directory
the DNS server role to
Installation Wizard. For more information, see Typical setup for a first server and
support Active Directory.
Domain controller role: Configuring a domain controller.
Inventory the security DNS was originally designed as an open protocol and is therefore vulnerable to
policies of your network and attackers. Windows Server 2003 DNS provides features for a very secure DNS
company to see how they infrastructure. To configure DNS to support these security policies, have your
can be maintained when company's security policies available when designing and deploying your DNS server,
broadcasting DNS data over zones, and resource records. For more information, see Security information for
the Internet. DNS.
Review the DNS checklist. Review the information in Checklist: Installing a DNS server.
For a small organization
Before adding a DNS
Comments
server role
Choosing the first DNS domain name for your company involves selecting a domain
name that is unique within the DNS namespace of the Internet.
Choose the first DNS domain If your organization has a Web site, use your existing Web site name as a starting
name for your company. point for your DNS domain name. If the name of your Web site is
www.humongousinsurance.com, create the first domain name as an extension of this
name using the subdomain name corp, for example, corp.humongousinsurance.com.
In order for your DNS deployment to work over the Internet, both the IP addresses
Check with your ISP to and DNS domain name used by your network must be registered with an authorized
determine that your network Internet registrar. These organizations are responsible for assigning IP addresses and
Internet Protocol (IP) DNS domain names and keeping public records of the assignments.
addresses are registered If you are connected to the Internet, then your company's network is most likely a
with an Internet registrar. subnet of your ISP's network. In this case, the IP addresses of the subnet will have
been registered with the Internet registrar.
Register the DNS domain name you will use for your company even if you are
deploying DNS in a private network. If you do not register the name and later
attempt to use it on the Internet, or connect to a network that is connected to the
Internet, you might find that the name is unavailable because some other company
Register your DNS domain has registered the name. You can also have your ISP register your DNS domain
name with an Internet name for you.
registrar. When deciding on your DNS domain name, search the Internet to see what domain
names are available using one of the Web sites provided by an authorized Internet
registration authority. To search the Internet for available domain names, see the
Internet Network Information Center (InterNIC) Web site. Web addresses can
change, so you might be unable to connect to the Web site or sites mentioned here.
Understand that the name of
the first DNS zone this DNS When you configure the DNS server role, you will define the first DNS zone that this
server will host is the same DNS server will host using the domain name of the DNS domain of your network,
as the DNS domain name such as corp.humongousinsurance.com.
you registered.
Obtain the IP address of one
or more DNS servers hosted You will configure the DNS server with a forwarder to send queries for names that
by your ISP to use as a are not in your network to a DNS server at your ISP.
forwarder.
For a branch office in a large organization
Before adding a DNS
Comments
server role
The first DNS domain name for your branch office is a subdomain of a domain used
Obtain the DNS domain in the network at your central office. For example, if your central office uses the
name for your network from domain name corp.humongousinsurance.com, the DNS domain name for your branch
your central office. office could be seattle.corp.humongousinsurance.com. Always confirm that your DNS
domain name has been properly delegated from the central office.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 42 of 55
when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative
Tools, and then double-click Manage Your Server.
To open the Configure Your Server Wizard, click Start, point to All Programs, point to Administrative Tools,
and then click Configure Your Server Wizard.
On the Server Role page, click DNS server, and then click Next.
This section covers:
Summary of Selections
Setting a static DNS server IP address
Using the Configure a DNS Server Wizard
Completing the Configure Your Server Wizard
Removing the DNS server role
Summary of Selections
On the Summary of Selections page, view and confirm the options that you have selected. If you selected
DNS Server on the Server Role page, the following appears:
Install DNS Server
Run the Configure a DNS Server Wizard to configure DNS
If the Summary of Selections page lists these two items, click Next. If the Summary of Selections page
does not list these two items, click Back to return to the Server Role page, click DNS server, and then click
Next.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 43 of 55
Dynamic Update
Forwarders
Completing the Configure a DNS Server Wizard
Zone Name
On the Zone Name page, in Zone name, specify the name of the DNS zone for your network, and then click
Next. The name of the zone is the same as the name of the DNS domain for your small organization or branch
office.
Dynamic Update
On the Dynamic Update page, click Allow both nonsecure and secure dynamic updates, and then click
Next. This will automate the update of the DNS resource records for the resources in your network.
Forwarders
On the Forwarders page, click Yes, it should forward queries to DNS servers with the following IP
addresses, and then click Next. By selecting this configuration, you forward all DNS queries for DNS names
outside of your network to a DNS server at either your ISP or central office. Type one or more IP addresses used
by DNS servers run by either your ISP or central office.
On the Server Role page, click DNS server, and then click Next. On the Role Removal Confirmation page,
review the items listed under Summary, select the Remove the DNS server role check box, and then click
Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears,
and then closes automatically. You cannot click Back or Next on this page. On the DNS Server Role Removed
page, click Finish.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 44 of 55
After you complete the Configure Your Server Wizard and the Configure a New DNS Server Wizard, your server is
ready for use as a DNS server. Up to this point, you have completed the following tasks:
Set the DNS server to use a static IP address.
Configured the DNS zone for your network.
Configured the DNS server to forward all DNS queries for DNS names outside your network to a DNS server at
your ISP or central office.
When you complete the Configure Your Server Wizard, it automatically installs the DNS console, which you use to
manage your DNS server. To open DNS, click Start, click Control Panel, double-click Administrative Tools, and
then double-click DNS.
The following table lists some of the additional tasks that you might want to perform on your DNS server.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 45 of 55
When you add the DHCP server role, you create one scope that defines the range of IP addresses that the DHCP
server allocates to the clients on one subnet. You need to create one scope for each subnet that has clients that
you want to manage using DHCP. The following table lists the information that you need to know before you add
the DHCP server role, so that you can create the first scope. You need to collect the same information for each
additional scope.
On the Server Role page, click DHCP server, and then click Next.
This section covers:
Summary of Selections
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 46 of 55
Summary of Selections
On the Summary of Selections page, view and confirm the options that you have selected. If you selected
DHCP Server on the previous page, the following appears:
Install DHCP Server
Run the New Scope Wizard to configure a new DHCP scope
To apply the selections shown on the Summary of Selections page, click Next. After you click Next, the
Configuring Components page of the Windows Components Wizard appears, and then closes automatically.
You cannot click Back or Next on this page.
Scope Name
On the Scope Name page, in Name, type a name for the scope that you are creating. In Description, type a
description (this is optional). Most networks have several subnets, and each subnet requires its own scope, so a
DHCP server usually manages multiple scopes. Choose a name and description that help you distinguish
between the various scopes.
After you finish, click Next.
IP Address Range
On the IP Address Range page, define the range of IP addresses in this scope by typing the IP addresses at
the start and the end of that range. The wizard uses the IP addresses that you type to determine the correct
subnet mask. The correct subnet mask automatically appears in Subnet mask.
In the unusual case where the clients on this subnet need to use a subnet mask other than the one that the
wizard provides, you must type it in Subnet mask, or type the number of bits of the subnet mask in Length.
After you finish, click Next.
Add Exclusions
On the Add Exclusions page, you can define the IP addresses that the DHCP server should not allocate to
clients. For example, the DHCP server itself has a static IP address that must not be allocated to clients. The
same is true of the default gateway and of various network devices, such as network-connected printers. You
must exclude these IP addresses so that the DHCP server does not allocate them to clients.
It is recommended that you exclude more IP addresses than you currently need because it is easier to truncate
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 47 of 55
an exclusion range than it is to expand it. Exclude IP addresses from the beginning or the end of the range of
possible IP addresses, not from the middle. For example, if the range of IP addresses on this subnet is from
10.0.0.1 to 10.0.0.255, and you want to exclude ten IP addresses, then define the exclusion range as either of
the following:
10.0.0.1 to 10.0.0.10
10.0.0.245 to 10.0.0.255
For each range of IP addresses that you want to exclude, type the IP address at the beginning of the range in
Start IP address, type the IP address at the end of the range in End IP address, and then click Add.
This step eases client administration, but it is optional. If you leave all fields of this page blank and click Next,
clients will still be able to obtain IP addresses from the DHCP server.
After you finish, click Next.
Lease Duration
On the Lease Duration page, you can define how long a client can use an IP address from this scope.
The DHCP server leases IP addresses to its clients. Each lease has an expiration date and time. The client must
renew the lease if it is going to continue to use that IP address. The default duration of the lease is eight days.
This step eases client administration, but it is optional. If you leave all fields of this page blank and click Next,
clients will still be able to obtain IP addresses from the DHCP server.
After you finish, click Next.
WINS Servers
On the WINS Servers page, you can specify the WINS server that clients should communicate with to register
and resolve NetBIOS names. You can type the IP address of that WINS server, or you can type its name and
click Resolve, and the wizard will determine the IP address for you. You can add several WINS servers.
This step eases client administration, but it is optional. If you leave all fields of this page blank and click Next,
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 48 of 55
clients will still be able to obtain IP addresses from the DHCP server.
After you finish, click Next.
Activate Scope
On the Activate Scope page, you can activate the scope or choose to activate it later. In most cases, you
should accept the default and activate the scope now. If you choose to activate the scope later, you can do so
using the DHCP console. You must activate the scope to allow clients on the subnet of this scope to obtain IP
addresses from the DHCP server.
After you finish, click Next.
On the Server Role page, click DHCP server, and then click Next. On the Role Removal Confirmation page,
review the items listed under Summary, select the Remove the DHCP server role check box, and then click
Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears,
and then closes automatically. You cannot click Back or Next on this page. On the DHCP Server Role
Removed page, click Finish.
Add support for a routed To enable the DHCP server to act as a relay agent, which Configure the DHCP
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 49 of 55
This topic explains the basic steps that you must follow to configure a streaming media server. When you have
finished the basic steps, you can complete additional configuration tasks, depending on how you want to use the
streaming media server.
This topic covers:
Before you begin
Configuring your streaming media server
Next steps: Completing additional tasks
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 50 of 55
To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative
Tools, and then double-click Configure Your Server Wizard.
On the Server Role page, click Streaming media server, and then click Next.
This section covers:
Summary of Selections
Completing the Configure Your Server Wizard
Completing the streaming media server role configuration
Removing the streaming media server role
Summary of Selections
On the Summary of Selections page, view and confirm the options that you have selected. If you selected
Streaming media server on Server Role page, the following appears:
Install Windows Media Services
To apply the selections shown on the Summary of Selections page, click Next. After you click Next, the
Configuring Components page of the Windows Components Wizard appears, and then closes automatically.
You cannot click Back or Next on this page.
After you click Next on the Summary of Selections page, the Configure Your Server Wizard installs Windows
Media Services. Unlike many other services, Windows Media Services installs without any input from the
administrator.
The streaming media server role supports many scenarios, which Windows Media Services Help describes in
detail. For more information, see Scenarios in Windows Media Services Help. Most scenarios require you to
reconfigure an existing publishing point or create a new one. You need to make one decision, and possibly two,
and the results determine which of the three main publishing point configurations you should use. The following
table shows how the decisions relate to configurations.
Control of playback
Control of playback means that the client should be able to start, stop, pause, rewind, and fast-forward. With
on-demand, unicast, the client controls playback, and the user experience is similar to playing a movie from a
VCR or a DVD player. This type of playback requires an on-demand publishing point. An on-demand publishing
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 51 of 55
point distributes pre-recorded content, such as audio and video files. When you add the streaming media server
role, the wizard creates an on-demand publishing point named <Default>. You can distribute your media files
at this publishing point, or you can create a publishing point. The configuration steps for an on-demand
publishing point are similar to those presented in Stream Windows Media files on-demand in Windows Media
Services Help. If you choose to use an on-demand publishing point, you must use unicast delivery.
If the client does not control playback, the user experience is similar to viewing a television program. This type
of playback requires a broadcast publishing point. This type of publishing point distributes pre-recorded and live
content. When you add the streaming media server role, the wizard creates a broadcast publishing point named
Sample_Broadcast that contains sample content. You should leave this sample intact and create a new
broadcast publishing point. If you choose to create a broadcast publishing point, see Server connections.
For more information about on-demand and broadcast publishing point types, see About publishing point types
in Windows Media Services Help.
Server connections
With unicast broadcast, the server creates a separate connection to each client. As a result, unicast delivery can
consume a large amount of network bandwidth. For example, delivering the same content to 100 clients
simultaneously consumes 100 times as much network bandwidth as delivering the content to one client.
However, unicast delivery does not require any configuration of network routers and switches. The steps to
configure a publishing point this way are similar to those presented in Use your server to publish live content
from Windows Media Encoder in Windows Media Services Help. For more information about unicast delivery, see
Delivering content as a unicast stream in Windows Media Services Help.
With multicast broadcast, the server does not create a connection to any client. Instead, the server delivers the
content to a Class D Internet Protocol (IP) address on the network, and any client on the network can receive it.
This conserves network bandwidth. For example, a multicast delivery to 100 clients consumes only as much
bandwidth as delivery to one client. However, many networks by default do not support multicast delivery. To
support multicast delivery, the network routers and switches between the server and the clients must be
configured to transmit Class D IP addresses and interpret multicast information packets. The steps to configure a
publishing point this way are similar to those presented in Use your server to broadcast a stream published by
Windows Media Encoder in Windows Media Services Help. For more information about multicast delivery, see
Delivering content as a multicast stream in Windows Media Services Help.
On the Server Role page, click Streaming media server, and then click Next. On the Role Removal
Confirmation page, review the items listed under Summary, select the Remove the streaming media
server role check box, and then click Next. After you click Next, the Configuring Components page of the
Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this
page. On the Streaming Media Server Role Removed page, click Finish.
Configure security To control access to the streaming Configuring security options in Windows Media Services
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 52 of 55
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 53 of 55
On the Server Role page, click WINS server, and then click Next.
Summary of Selections
Completing the Configure Your Server Wizard
Removing the WINS server role
Summary of Selections
On the Summary of Selections page, view and confirm the options that you have selected. If you selected
WINS server on the previous page, the following appears:
Install WINS
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 54 of 55
To apply the selections shown on the Summary of Selections page, click Next. After you click Next, the
Configuring Components page of the Windows Components Wizard appears, and then closes automatically.
You cannot click Back or Next on this page. The Configure Your Server Wizard installs the WINS Server service.
Unlike many other services, the WINS service installs without any input from the administrator.
If you cancel Configure Your Server, then WINS Server service is not installed. To install it later, restart Manage
Your Server and add the WINS role.
On the Server Role page, click WINS server, and then click Next. On the Role Removal Confirmation page,
review the items listed under Summary, select the Remove the WINS server role check box, and then click
Next. On the WINS Server Role Removed page, click Finish.
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010
Configuring roles for your server Page 55 of 55
4. On the Server Role page, click the role that you want to remove, and then click Next.
5. On the Role Removal Confirmation page, select the Remove the server role check box, and then click
Next.
6. On the Server Role Removed page, click Finish.
Important
When you remove a server role, you might break dependencies that exist between the server role and other
programs. Be sure to test removing the server role in a test environment before doing so on your network.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you
must have been delegated the appropriate authority. If the computer is joined to a domain, members of the
Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run
as to perform this procedure.
To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then
double-click Manage Your Server.
For more information about removing specific server roles and any dependencies that might be affected, see the
following:
Removing the file server role
Removing the print server role
Removing the application server role
Removing the mail server role
Removing the terminal server role
Removing the remote access/VPN server role
Removing the domain controller role
Removing the DNS server role
Removing the DHCP server role
Removing the streaming media server role
Removing the WINS server role
file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA... 10/28/2010