You are on page 1of 448

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

6418C
Deploying Windows Server 2008

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
ii Deploying Windows Server 2008
Information in this document, including URL and other Internet Web site references, is subject to change without notice.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people,
places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain
name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright
laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be
reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft
Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this
document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no
representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the
products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of
Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of
Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any
changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from
any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply
endorsement of Microsoft of the site or the products contained therein.
2010 Microsoft Corporation. All rights reserved.
Microsoft, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
All other trademarks are property of their respective owners.




Product Number: 6418C
Part Number: X17-41891
Released: 08/2010

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Windows Server 2008 iii


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
iv Deploying Windows Server 2008


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Windows Server 2008 v


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
vi Deploying Windows Server 2008

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Windows Server 2008 vii

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
viii Deploying Windows Server 2008
Acknowledgements
Microsoft Learning would like to acknowledge and thank the following for their contribution towards
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.
Stan Reimer Content Developer
Stan Reimer is president of S. R. Technical Services Inc, and he works as a consultant, trainer and author.
Stan has extensive experience consulting on Active Directory and Exchange Server deployments for some
of the largest companies in Canada. Stan is the lead author for two Active Directory books for Microsoft
Press, and is currently working on an Exchange Server 2010 Best Practices book, also for Microsoft Press.
For the last six years, Stan has been writing courseware for Microsoft Learning, specializing in Active
Directory and Exchange Server courses. Stan has been an MCT for 11 years.
Andrew J. Warren Content Developer
Andrew Warren (MCSE, MCITP, and MCT) has more than 22 years of experience in the IT industry, many of
which have been spent in writing and teaching. He has been involved as the subject matter expert (SME)
for the 6430B course for Windows Server 2008 and the technical lead on a number of other courses. He
also has been involved in TechNet sessions on Microsoft Exchange Server 2007. Based in the United
Kingdom, he runs his own IT training and education consultancy.
David Carrasco Content Developer
David is a Microsoft Technologies consultant with more than 10 years of experience designing, migrating
and implementing Microsoft Windows and Exchange Server solutions. He has participated in worldwide
conferences, webcasts and trade shows, and has developed and consulted on Microsoft Official Exams and
Courses. He likes to share his experiences in his blog "Heroes Certificados."
John Laerum Technical Reviewer
John Laerum is a MCT and staff trainer at Cornerstone Sweden AB. He takes an active part in the
continuous development of Cornerstones portfolio for IT professional training. John has been a Microsoft
trainer since 1998, and today focuses on Windows Server 2008 R2 and related technologies. John began
working with Windows Server 2008 when he participated in the products Technical Adoption Program
(2006). Through his classes he has accumulated experience with the real world server deployment
challenges his customers face in the day to day use of the product. John nourishes the belief that there is
always room for improvement in courseware and is a firm believer in Instructor Led Training (ILY) format.
He puts great value in the collaboration amongst peers that occur in his classroom and sees it as a way of
transferring knowledge and improving product comprehension.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Windows Server 2008 ix
Contents
Module 1: Installing and Configuring Windows Server 2008 R2
Lesson 1: Planning Windows Server 2008 R2 Installations 1-3
Lab A: Planning to Install Windows Server 2008 R2 (Optional) 1-17
Lesson 2: Performing a Windows Server 2008 R2 Installation 1-21
Lab B: Installing Windows Server and Configuring Post-Installation
Settings 1-32
Lesson 3: Configuring Windows Server 2008 R2 Following Installation 1-38
Lab C: Managing Roles and Features 1-46
Lesson 4: Automating Server Activation Using Microsoft Volume
Activation 1-50
Lab D: Configuring Windows Server 2008 Licensing 1-63
Module 2: Implementing Deployment Technologies
Lesson 1: Selecting a Suitable Deployment Strategy 2-3
Lesson 2: Using the Windows Automated Installation Kit 2-16
Lesson 3: Working With Images 2-32
Lesson 4: Working with Unattended Answer Files 2-41
Lab: Deploying Windows Server 2008 with an Answer File 2-49
Module 3: Using Microsoft Windows Deployment Services
Lesson 1: Overview of Windows Deployment Services 3-3
Lesson 2: Implementing Deployment with Windows Deployment Services 3-12
Lesson 3: Administering Windows Deployment Services 3-22
Lab: Using Microsoft Windows Deployment Services to Deploy
Windows Server 3-31
Module 4: Implementing the Microsoft Deployment Toolkit
Lesson 1: Introducing the Microsoft Deployment Toolkit 4-3
Lesson 2: Configuring the Microsoft Deployment Toolkit 4-13
Lesson 3: Performing Lite Touch Deployments 4-23
Lesson 4: Performing Zero-Touch Deployments 4-30
Lesson 5: Maintaining Images with Microsoft Deployment Toolkit 4-40
Lab: Implementing the Microsoft Deployment Toolkit 4-48
Module 5: Migrating Active Directory Directory Service
Lesson 1: Overview of Upgrading Windows Server 2008 R2 AD DS 5-3
Lesson 2: Upgrading Domain Controllers to Windows Server 2008 5-14
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
x Deploying Windows Server 2008
Lab: Migrating Active Directory Directory Service 5-23
Module 6: Migrating File, Print and Web Services
Lesson 1: Introducing Server Migration 6-3
Lesson 2: Migrating File and Print Servers 6-13
Lab A: Migrating Windows Server 2003 File and Print Services 6-29
Lesson 3: Migrating Web and Application Servers 6-35
Lab B: Migrating a Web Application to Windows Server 2008 R2 and
Internet Information Services (IIS) 7 6-49
Module 7: Deploying Branch Office and Remote Access Services
Lesson 1: Implementing Read-Only Domain Controllers 7-3
Lab: Deploying a Read-Only Domain Controller to a Branch Office 7-16
Lesson 2: Implementing Remote Infrastructure 7-21
Lab: Implementing BranchCache 7-35
Module 8: Migrating Workloads to Microsoft Virtual Machines
Lesson 1: Overview of Microsoft Virtualization Technologies 8-3
Lesson 2: Installing Hyper-V 8-10
Lesson 3: Migrating Workloads to Hyper-V 8-20
Lab: Migrating Workloads to Microsoft Virtual Machines 8-33
Lab Answer Keys


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
About This Course xi
About This Course
This section provides you with a brief description of the course, audience, suggested prerequisites, and
course objectives.
Course Description
This 3-day instructor-led course provides students with an understanding of migrating and deploying
Windows Server 2008 R2 including installation, configuration, and upgrading. Special emphasis is given
to upgrading common server configurations and using the Microsoft Deployment Toolkit.
Audience
This course is intended for information technology (IT) professionals who have experience with Windows
Server 2003 or Windows Server 2008, and who hold an Microsoft Certified Technology Specialist (MCTS)
credential or Microsoft Certified IT Professional (MCITP) credential (or Microsoft Certified Systems
Engineer (MCSE) credential or Microsoft Certified Systems Administrator (MCSA) credential) certification
and/or equivalent knowledge. They also should be responsible for deploying Windows Server 2008 R2,
including the R2 features that enable enhanced functionality of Windows 7 clients, must understand
how to use the latest deployment tools and solution accelerators that were updated for Windows Server
2008 R2 and Windows 7. This course is intended for IT professionals experienced on the technologies that
Windows Server 2003 or Windows Server 2008 R2 include, and who have a Windows Server 2003 or 2008
MCTS or MCITP (or MSCA/MCSE) certification or equivalent knowledge.
This course also is targeted at IT professionals who are responsible for planning and implementing the
deployment of Windows Server 2008 R2 and Windows 7. This audience uses graphical administration
tools, command-line tools, Windows PowerShell, imaging tools, Microsoft Deployment Toolkit, and
Microsoft Solution Accelerators. These IT professionals conduct most server-deployment tasks in a
deployment lab, and roll out monitored pilot deployments in a controlled fashion. They use a
combination of low-touch and no-touch deployment processes and tools. This audience also deploys
these servers from a centralized location, and validates remote server deployments and configurations
using remote management tools and scripts.
Student Prerequisites
This course requires that you meet the following prerequisites:
Able to perform server and desktop installation, upgrades, and configuration
A conceptual understanding of automated deployment
A basic understanding of the processes in Microsoft Operations Connector Framework, Microsoft
Solutions Framework, and ITIL 3.0
Basic skills with Windows PowerShell 2.0
Windows command line
Understanding of, and experience with, monitoring and management tools
Networking knowledge
Knowledge of Active Directory Domain Services (AD DS)
Knowledge of security
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
xii About This Course
Understanding of, and experience with, performance monitoring
Troubleshooting skills
Familiarity and experience with Windows PowerShell 2.0, Windows Command line, scripting of
imaging and virtualization technologies, and general batch scripting.
Course Objectives
After completing this course, students will be able to:
Describe Windows Server 2008 R2 installation and configuration options, and select an appropriate
volume-licensing option for Windows Server 2008 R2
Deploy and configure a Windows Server 2008 R2 Server Core installation
Implement various Windows Server deployment technologies
Implement Windows 7 and Windows Server 2008 R2 deployments with Windows Deployment
Services (WDS)
Implement Windows 7 and Windows Server 2008 R2 deployments with Microsoft Deployment Toolkit
2010 (MDT 2010)
Migrate earlier versions of Active Directory directory service to AD DS
Migrate file and print, and Web servers to Windows Server 2008 R2
Migrate remote infrastructure servers to support branch offices
Virtualize workloads by migrating physical servers to guests in Microsoft Hyper-V Server 2008 R2
Course Outline
This section provides an outline of the course:
Module 1 ,Installing and Configuring Microsoft Windows Server 2008 R2
Although you can use a number of tools and technologies to help you deploy the Windows Server 2008
R2 operating system, it is important to understand how to plan for and perform individual server
installations using local media. It is also important to know how to configure the server following
installation, including how to activate your servers and manage volume activations.
Module 2, Implementing Deployment Technologies
Different organizations have different Windows Server installation and deployment needs. Often, the
choice made about which deployment technology to use depends on the number of servers to be
deployed. This module describes the key deployment scenarios and provides guidance about suitable
Microsoft deployment technologies to facilitate them. The module then describes how to use the
Windows Automated Installation Kit (Windows AIK) to assist with some of these deployment scenarios; the
different types of images used in some of these scenarios; and how to perform unattended installations of
Windows Server.
Module 3, Planning and Deploying Mailbox Services
Larger organizations need deployment technologies that can reduce or eliminate user-interaction during
the deployment process. You can use Windows Deployment Services to help support lite-touch and zero-
touch, high-volume deployments. This module explores the functionality of Windows Deployment
Services and explains how to use Windows Deployment Services tools to perform lite-touch deployments.
Module 4, Implementing the Microsoft Deployment Toolkit
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
About This Course xiii
The Microsoft Deployment Toolkit 2010 (MDT 2010) forms a unifying framework for Windows
Deployment Services, the Windows Automated Installation Kit (Windows AIK), and Microsoft System
Center Configuration Manager 2007 with documentation on best practices to help system administrators
and deployment engineers deploy the Windows Server 2008R2 operating system more easily. In addition,
MDT 2010 includes some tools that accelerate image creation and deployment. MDT 2010, together with
the supporting documentation and tools, helps lower the effort required for server deployment.
Module 5, Migrating Active Directory Directory Service
Active Directory is the centerpiece of any enterprise that uses Microsoft technologies. It provides
authentication, authorization and accountability for the network and all Active Directory integrated
applications, such as Microsoft Exchange Server or Microsoft SQL Server. Migrating to the latest version
of Active Directory provides many new features, security and efficiency.
This module provides guidance for upgrading and migrating Active Directory directory services from a
Microsoft Windows 2000 Server operating system or a Windows Server 2003 operating system to a
Windows Server 2008 R2 operating system. This module provides the best practices for Active Directory
upgrades.
Module 6, Migrating File and Print and Web Services
After the installation and configuration of a Windows Server 2008 R2 server, the next step is to migrate
data and settings from older Windows Server 2003 or 2008 servers to the new computer. This and the
following modules focus on those tasks.
The Windows Server Migration Tools are used to easily and effectively migrate data and settings.
Administrators use this tool to select specific roles and configurations of the server to be migrated. With
the Windows Server Migration Tools, administrators can also use the versatility of Windows PowerShell to
script the whole process.
In the following module, we will discuss how to migrate different roles from legacy operating systems,
especially File server, Print server and Web server roles, and use different Microsoft tools to accomplish
those tasks.
Module 7, Deploying Branch Office and Remote Access Services
Remote offices usually present challenges for administrators. They are more difficult to control and the
network connections with main offices may have limited available bandwidth.
Remote users also present similar problems for administrators such as managing remote computers and
keeping them connected with an easy to use virtual private network (VPN).
The Windows Server 2008 R2 operating system provides significant new features for managing these
scenarios. Many of these improvements build on what was available in the Windows Server 2003
operating system and Windows Server 2008 operating system.
Module 8, Migrating Workloads to Microsoft Virtual Machines
Currently, virtualization is the leading IT trend. There are many virtualization technologies, such as
application virtualization, presentation virtualization or server virtualization, and all of them will be
discussed in the following module. Also, strategies for migrating servers to a virtual environment and tools
to support it will be discussed.
This module provides guidance for migrating existing workloads to a virtual machine environment using
the Microsoft Hyper-V Server 2008 R2 Hyper-V role.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
xiv About This Course
Course Materials
The following materials are included with your kit:
Course Handbook A succinct classroom learning guide that provides all the critical technical information in a
crisp, tightly-focused format, which is just right for an effective in-class learning experience.
Lessons: Guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.
Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.
Module Reviews and Takeaways: Provide improved on-the-job reference material to boost
knowledge and skills retention.
Lab Answer Keys: Provide step-by-step lab solution guidance at your finger tips when its
needed.
Course Companion Content on the http://www.microsoft.com/learning/companionmoc/ Site:
Searchable, easy-to-navigate digital content with integrated premium on-line resources designed to
supplement the Course Handbook.
Modules: Include companion content, such as questions and answers, detailed demo steps and additional
reading links, for each lesson. Additionally, they include Lab Review questions and answers and Module
Reviews and Takeaways sections, which contain the review questions and answers, best practices, common
issues and troubleshooting tips with answers, and real-world issues and scenarios with answers.
Resources: Include well-categorized additional resources that give you immediate access to the most up-to-
date premium content on TechNet, MSDN, Microsoft Press
Student Course files on the http://www.microsoft.com/learning/companionmoc/ Site: Includes the
Allfiles.exe, a self-extracting executable file that contains all the files required for the labs and
demonstrations.
Course evaluation At the end of the course, you will have the opportunity to complete an online evaluation
to provide feedback on the course, training facility, and instructor.
To provide additional comments or feedback on the course, send e-mail to
support@mscourseware.com. To inquire about the Microsoft Certification Program, send e-mail
to mcphelp@microsoft.com.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
About This Course xv
Virtual Machine Environment
This section provides the information for setting up the classroom environment to support the business
scenario of the course.
Virtual Machine Configuration
In this course, you will use Microsoft Virtual Server 2005 R2 with SP1 to perform the labs.
Important: At the end of each lab, you must close the virtual machine and must not save any
changes. To close a virtual machine without saving the changes, perform the following steps: 1. On
the virtual machine, on the Action menu, click Close. 2. In the Close dialog box, in the What do you
want the virtual machine to do? list, click Turn off and delete changes, and then click OK.
The following table shows the role of each virtual machine used in this course:
Virtual machine Role
6418C-NYC-DC1 Windows Server 2008 R2 domain controller in the Contoso.com
domain
6418C-NYC-RODC1 Windows Server 2008 R2 read-only domain controller
6418C-NYC-SVR1 Windows Server 2003 R2 member server in Contoso.com
6418C-NYC-SVR2 Windows Server 2008 R2 member server in the Contoso.com domain
6418C-NYC-BLANK A virtual machine with no operating system installed
6418C-NYC-CL1 A Windows 7 computer in the Contoso.com domain
6418C-NYC-CL2 A Windows 7 computer in the Contoso.com domain
6418C-NYC-CORE A Windows Server 2008 R2 Server Core
6418C-LON-DC1 Windows Server 2003 R2 domain controller in the Adatum.com domain
6418C-LON-SVR1 Windows Server 2003 R2 member server in Adatum.com

Software Configuration
The following software is installed on each VM:
Windows Server 2008 R2 Enterprise
Windows Server 2003 R2 Enterprise
Windows 7
Microsoft Office 2007, Service Pack 2
Microsoft Deployment Kit.
Windows Automated Installation Kit.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
xvi About This Course
Classroom Setup
Each classroom computer will have the same virtual machine configured in the same way. All of the virtual
machines are deployed on each student computer.
Course Hardware Level
To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment
configuration for trainer and student computers in all Microsoft Certified Partner for Learning Solutions
(CPLS) classrooms in which Official Microsoft Learning Product courseware are taught.
The classroom computers require the following hardware and software configuration.
Hardware Level 6
Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor
Dual 120 gigabyte (GB) hard disks 7200 RM SATA or better*
4 GB RAM expandable to 8GB or higher
DVD drive
Network adapter
Super VGA (SVGA) 17-inch monitor
Microsoft Mouse or compatible pointing device
Sound card with amplified speakers
*Striped

Additionally, the instructor computer must be connected to a projection display device that supports
SVGA 1024 x 768 pixels, 16-bit colors.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-1
Module 1
Installing and Configuring Windows Server 2008
Contents:
Lesson 1: Planning Windows Server 2008 Installations 1-3
Lab A: Planning to Install Windows Server 2008 (Optional) 1-17
Lesson 2: Performing a Windows Server 2008 Installation 1-21
Lab B: Installing Windows Server and Configuring Post-Installation
Settings 1-32
Lesson 3: Configuring Windows Server 2008 Following Installation 1-38
Lab C: Managing Roles and Features 1-46
Lesson 4: Automating Server Activation Using
Microsoft Volume Activation 1-50
Lab D: Configuring Windows Server 2008 Licensing 1-63
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-2 Deploying Windows Server 2008
Module Overview

Although you can use a number of tools and technologies to help you deploy the Windows Server 2008
operating system, it is important to understand how to plan for and perform individual server installations
using local media. It is also important to know how to configure the server following installation, including
how to activate your servers and manage volume activations.
Objectives
After completing this module, you will be able to:
Plan Windows Server 2008 installations.
Perform a Windows Server 2008 installation.
Configure Windows Server 2008 following installation.
Automate server activation using Microsoft Volume Activation Tool.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-3
Lesson 1
Planning Windows Server 2008 Installations

Before you can install Windows Server, it is necessary to select an appropriate edition of Windows Server
2008. In addition, you must verify that your server computer meets the recommended minimum hardware
requirements of the edition that you have selected. This lesson describes the various Windows Server
editions and provides guidance on appropriate installation prerequisites.
If you are considering upgrading to the Windows Server 2008 R2 operating system, it is important that
you understand the upgrade options that are available. There are a number of tools available that enable
you to more effectively plan your installations and upgrades. This lesson explores some of these tools.
Objectives
After completing this lesson, you will be able to:
Describe the editions of Windows Server 2008.
Describe pre-installation requirements.
Describe upgrade options.
Describe how to migrate to Windows Server 2008.
Explain how to use the Microsoft Assessment and Planning (MAP) Toolkit.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-4 Deploying Windows Server 2008
Windows Server 2008 Editions

Key Points
Windows Server 2008 R2 is designed to help organizations reduce operating costs and power
consumption, and increase efficiency and performance. It also helps provide improved branch office
capabilities, new remote access experiences, streamlined server management, and an expanded Microsoft
virtualization strategy for both client and server computers.
Selecting the Windows Server Edition
Windows Server 2008 is available in 32 and 64 bit versions whereas Windows Server 2008 R2 is the first
Windows operating system that runs only on 64-bit processors and that provides supports up to 256
logical processor cores for a single operating system instance. Windows Server 2008 R2 includes
enhancements in the Windows Server 2008 Hyper-V server role, which is able to support up to 64
logical cores and live migration. These improvements not only guarantee performance and scalability for
applications and services, but also support new types of hardware, such as solid-state devices and boot
from Storage Area Network (SAN) or Virtual Hard Disk (VHD) files.
Windows Server 2008 and Windows Server 2008 R2 are both available in seven editions to support
varying server and workload needs of organizations.
The Windows Server 2008 R2 Foundation operating system
The Windows Server 2008 R2 Standard operating system
The Windows Server 2008 R2 Enterprise operating system
The Windows Server 2008 R2 Datacenter operating system
The Windows Web Server 2008 R2 operating system
The Windows Server 2008 R2 for Itanium-based systems operating system
Windows Server 2008 R2 HPC Edition

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-5
Note: Windows Server 2008 R2 HPC Edition will be available towards the latter half of 2010. Also
available is Windows Storage Server 2008 which is built upon Windows Server 2008. This is available
through Original Equipment Manufacturers (OEMs) only.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-6 Deploying Windows Server 2008
Pre-Installation Requirements

Key Points
Before you install or deploy Windows Server, it is important to consider the pre-installation requirements.
Minimum Hardware Requirements
Windows Server 2008 R2 has system requirements similar to the Windows Server 2008 operating system,
but as stated earlier, Windows Server 2008 R2 runs only on 64-bit processors. Although Windows Server
2008 R2 can be installed on a computer with 512 megabytes (MB) of RAM, the computer can use up to 8
gigabytes (GB) for Windows Server 2008 R2 Foundation, 32 GB for Windows Web Server 2008 R2 or
Windows Server 2008 R2 Standard, and two terabytes for Windows Server 2008 R2 Enterprise or Windows
Server 2008 R2 Datacenter. System requirements vary between Full installation and Server Core
installation.
X64 Installation Considerations
Windows Server 2008 R2 is only available in 64-bit versions. 64-bit operating systems offer a number of
significant advantages. For example, installing 64-bit operating systems offer the ability to scale up
(increase processor cores and memory) more than is possible with a 32-bit operating system.
However, you must ensure that the kernel-mode drivers that you will use are all signed digitally; digital
signatures for kernel-mode software are an important way to ensure security on computer systems.
Note: Even users with administrator privileges cannot load unsigned kernel-mode code on Windows
Server 2008 R2 systems. This applies for any software module that loads in kernel-mode, including
device and filter drivers, and kernel services.
The mandatory kernel-mode, code-signing policy applies to all kernel-mode software on systems running
Windows Server 2008 R2.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-7
Note: It is possible to disable the kernel-mode signature requirement for testing purposes. For
additional information, view the Readme.rtf file in the sources folder of the Windows Server 2008 R2
product DVD.
In addition to ensuring that you have digitally signed drivers, you must consider application compatibility.
Windows Server 2008 R2 includes kernel and user-mode application programming interface (API) changes
that support virtualization, scalability, performance, power-management, and networking enhancements.
Consequently, applications designed to run on an earlier, 32-bit version of Windows Server may not run
correctly on Windows Server 2008 R2.
You must verify the correct functionality of important applications before you deploy Windows Server
2008 R2, and where necessary, implement application fixes to ensure correct functionality.
Microsoft provides a number of application compatibility tools that can help you test, and where required,
fix your applications so that they run correctly within the 64-bit Windows Server 2008 R2 environment.
Special Requirements for Hyper-V
In addition to the systems requirement for Windows Server 2008 R2, you must ensure that your server
computer supports hardware-assisted virtualization (Intel Virtualization Technology (VT) or AMD-V)
technology.
Note: You can identify systems that support the x64 architecture and Hyper-V by searching the
Windows Server catalog. For Windows Server 2008 you can select Hyper-V as an additional
qualification. For Windows Server 2008 R2, all systems that have a "Certified for Windows Server 2008
R2" logo support Hyper-V.
The following table lists the requirements and maximums that apply to the server running Hyper-V.
Component Maximum Notes
Logical processors 64
Both of the following must be available and enabled in
the basic input/output system (BIOS):
Hardware-assisted virtualization (HAV)
Hardware-enforced Data Execution Prevention (DEP)
Virtual processors
per logical
processor
8
This value defines the upper limit of the number of virtual
processors you can configure in running virtual machines
per logical processor on the host computer.
Virtual machines
per server
384 running virtual
machines

Memory One terabyte
Storage
Limited by what is
supported by the
management
operating system. No
limits imposed by
Hyper-V.

Physical network No limits imposed by

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-8 Deploying Windows Server 2008
Component Maximum Notes
adapters Hyper-V.
Virtual networks
(switches)
Varies; no limits
imposed by Hyper-V.
The practical limit depends on the available computing
resources.
Storage
Limited by what is
supported by the
management
operating system. No
limits imposed by
Hyper-V.

Question: Why is kernel-mode driver signing important?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-9
What Are the Upgrade Options?

Key Points
Windows Server 2008 R2 performs upgrades differently from previous versions of Windows Server. When
you perform an in-place upgrade to Windows Server 2008 R2, the new operating system is installed in
parallel to the existing operating system. Then, the existing operating system is parsed for recognized
settings, which are moved into the new installation of Windows Server 2008 R2.
After the upgrade to Windows Server 2008 R2 is complete, it is not possible to roll back to the original
operating system. However, if an error occurs during the upgrade, the operating system can be rolled
back.
The main benefits of performing an upgrade are:
Preservation of existing operating system settings when recognized. Any settings that are
unrecognized will not be moved to the new installation.
Preservation of existing applications and their settings when recognized. Applications should be
tested to ensure that they are moved properly.
Downtime is limited to the installation of the operating system. There is no need to move large
volumes of data between servers.
If you intend upgrading from your current server operating system to Windows Server 2008 R2, it is
important that you know what the supported upgrade scenarios are.
A Windows Server 2008 R2 upgrade is possible from previous 64-bit server operating systems such as the
Windows Server 2003 Standard Edition operating system with SP2 or the Windows Server 2003 R2
operating system and Windows Server 2008 with or without SP2. It does not support upgrades from
earlier versions of Windows operating systems and cross-architecture32-bit to 64-bit; cross-language
German to English; and cross-editionthe Windows Server 2008 Enterprise operating system to the
Windows Server 2008 R2 Standard operating system. It also does not support upgrades from Itanium-
based systems.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-10 Deploying Windows Server 2008
Supported In-Place Upgrade Scenarios in Windows Server 2008 R2
In-place upgrades are those in which you intend to replace the earlier Windows Server operating system
on an existing server computer with Windows Server 2008 R2. In-place upgrades preserve operating
system configuration settings and applications. When considering performing an in-place upgrade,
remember that you:
Cannot perform in-place upgrades from the Windows XP operating system, the Windows Vista
operating system, the Windows Vista Starter operating system, or the Windows 7 operating system.
Cannot perform in-place upgrades from the Microsoft Windows 2000 Server operating system,
Windows Server 2003 RTM, Windows Server 2003 with Service Pack 1 (SP1), Windows Server 2003
Web Edition operating system, Windows Server 2008 R2 M3, and Windows Server 2008 R2 Beta.
Cannot perform in-place upgrades from Windows Server 2003 for Itanium-based operating systems,
Windows Server 2003 x64 Edition operating systems, Windows Server 2008 for Itanium-based
operating systems, or Windows Server 2008 R2 for Itanium-based operating systems.
Cannot perform in-place upgrades from 32-bit to 64-bit architectures.
Cannot perform in-place upgrades from one language to another.
Cannot perform in-place upgrades between build types; for example, fre to chk.
The following upgrade scenarios are supported.
Current operating system Supported upgrade path
Windows Server 2003 Standard Edition with
Service Pack 2 (SP2) or Windows
Server 2003 R2 Standard Edition
Windows Server 2008 R2 Standard, Windows
Server 2008 R2 Enterprise
Windows Server 2003 Enterprise Edition with
SP2 or Windows Server 2003 R2 Enterprise
Edition
Windows Server 2008 R2 Enterprise, Windows
Server 2008 R2 Datacenter
Windows Server 2003 Datacenter Edition
with SP2 or Windows Server 2003 R2
Datacenter Edition
Windows Server 2008 R2 Datacenter
Server Core installation of Windows
Server 2008 Standard with or without SP2
Server Core installation of either Windows
Server 2008 R2 Standard or Windows Server 2008 R2
Enterprise
Server Core installation of Windows
Server 2008 Enterprise with or without SP2
Server Core installation of either Windows
Server 2008 R2 Enterprise or Windows Server 2008 R2
Datacenter
Server Core installation of Windows
Server 2008 Datacenter
Server Core installation of Windows Server 2008 R2
Datacenter
Server Core installation of Windows Web
Server 2008 with or without SP2
Server Core installation of either Windows
Server 2008 R2 Standard or Windows Web
Server 2008 R2
Full installation of Windows Server 2008
Standard with or without SP2
Full installation of either Windows Server 2008 R2
Standard or Windows Server 2008 R2 Enterprise
Full installation of Windows Server 2008
Enterprise with or without SP2
Full installation of either Windows Server 2008 R2
Enterprise or Windows Server 2008 R2 Datacenter
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-11
Current operating system Supported upgrade path
Full installation of Windows Server 2008
DataCenter with or without SP2
Full installation of Windows Server 2008 R2 DataCenter
Full installation of Windows Server 2008
Foundation with or without SP2
Full Installation of Windows Server 2008 R2 Standard
Also, In Windows Server 2008 R2 it is possible to upgrade a stock-keeping unit (SKU) like Standard edition
to a higher level SKU like Enterprise edition using the Deployment Image Servicing and Management
(DISM) tool and its edition-servicing commands. To do so you do not need to reinstall the operating
system but do need a valid product key for the SKU. This functionality is the equivalent to the Windows
Anytime Upgrade functionality in Windows 7. This functionality is not availabile in Windows Server 2008.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-12 Deploying Windows Server 2008
Migrating to Windows Server 2008

Key Points
A migration occurs when you install Windows Server 2008 R2 on new hardware and then move the
services, applications, and data from an existing server to the new server. There is no downtime for
services during the installation of Windows Server 2008 R2, but there may be downtime for services when
they are being migrated to the new server.
The main benefits of performing a migration are:
A clean installation of a new operating system is typically more reliable than an upgrade of an
existing operating system. Microsoft recommends using a clean installation whenever possible.
The source server can be maintained for rollback even after the new server is in place. If the new
server is not performing properly after implementation, you can go back to using the original server
until the problem is resolved.
You can perform testing on the new server before putting it into production. You can test
applications and new configurations if required.
You are not limited in how you move between operating system versions. You can migrate data or
applications from Windows Server 2003 Enterprise Edition to Windows Server 2008 R2 Standard.
You are not limited by the processor architecture of the source and destination operating systems.
You can migrate data or applications from a 32-bit operating system.
You are not limited by the language configuration of the source and destination operating systems.
You can migrate data or applications from a server running one language to a server running a
different language.
You can migrate supported data and applications to Server Core. However, Server Core has a limited
number of server roles that it is suitable for.
Potential drawbacks to performing a server migration are:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-13
Data must be manually moved to the new server. Large file shares can take a significant amount of
time to migrate.
Applications must be reinstalled and properly configured on the new server. If no one on staff is
familiar with the details of the application, this can be error prone.
Clients must be redirected to use services on the new server. This may require that client computers
be reconfigured manually in some cases, which is time consuming. However, you can redirect clients
to new file shares by changing the drive letters mapped on the clients by using a logon script or
group policy. In some cases, you can update a host record in Domain Name System (DNS) to point to
the IP address of the new server.
Note: For information about server migration tools, visit the Microsoft TechNet Website:
http://go.microsoft.com/fwlink/?LinkId=195573.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-14 Deploying Windows Server 2008
What Is the Microsoft Assessment and Planning Toolkit?

Key Points
When you are planning to transition your servers from earlier versions of the Windows Server operating
system to Windows Server 2008, it is important to know whether your server computers can support the
new server operating system; specifically, it is important that you know if there are any hardware,
software, or device issues that might present problems either during the transition or after the transition.
Note: The term transition is used here as a generic term to describe migrating the server from one
operating system to another; it is not meant to imply either an upgrade or a wipe and load
installation.
If you have few or only one server to transition, it is relatively easy and not too time consuming to
perform a manual audit on the server to determine whether there are likely to be any problems associated
with the transition process. However, in organizations that support many servers, this manual approach is
prohibitive.
The MAP Toolkit provides a way for you to determine the readiness of your existing servers to transition
to Windows Server 2008 R2.
MAP Overview
MAP requires no agents on the server and workstation computers that it assesses; instead, it relies upon
Windows Management Instrumentation (WMI) and the Remote Registry Service to analyze computers
that it discovers on your network. You can use the data provided by MAP to help plan the transition to:
Windows 7
Windows Vista
Microsoft Office 2007
Windows Server 2008 R2

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-15
Windows Server 2008
Windows Server Hyper-V
Microsoft Application Virtualization Management
Microsoft SQL Server 2008
Forefront Client Security
Network Access Protection
MAP provides recommendations for hardware upgrades and information about device driver
compatibility for planned transitions to Windows Server 2008 R2, Windows Server 2008, Windows 7, and
Windows Vista.
Note: In addition, MAP provides the ability to gather performance-related data from computers that
you intend to deploy to support virtualization.
MAP Functional Overview
MAP provides the following fundamental functions:
Hardware inventory
Compatibility analysis
Readiness reporting
The hardware assessment examines devices installed in a computer and determines device driver
availability for those devices. In addition, the assessment determines whether the hardware can support
the proposed transition. MAP produces a report that details whether or not a migration is recommended,
and if not, why not; this assessment report includes details about device driver availability.
You can use MAP to inventory the following platforms:
Windows 7
Windows Vista
Windows XP Professional
Windows Server 2008 or Windows Server 2008 R2
Windows Server 2003 or Windows Server 2003 R2
Microsoft Windows 2000 Professional operating system or Microsoft Windows 2000 Server operating
system
VMware ESX
VMware ESXi
VMware Server
MAP generates reports that contain detailed analysis together with an executive summary; MAP uses
Microsoft Office Excel spreadsheets and Microsoft Office Word documents to produce the report,
making the content more easily accessible.
MAP generates reports for the following scenarios:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-16 Deploying Windows Server 2008
Current Windows client operating systems. MAP reports on existing hardware, the presence of
antivirus and antimalware software and Windows Firewall status. The report contains guidance and
recommendations for the migration to Windows 7 or Windows Vista.
Current Windows server operating systems. MAP reports on the installed hardware and provides
recommendations for the migration to Windows Server 2008 R2 and Windows Server 2008.
Microsoft Office software. MAP provides recommendations for the feasibility of migration to
Microsoft Office 2007.
Additionally, MAP provides reporting information on the following:
Server utilization.
Server consolidation and virtual machine placement.
Assessment of client machines, servers, and the technology environment for the implementation of
Microsoft Application Virtualization.
Identification of existing virtual machines.
Identification of computers that are installed with SQL Server.
Power savings that you can make by understanding the power management capabilities available on
existing server and client computers.
Note: You can download MAP from this location: http://go.microsoft.com/fwlink/?LinkID=111000
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-17
Lab A: Planning to Install Windows Server 2008
(Optional)

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR1 and 6418C-NYC-CL1.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-18 Deploying Windows Server 2008
Exercise 1: Using the Microsoft Assessment and Planning Toolkit
Scenario
You are a consultant with Contoso, Ltd involved in the process of migrating the servers in the Contoso
organization to Windows Server 2008 R2. You decide to use the MAP Toolkit to help to determine how
best to deploy Windows Server 2008 R2.
The main tasks for this exercise are as follows:
1. Perform readiness analysis using the MAP Toolkit.
2. Analyze the summary results.
3. Generate reports and proposals.
4. View saved reports and proposals.
5. Analyze the detailed results.
6. Suggest a course of action.
Task 1: Perform readiness analysis using the Microsoft Assessment and Planning Toolkit
1. Switch to the NYC-CL1 computer.
2. From the All Programs menu, start the Microsoft Assessment and Planning Toolkit.
3. Create a new inventory database entitled Contoso Inventory.
4. Perform Windows Server 2008 R2 Readiness assessment by running the Inventory and Assessment
Wizard located in the Windows Server 2008 R2 Readiness node.
5. Use the following information to complete the wizard:
a. In the Inventory and Assessment Wizard, on the Computer Discovery Methods page, accept the
defaults.
b. On the Active Directory Credentials page, use the following information to complete
configuration:
i. Domain: Contoso.com
ii. Domain account: Contoso\Administrator
iii. Password: Pa$$w0rd
c. On the Active Directory Options page, accept the defaults.
d. On the Windows Networking Protocols page, accept the defaults.
e. On the WMI Credentials page, click New Account.
f. In the Inventory Account dialog box, use the following information to complete the dialog box,
and then click Save.
i. Domain name: Contoso
ii. Account name: Administrator
iii. Password and Confirm password: Pa$$w0rd
iv. Account use: Use on all computers
g. On the WMI Credentials page, click Next.
h. On the Summary page, click Finish.
6. When the assessment is complete, click Close.
Task 2: Analyze the summary results
In the Microsoft Assessment and Planning Toolkit, use the Windows Server 2008 R2 Readiness
Summary Results page to answer the following questions:
a. How many computers met the minimum system requirements for Windows Server 2008 R2?
b. How many cannot run Windows Server 2008 R2?
c. In the Operating System Summary, what operating systems were discovered?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-19
Task 3: Generate reports and proposals
In the Actions pane, click Generate report/proposal.
Task 4: View saved reports and proposals
1. In Microsoft Assessment and Planning Toolkit, on the View menu, click Saved Reports and
Proposals.
2. In Windows Explorer, double-click the spreadsheet whose title begins with
WS2008R2HardwareAssessment. When the User Name dialog box appears, click OK.
3. In Windows Explorer, double-click the document whose title begins with WS2008R2Proposal.
Task 5: Analyze the detailed results
1. In Excel, on the Summary tab, how many computers do not meet requirements?
2. On the ServerAssessment tab, what were the names of the servers assessed?
3. On the ServerInventory tab, do all servers meet the Windows Server readiness requirements?
4. On the ServerAssessment tab, what are the reasons given for nyc-svr1 not being Windows Server
2008 R2 capable?
5. What recommendations are made regarding these issues?
6. Switch to Word and review the report.
Task 6: Suggest a course of action
Note: Your instructor may choose to perform this lab as a group discussion rather than an individual
activity.
Complete the Contoso Windows Server 2008 R2 Migration Proposal document.
Contoso Windows Server 2008 R2 Migration Proposal
Document Reference Number: CW060510/2
Document Author
Date
Charlotte Weiss
6th May
Requirements Overview
Provide recommendations about any hardware or other changes required to support the migration
of all legacy servers to Windows Server 2008 R2.
Additional Information
The Microsoft Assessment and Planning Toolkit was used to perform readiness analysis. Summary
reports are available upon request.
Proposals
1. Does the NYC-SVR1.contoso.com computer meet the minimum hardware
requirements for Windows Server 2008 R2?
2. Would you recommend any changes to the configuration of NYC-
SVR1.contoso.com?
3. To which version of Windows Server 2008 R2 could this server be upgraded?
4. What roles are installed on the assessed computers? (Hint: examine the Word
document produced by MAP on NYC-CL1 for further information.)
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-20 Deploying Windows Server 2008
Results: After this exercise, you should have a completed Contoso Windows Server 2008 R2
Migration Proposal document.
To prepare for the next lab
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-SVR1 and 6418C-NYC-CL1.
5. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next lab, click 6418C-NYC-DC1, and then in the Actions
pane, click Connect.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-21
Lesson 2
Performing a Windows Server 2008 Installation

In larger organizations, it is typical that both server and client operating systems are deployed using tools
that expedite the installation process. However, in smaller organizations, server installations are often
performed interactively by using the product DVD. Even in larger organizations, you might be required to
perform the occasional interactive server installation. It is therefore important that you know how to
install Windows Server 2008 by using locally attached media and to complete the post-installation
configuration.
Objectives
After completing this lesson, you will be able to:
Describe the Windows Server 2008 R2 installation process.
Perform post-installation configuration.
Describe Server Core installation deployment issues.
Configure a Server Core installation.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-22 Deploying Windows Server 2008
Overview of the Installation Process

Key Points
Installing Windows Server 2008 R2 has changed somewhat from earlier Windows Server versions,
although is broadly similar to the setup process for Windows Server 2008.
The installation process no longer includes the text mode portion of setup and is completely graphical
user interface (GUI)based. Another difference is that a single product DVD can include the Standard,
Enterprise, and Datacenter editions.
The setup process for a Windows Server 2008 R2 server has been reduced to only three phases:
Operating system setup, which includes the product key activation. When you begin the installation
process, you must answer a few questions; thereafter, the installation process continues without your
interaction.
Initial Configuration Tasks, which allows you to easily change the defaults set for the server during
installation. The Initial Configuration Tasks window opens each time you log on and you are
prompted to change the initial settings.
Note: You can prevent the Initial Configuration Tasks wizard from loading by selecting the Do not
show this window at logon check box. If you subsequently wish to load the Initial Configuration
Tasks wizard, run oobe.exe.
Server Manager, which allows you to easily select the roles needed for your server.
Important: Several settings, including the computer name and network settings, are set to default
values; consequently, when you first log on, you must configure these settings. You must also
change the Administrator password the first time you log on.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-23
The Installation Process
The following are the steps to install Windows Server 2008 R2:
1. Mount the product DVD and start the server computer.
2. The Install Windows wizard runs and you must:
a. Select the installation language.
b. Define Time and currency format.
c. Define Keyboard or input method.
3. Next, click Install now.
4. Select the operating system you want to install, for example, click Windows Server 2008 R2
Enterprise (Full Installation).
5. Accept the license terms of the software.
6. Choose the installation type. Choose either Upgrade, where permitted, or Custom (Advanced).
7. Assuming you are not performing an in-place upgrade, you must now specify where you want to
install Windows. Select a disk and then specify the volume in which you will install Windows.
Note: If no disks are listed, you can load a disk driver at this point.
8. Advanced options enable you to create, delete or manage volumes on a selected disk.
9. Once you have selected a suitable volume for installation, the Install Windows wizard copies files,
expands Windows files, installs features and updates, and then completes the installation process.
10. Next, you are prompted to change the administrators password prior to the first log on.
11. Your desktop settings are prepared and then the Initial Configuration Tasks wizard is loaded. You can
now complete the installation by configuring the required settings by using this wizard.
Note: This is discussed in the next few topics.
Installation Considerations
Options for Accessing Setup Media
Although you can install Windows Server 2008 R2 interactively by using the product DVD, for computers
without optical drives, you can also access the installation files in the setup media in one of the following
ways:
Use a universal serial bus (USB) memory stick. Format the stick for FAT32 and copy the contents of
the Windows Server product DVD onto the memory stick. You must use the Diskpart.exe command to
ensure that the partition on the memory stick is bootable. In addition, your server computer must
support booting from USB; this is usually configurable through the computers BIOS.
Use Windows Pre-installation Environment (Windows PE). Startup your server computer using
Windows PE and then connect to the installation files across the network by using the NET USE
commands within the Windows PE Command Prompt. You can then run setup.exe or use image
management tools to apply an image across the network to the local computer.
Note: Imaging is discussed later in this course.
Imaging Technology
Windows installation depends on imaging technology. The Sources subfolder on the Windows Server
2008 R2 product DVD contains two image filesboot.wim and install.wim.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-24 Deploying Windows Server 2008
Boot.wim is a file-based disk image that contains a bootable version of Windows PE, from which the
installation is performed.
The install.wim file contains Windows Server 2008 R2 files, which are hardware independent and can
be deployed to different hardware configurations.
Note: The .wim file supports compression and single instancing store, which helps store multiple
images in a .wim file, considerably reduces the disk space, and eliminates data duplication. For
example, multiple Windows Server 2008 R2 editions can be stored and deployed from the same DVD.
Answer File
You can also provide additional settings during installation, if necessary, by creating an unattended XML
file and incorporating it into the installation process. This can be very helpful for configuring Server Core.
You can create the unattended file by using the Windows System Image Manager (Windows SIM) tool,
which is a part of Windows Automated Installation Kit (Windows AIK).
Role-Based Installation
Windows Server 2008 R2 is a modular operating system; therefore, you can install only the features you
need. When you install the operating system, all modules are automatically copied to the hard disk drive
and many features remain inactive until you add them. You do not need the installation DVD to add
features after you install the operating system.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-25
Configuring Post-Installation Settings

Key Points
Once you have completed the installation process, you must finish setup by configuring post-installation
settings. You can configure the following settings by using the Initial Configuration Tasks wizard:
Activate Windows. You can continue to use Windows Server while it is not activated for a grace
period. After this period expires, Windows continues to function, however the system is then
unlicensed.
Note: Licensing is discussed at the end of this module.
Set the time zone. It is important to configure the time zone because many network-related services
do not function correctly if the computer clocks of networked computers are excessively out-of-sync.
Configure the network settings. By default, both IPv4 and IPv6 are configured to obtain an IP address
automatically.
Configure computer name and domain membership. By default, the computer name is automatically
generated; the suggested name may not comply with organizational standards that you have in
place. The computer is assigned membership of a workgroup by default. Once you add the computer
to the appropriate Active Directory Domain Service (AD DS) domain, Group Policy settings apply.
You can use Group Policy objects (GPOs) to configure some of the following settings.
Enable automatic updating and feedback settings. By default, automatic updates are disabled and
Windows error reporting is off. This setting is configurable with GPO.
Download and install updates. It is important to ensure that the computer is up-to-date with urgent
and security-related updates. This setting is configurable with GPO.
Add roles. No roles are installed by default.
Add features. No features are installed by default.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-26 Deploying Windows Server 2008
Enable Remote Desktop. Remote Desktop is disabled by default. This setting is configurable with
GPO.
Configure Windows Firewall. The computer is connected to a public network location and the
Windows Firewall is enabled by default, using the public location profile. This setting is configurable
with GPO.
Note: Remember that you changed the administrator password during the first log on.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-27
Deployment Considerations for Server Core

Key Points
Windows Server 2008 R2 Server Core provides a minimal operating system installation that reduces disk
space and memory requirements. The reduced footprint in Server Core requires less maintenance and
reduces opportunities for network attacks, and can make it a good candidate for remote branch office
scenarios.
Server Core provides several benefits.
Requires less software maintenance, such as installing updates.
Has fewer attack vectors exposed to the network, and therefore less of an attack surface.
Uses less disk space for installation.
Because no GUI is available, configuring a Server Core following installation requires a different approach
when compared with a full Windows Server 2008 R2 installation. The minimal interface in Server Core
requires a modified use of command prompt administrative tools or remote administration over the
network. However, it is necessary to configure the same settings as is required for a full installation.
Sconfig.cmd
In Windows Server 2008 R2, to help simplify the configuration process on Server Core, you can use the
Server Configuration tool (Sconfig.cmd) to configure and manage some of the post-installation
configuration settings.
You can configure the following settings by using sconfig.cmd:
Add the computer to a domain or configure workgroup settings.
Change the computer name.
Add a local administrator account.
Configure remote management.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-28 Deploying Windows Server 2008
Configure Windows Update settings.
Download and install updates.
Enable and configure Remote Desktop.
Configure network settings.
Configure the date and time.
Activate Windows
Use the following procedure to activate Server Core.
At a command prompt, type the following:
slmgr.vbs -ato
If activation is successful, no message will return in the command prompt.
You can also activate remotely by typing the following command at a command prompt of a computer
that is running Windows Vista, Windows 7, or Windows Server 2008:
Cscript windows\system32\slmgr.vbs <ServerName> <UserName> <password>-ato
Where:
<ServerName> is the Server Core computer name.
<UserName> is a user account with administrative privileges on the Server Core computer.
<password> is the password for the designated user account.
Configure Region and Language Settings
You can change the locale settings, including keyboard and language settings, by using the following
command:
Control intl.cpl
This opens the Region and Language option in Control Panel.
Add Roles and Features
There are a number of command-line programs that you can use to manage server roles and features on
Server Core installations.
Oclist and Ocsetup
You can determine which server roles and features are installed by running the following command:
Oclist
To add a role or feature, type the following command:
Start /w ocsetup <role or feature>
Where <role or feature> is the case-sensitive name of the role or feature that you wish to install. For
example, the following command installs the Dynamic Host Configuration Protocol (DHCP) Server role:
start /w ocsetup DHCPServerCore
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-29
Dism.exe
As an alternative to Oclist.exe and Ocsetup.exe you can use the Dism.exe command to determine installed
roles and features and to modify the installed roles and features. For example, to install the DNS Server
role, enter the following command:
Dism /online /enable-feature /featurename:DNS-Server-Core-Role
Note: Installing and managing roles and features is discussed in the next lesson.
Configure Windows Firewall
The Windows Firewall is enabled by default. If you wish to configure the firewall to enable certain
management features, such as Remote Administration, enter the following command:
netsh advfirewall firewall set rule group="remote administration" new enable=Yes
You can use the commands shown in the following table to manage the Windows Firewall.
Command Function
netsh advfirewall firewall add rule
name=Open Port 80 dir=in action=allow
protocol=TCP localport=80
Opens TCP port 80 through the Windows Firewall
netsh advfirewall set currentprofile state on Enables Windows Firewall
netsh advfirewall reset Reset Windows Firewall to default values
netsh advfirewall firewall set rule
group="<rule group>" new enable=Yes
Enable a management function through the Windows
Firewall, where <rule group> is one of the following:
Remote Event Log Management
Remote Service Management
File and Print Sharing
Remote Scheduled Tasks Management
Performance Logs and Alerts
Remote Volume Management
Windows Firewall Remote Management
Note: You can perform an unattended Server Core deployment to install and configure Server Core
simultaneously, rendering post-installation configuration of the new server unnecessary. This
capability can be used to support scenarios such as rapid datacenter capacity scale-out or server
deployment for remote branch offices.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-30 Deploying Windows Server 2008
Demonstration: How to Configure Post-Installation Settings on Server Core

Key Points
In this demonstration, you will see how to use command-line tools to configure Server Core following
operating system deployment.
Demonstration Steps
Note: It is assumed that you are logged onto Server Core and the command prompt is open. If you
inadvertently close the command prompt, press CTRL+ALT+END and click Start Task Manager. On the
Applications tab, click New Task. In the Create New Task dialog box, in the Open box, type cmd.exe
and press ENTER. Close Task Manager.
1. Switch to the Server Core server.
2. View the available network connections.
3. Use netsh to configure the IPv4 address:
Address: 10.10.10.30
Mask: 255.255.0.0
Gateway: 10.10.0.1
4. Configure the network connection to use 10.10.0.10 as the primary DNS server with netsh.
5. Use netdom to rename the computer to NYC-SVR-CORE.
6. Restart the computer with shutdown /r.
7. Use netdom to add the computer to the Contoso.com domain.
8. Restart the computer with shutdown /r.
9. Use sconfig.cmd to perform the following tasks:
Enable remote desktop

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-31
Install Microsoft Windows PowerShell
Enable remote management via Server Manager
Enable remote management via management console
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-32 Deploying Windows Server 2008
Lab B: Installing Windows Server and Configuring
Post-Installation Settings

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
Lab Scenario
Following the publication of the Contoso, Ltd Windows Server 2008 R2 Migration Proposal document, you
have been tasked with performing the first of the server deployments. In this instance, it has been decided
that a local media-based installation should be performed. Once the installation is complete, you will
manually configure the servers post-installation settings as per the supplied documentation.
Supporting Documentation
E-Mail thread of correspondence with Ed Meadows:
Charlotte Weiss
From: Ed Meadows [Ed@contoso.com]
Sent: 1 May 2010 17:00
To: Charlotte@contoso.com

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-33
Subject: New Server Installation
Charlotte,
Please use the following information to install and configure the new server:
Language: English
Time and currency format: English (United States)
Keyboard or input method: US
Product: Windows Server 2008 R2 Enterprise (Server Core Installation)
Administrator password: Pa$$w0rd
Installation options
Server name: NYC-SVR-CORE
Domain name: Contoso.com
IP address: 10.10.10.30/16
Gateway: 10.10.10.1
DNS Server: 10.10.10.10
Post-installation configuration options:
Remote Desktop enabled for any version of Remote Desktop
Allow MMC Remote Management
Enable Windows PowerShell
Allow Server Manager Remote Management
Remote administration options:
DNS
DHCP
Roles and features
Regards,
Ed
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-34 Deploying Windows Server 2008
Exercise 1: Installing Windows Server 2008 R2
Scenario
You have received an e-mail from your boss, Ed Meadows, with instructions on how to install a new
Windows Server 2008 R2 server in Contoso. Read the documentation and then install and configure the
new server as per the instructions in the e-mail.
The main tasks for this exercise are as follows:
1. Read server installation instructions.
2. Mount the Windows Server product DVD.
3. Install Windows Server 2008 R2 as per instructions in the e-mail.
4. Set the administrator password.
Task 1: Read server installation instructions
View the contents of the e-mail message in the lab scenario to determine the required information
for the planned installation.
Task 2: Mount the Windows Server product DVD
1. On your host computer, switch to Hyper-V Manager.
2. In the Virtual Machines list, right-click 6418C-NYC-BLANK and then click Settings.
3. In the navigation pane, under IDE Controller 1, click DVD Drive.
4. In the results pane, under Media, click Image file and in the Image file box, type C:\Program
Files\Microsoft Learning\6418\Drives\
WServer2008R2_Eval.iso, and then click OK.
5. In the Virtual Machines list, right-click 6418C-NYC-BLANK and then click Snapshot.
6. In the Virtual Machines list, right-click 6418C-NYC-BLANK and then click Start.
7. In the Virtual Machines list, right-click 6418C-NYC-BLANK and then click Connect.
Task 3: Install Windows Server 2008 R2 as per instructions in
the e-mail
1. Switch to the NYC-BLANK virtual machine.
2. Install the operating system using the instructions provided in the e-mail from Ed Meadows.
Note: Setup proceeds; setup copies files, expands files, installs features and updates, and completes
installation. This phase takes around twenty minutes. Your instructor might continue with other
activities during this phase.
Task 4: Set the administrator password
Set the administrator password to Pa$$w0rd.
Note: You are logged on and the Server Core command prompt opens.

Results: After this exercise, you should have installed a new Server Core server.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-35
Exercise 2: Configuring Server Core
Scenario
You have installed the new server and must now configure it. Read the e-mail to determine the required
configuration settings for the new server.
The main tasks for this exercise are as follows:
1. Review the post-installation configuration options instructions.
2. Configure network settings.
3. Change the computer name.
4. Add the computer to the Contoso.com domain.
Note: It is assumed that you are logged onto Server Core and the command prompt is open. If you
inadvertently close the command prompt, press CTRL+ALT+END and click Start Task Manager. On
the Applications tab, click New Task. In the Create New Task dialog box, in the Open box, type
cmd.exe and press ENTER. Close Task Manager.
Task 1: Review the post-installation configuration options instructions
Refer to the Post-installation configuration options section of the e-mail from Ed Meadows for
additional guidance about configuring the server.
Task 2: Configure network settings
Using sconfig, configure the network connection with the appropriate IPv4 address, subnet mask,
default gateway, and DNS server address:
IP address: 10.10.10.30
Subnet mask: 255.255.0.0
Default gateway: 10.10.10.1
Primary DNS server: 10.10.10.10
Task 3: Change the computer name
1. Change the computer name to the required name using sconfig.
Computer name: NYC-SVR-CORE
2. Restart the server computer.
3. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Task 4: Add the computer to the Contoso.com domain
1. Add the computer to the Contoso.com domain using sconfig.
2. Use the following credentials:
User name: Contoso\Administrator
Password: Pa$$w0rd
3. Restart the server computer.
4. Log on using the following credentials:

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-36 Deploying Windows Server 2008
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
Results: After this exercise, you should have configured the post-installation settings as per the
documentation.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-37
Exercise 3: Enabling Remote Management
Scenario
Having configured the required settings, you must now enable the required remote administration
settings. Read the e-mail to determine the required remote administration settings for the new server.
The main tasks for this exercise are as follows:
1. Review the remote administration options in the e-mail.
2. Enable remote desktop.
3. Configure remote management.
4. Verify remote management.
Task 1: Review the remote administration options in the e-mail
Refer to the Remote administration options section of the e-mail from Ed Meadows for additional
guidance about configuring remote administration.
Task 2: Enable remote desktop
Use sconfig.cmd to enable remote desktop for all Remote Desktop clients.
Task 3: Configure remote management
1. Use sconfig.cmd to install Windows PowerShell.
2. Restart the server.
3. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
4. Use sconfig to enable Allow Server Manager Remote Management.
5. Use sconfig to enable Allow MMC Remote Management.
Task 4: Verify remote management functionality
1. Switch to NYC-DC1.
2. Open Server Manager and connect to NYC-SVR-CORE.
Results: After this exercise, you should have completed the installation, configuration, and remote
administration configuration of the new server.
To prepare for the next lab
Leave all virtual machines running.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-38 Deploying Windows Server 2008
Lesson 3
Configuring Windows Server 2008 Following
Installation

Windows Server 2008 and Windows Server 2008 R2 implement role-based deployment architecture. By
default, no roles are installed. It is important to understand what roles and features are available, and how
to enable those roles and features.
Objectives
After completing this lesson, you will be able to:
Describe server roles.
Describe server features.
Describe those roles and features supported by Server Core.
Add and remove server roles and features.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-39
What Are Server Roles?

Key Points
Server roles in Windows Server 2008 describe a servers primary function. For example, a server role might
be as AD DS or a Web server. You can choose to install one or many roles on a Windows Server 2008
installation. You use the Server Manager administrative tool for the installation and removal of server roles
in a Windows Server 2008 environment.
Role services are software programs that provide various functionalities of a role. When you install a role,
you can choose which role services the role provides for other users and computers in your enterprise.
Some roles, such as DNS Server, have only a single function, and therefore do not have available role
services. Other roles, such as Web Server, have several role services, such as File Transfer Protocol (FTP),
that can be installed.
You can consider a role as a grouping of closely related, complementary role services, for which, most of
the time, installing the role means installing one or more of its role services.
The following roles are available in Windows Server 2008 R2 Enterprise Edition:
Active Directory Certificate Services
Active Directory Domain Services
Active Directory Federation Services
Active Directory Lightweight Directory Services
Active Directory Rights Management Services
Application Server
DHCP Server
DNS Server
Fax Server

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-40 Deploying Windows Server 2008
File Services
Hyper-V
Network Policy and Access Services
Print and Document Services
Remote Desktop Services
Web Services (IIS)
Windows Deployment Services
Windows Server Update Services
Note: For edition specific information about server roles, please visit the Microsoft Web site:
http://www.microsoft.com/windowsserver2008/en/us/r2-compare-roles.aspx.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-41
What Are Server Features?

Key Points
A feature typically does not describe the servers primary function. Instead, it describes a servers auxiliary
or supporting function. Consequently, an administrator typically installs a feature not as the primary
function of the server, but to augment the functionality of an installed role. For example, Failover
Clustering is a feature that administrators can choose to install after installing specific roles, such as File
Services, to make the File Services role more redundant.
Certain Windows features are required for certain roles. For example, if you add the server role
Application Server, the Add Role wizard asks for your confirmation to install the Microsoft .NET
Framework version 3.5.1 and the Windows Process Activation Service because these features are required
to support that role.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-42 Deploying Windows Server 2008
Server Roles and Features Supported by Server Core

Key Points
A Server Core installation is a minimal server installation option for Windows Server 2008 R2;
consequently, it does not support all the same server roles and features supported by the full server
installation.
Server Roles
Server Core installations provide an environment for running the following server roles:
Active Directory Certificate Services
AD DS
Active Directory Lightweight Directory Services
BranchCache Hosted Cache
DHCP Server
DNS Server
File Services including File Server Resource Manager
Hyper-V
Media Services
Print Services
Streaming Media Services
Web Servers (IIS) including a subset of ASP.NET


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-43
Note: The list of roles shown here is for Windows Server 2008 R2 Enterprise Server Core. For edition
specific information about server roles, please visit the Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkId=195575.
Also note that in a full install of Windows Server 2008 R2 BranchCache is installed as a feature.
The Server Core installation option installs only the subset of the binary files that the supported server
roles require. For example, the Windows Explorer user interface (or shell) is not installed as part of a
Server Core installation. Instead, the command prompt is the default user interface for a server running a
Server Core installation.
Features
After the Server Core installation is complete and the server is configured, you can install one or more
optional features. The Server Core installation of Windows Server 2008 R2 supports the following optional
features:
Failover Clustering
Windows Network Load Balancing
Subsystem for UNIX-based applications
Windows Server Backup
Multipath I/O
BitLocker Drive Encryption
Simple Network Management Protocol (SNMP)
Windows Internet Name Service (WINS)
Windows Process Activation Service (WAS)
Telnet client
QWAVE
Subset of .NET Framework 2.0
Subset of .NET Framework 3.0 and 3.5:
Windows Communication Foundation (WCF)
Windows Workflow Foundation (WF)
LINQ
Windows PowerShell
Server Manager cmdlets
Best Practices Analyzer (BPA) cmdlets
WoW64
32-bit support for the Input Method Editor
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-44 Deploying Windows Server 2008
Managing Roles and Features

Key Points
You can install or remove roles and features with a number of management tools.
Initial Configuration Tasks
The Initial Configuration Tasks window is launched automatically at the first logon after the completion of
the operating system installation. This tool helps you complete the setup and configure a new server. It
also includes two options that enable you to manage roles and features; the Add Roles and Add Features
options in the Initial Configuration Tasks window enable you to begin adding roles and features to your
server as soon as you complete installation.
Note: If you close the Initial Configurations Tasks page, you can re-launch it by executing the
Oobe.exe command.
Server Manager
The Server Manager console uses integrated wizards to step you through the process of adding server
roles. You can use Server Manager to add several roles at once, even if they are unrelated. For example, a
server being provisioned for a branch office could have the DNS Server, DHCP Server, and Print Server
roles added at once. The Server Manager Wizard performs all the necessary dependency checks and
conflict resolution so the server is stable, reliable, and secure.
Deployment Image Servicing and Management Tool
The command-line tool Dism.exe enables you to install and manage server roles and features on both
the full and Server Core installations of Windows Server 2008 R2.
To determine the available and currently installed server roles and features, enter the following command:
Dism /online /get-features /format:table

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-45
In the results table, the State column indicates whether a role or feature is enabled or disabled.
You can use the names listed in the table to determine the case-sensitive name for the role or feature that
you want to enable. To enable that role or feature, enter the following command:
Dism /online /enable-feature /featurename:<featurename>
Where <featurename> is the case-sensitive name you previously determined. For example, to add the
BitLocker Drive Encryption feature, enter the following command:
Dism /online /enable-feature /featurename:BitLocker
To install the DHCP Server role, enter the following command:
Dism /online /enable-feature /featurename:DHCPServerCore
Note: You can also manage installed roles and features on Server Core by using the ocsetup.exe
command.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-46 Deploying Windows Server 2008
Lab C: Managing Roles and Features

Lab Setup
The virtual machines should still be running from the previous lab.
Lab Scenario
You have successfully installed and configured a new Server Core server computer. You must now deploy
the required roles to the server.
Supporting Documentation
E-Mail thread of correspondence with Ed Meadows:
Charlotte Weiss
From: Ed Meadows [Ed@contoso.com]
Sent: 1 May 2010 17:00
To: Charlotte@contoso.com
Subject: New Server Installation
Charlotte,
Please use the following information to install and configure the new server:
Language: English
Time and currency format: English (United States)
Keyboard or input method: US
Product: Windows Server 2008 R2 Enterprise (Server Core Installation)
Administrator password: Pa$$w0rd
Installation options
Post-installation configuration options:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-47
Server name: NYC-SVR-CORE
Domain name: Contoso.com
IP address: 10.10.10.30/16
Gateway: 10.10.10.1
DNS Server: 10.10.10.10
Remote Desktop enabled for any version of Remote Desktop
Allow MMC Remote Management
Enable Windows PowerShell
Allow Server Manager Remote Management
Remote administration options:
DNS
DHCP
Roles and features
Regards,
Ed
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-48 Deploying Windows Server 2008
Exercise 1: Adding the Domain Name System and Dynamic Host
Configuration Protocol Server Roles
Scenario
Following installation of the first server, you must now install the required roles and features according to
the e-mail sent to you from Ed Meadows.
The main tasks for this exercise are as follows:
1. Review the roles and features section in the e-mail.
2. Install the DNS role using DISM.
3. Install the DHCP role using Ocsetup.
Task 1: Determine the roles and features to be installed
Refer to the e-mail from Ed Meadows for additional guidance about configuring roles and features.
Task 2: Install the Domain Name System role using Deployment Image Servicing and
Management
1. Switch to the NYC-BLANK server.
2. Use dism.exe to install the DNS-Server-Core-Role component.
Task 3: Install the Dynamic Host Configuration Protocol role using Ocsetup
1. Use ocsetup.exe to install the DHCPServerCore role.
2. Authorize the server by running the following command:
netsh dhcp add server nyc-svr-core.contoso.com 10.10.10.30
Results: After this exercise, you should have deployed the DNS and DHCP server roles to the Server
Core computer.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-49
Exercise 2: Managing Server Core
Scenario
The main tasks for this exercise are as follows:
1. Verify the installed roles are running.
2. Start DHCP Server.
Task 1: Verify the installed roles are running
1. Switch to the NYC-DC1 domain controller.
It is assumed that Server Manager is running and connected remotely to NYC-SVR-CORE. If this is not
the case, repeat the following steps:
1. Click Start, point to Administrative Tools, and then click Server Manager. In Server Manager, in the
navigation pane, right-click Server Manager (NYC-DC1) and then click Connect to Another
Computer.
2. In the Connect to Another Computer dialog box, in the Another computer box, type NYC-SVR-
CORE and then click OK.
2. Use Server Manager to determine which roles are installed on NYC-SVR-CORE.
3. Which roles are installed?
Task 2: Start Dynamic Host Configuration Protocol Server
1. In the navigation pane, click DHCP Server.
2. Attempt to start the DHCP Server service. Hint: You may need to modify the Startup Type settings.
Results: After this exercise, you should have verified both roles are installed and started.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-BLANK.
5. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next modules lab, click 6418C-NYC-DC1, and then in the
Actions pane, click Connect.
Important: Start the 6418C-NYC-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
7. Wait for 6418C-NYC-DC1 to start, and then start 6418C-NYC-SVR2. Connect to the virtual machine.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-50 Deploying Windows Server 2008
Lesson 4
Automating Server Activation Using Microsoft
Volume Activation

Once you have installed and configured your Windows Server, you must activate it. This lesson explores
the various activation methods available and examines volume activation.
Objectives
After completing this lesson, you will be able to:
Describe licensing and activation.
Explain Key Management Service (KMS).
Describe Multiple Activation Key (MAK).
Plan volume activation.
Describe a MAK independent activation and KMS activation example.
Describe a MAK Proxy activation example.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-51
Microsoft Volume Activation

Key Points
There are three main ways that you can obtain licenses for Windows Server 2008 and Windows Server
2008 R2:
Retail. These licenses are purchased from an online or physical retailer. This type of licensing is
typically used by small organizations that are purchasing a limited number of licenses.
OEM. These licenses are purchased with new hardware. The cost of these licenses is typically less than
retail, but the licenses cannot be moved from one computer to another.
Volume license. Microsoft has a variety of volume license programs for purchasing multiple copies of
Microsoft software. The cost of these licenses is typically less than retail but more than OEM licensing.
Some volume licensing options are subscription based rather than purchased outright. Software
Assurance is also available. For larger organizations, one key benefit of volume licensing is simplifying
the licensing process.
Volume Activation Overview
Volume Activation is a collection of tools and technologies that help to automate the process of activating
computers deployed with volume media. Organizations can implement two methods to enable Volume
Activation depending upon their specific needs; these are KMS and MAK.
KMS. With KMS, licensed computers periodically reconnect to a local KMS host to refresh their
activation. The local KMS host, or hosts, connects to a Microsoft server once in order to activate
themselves. KMS can support a volume licensing agreement of any size.
MAK. Organizations implement MAK to support one-time activation with activation services that
Microsoft provides. The number of licenses that an organization has determines the number of
permissible activations. Organizations can use MAK to activate computers individually, online or by
telephone; alternatively, they can activate multiple computers collectively with the Volume Activation
Management Tool (VAMT); this tool is integrated into the Windows AIK.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-52 Deploying Windows Server 2008
Non-activated Computers
If computers are not activated after installation, the computers continue to operate normally for a grace
period; this period is currently 30 days. During this initial grace period, the user is reminded once per day
that their computer must be activated. When there are only three days remaining of this initial period, the
operating system reminds the user of the impending requirement to activate once every four hours. If the
computer has still not been activated by the last day of the grace period, the operating system reminds
the user each hour on the hour.
Once the grace period has expired, both Windows 7 and Windows Server 2008 R2 continue reminding the
user that activation is required. These reminders take a number of different forms:
Reminder during logon.
Notifications at the bottom of the screen.
When users open certain Windows applications.
A black desktop background containing a persistent reminder.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-53
Key Management Service

Key Points
With KMS, you can complete computer activations on your local network; this negates the need for
computers to connect to Microsoft for product activation. By default, volume editions of Windows 7 and
Windows Server 2008 R2 automatically connect to a KMS service to request activation.
Activation Process
An organization must have at least five server computers and 25 client computers running Windows 7 to
meet activation thresholds of KMS. KMS hosts only activate computers once these thresholds are met.
Note: Both physical and virtual computers count towards these thresholds.
The KMS host counts activation requests, and replies to each valid request with the value of the current
count (the n-count). If the n-count meets the activation policy requirements for a Windows volume client,
that client will activate.
The n-count is cumulative between all Windows 7 and Windows Server 2008 R2 computers that are
requesting activation or renewing their activation with the KMS host. Consequently, if there are five clients
in the n-count thus farone Windows Server 2008 R2 and four Windows 7-based clientsthe Windows
Server 2008 R2 computer activates, but not the Windows 7 computers. For the Windows 7-based clients
to activate there must be at least 25 computers in the n-count, in any combination of Windows Server
2008 R2 and Windows 7-based computers.
Note: The KMS host does not contribute to the n-count.
Once a computer is activated, the activation is valid for 180 days; this is known as the activation validity
interval. Computers must renew their activation once every 180 days. By default, computers attempt this

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-54 Deploying Windows Server 2008
renewal every seven days. If successful, the activation validity interval begins again. If unsuccessful, the
client retries every two hours.
Publication of the KMS Service
Typically, and by default, KMS hosts use DNS to publish KMS service information; KMS clients also use
DNS to locate the KMS service. If you implement dynamic DNS, then this process is automatic and
requires no intervention. The registered records will be similar to these:
_vlmcs._tcp. 600 IN SRV 0 100 1688 kms1.contoso.com.
_vlmcs._tcp. 600 IN SRV 0 100 1688 kms2.contoso.com.
Alternatively, you can assign a static configuration if your network configuration requires this.
Note: You must ensure that any firewalls, including Windows Firewall, that exist between the
computers that wish to activate and the KMS hosts are configured to allow TCP port 1688.
Planning KMS
When planning to deploy the KMS service, consider the following information:
You do not need to dedicate a server to host the KMS service; you can easily co-host KMS with other
services such as AD DS.
You can deploy the KMS service to both physical and virtual computers running Windows Server 2003
or later.
A KMS host running Windows Server 2008 R2 can activate any Windows operating system that
supports Volume Activation.
A KMS host that is running Windows 7 can activate only computers running Windows 7 and Windows
Vista clients.
A single KMS host can support unlimited numbers of KMS clients.
To provide for fault tolerance, you should consider deploying two KMS hosts.
Note: KMS is the default key for Volume Activation clients. Using MAK activation requires installing a
MAK key.
Implementing KMS
Configure the KMS host
To implement KMS, you must install a KMS key on the server computer that you wish to use as a KMS
host. You can obtain the KMS key from Microsoft. Once you have obtained your KMS key, use the
following procedure to enable and configure KMS.
1. On your Windows Server 2008 R2 server, open a command prompt and enter the following
command, substituting your key for <kms_key>:
cscript slmgr.vbs -ipk <kms_key>
2. Next, activate the server online by entering the following command:
Cscript slmgr.vbs /ato
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-55
Configure the KMS Clients
Clients should require no configuration in order to discover the KMS server. However, if your client
computers are manually assigned to a KMS host, you can reconfigure them to use auto-discovery.
1. To configure the client to use DNS to locate the KMS host, open an elevated command prompt, and
then enter the following command:
slmgr.vbs /ckms
2. To force manual activation of the client via KMS, type the following command:
slmgr.vbs /ato
Verify Functionality
Finally, to verify that volume licensing is working, use the following procedure.
1. Verify that the implementation is successful by determining that appropriate records now exist in
your DNS zone. Enter the following command:
nslookup -type=srv _vlmcs._tcp.<domain suffix>
You should receive a message that indicates the name of your KMS host.
2. To determine the current number of clients registered with the KMS host, enter the following
command, where <kms_srv> is the name of the KMS host:
Cscript slmgr.vbs <kms_srv> /dlv | find /I Current count
The command returns the number of clients registered.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-56 Deploying Windows Server 2008
Multiple Activation Keys

Key Points
Each product key can activate a specific number of computers. MAK activation is a one-time event; there
is no requirement to periodically renew activation unless there are significant hardware changes.
Under MAK management, MAK is used to activate each system. Activation can be performed over the
Internet or by telephone. As each system is activated, the assigned allocation is decremented. You can
check the number of remaining activations on the Microsoft Licensing Web sites or by using the VAMT.
You can request additional activations by contacting the Microsoft Activation Call Center.
Organizations use MAK for one-off activation via hosted activation services provided by Microsoft. You
can activate computers with MAK in one of two ways:
Independent activation. This requires that each computer connects independently and is activated
with Microsoft either via Internet or by telephone.
MAK Proxy activation. A computer acting as a MAK proxy gathers activation information from
multiple computers on the network, and then sends a centralized activation request on their behalf.
Note: MAK Proxy activation is configured using the VAMT which is part of Windows AIK.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-57
Planning Volume Activation

Key Points
There are several planning steps to devising an overall activation plan. These include:
Assess current infrastructure capabilities, connectivity, network policies, business requirements, and
organization policies.
Map computers to activation options.
Plan monitoring and reporting.
Assess Current Infrastructure Capabilities
For each target environment where you deploy Windows Server 2008 R2, determine the current
infrastructure capabilities. Some common questions to answer are:
Infrastructure Questions Considerations
How many computers will be
deployed in the target network?
Windows 7-based KMS clients require 25 or more computers be
consistently connected to the organizations KMS host.
Windows Server 2008 R2 KMS clients require that five or more KMS
clients be regularly connected to the KMS host.
Does the network support TCP/IP
connectivity?
KMS activation requires TCP/IP connectivity (port TCP/1688
default). A KMS activation request and response takes
approximately 550 bytes. Consider the impact of periodic
activation for slow and/or high-latency links.
Does the current DNS service
support Service (SRV) records and
DDNS?
Dynamic DNS and SRV record support are required for the default
auto-publishing and auto-discovery functionality used by KMS.
Microsoft Windows 2000 Server or later DNS and BIND 8.x or
newer fully support these features.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-58 Deploying Windows Server 2008
Connectivity Considerations
Connectivity to the network, Internet access, and number of computers that regularly connect to the
network are some of the important characteristics to identify. Some organizations may have a
combination of environments where some systems are connected to the corporate network while others
are not. In such cases, more than one activation option is indicated.
The following table defines common types of connectivity.
Connectivity type Characteristics
Connected Computers that are typically connected to the network.
Remote with periodic connectivity Computers that are located in the field and have regular on-
demand network connectivity, usually through virtual private
network (VPN) or by visiting a branch office.
Remote with limited connectivity Computers that are located in the field and have no direct access
to the network, but may have web-based access to their
organizations resources.
Disconnected Computers that may never connect to the network or that may
connect very infrequently (that is, less than twice a year).
The following table lists some general target environment considerations for selecting a product
activation option.
Policy Impact on activation
High security network (no external
data transfer allowed)
Data of any kind may not be transferred across network boundary.
Restricted Internet access Locations from which access to the Internet is restricted. KMS or
MAK Activation can be used.
Periodic connectivity

Computers are required to connect to the organizations network
periodically so that administrators can proactively manage them
for updates. KMS-activated systems must reconnect at least every
180 days.
KMS Host Sizing
KMS host processing capacity should not be a limiting factor for virtually any size organization. A single
KMS host is capable of supporting hundreds of thousands of KMS clients, and KMS requests are only a few
hundred bytes each. To minimize cost, you might prefer to co-host KMS along with other functions. KMS
has a small resource footprint during standard operation, although it is processor intensive.
Map Computers to Activation Solutions
The second step to selecting appropriate activation options is to map computers to activation solutions.
The goal is to ensure that all computers are associated with an activation option.
The table below is an example of how to map your computers to activation solutions. To use a table like
this, determine the following:
Total number of computers that needs to be activated using a Volume Activation method.
Number of computers that will not connect at least once every 180 days.
Number of computers in environments where there are less than five servers and 25 client computers.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-59
Number of computers that will regularly connect to the network.
Number of computers in disconnected environments where there are more than five servers and 25
client computers, and there is no Internet connectivity.
Number of computers in disconnected environments where there are less than five servers and 25
client computers, and there is no Internet connectivity.
Criteria Type of activation Number of computers
Total number of computers to be
activated
N/A 10,000
Number of computers that will not
connect at least once every 180 days
MAK 300
Number of computers in environments
where there are less than five servers
and 25 client computers
MAK 100
Number of computers that will regularly
connect to the network
KMS 9,500
Number of computers in disconnected
environments where there are more
than five servers and 25 client
computers, and no Internet connectivity
KMS 25
Number of computers in disconnected
environments where there are less than
five servers and 25 client computers,
and there is no Internet connectivity
MAK 75
Remaining computer count should
be zero
0
Plan Monitoring and Reporting
It is critical to establish monitoring and reporting for KMS and MAK. In particular for MAKs, be sure to
include monitoring the number of MAK activations used. Administrative tools include VAMT and KMS
Management Pack for System Center Operations Manager.
Note: On the KMS host, you can use the special KMS event log to help you identify activation
problems.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-60 Deploying Windows Server 2008
MAK Independent Activation and KMS Activation Example

Key Points
Many enterprises have networks that are separated into multiple security zones. Fortunately, there are
several options when deploying Windows in a heterogeneous environment. The following example
describes a potential network configuration using MAK-independent activation and KMS activation. Note
that this example is intended for illustration purposes only to show common scenarios.
In this example, the enterprise has computers in the following different scenarios:
Core network. The core network has redundant KMS hosts. All computers in the main corporate
network query DNS for the KMS SRV record and activate themselves after contacting the KMS service
running on one of these computers. The KMS hosts were activated directly through the Internet.
Secure zone. Many enterprises have secure zones that are carved out of the corporate network by
installing a firewall to block all traffic between the secure zone and the rest of the network. To allow
these computers to activate using the corporate KMS, the network administrator has to allow TCP
port 1688 outbound from the secure zone and allow the reply back in.
Isolated lab. In the isolated lab scenario, corporate security policy does not allow any traffic between
computers in the isolated lab and the rest of the corporate network. This could be through a firewall
that blocks all but a very limited number of ports or where there is no network connectivity at all.
Because the lab has more than 25 computers, users can deploy KMS to activate Windows 7 in the lab.
The KMS host itself is activated by telephoning Microsoft and getting the confirmation ID.
Disconnected computers. Windows 7-based computers that are not on the corporate network, or are
in a lab that has less than 25 computers, must activate using MAK. Likewise, Windows Server 2008 R2
computers in groups of less than five KMS clients must also use MAK. The computer needs
connectivity to the Internet only onceto activateand will not need to be reactivated unless there
is a major change in the hardware. If a computer is in a lab and has no network connectivity at all, it
can be activated by telephone the same way the KMS host is activated in the isolated lab scenario; or,
the computers can be activated using MAK Proxy Activation using VAMT.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-61
MAK Proxy Activation Example

Key Points
This scenario describes an enterprise using the VAMT to perform all activations for Windows volume
editions. The following is an example of potential network configurations in an organization, utilizing
MAK and VAMT.
The figure above shows computers in the following scenarios:
Core network. In the core network scenario, VAMT is installed on a computer that can access the
Internet. You can perform an Add Machine function against the AD DS domain or workgroups to
find computers on the network. You can also add computers explicitly by IP address or by name. After
discovering available computers and their licensing status, you can activate selected volume clients
using MAK Independent Activation or MAK Proxy Activation.
Note: MAK independent activation installs MAK on a client computer and instructs the target
computer to activate against Microsoft servers over the Internet. In MAK proxy activation, VAMT
installs MAK on a client computer, obtains the installation ID from the target computer, sends the
installation ID to the Microsoft Web site on behalf of the client and obtains a confirmation ID. The
tool then activates the client by installing the confirmation ID.
Secure zone. In this scenario, the tool can activate computers using MAK proxy activation. This
assumes that the clients in the secure zone do not have Internet access. The following two issues need
to be addressed:
The computers must be discoverable through AD DS, by name or IP address, or by membership
in a workgroup.
The tool has to make a call to the WMI services on the target computer to get status, and to
install MAKs and confirmation IDs. This requires that you configure the firewall to allow remote
WMI from the VAMT host. Additionally, you must provide VAMT with credentials that have
membership of the local administrator group of the target computer.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-62 Deploying Windows Server 2008
Isolated lab. In the isolated lab scenario, VAMT is hosted inside the isolated lab. VAMT performs
discovery, obtains status, installs MAK, and obtains the installation ID of all computers in the lab.
VAMT then exports the list of computers to a file on removable media. You must import the XML file
onto a computer running VAMT in the core network. After you have done this, the tool sends the
installation IDs to Microsoft and obtains the corresponding confirmation IDs, which you can then
export to a file on removable media and take back to the isolated lab. When you import this data into
the tool, you can activate the isolated lab computers by installing the confirmation IDs on the
corresponding computers.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-63
Lab D: Configuring Windows Server 2008 Licensing

Lab Setup
For this lab, you do not require any virtual machines.
Lab Scenario
Before you begin the deployment of Windows Server 2008 R2 beyond the initial single server deployment,
you must consider volume activation issues.
You are tasked with considering how best to provide for computer activation within various areas of the
Contoso organization, including two branch offices and the New York head office.
Note: Your instructor may choose to perform this lab as a group discussion rather than an individual
activity.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-64 Deploying Windows Server 2008
Supporting Documentation
Branch office 1











Branch Office 2











New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-65
Head Office
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-66 Deploying Windows Server 2008
Exercise 1: Planning Volume Activation
Scenario
Study the supporting documentation and then consider the following additional information.
Branch Office 1
This branch will contain twenty computers running Windows 7 and Windows Server 2008 R2. There is a
connection to the Internet.
Branch Office 2
This branch contains 45 computers which will be running Windows 7 and Windows Server 2008 R2; there
will be six servers. There is currently no Internet connectivity as this branch deals with highly sensitive
corporate data.
Head Office
The head offices in New York have around 2,000 computers which will be running Windows 7 and
Windows Server 2008 R2. There is Internet connectivity from all parts of the corporate network except for
the five computers in the isolated network.
Isolated Network
The five computers in the isolated network will run Windows 7. There is no permanent connection to the
Internet.
The main tasks for this exercise are as follows:
1. Review the supporting documentation.
2. Answer the questions and complete the Contoso Volume Activation Plan document.
Task 1: Review the supporting documentation
Read the Contoso documentation.
Task 2: Answer the questions and complete the Contoso Volume Activation Plan
document
Complete the Contoso Volume Activation Plan document.
Contoso Volume Activation Plan
Document Reference Number: CW120510/1
Document Author
Date
Charlotte Weiss
12th May
Requirements Overview
Provide recommendations about how to handle volume activation for various locations within the
Contoso network.
Additional Information
Proposals
1. How do you propose to handle activations in Branch Office 1?
2. How do you propose to handle activations in Branch Office 2?
3. How do you propose to handle activations in the head office?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Installing and Configuring Windows Server 2008 1-67
Contoso Volume Activation Plan
4. Are there any special considerations for the isolated network?
Results: After this exercise, you should have completed the Contoso Volume Activation Plan
document.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
1-68 Deploying Windows Server 2008
Module Review and Takeaways

Review Questions
1. What mandatory prerequisites are there in order to support the Hyper-V role?
2. From which version of Windows Server can you upgrade to Windows Server 2008 R2 Enterprise Server
Core?
3. What new program is provided to enable simpler post-installation configuration of Server Core?
4. Which command can be used on all editions of Windows Server 2008 R2, both Server Core and Full,
to install additional Server roles from the command-line?
5. Which volume activation method is best suited to network environments that have in excess of 30
computers?


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-1
Module 2
Implementing Deployment Technologies
Contents:
Lesson 1: Selecting a Suitable Deployment Strategy 2-3
Lesson 2: Using the Windows Automated Installation Kit 2-16
Lesson 3: Working with Images 2-32
Lesson 4: Working with Unattended Answer Files 2-41
Lab: Deploying Windows Server 2008 with an Answer File 2-49

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-2 Deploying Windows Server 2008
Module Overview

Different organizations have different Windows Server installation and deployment needs. Often, the
choice made about which deployment technology to use depends on the number of servers to be
deployed. This module describes the key deployment scenarios and provides guidance about suitable
Microsoft deployment technologies to facilitate them. The module then describes how to use the
Windows Automated Installation Kit (Windows AIK) to assist with some of these deployment scenarios;
the different types of images used in some of these scenarios; and how to perform unattended
installations of Windows Server.
Objectives
After completing this module, you will be able to:
Select a suitable deployment strategy.
Describe the Windows AIK.
Describe the different types of images.
Perform an unattended Windows Server 2008 R2 operating system installation.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-3
Lesson 1
Selecting a Suitable Deployment Strategy

Smaller organizations might decide to perform hands-on installations or deployments using retail media.
At the other extreme, large organizations might opt to use zero-touch, high-volume deployments. This
lesson explores these scenarios and others in between and identifies the technologies and components
needed to support each scenario.
Objectives
After completing this lesson, you will be able to:
Describe the various deployment technologies.
Describe high-touch, retail media deployments.
Describe high-touch, standard image deployments.
Describe lite-touch, high-volume deployments.
Describe zero-touch, high-volume deployments.
Select a deployment strategy.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-4 Deploying Windows Server 2008
Deployment Technologies

Key Points
Different organizations of differing sizes have different operating system deployment requirements. The
choice about which strategy you choose to implement is based on the following factors:
Familiarity with operating system image management of information technology (IT) staff.
Number of servers that must be deployed.
Variation in server configurations.
Use of retail or volume-licensed media.
Network configuration, both in terms of the distribution of servers to be deployed and in terms of the
services currently installed to support the deployment process.
Deployment Strategies
There are four different strategies that you can implement to deploy Windows Server. These are:
High-touch, retail media deployments
High-touch, standard image deployments
Lite-touch, high-volume deployments
Zero-touch, high-volume deployments
Deployment Technologies
The following technologies can be used to implement each of these deployment strategies:
Windows AIK
Microsoft Deployment Toolkit 2010 (MDT 2010)
Microsoft Application Compatibility Toolkit (ACT)
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-5
Windows Deployment Services
Microsoft System Center Configuration Manager 2007 R2
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-6 Deploying Windows Server 2008
High-Touch Retail Media Deployments

Key Points
If your organization does not intend to deploy many servers, or lacks IT staff with the necessary
deployment skills, you might consider using local media-based deployments. This deployment method
requires that you perform an interactive installation using local media; for example, using a Windows
Server 2008 R2 product DVD.
Performing these high-touch deployments can be time consuming; consequently, it is worth considering
some degree of automation.
Overview
In conjunction with the product DVD, you can automate this deployment method by using an answer file.
You can create the answer file with the Windows AIK. The Windows Setup program supports automation
in the following areas:
Hard disk partitioning
Device driver installation
Application installation
Applying updates
Configuring settings
Adding roles and features
Setup user interface suppression
Requirements
In order to automate retail deployments, you must have the following:
Windows Server 2008 R2 retail media.
Windows System Image Manager (Windows SIM).

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-7
Removable storage device such as a Universal Serial Bus (USB) memory stick.
Note: You will use the memory stick to store the answer file.
Limitations
This deployment strategy does not scale well. If you have a large number of servers to deploy, consider
using one of the alternative methods described in the next few topics.
In addition, this deployment method does not support multiple Windows Server versions. Each Windows
Server version potentially exposes different settings and features. A single unattended answer file cannot
account for these potential differences; consequently, you must create a different unattended answer file
for each version.
The Deployment Process
Use the following procedure to perform an automated high-touch, retail media deployment.
1. Use Windows SIM to create an answer file.
2. Copy the answer file to removable media; for example, copy the answer file as Autounattend.xml to
your USB memory stick.
3. Insert the memory stick in the target server computer along with the retail media DVD.
4. Power on the server computer; setup starts automatically and scans attached drives for the
AutoUnattend.xml answer file.
5. After installation, configure any remaining settings.
Question: What do you see as the key limitations in this deployment method?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-8 Deploying Windows Server 2008
High-Touch Standard Image Deployments

Key Points
Given the limitations of an automated high-touch, retail media deployment strategy, it is worth
considering using alternatives where higher volume server deployments are envisaged. One possible
alternative solution for smaller enterprises is the high-touch, standard image deployment strategy.
Overview
The strategy is similar to the automated high-touch, retail media deployment strategy; however, rather
than using retail media that is, a product DVD the strategy relies on a standard server image. This
provides for faster deployment and scales better than the automated high-touch, retail media
deployment strategy.
Using the high-touch, standard image deployment strategy, you can create a standard image that
contains:
Server settings
Device drivers
Applications
Using standard images provides the following benefits:
Reduced support issues as images are standardized
Faster deployment
Reduced deployment validation and post-installation testing
Reduced maintenance effort; images can be easily updated without the need to install, configure, and
recapture the updated image
Requirements
The high-touch, standard image deployment strategy has the following requirements:

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-9
Windows Server 2008 R2 retail or Volume Licensed media
Windows AIK
Removable storage device
Reference computer on which to create and configure the source image
Limitations
The high-touch, standard image deployment strategy does not scale well as you need a USB storage
device to perform deployments. It also requires someone to initiate the deployment on the target server
computer.
Upgrades are not supported. This might be a factor in your organization. When you apply the image, any
existing operating system is wiped clean. If you must retain existing server settings, consider performing a
high-touch, retail media deployment.
It is also worth considering that the strategy works best for organizations that have a single server
configuration; if you need multiple configurations, consider using a lite-touch, high-volume deployment
strategy.
The Deployment Process
Use the following procedure to perform an automated high-touch, retail media deployment.
1. Install Windows Server on the reference computer. You may choose to use an answer file to perform
this task; this has the advantage of being reproducible and consistent.
2. Install any updates, device drivers, and applications on the reference computer.
3. Generalize the computer with sysprep.exe; this removes the unique and identifying characteristics of
the reference computer.
4. Capture the generalized image; start the reference computer using Windows Pre-installation
Environment (Windows PE) and then use imageX.exe to capture the image.
Note: You must capture the generalized image to removable media or to a network share.
5. Either:
a. Use Windows SIM to create an answer file; copy the answer file to removable media; for example,
copy the answer file as AutoUnattend.xml to your USB memory stick. The answer file points to
the image file you previously created so that it is located during setup.
Or:
b. Create new installation media and replace the existing Install.wim image file with your own
customized image file.
6. Either:
a. Run setup on the target server computers and specify the answer file you created previously.
Or:
b. Start setup using the custom installation media.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-10 Deploying Windows Server 2008
Note: If you run setup from the custom installation media (option b), you must typically perform
additional tasks during setup than is required with an answer file-based setup (option a). For example,
you must configure the disk partitioning during the initial setup phase.
7. After installation, configure any remaining settings. For example, activate retail versions of software
online with Microsoft.
Question: How does this deployment method address your comments regarding the high-touch retail
media deployment method?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-11
Lite-Touch High-Volume Deployments

Key Points
Medium-sized organizations may consider using a high-volume deployment strategy; these high-volume
deployment strategies rely on a number of Windows deployment technologies, including Windows AIK,
MDT 2010, answer files, and scripts.
Note: The next module discusses MDT 2010.
You can use MDT 2010 to support lite-touch or zero-touch deployments, depending on your specific
requirements.
Overview
Using MDT 2010 to support lite-touch, high-volume deployments provides the following benefits:
Reduced support issues as images are consistent.
Easier deployment; MDT 2010 deals with device drivers, updates, and applications.
Reduced maintenance effort; tasks such as updating drivers, applications, and the core operating
system are simplified.
Requirements
The lite-touch, high-volume deployment strategy has the following requirements:
Microsoft Assessment and Planning (MAP) toolkit
Windows Server 2008 R2 Volume Licensed media
MDT 2010
ACT

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-12 Deploying Windows Server 2008
Windows AIK
Distribution share
Either:
Customized media to start installation
Or:
Windows Deployment Services role
Limitations
For medium-sized enterprises, the lite-touch, high-volume deployment strategy suffers from significant
limitations. As your organization grows, you can easily configure MDT 2010 to support zero-touch
deployments to reduce the initial, limited user interaction of the lite-touch, high-volume deployment
strategy.
The Deployment Process
Use the following procedure to perform a lite-touch, high-volume deployment.
1. Use MAP to determine your organizations readiness to implement Windows Server 2008 R2.
2. Use ACT to determine likely application compatibility issues and attempt mitigation of any issues
discovered.
3. Install the Windows Deployment Services role.
4. Install MDT 2010.
5. Create a distribution share that contains the following:
a. Device drivers
b. Applications
c. Operating Systems
d. Updates
6. In MDT 2010, create and update deployment point.
7. Use MDT 2010 to create a bootable image (Windows PE) and add this to Windows Deployment
Services.
Note: You can also store this image on removable media if you dont use Windows Deployment
Services.
8. Start each target server computer to launch the installation process.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-13
Zero-Touch High-Volume Deployments

Key Points
For large organizations, deployments that require even a little user intervention is undesirable. A zero-
touch, high-volume deployment strategy is suitable for organizations with a large number of servers to
deploy who have IT staff with appropriate skills in deployment, networking, and use of Microsoft System
Center Configuration Manager 2007.
Overview
You can use MDT 2010 for both lite-touch and zero-touch deployments; however, in order to use the
zero-touch strategy, your network must meet the infrastructure requirements, including Active Directory
Domain Services (AD DS) and Configuration Manager 2007 R2.
Benefits of the zero-touch strategy are:
Streamlined deployments; installation is fully automated.
Lower support costs; configurations are consistent.
Simplified maintenance; Configuration Manager 2007 R2 maintains device drivers, applications, and
updates.
Requirements
The zero-touch, high-volume deployment strategy has the following requirements:
MAP toolkit
Windows Server 2008 R2 Volume Licensed media
MDT 2010
ACT
Windows AIK
Configuration Manager 2007 R2

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-14 Deploying Windows Server 2008
Limitations
Because of the relative complexity of the zero-touch strategy, the significant limiting factors are the skills
of the responsible IT staff. MDT 2010 is relatively straightforward, but Configuration Manager requires
more specialized skills.
The Deployment Process
Use the following high-level steps to perform a zero-touch, high-volume deployment.
1. Use MAP to determine your organizations readiness to implement Windows Server 2008 R2.
2. Use ACT to determine likely application compatibility issues and attempt mitigation of any issues
discovered.
3. Deploy and configure both MDT 2010 and Configuration Manager 2007 R2.
4. Optionally, create a custom master image with Configuration Manager 2007 R2.
5. Configure Configuration Manager 2007 R2 to deploy Windows Server.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-15
Discussion: Selecting a Deployment Strategy

Key Points
There are four different strategies that you can implement to deploy Windows Server. These are:
High-touch, retail media deployments
High-touch, standard image deployments
Lite-touch, high-volume deployments
Zero-touch, high-volume deployments
Consider the following questions, and then discuss your answers with the class.
Question: A. Datum Corporation IT staff is planning to deploy Windows Server 2008 R2 to various branch
offices. The IT department at A Datum has some experience with imaging and deployment. The
configuration of the various branch office servers is expected to be fairly consistent. There is no
requirement to upgrade settings from existing servers as there are new branch offices with no current IT
infrastructure in place. Which deployment method(s) would you recommend?
Question: Fabrikam, Inc. has a requirement to deploy several dozen new servers in their head offices.
These servers will be installed with Windows Server 2008 R2. There is some variation in the respective
servers configuration, but this is minor. Although IT staff is familiar with deployment and imaging
technologies, the current network infrastructure does not support Windows Deployment Services. How
would you advise staff at Fabrikam to proceed with the deployment?
Question: In your organization, how do you propose to deploy Windows Server 2008 R2?

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-16 Deploying Windows Server 2008
Lesson 2
Using the Windows Automated Installation Kit

Windows AIK provides a complete set of tools to help you to automate the deployment of the Windows 7
operating system and Windows Server 2008 R2. This lesson describes Windows AIK functionality, the
functionality of the tools that are part of Windows AIK, and the prerequisites for installing Windows AIK.
Objectives
After completing this lesson, you will be able to:
Describe Windows AIK.
Describe Sysprep.
Describe Windows PE.
Describe ImageX.
Describe Deployment Image Servicing and Management (DISM).
Describe Windows SIM.
Use Windows AIK to deploy Windows Server.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-17
Windows AIK

Key Points
Windows AIK provides a set of tools designed to help you deploy Windows Server 2008 R2 and Windows
7 onto new computer hardware.
Windows AIK Functional Overview
You can use Windows AIK to perform the following deployment-related tasks:
Create and configure answer files
Manage Volume Activation of Windows computers
Create and configure Windows PE images
Create and manage a distribution share
Note: A distribution share is a set of folders that contains files used to customize Windows
installations; an answer file points to file in the distribution share. For example, you can deploy drivers
to a distribution share that are accessed by setup.
Manage configuration sets
Note: Configuration sets are a subset of a distribution share; one which can be stored on removable
media.
Manage third-party drivers for distribution
Windows AIK Tools
Windows AIK consists of the following tools:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-18 Deploying Windows Server 2008
Windows SIM. You can use this tool to create unattended answer files for use with standard or custom
images during deployment.
Volume Activation Management Tool (VAMT). Enables you to centrally manage volume activations
that use Multiple Activation Key (MAK).
User State Migration Tool (USMT) 4.0. Use this tool to migrate user settings and files in large-scale
deployments.
Windows PE tools. Windows PE is the functionally-reduced version of Windows used to perform
installation and maintenance tasks during image deployment. This collection of tools enables you to
create, configure, and customize a Windows PE image to suit the needs of your organization.
ImageX.exe. A command-line tool that you can use to perform offline servicing of Windows Imaging
(WIM) files.
DISM. Dism.exe enables you to perform both offline and online servicing of images.
BCDboot.exe. This tool enables you to troubleshoot and fix the boot environment of a target
computer; typically run from Windows PE.
Sysprep.exe. This tool enables you to generalize a computer before you capture an image of the
computer.
Prerequisites of Windows AIK 2.0
Windows is supported on the following platforms:
The Windows Server 2003 SP2 operating system
The Windows Vista SP1 operating system
Windows 7
The Windows Server 2008 operating system
Windows Server 2008 R2
Note: If you install Windows AIK on Windows Server 2003 SP2, ensure that you have previously
installed Microsoft .NET Framework 2.0 and Microsoft Core XML Services (MSXML) 6.0.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-19
Sysprep

Key Points
The System Preparation (Sysprep) tool is a technology used in conjunction with other deployment tools to
install Windows Server 2008 R2 onto new hardware. The Sysprep tool performs the following functions:
Prepares a computer for disk imaging by configuring the computer to create a new computer security
identifier (SID) when the computer is restarted.
Cleans up user-specific and computer-specific settings and data that must not be copied to a
destination computer.
When running Sysprep, consider the following:
Use Sysprep only to configure new installations of Windows.
Run Sysprep as many times as required to build and to configure the Windows installation; however,
Windows activation can be reset no more than three times.
Do not use Sysprep to reconfigure an existing installation of Windows which is already deployed.
Benefits of Sysprep
Sysprep provides the following benefits:
Removes system-specific data from the Windows operating system. Sysprep can remove all system-
specific information from an installed Windows image, including the computer SID, computer name,
and user accounts. The Windows installation can then be captured and installed throughout an
organization.
Configures Windows 7 to start in audit mode. Audit mode is used to install third-party applications
and device drivers, and test system functionality. The success of the Windows installation can be
tested after installing the additional drivers and applications.
Configures Windows 7 to start to Windows Welcome. This configures a Windows installation to start
Windows Welcome, also referred to as the out-of-box experience (OOBE), the next time the system

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-20 Deploying Windows Server 2008
starts. Typically, a system is configured to start Windows Welcome immediately before delivering the
computer to a user.
Resets Windows Product Activation. Sysprep can reset Windows Product Activation up to three times.
Sysprep Command-Line Syntax
The following table and command-line text shows the syntax and some of the more common command-
line options available for Sysprep.
sysprep.exe [/oobe | /audit] [/generalize] [/reboot | /shutdown | /quit] [/quiet]
[/unattend:answerfile]
Option Description
/audit Restarts the computer in audit mode. Use audit mode to add drivers or
applications to Windows. An installation of Windows must be tested before it is
sent to an end user.
If an unattended Windows setup file is specified, the audit mode of
Windows Setup runs the auditSystem and auditUser configuration passes.
/generalize Prepares the Windows installation to be imaged. If this option is specified, all
unique system information is removed from the Windows installation. The SID
resets, any system restore points are cleared, and event logs are deleted.
The next time the computer starts, the specialized configuration pass runs. A new
SID is created, and the clock for Windows activation resets if the clock is not
already reset three times.
/oobe Restarts the computer in Windows Welcome mode. Windows Welcome enables
end users to customize their Windows operating system, create user accounts,
name the computer, and other tasks. Any settings in the oobeSystem
configuration pass in an answer file are processed immediately before
Windows Welcome starts.
/reboot Restarts the computer. Use this option to audit the computer and to verify that the
first-run experience operates correctly.
/shutdown Shuts down the computer after the Sysprep command finishes running.
/quiet Runs the Sysprep tool without displaying on-screen confirmation messages. Use
this option if you automate the Sysprep tool.
/quit Closes the Sysprep tool after running the specified commands.
/unattend:answerfile Applies settings in an answer file to Windows during unattended installation.
answerfile
Specifies the path and file name of the answer file to use.
Question: What is the purpose of running Sysprep with the /audit option?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-21
Windows PE

Key Points
Windows PE version 3.0 is the core deployment foundation for Windows Server 2008 R2. Windows PE is a
compact, special-purpose Windows operating system that prepares and initiates a computer for Windows
setup, maintenance, or imaging tasks, and recovers operating systems such as Windows Server.
With Windows PE, you can start a subset of Windows Server from a network or removable medium, which
provides network and other resources necessary to install and troubleshoot Windows Server. Windows PE
is not a general-purpose operating system, but you can use it to start a computer that has no functioning
operating system installed.
Windows PE is designed to make large-scale, customized deployments of the new Windows Server
operating system notably simpler by addressing the following tasks:
Install Windows Server. Windows PE runs every time Windows Server is installed. The graphical tools
that collect configuration information during the setup phase are running within Windows PE.
Troubleshoot. Windows PE is also useful for automatic and manual troubleshooting. For example, if
Windows Server fails to start because of a corrupted system file, Windows PE can automatically start
and launch the Windows Recovery Environment. Windows PE can also be manually started to use
built-in or custom troubleshooting and diagnostic tools.
Recovery. Original Equipment Manufacturers (OEMs) and Independent Software Vendors (ISVs) can
use Windows PE to build customized, automated solutions for recovering and rebuilding computers
running Windows Server. For example, users can start their computers from Windows PE recovery CDs
or recovery partitions to automatically reformat their hard disks and reinstall Windows Server with the
original drivers, settings, and applications.
Benefits of Windows PE 3.0
In the past, OEMs and IT professionals often used an MS-DOS-based startup floppy disk to start a
computer. However, an MS-DOS-based startup floppy disk has a number of limitations that make it
difficult to use for preinstalling Windows or recovering existing installations or data, including:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-22 Deploying Windows Server 2008
No support for the New Technology File System (NTFS).
No native networking support.
No support for 32-bit (or 64-bit) Windows device drivers, making it necessary to locate 16-bit drivers.
Limited support for custom applications and scripts.
Because Windows PE 3.0 is based on the kernel for Windows Server, it overcomes the limitations of MS-
DOS-based startup disks.
Once a computer starts in Windows PE, you can prepare it for Windows installation and then initiate
Windows Setup from a network or local source. You can also service an existing copy of Windows or
recover data.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-23
ImageX

Key Points
ImageX is a command-line tool used to create, modify, and deploy file-based Windows Server images in a
manufacturing or corporate IT environment. The images are captured in a Windows Imaging (.wim) file.
ImageX is commonly used in a Windows PE environment during image-based deployments. Start your
reference, or source computer in the Windows PE environment, and then run ImageX to capture your
Windows Server image.
The ImageX tool is used to perform the following tasks:
View WIM file contents. ImageX provides the ability to view WIM file contents and shows the
available images and those images that can be deployed from within the WIM file.
Capture images. A source computer image can be captured and then saved in a WIM file format. You
can then save the image to a distribution share from which installers can use Windows Server Setup
to install it. Alternatively, you can use various deployment techniques to push the image to the
required target computers.
Mount images for offline image editing. Use ImageX to customize an existing image, including
updating files and folders. ImageX can also be used to update and edit an offline image without
creating a new image for distribution.
Store multiple images in a single file. Use ImageX to store multiple images in a single WIM file, which
minimizes the number of required image files. This makes it much simpler to deploy multiple images
across a slower network connection, or by using removable media. You can configure an answer file
to select the appropriate Windows Server edition from an image file.
Compress the image files. ImageX supports two different compression algorithms, Fast and Maximum,
to further reduce the image size.
Implement scripts for image creation. Use scripting tools to create and edit images.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-24 Deploying Windows Server 2008
ImageX Command-Line Options
The following command-line options are available when running the ImageX command:
ImageX [/flags] [{/append | /apply | /capture | /cleanup | /commit | /delete | /dir |
/export | /info | /mount | /mountrw | /unmount | /split} [Parameters]
Command Description
flags Specifies the version of Windows that needs to be captured. This is required when
redeploying a custom Install.wim with Windows Setup.
append Adds a volume image to an existing .wim file. Creates a single instance of the file,
comparing it against the resources that already exist in the .wim file, so the same file is
not captured twice.
When running this command, ensure there is sufficient disk space for the /append
option to run. If available disk space runs out during the /append option, the appended
.wim file may become corrupted.
apply Applies a volume image to a specified drive. All hard disk partitions must be created
before users begin this process. Run this option from Windows PE.
The parent directory must be included for the /apply option. Otherwise, when the
image is applied, it will overwrite everything in that location. For example, if you are
applying the image to the C drive, the /apply option overwrites everything that exists
on the C drive with your image files.
capture Captures a volume image from a drive to a new .wim file. Captured directories include
all subfolders and data.
cleanup Deletes all the resources associated with a mounted image that is abandoned.
commit Saves changes to a mounted .wim file without unmounting the .wim file.
delete Deletes the specified volume image from a .wim file with multiple volume images. This
option must be run from Windows PE. There must always be at least one volume image
in a .wim file, so you can only delete a volume image if more than one image exists.
dir Display a list of files and folders within a volume image.
export Exports a copy of a .wim file to another .wim file. Ensure there is sufficient disk space for
the /export option to run. If available disk space runs out while the /export option
runs, the Destination.wim file may become corrupted.
info Returns information about the .wim file. Information includes total file size, the image
index number, the directory count, file count, and a description.
mount Mounts a .wim file with read or read/write permission. Once the file is mounted, all the
information contained in the directory can be viewed but not modified. The WIMMount
filter must be installed before an image can be mounted.
mountrw Mounts a .wim file with read/write permission to a specified directory. Once the file is
mounted, all the information contained in the directory can be viewed and modified.
The WIMMount filter must be installed before an image can be mounted.
unmount Unmounts a mounted image from a specified directory. If a mounted image is modified,
the /commit option must be applied to save the changes.
split Splits large .wim files into multiple read-only .wim files. This option generates the .swm
files into the specified directory, naming each file the same as the specified image_file,
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-25
Command Description
but with an appended number and the .swm file-name extension. For example, if
choosing to split a file named Data.wim, this option creates a Data.swm file, a
Data2.swm file, a Data3.swm file, and so on, defining each portion of the split .wim file.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-26 Deploying Windows Server 2008
DISM

Key Points
DISM is a new command-line tool in Windows 7 and Windows Server 2008 R2 that combines separate
Windows platform technologies into a single, cohesive tool for servicing Windows images. DISM enables
you to view components of an applied or mounted operating system image and add or remove packages,
software updates, and drivers. You can use DISM to service Windows images offline before deployment or
to prepare a Windows PE image. You can also use DISM to service the running, or online, operating
system.
You can use DISM to:
Add, remove, and enumerate packages and drivers.
Enable or disable Windows features.
Apply changes based on the offline servicing section of an unattend.xml answer file.
Configure international settings.
Upgrade a Windows image to a different edition.
Prepare a Windows PE image.
Take advantage of better logging.
Service earlier operating systems like Windows Vista with SP1 and Windows Server 2008.
Service all platforms (32-bit, 64-bit, and Itanium).
Command-Line Syntax
To service a Windows image offline, it must be applied or mounted. You can mount WIM images with the
WIM commands within DISM, or applied and recaptured using ImageX.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-27
You can also use commands to list the indexes or verify the architecture for the image you are mounting.
After you update the image, you must unmount it and either commit or discard the changes you have
made.
The base syntax for nearly all DISM commands is the same. After you have mounted your Windows image,
you can specify any DISM options, the servicing command that will update your image, and the location
of the mounted image. You can use only one servicing command per command line.
If you are servicing a running computer, you can use the /online option instead of specifying the location
of the mounted Windows Image.
The base syntax for DISM is:
DISM.exe {/image:<path_to_image> | /online} [dism_options] {servicing_command}
[<servicing_argument>]
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-28 Deploying Windows Server 2008
Windows SIM

Key Points
Windows SIM provides a simple graphical user interface that helps to organize and define your Windows
customizations. Windows SIM is the primary tool for creating a configuration set and answer file. Manually
authoring answer files can be prone to errors, which increase the likelihood of failures. Windows SIM
provides validation for answer files and context-sensitive help for each Windows unattended setting.
After creating an answer file and configuration set, you are ready to install Windows to the destination
computer.
The main tool in Windows AIK is Windows SIM. The Windows SIM interface provides five navigation
panes. These are:
Distribution Share. Use this pane to display the current distribution share; you can then add items to
the share.
Windows Image. You must open an image file before you can create and configure an answer file.
The Windows image may be a custom image or may be a standard image from the product DVD.
Answer File. Once you have added a Windows Image to Windows SIM, you can create and edit your
answer file. Settings associated with the answer file are displayed here. Select the relevant component
or package and its properties are exposed in the properties pane.
Properties. This results pane shows the currently selected components values. You can then edit these
values.
Messages. This pane displays any errors or messages that relate to syntax or settings in your answer
file. When you validate your answer file, the related messages, if any, are accessible on the Validation
tab.
Managing Distribution Shares
Using distribution shares is optional. A distribution share contains the following three folders:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-29
$OEM$. You use this folder when creating configuration sets; for example, to contain folders that
include images for branding and to add applications and related files that customize the unattended
installation.
Out-of-Box Drivers. This folder contains device drivers for drivers that you want to install during
setup.
Packages. Package types include service packs, security updates, language packs, and other packages
issued by Microsoft. You must use Windows SIM to import packages. To import a package, use the
Import Packages option on the Tools menu; then browse for the required package file.
Use the following high-level steps to create a distribution share:
1. Open Windows SIM.
2. Create a new Distribution Share.
3. Populate the sub-folders beneath this share with the required third-party drivers, out-of-box drivers,
and packages.
4. Add the sub-folders paths to the answer file.
Managing Windows Images
Windows SIM uses WIM files. A WIM file contains one or more compressed Windows images; for example,
the install.wim file on the Windows Server 2008 R2 product DVD contains Windows images for Windows
Server 2008 Standard R2 operating system, Windows Server 2008 Enterprise R2 operating system,
Windows Server 2008 Datacenter R2 operating system, and Windows Web Server 2008 R2 operating
system, all in Full and Server Core versions. Before you can manage an answer file you must associate it
with a Windows image.
A catalog file is a binary summary of settings and packages in a Windows image. The advantage of using
a catalog file is that multiple administrators can manage answer files associated with a Windows image
file; without a catalog file, only one administrator at a time can work with the image file.
When you first start the process of creating an answer file, you are prompted to specify the image file and
create a catalog; this last step can be time-consuming.
Note: The Windows Server product DVD includes catalog files for each Windows image inside the
Install.wim file.
Creating an Answer File
Use the following high-level steps to create and distribute an answer file:
1. Open Windows SIM.
2. Create a new answer file.
3. Associate the answer file with a Windows Image file.
4. Create a catalog for the image file.
5. Add the required components and packages to the answer file.
6. Configure the values in the required components and packages.
7. Validate the answer file.
8. Save the answer file to the required location; for example, a removable memory stick.
Note: The last lesson of this module examines how to configure answer file settings.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-30 Deploying Windows Server 2008
Using Windows AIK to Deploy Windows Server

Key Points
You can use Windows AIK to support all of the deployment strategies discussed in the last lesson:
High-touch, retail media deployments
High-touch, standard image deployments
Lite-touch, high-volume deployments
Zero-touch, high-volume deployments
It is therefore important to understand how to use Windows AIK to deploy Windows Server.
Setup Technician Computer
To use Windows AIK, you must designate a computer as a technician computer; in essence, this means the
computer you want to use to manage images and answer files and perform the other functions supported
by Windows AIK. The technician computer does not have to be running Windows Server 2008 R2.
Hint: Since you will need to copy answer files to removable storage devices you must ensure that the
technician computer has sufficient USB ports available. If you intend creating and distributing custom
images it is also a good idea to ensure this computer has a DVD writer installed.
Create the Answer File with Windows SIM
Once you have installed Windows AIK on the technician computer, start the process of deploying
Windows Server by creating an answer file. Open Windows SIM and follow the high-level guidance
provided earlier to create, validate, and save the answer file. You can store the answer file in a number of
locations; these locations are either explicit or implicit.
Implicit. If you save your answer file in the root folder of your removable storage device, Windows
setup automatically locates the file and uses it to perform setup. For example, if you save your answer

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-31
file as Autounattend.xml and copy it to the root of your memory stick, setup will locate the answer file
automatically without any intervention from you.
Note: You can save the file in a number of locations. You can find more information about the
process used to locate answer files at the Microsoft TechNet Website:
http://go.microsoft.com/fwlink/?LinkId=195579.
Explicit. Save your answer file in a suitable location; for instance, a shared folder. You can specify this
location during setup by launching setup with the /Unattend switch. For example, the following
command executes setup and specifies the answer file location of h:\unattend.xml:
Setup.exe /Unattend:G:\unattend.xml
Note: To be able to launch setup in this manner, it is necessary to have an operating system installed
on the target computer; the operating system could be Windows PE.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-32 Deploying Windows Server 2008
Lesson 3
Working with Images

Most deployment technologies utilize images. It is important that you understand how to create and
manage the different types of images used by various Microsoft deployment technologies. This lesson
explores the different image formats and provides guidance on how to create and manage these images.
Objectives
After completing this lesson, you will be able to:
Describe an image file.
Describe the WIM file format.
Describe the Virtual Hard Disk (VHD) image format.
Describe the process of creating an image.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-33
Image File

Key Points
As operating systems have grown in functionality and complexity, so the files required to install these
operating systems have grown, both in number and size. It was once possible to install a server operating
system from a handful of floppy diskettes; now, only DVDs have sufficient capacity to store the required
installation files.
As Windows Server has evolved, so has the means to install and deploy it. Microsoft has provided the
installation files for both recent and current versions of Windows client and server operating systems in a
disk image format; this reduces the space consumed by the installation files and provides additional
benefits for the installer.
Some earlier image-based deployment technologies used images that were related too closely with the
hardware on which they were deployed; this restricted the installer to deploying the same image only to
identical or very similar hardware platforms. Current Windows image files address this issue.
There are a number of different types of image files that you will encounter when you start to deploy
Windows Server. These are:
Install image. This is the operating system image that you use to install Windows Server. Microsoft
provides an installation image, install.wim, on the Windows Server 2008 R2 product DVD in the
\sources folder.
Boot image. A Windows PE image that you use to boot a server computer in order to install the install
image. Microsoft provides a boot image, boot.wim, on the Windows Server 2008 R2 product DVD in
the \sources folder. There are two additional types of boot image:
Capture image. A specific type of boot image that you use in order to capture the currently
installed operating system on the reference computer.
Discover image. Not all computers support the Pre-Boot Execution Environment (PXE). You can
use a discover image to connect to network-based deployment services, such as Windows
Deployment Services, on computers that do not support PXE.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-34 Deploying Windows Server 2008
Note: PXE enables computers to startup without a local operating system installed provided that
certain network services, such as Windows Deployment Services, are present on the network. This
enables you to perform cross-network deployments without having to use even Windows PE.
Custom image. When you capture an installed operating system, for example by using ImageX.exe,
you create a custom image. Custom images can be thick or thin, based on your needs.
Note: Thin imaging refers to installing the Windows image that Microsoft provides without
customizing it (or installing a lightly customize image), and then using automation to install
applications, device drivers, and updates on each client computer during deployment. Thick imaging
refers to customizing an image with applications, device drivers, and updates before deploying it.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-35
WIM Image File

Key Points
With Windows Vista, Microsoft introduced a new image file format. WIM now additionally supports
Windows 7, Windows Server 2008, and Windows Server 2008 R2.
Note: You can use WIM files to support the deployment of earlier operating systems, such as
Windows XP operating systems; however, there are certain limitations. For additional information
about deploying earlier versions of Windows with WIM files and these limitations, visit the Microsoft
TechNet Website: http://go.microsoft.com/fwlink/?LinkId=195580 .
Earlier disk imaging technologies were sector-based; this means that applying the image is destructive,
overwriting the data currently on a target partition or disk. WIM files are file-based; this means that the
smallest unit of information is a file. You can apply file-based images without overwriting the entire hard
disk.
In addition, WIM files are hardware-agnostic; that is, they are independent of the hardware from which
they were captured. The primary benefit of using a hardware-agnostic imaging file format is that you will
need to maintain fewer images; minor differences, even significant hardware differences, are resolved
during the image installation process.
Summary of WIM Format Benefits
WIM format image files have the following benefits:
Hardware-agnostic. You need to maintain a single image for all of your server computers.
Multiple-image storage. Each WIM file can contain multiple images. For example, the install.wim file
in the \sources folder contains eight Windows Server 2008 R2 editions.
Single-instance storage. The WIM format uses single-instance storage which, together with
compression, helps to reduce the size of the image files. Given that each WIM file can contain

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-36 Deploying Windows Server 2008
multiple Windows Server editions, single-instance storage can identify those files that occur in all
editions and store only a single copy of those files.
Offline-servicing. You can update the WIM image file with new drivers, applications, or other changes
without needing to recreate the image.
File-based storage. Another benefit of file-based storage is that the application of the image is not
constrained by the formatting or physical geometry of the disk.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-37
VHD Image File

Key Points
In Windows Server 2008 R2 you can also use VHD images to deploy Windows Server to physical
computers.
Note: To perform VHD deployment, you must use Windows Deployment Services which is discussed
in Module 4 of this course.
There are certain limitations with the VHD file format for deployment purposes. These are that the VHD
image cannot contain:
More than one operating system.
More than one disk partition.
Applications or data.
A 64-bit operating system partitioned using a GUID Partition Table (GPT).
In addition, VHD image files can only contain the following operating systems:
Windows 7 Enterprise operating system
Windows 7 Ultimate operating system
Windows Server 2008 R2
The primary advantage of using VHD files is that you can use virtualization technologies to test your
Windows Server deployment and then apply the resultant disk images to physical hosts.
Note: Fixed, dynamic, and differencing VHD images are all supported.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-38 Deploying Windows Server 2008
In addition to deploying an operating system from a VHD image file, it is also possible to configure
computers to use a VHD file for native boot.
Note: For additional information about configuring native boot for VHD, visit the Microsoft TechNet
Website: http://go.microsoft.com/fwlink/?LinkId=195581 .
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-39
Creating an Image

Key Points
Although you can perform deployments relying only upon the supplied install.wim and boot.wim files, it is
quite likely that you will need to create custom images. This topic discusses the process of creating
custom installation and Windows PE images.
Custom Install Image
To create an install image, first create a capture image; these are boot images that you start a reference
computer into, to capture the operating system into a WIM file. Capture images provide an alternative to
using the ImageX.exe command-line utility. Typically, you should create a capture image by using the
Boot.wim file from the Windows Server 2008 R2 DVD.
To create a custom Windows install image using Windows Deployment Services, use the following high-
level steps:
1. Create a capture image using Windows Deployment Services.
2. Create a reference, or source, computer. You will install the operating system, applications, patches
and updates, and make other required changes to this computer.
3. Generalize the computer using Sysprep.exe.
4. Perform a network boot. Press F12 during the startup process to boot to the network. The computer
should automatically reboot after you run Sysyprep.exe.
5. On the boot menu, select the capture image you created earlier and then follow the instructions in
the Image Capture Wizard to capture the locally installed operating system and upload it to Windows
Deployment Services.
To create a custom Windows install image using ImageX.exe, use the following high-level steps:
1. Create a reference, or source, computer.
2. Generalize the computer using Sysprep.exe.
3. Boot into Windows PE.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-40 Deploying Windows Server 2008
4. Capture an image of the source installation by using ImageX.exe. For example, enter the following
command:
ImageX.exe /compress fast /capture C: C:\Contoso.wim "Contoso Windows Server Image"
/verify
5. Copy the resultant image file to a file server.
6. You can now associate the image file with an answer file within Windows SIM.
Note: For additional information about creating a custom Windows install image, visit the Microsoft
TechNet Website: http://go.microsoft.com/fwlink
/?LinkID=195789&clcid=0x409.
Custom Windows PE Image
Although a boot image is provided, this might not suit your needs; for example, you might decide to
install additional files into the boot image that you regularly require. The tool used to customize Windows
PE is DISM.
To create a custom Windows PE image, use the following high-level steps:
1. On your technician computer, with Windows AIK installed, open the Deployment Tools Command
Prompt.
2. Run the Copype.cmd script. You must specify the architecture and the destination folder. For
example, run the following command:
Copype.cmd amd64 C:\winpe-amd_64
3. Copy the resultant base winpe.wim image from the C:\winpe-amd_64 folder to the ISO\sources
folder. Additionally, you must rename the file to boot.wim. For example, enter the following
command:
copy c:\winpe-amd_64\winpe.wim c:\winpe-amd_64\ISO\sources\boot.wim
4. Mount the image so that you can service it. Enter the following command:
Dism /Mount-Wim /WimFile:C:\winpe-amd_64\ISO\sources\boot.wim /index:1
/MountDir:C:\winpe-amd_64\mount
5. Add the required components using the DISM /Add-Package command.
6. Copy any additional tools and applications to the image. For example, enter the following command
to add ImageX.exe to the Windows PE image:
Copy Imagex.exe C:\Winpe-amd_64\Tools
7. Commit changes to the image. Use the following command:
Dism /unmount-Wim /MountDir:C:\winpe-amd_64\mount /Commit
8. You now have a customized Windows PE RAM disk image that you can place on bootable media,
such as a CD-ROM or USB flash drive. To burn this to a writable disk, use the following command:
oscdimg -n -bC:\winpe-amd_64\etfsboot.com C:\winpe-amd_64\ISO C:\winpe-amd_64\winpe-
amd_64.iso
9. Finally, burn the image to the required media.
Note: For additional information about creating a custom Windows PE image, visit the Microsoft
TechNet Website: http://go.microsoft.com/fwlink/?LinkId=195790.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-41
Lesson 4
Working with Unattended Answer Files

Answer files can assist in a variety of deployment scenarios. It is important, therefore, to understand how
to create and manage answer files. It is also important to understand in which scenarios answer files are
beneficial.
Objectives
After completing this lesson, you will be able to:
Describe the installation phases.
Identify important answer file settings.
Create an answer file.
Describe unattended deployment scenarios.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-42 Deploying Windows Server 2008
Installation Phases

Key Points
The Windows Server 2008 R2 installation process is modular, consisting of a number of setup
configuration passes. It is important to understand these setup configuration passes and what takes place
during each of them in order for you to correctly configure an answer file.
The following table describes the different configuration passes.
Configuration passes Description
windowsPE Configures Windows PE options and basic Windows Setup options. These
options can include setting the product key and configuring a disk.
If you require drivers for Windows PE to access the local hard disk drive or a
network, use this configuration pass to add drivers to the Windows PE driver
store and to reflect boot-critical drivers required by Windows PE.
offlineServicing Applies updates to a Windows image. Also applies packages, including software
fixes, language packs, and other security updates.
During this pass, you can add drivers to a Windows image before that image is
installed and processes out-of-box device drivers during Windows Setup.
specialize Creates and applies system-specific information. For example, you can configure
network settings, international settings, and domain information.
generalize Enables you to minimally configure the sysprep /generalize command, as well
as configure other Windows settings that must persist on your reference
image.The generalize pass runs only if you run the sysprep /generalize
command.
auditSystem Processes unattended Setup settings while Windows is running in system
context, before a user logs onto the computer in Audit mode. The auditSystem
pass runs only if you boot to Audit mode.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-43
Configuration passes Description
auditUser Processes unattended Setup settings after a user logs onto the computer in
Audit mode. The auditUser pass runs only if you boot in Audit mode.
oobeSystem Applies settings to Windows before Windows Welcome starts.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-44 Deploying Windows Server 2008
Important Answer File Settings

Key Points
Use Windows AIK to create your answer files; specifically, use Windows SIM and the following high-level
steps to provide guidance on creating an answer file.
1. On your technician computer, open Windows SIM.
2. In Windows SIM, create a new answer file.
3. When you are prompted, associate the answer file with either an image file or a catalog file.
4. In the Windows Image pane, select the required components and packages and add each to the
relevant setup pass. For example, to add disk configuration to the answer file, navigate to
amd64_Microsoft-Windows-Setup_6.1.7600.16385_neutral\DiskConfiguration\Disk\CreatePartitions
\CreatePartition, right-click CreatePartitions and then click Add Setting to Pass 1 windowsPE.
Repeat this for all the required components and packages.
5. Once you have all the required components and packages in the answer file, locate the desired
setting in the Answer File section in Windows SIM and then configure the desired value.
6. When you have configured the values, use the Validate Answer File tool to check your configuration.
Errors are displayed in the Messages pane.
7. Finally, save the file.
There are many hundreds of settings that you can configure within an answer file. The following table
provides some information about the more important of these settings.
Component path Description and typical value
Microsoft-Windows-
International-Core-WinPE
Defines the keyboard layout.
InputLocale=en-US
System-Locale=en-US
UILanguage=en-US
UserLocale=en-US

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-45
Component path Description and typical value
Microsoft-Windows-Setup
\DiskConfiguration
Determines whether the user interface for disk configuration is
displayed during setup.
WillShowUI=OnError
Microsoft-Windows-Setup
\DiskConfiguration\Disk
Specifies the disk to use for installation.
DiskID=0
WillWipeDisk=true
Microsoft-Windows-Setup
\DiskConfiguration\Disk
\CreatePartitions\CreatePartitio
n
Determines how to create partitions for installation.
Extend=false
Order=1
Size=<size in MB>
Type=Primary
Microsoft-Windows-Setup
\DiskConfiguration\Disk
\ModifyPartitions
\ModifyPartition
Configures the partitions for installation.
Active=True
Extend=False
Format=NTFS
Label=<text>
Letter=C
Order=1
PartitionID=1
Microsoft-Windows-Setup
\ImageInstall\OSImage
WillShowUI=OnError
Microsoft-Windows-Setup
\ImageInstall\OSImage\InstallT
o
Specifies where to install Windows.
DiskID=0
PartitionID=1
Microsoft-Windows-Setup
\Userdata
AcceptEULA=true
Microsoft-Windows-Setup
\Userdata\ProductKey
Holds product key for use during installation.
Key=<your key>
WillShowUI=OnError
Microsoft-Windows-Shell-
Setup_neutral
Used during specialize pass to configure computer name.
ComputerName=<value>
Microsoft-Windows-
UnattendedJoin_neutral
\Identification\
Used during specialize pass to configure domain membership.
JoinDomain=<domain name>
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-46 Deploying Windows Server 2008
Component path Description and typical value
Microsoft-Windows-
UnattendedJoin_neutral
\Identification \Credentials
Used during specialize pass to configure domain membership.
Domain=<domain name>
Password=<Password>
Username=<user name>
Microsoft-Windows-Shell-Setup
\OOBE
Used during the OOBE setup pass to configure final settings.
HideEULAPage=true
ProtectYourPC=3
SkipMachineOOBE=true
Note: For additional information about settings to use for unattended installations, visit the Microsoft
TechNet Website: http://go.microsoft.com/fwlink
/?LinkId=195790.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-47
Demonstration: Create an Answer File

Key Points
In this demonstration, you will see how to use Windows SIM to create an answer file.
Demonstration Steps
1. Create a new answer file and associate it with an image file.
2. Create a catalog file.
3. Add the required components and packages to the appropriate installation passes.
4. Configure the values for each of the settings added to the answer file.
5. Validate the answer file.
6. Save the answer file.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-48 Deploying Windows Server 2008
Discussion: When to Use Answer Files

Key Points
There are a number of situations in which use of answer files is helpful when deploying Windows Server
2008 R2. Consider the following questions, and then discuss your answers with the class.
Question: Fabrikam has six servers that they need to deploy; each server is using the same version of
Windows Server. The branch offices that will host these servers do not have skilled IT personnel on-site
and they are too geographically dispersed to send IT staff from the head office to perform the
deployment. Fabrikam does not have a volume licensed version of software and are, instead, relying on
retail versions of Windows Server 2008 R2. How would you use an answer file in this scenario? Provide
details.
Question: In your organization, do you envisage using answer files to aid deployment of Windows Server
208 R2?

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-49
Lab: Deploying Windows Server 2008 with an Answer
File

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR2.
Lab Scenario
Contoso, Ltd wants to deploy branch office servers to various regional centers. They do not have the
budget to send experienced IT staff to each site, so they want to automate the installation. You
recommend using an answer file to assist the automation. Contoso accepts your recommendation, and
tasks you with creating the necessary answer file.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-50 Deploying Windows Server 2008
Exercise 1: Creating an Answer File
Scenario
To assist with the process of creating the necessary answer file, Ed Meadows has sent you a document
with the appropriate configuration information.
Branch Office Server Configuration
Document Reference Number: EM010610/1
Document Author
Date
Ed Meadows
1
st
June
Requirements Overview
To automate the deployment of branch office servers.
Additional Information
Deployment method: automated high-touch retail media deployments.
Configuration information
Operating System Version: Windows Server 2008 R2 Enterprise
Full or Server Core: Server Core
Installation location: C:\Windows
Disk partition size: 20 GB
File system: NTFS
Domain: Contoso.com
User account to use for domain join operation: Administrator
Enable Windows Firewall
Use Dynamic Host Configuration Protocol to obtain IPv4 configuration
The main tasks for this exercise are as follows:
1. Read the Branch Office Server Configuration document.
2. Create an answer file.
3. Add required settings to answer file.
4. Configure answer file.
5. Verify and save answer file.
6. Copy the answer file to removable media.
Task 1: Read the Branch Office Server Configuration document
Read the Branch Office Server Configuration document.
Task 2: Create an answer file
1. Switch to the NYC-SVR2 server.
2. Open Windows System Image Manager.
3. Create a new answer file.
4. When prompted, select the installation image located in E:\labfiles\Mod02\install.wim.
5. When prompted, select the Windows Server 2008 R2 SERVERENTERPRISECORE operating system.
6. When prompted to create a catalog, click Yes.
Note: This operation might take 10-20 minutes.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-51
Task 3: Add required settings to answer file
Note: Accuracy is important. Detailed steps are provided here that mirror those in the Lab Answer
Key.
1. In Windows System Image Manager, under Windows Image, expand Components.
2. Right-click amd64_Microsoft-Windows-International-Core-WinPE_6.1.7600.16385_neutral, and
then click Add Setting to Pass 1 windows PE.
3. Right-click amd64_Microsoft-Windows-Setup_6.1.7600.16385_neutral, and then click Add
Setting to Pass 1 windows PE.
4. Expand amd64_Microsoft-Windows-Setup_6.1.7600.16385_neutral, right-click
DiskConfiguration and then click Add Setting to Pass 1 windows PE.
5. Expand DiskConfiguration, right-click Disk and then click Add Setting to Pass 1 windows PE.
6. Expand Disk, expand CreatePartions, right-click CreationPartition, and then click Add Setting to
Pass 1.
7. Expand ModifyPartions, right-click ModifyPartition and then click Add Setting to Pass 1.
8. Under amd64_Microsoft-Windows-Setup_6.1.7600.16385_neutral, right-click ImageInstall and then
click Add Setting to Pass 1 windows PE.
9. Under amd64_Microsoft-Windows-Setup_6.1.7600.16385_neutral, right-click UserData and then click
Add Setting to Pass 1 windows PE.
10. Under Components, right-click amd64_Microsoft-Windows-Shell-Setup_6.1.7600.16385_neutral,
and then click Add Setting to Pass 4 specialize.
11. Expand amd64_Microsoft-Windows-Shell-Setup_6.1.7600.16385_neutral, right-click OOBE, and
then click Add Setting to Pass 7 oobeSystem.
12. Under Components, expand amd64_Microsoft-Windows-
UnattendedJoin_6.1.7600.16385_neutral, expand Identification, right-click Credentials and then
click Add Setting to Pass 4 specialize.
Task 4: Configure answer file settings
1. In Windows System Image Manager, under Answer File, under 1 windows PE, click
amd64_Microsoft-Windows-Internationl-Core-WinPE_neutral.
2. In the results pane, under Microsoft-Windows-International-Core-WinPE Properties, under Settings,
configure the following settings:
a. In the InputLocale box, type 0409:00000409.
b. In the SystemLocale box, type en-US.
c. In the UILanguage box, type en-US.
d. In the UserLocale box, type en-US.
3. Under Answer File, expand amd64_Microsoft-Windows-International-Core-WinPE_neutral and
then click SetupUILanguage.
4. In the results pane, under SetupUILanguage Properties, under Settings, in the UILanguage box, type
en-US.
5. Under Answer File, click amd64_Microsoft-Windows-Setup_neutral, and then in the result pane,
under Microsoft-Windows-Setup Properties, under Settings, configure the following settings:
a. In the EnableFirewall list, click true.
b. In the EnableNetwork list, click true.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-52 Deploying Windows Server 2008
6. Under Answer File, expand amd64_Microsoft-Windows-Setup_neutral, and then click
DiskConfiguration.
7. In the results pane, under DiskConfiguration Properties, under Settings, in the WillShowUI list, click
OnError.
8. Under Answer File, under DiskConfiguration, click Disk.
9. In the results pane, under Disk Properties, under Settings, configure the following settings:
a. In the DiskID box, type 0.
b. In the WillWipeDisk list, click true.
10. Under Answer File, under DiskConfiguration, expand Disk, expand CreatePartitions and then click
CreatePartition.
11. In the results pane, under CreateConfiguration Properties, under Settings, configure the following
settings:
a. In the Order box, type 1.
b. In the Size box, type 20000.
c. In the Type list, click Primary.
Note: If your host machine does not have 20GB of free disk space, modify the Size value accordingly.
12. Under Answer File, under DiskConfiguration, under Disk, expand ModifyPartitions and then click
ModifyPartition.
13. In the results pane, under ModifyConfiguration Properties, under Settings, configure the following
settings:
a. In the Active list, click true.
b. In the Extend list, click false.
c. In the Format list, click NTFS.
d. In the Label box, type System.
e. In the Letter list, click C.
f. In the Order box, type 1.
g. In the PartitionID box, type 1.
14. Under Answer File, under amd64_Microsoft-Windows-Setup_neutral, expand ImageInstall, and then
click OSImage.
15. In the results pane, under OSImage Properties, under Settings, in the WillShowUI list, click OnError.
16. Under Answer File, under OSImage, right-click InstallFrom and then click Insert New MetaData.
17. In the results pane, under MetaData Properties, under Settings, configure the following settings:
a. In the Key box, type /IMAGE/Name.
b. In the Value box, type Windows Server 2008 R2 SERVERENTERPRISECORE.
18. Under Answer File, expand OSImage, and then click InstallTo.
19. In the results pane, under InstallTo Properties, under Settings, configure the following settings:
a. In the DiskID box, type 0.
b. In the PartitionID box, type 1.
20. Under Answer File, click UserData.
21. In the results pane, under UserData Properties, under Settings, configure the following settings:
a. In the AcceptEULA list, click true.
b. In the FullName box, type Registered User.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-53
c. In the Organization box, type Contoso.
22. Under Answer File, expand UserData, and then click ProductKey.
23. In the results pane, under ProductKey Properties, under Settings, in the WillShowUI list, click
OnError.
Note: You will see an option to type a product key but we do not have one. The installation will
continue anyway.
24. Under Answer File, under Components, expand 4 specialize, and then click amd64_Microsoft-
Windows-Shell-Setup_neutral.
25. In the results pane, under Microsoft-Windows-Shell-Setup Properties, under Settings, in the
ComputerName box, type BRANCH-SVR1.
26. Under Answer File, under 4 specialize, under amd64_Microsoft-Windows-UnattendedJoin_neutral,
click Identification.
27. In the results pane, under Identification Properties, under Settings, configure the following settings:
In the JoinDomain box, type Contoso.com.
28. Under Answer File, click Credentials.
29. In the results pane, under Credentials Properties, under Settings, configure the following settings:
a. In the Domain box, type Contoso.com.
b. In the Password box, type Pa$$w0rd.
c. In the Username box, type Administrator.
30. Under Answer File, under 7 oobeSystem, under amd64_Microsoft-Windows-Shell-Setup_neutral click
OOBE.
31. In the results pane, under OBBE Properties, under Settings, configure the following settings:
a. In the HideEULAPage list, click true.
b. In the ProtectYourPC box, type 3.
Task 5: Verify and save answer file
1. When you have completed the configuration process, in Windows System Image Manager, click
Tools, and then click Validate Answer File.
Note: Some settings have not been modified and will not be saved. This is normal.
2. When you have completed the verification process, in Windows System Image Manager, click File,
and then click Save Answer File.
3. In the navigation pane, click Desktop.
4. In the File name box, type Autounattend.xml and then click Save.
Task 6: Copy the answer file to removable media
1. Close Windows System Image Manager.
2. Click Start, click Computer, and then double-click Floppy Disk Drive (A:).
3. Drag Autounattend.xml from the Desktop to the open Windows Explorer window.
Results: After this exercise, you should have created and distributed an answer file.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-54 Deploying Windows Server 2008
Exercise 2: Using the Answer File
Scenario
You have sent the answer file to the branch office. A user there will launch the setup process on their
recently delivered server computer.
The main tasks for this exercise are as follows:
1. Configure the virtual machine.
2. Verify that setup starts.
3. Verify that setup was successful.
Task 1: Configure the virtual machine
Note: You are now going to move the answer file between the virtual machines. This requires that
you change the settings for the virtual machines so that the virtual floppy diskette is accessible from
the second virtual machine.
1. On the host computer, in the 6418C-NYC-SVR2 on localhost Virtual Machine Connection window,
on the Media menu, point to Diskette Drive and then click Eject floppy.vfd.
Note: You have now ejected the floppy disk from the first virtual machine.
2. Switch to Hyper-V Manager.
3. In the Virtual Machines list, right click 6418C-NYC-BLANK and then click Settings.
4. In the Settings for 6418C-NYC-BLANK dialog box, click Diskette Drive.
5. In the results pane, click Virtual floppy disk (.vfd) file:.
6. In the Virtual floppy disk (.vfd) file: box, type C:\Program Files
\Microsoft Learning\6418\Drives\floppy.vfd and then click OK.
Note: You have now inserted the floppy disk into the second virtual machine.
7. In Hyper-V Manager, click 6418C-NYC-BLANK, and in the Actions pane, click Start.
8. In the Actions pane, click Connect.
Task 2: Verify that setup starts
Does setup start?
Note: Let the installation proceed.
Task 3: Verify that setup was successful
1. Logon with the following credentials:
Username: Administrator
Password: Pa$$w0rd
Domain: Contoso

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing Deployment Technologies 2-55
2. At the command prompt, type hostname.
3. What is the computer name?
4. At the command prompt, type ipconfig /all.
5. What is the IP address?
6. From where was this configuration obtained?
Results: After this exercise, you should have deployed a branch server with an answer file.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-BLANK and 6418C-NYC-SVR2.
5. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next modules lab, click 6418C-NYC-DC1, and then in the
Actions pane, click Connect.
Important: Start the 6418C-NYC-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
7. Wait for 6418C-NYC-DC1 to start, and then start 6418C-NYC-SVR2. Connect to the virtual machine.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
2-56 Deploying Windows Server 2008
Module Review and Takeaways

Review Questions
1. To automate high-touch, retail media deployments, what tools do you need?
2. You want to use an implicit location for your answer file. What must you call it?
3. Your organization has many different server builds; none is identical. You have chosen to use
customized images to aid deployment. Should you think about using thick or thin images?




New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-1
Module 3
Using Microsoft Windows Deployment Services
Contents:
Lesson 1: Overview of Windows Deployment Services 3-3
Lesson 2: Implementing Deployment with Windows Deployment Services 3-12
Lesson 3: Administering Windows Deployment Services 3-22
Lab: Using Microsoft Windows Deployment Services to Deploy
Windows Server 3-31

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-2 Deploying Windows Server 2008
Module Overview

Larger organizations need deployment technologies that can reduce or eliminate user-interaction during
the deployment process. You can use Microsoft Windows Deployment Services to help support both
lite-touch and zero-touch, high-volume deployments. This module explores the functionality of Windows
Deployment Services and explains how to use Windows Deployment Services tools to perform lite-touch
deployments.
Objectives
After completing this module, you will be able to:
Describe the important features and functionality of Windows Deployment Services.
Configure Windows Deployment Services in the Windows Server 2008 R2 operating system.
Perform deployments with Windows Deployment Services.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-3
Lesson 1
Overview of Windows Deployment Services

Windows Deployment Services enables you to deploy Windows operating systems including the Windows
Server 2008 operating system, the Windows Server 2008 R2 operating system and the Windows 7
operating system. You can use Windows Deployment Services to install these operating systems on new
computers by using a network-based installation; this means that you do not have to be physically
present at each computer and you do not have to install each operating system directly from a local
media. Consequently, Windows Deployment Services scales well to support the deployment needs of
larger organizations.
Objectives
After completing this lesson, you will be able to:
Describe the function of Windows Deployment Services.
Describe the components of Windows Deployment Services.
Describe the benefits of Windows Deployment Services.
Identify how to use Windows Deployment Services to support various deployment scenarios.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-4 Deploying Windows Server 2008
What Is Windows Deployment Services?

Key Points
Windows Deployment Services is a server role provided with both Windows Server 2008 and Windows
Server 2008 R2. It provides the following functions:
Enables you to perform network-based installations.
Simplifies the deployment process.
Supports deployment to computers that have no current operating system.
Provides end-to-end deployment solutions for both client and server computers.
Uses existing technologies, such as Windows Pre-Installation Environment (Windows PE), Windows
Imaging File Format (WIM) and Virtual Hard Disk (VHD) image files, and image-based deployment.
Note: Support for VHD image files is limited to Windows Server 2008 R2.
Windows Deployment Services supersedes both the Remote Installation Services (RIS) and the Automated
Deployment Services (ADS) provided with earlier versions of Windows; it combines and improves on the
functions of these two earlier deployment technologies. Deployment of the following operating systems
can be completely automated:
The Windows XP operating system
The Windows Server 2003 operating system
The Windows Vista with SP1 operating system
Windows Server 2008
Windows 7
Windows Server 2008 R2
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-5
Note: Automation tasks include computer naming, domain-joining, and adding and removing
features or server roles.
Windows Deployment Services gives you the ability to create, store, and deploy installation images of
supported operating systems; WIM and VHD image files are supported. Deployment is now either unicast
or multicast-based. Using multicasting enables you to more effectively manage the network traffic
consumed by the deployment process, potentially speeding up deployment without adversely affecting
other network services.
Componentized Operating Systems
Windows Deployment Services integrates closely with Windows Vista, Windows 7, and Windows Server
2008 R2. One important example of this integration is the componentized design of Windows Vista,
Windows 7, and Windows Server 2008 R2.
These operating systems consist of a collection of self-describing elements called components. Self-
describing means that it contains a manifest that lists the different configuration options you can set for
the component. You can see the features and configurations for each component.
Updates, service packs, and language packs are components that are applied on top of componentized
operating systems.
Drivers are also treated as components. The drivers are presented as separate, individual and configurable
items. The primary benefit of this is that you can install drivers, like hot-fixes and service packs, into an
offline operating system. Instead of updating complete images each time a new update, service pack, or
driver becomes available, you can install these components into the offline image so that they are applied
when you deploy the image.
When deploying the images to the hard disk of a new computer, the system gets the base image with
each of the components added before the system boots for the first time.
If your organization is multi-lingual or international, you will be able to take advantage of the language-
neutral nature of the latest Windows operating systems. The number of images you need to maintain
shrinks again because there are no longer localized versions. Some versions will be limited to the number
of language packs. Language packs can be added or removed from a system as necessary and at any time
without otherwise altering the installation.
If you need to support multiple languages, simply add all of the necessary language packs to your
deployment WIM file and activate them as necessary, either on all computers or on specific computers.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-6 Deploying Windows Server 2008
Windows Deployment Services Components

Key Points
Windows Deployment Services provides a number of distinct functions through a number of identifiable
components.
Windows Deployment Services Pre-Boot Execution Environment (PXE) Server
The PXE server provides the following functionality:
Binds to network interfaces.
Listens for incoming PXE requests.
Formats the Dynamic Host Configuration Protocol (DHCP) response packets.
Windows Deployment Services Client
The Windows Deployment Services Client provides a graphical interface built on Windows Server setup. It
establishes a communication channel with the Windows Deployment Services server and retrieves a list of
install images on the Windows Deployment Services server. Additionally, the Windows Deployment
Services Client provides status information at the target computer during deployment.
Server Components
Additional server components include a Trivial File Transfer Protocol (TFTP) server that enables network-
booting clients to load a boot image into memory. Also included is: an image repository that contains
boot images, install images, and files needed specifically for network-boot support; a shared folder that
hosts the install images.
Multicasting Engine
Transmitting large operating system images over the network is more efficient than ever before with
Windows Deployment Services. However, it is still very demanding to push multi-gigabyte files across the
network. By using the new multicast feature, you can further reduce the network cost of using Windows
Deployment Services deployment.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-7
With multicasting, the server sends the data a single time, and multiple targets receive the same data. If
you are deploying to multiple targets, this can cut the network traffic to a fraction of the equivalent
number of multiple unicast transmissions.
Windows Deployment Services provides two types of multicasting:
Scheduled-Cast. There are two ways that you can configure scheduled-cast.
Client count. When you specify a client count, the server waits until the defined count of
connected clients is reached, and then it starts to send the information.
Point in time. When you specify a point in time, the server waits until the specified time and
begins deployment to connected client computers.
Scheduled-cast provides a very efficient use of the network, but is somewhat labor-intensive;
each target computer must be connected, turned on, and cued.
Auto-Cast. A target can join an Auto-Cast at any time and the server repeats the transmission as long
as targets are connected. If the target starts receiving the image in the middle, or if it misses some
portion of the image, it remains connected and collects the additional parts of the file when the
server restarts the transmission.
Note: The Windows Deployment Services management tools allow you to monitor real-time
transmission progress to clients including the ability to remove clients from a transmission.
Question: What is the advantage of multicasting over unicasting in volume deployment scenarios?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-8 Deploying Windows Server 2008
Why Use Windows Deployment Services?

Key Points
Because of its ability to support deployment from across the network, potentially with no user invocation,
any organization that wants to reduce the installer interaction required during deployment of Windows
Server should consider using Windows Deployment Services. Consider the following scenarios.
Scenario 1
In a small network consisting of a single server and around 25 Windows XP computers, you could use
Windows Deployment Services to expedite the upgrade process of the client computers to Windows 7.
Once you have installed and configured the Windows Deployment Services server role on the single
server, use Windows Deployment Services to perform the following tasks:
1. Add boot.wim from the sources folder of the Windows Server 2008 R2 media as a boot image in
Windows Deployment Services.
2. Add install.wim from the sources folder of the Windows 7 media as an install image.
3. Create a capture image from the boot image you previously added.
Note: A capture image is a modified boot image that contains the necessary elements to enable you to
capture a WIM file image from a configured reference computer.
4. Start your reference computer from the network using PXE.
5. Perform a standard installation of Windows 7 from the install.wim image.
6. Install office productivity applications and custom applications as required on the reference
computer.
7. Generalize the reference computer with Sysprep.
8. Restart the reference computer from the network using PXE.
9. Connect to the capture image that you created and use it to capture the local operating system and
upload it back to the Windows Deployment Services server.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-9
10. Start each of the existing target computers from the network using PXE and connect to the
appropriate boot image.
11. Select the custom install image and the deployment starts.
Benefits to the organization in this scenario are:
A standardized desktop computer image
Quick deployment of each computer with limited installer interaction
This solution would not suit larger deployments as there is a need for the installer to start the deployment
on the target computer. Additionally, the installer is required to select a disk partition on which to install
the selected installation image.
Scenario 2
In the second scenario, a medium-sized organization wants to deploy multiple servers in branch offices
that are geographically dispersed. It would be time-consuming and expensive to send experienced
information technology (IT) staff to each location to deploy the servers.
By using Windows Deployment Services, they can address this issue:
1. Add boot.wim from the Windows Server 2008 R2 media as a boot image in Windows Deployment
Services.
2. Add install.wim from the Windows Server 2008 R2 media as an install image.
3. Create a capture image.
4. Start the reference computer from the network.
5. Perform a standard installation of Windows Server 2008 R2 from the install.wim image.
6. Customize the reference computer as required.
7. Generalize the reference computer.
8. Restart the reference computer from the network.
9. Capture the reference operating system and upload it back to the Windows Deployment Services
server.
10. Configure the necessary Active Directory Domain Services (AD DS) computer accounts; this is
known as prestaging the computer accounts.
11. Use Windows System Image Manager (Windows SIM) in the Windows Automated Installation Kit
(Windows AIK) to create an unattended answer file.
12. Configure the answer file for use with the captured installation image on Windows Deployment
Services.
13. Configure a custom naming policy in Windows Deployment Services so that each server computer
receives a suitable computer name during deployment.
14. Configure Windows Deployment Services to use a default boot image.
15. Configure Windows Deployment Services to respond to PXE requests and automatically start
deployment of the install image.
16. Start each of the target computers from the network.
Note: To avoid a boot loop, it is advisable to configure the computers basic input/output system
(BIOS) to startup from the hard disk and then the network. For further information about avoiding a
boot loop, refer to the Windows Deployment Services Deployment Guide.
Benefits to the organization in this scenario are:
Standardized server builds.
Automatic domain-join following deployment.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-10 Deploying Windows Server 2008
Automatic computer naming.
Little or no installer interaction.
The solution does not implement multicast transmissions, nor does it use PXE referral. These technologies
could be used to help manage network traffic during the deployment.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-11
Discussion: When to Use Windows Deployment Services

Key Points
Consider the following questions, and then discuss your answers with the class.
Question: IT staff at Contoso, Ltd is about to deploy Windows Server 2008 R2 to various branch offices.
The following information has been provided to the IT staff by management:
The configuration of the various branch office servers is expected to be fairly consistent.
There is no requirement to upgrade settings from existing servers as these are new branch offices
with no current IT infrastructure in place.
Automation of the deployment process is important as there are many servers to deploy.
Question: How would you use Windows Deployment Services to aid deployment?
Question: Fabrikam, Inc. has a requirement to deploy several dozen new servers in their head offices.
These servers will be installed with Windows Server 2008 R2. The following information has been provided
to the IT staff by management:
The configuration of the various servers is expected to vary slightly; there are two basic server
configurations: full server and server core.
Managing network traffic is critical as the network is near capacity.
Question: How would you advise staff at Fabrikam to proceed with the deployment?
Question: In your organization, how do you propose to implement Windows Deployment Services?

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-12 Deploying Windows Server 2008
Lesson 2
Implementing Deployment with Windows
Deployment Services

While not complicated to install and configure, to ensure that Windows Deployment Services provides the
appropriate level of deployment automation, it is important that you understand its prerequisites and
how to configure Windows Deployment Services appropriately in order to address the deployment needs
of your organization. Once Windows Deployment Services is installed and configured, you must
understand how to use Windows Deployment Services and associated tools to create, manage, and
deploy images to computers within your organization.
Objectives
After completing this lesson, you will be able to:
Describe the prerequisites of Windows Deployment Services.
Describe the transport server role.
Install and configure Windows Deployment Services.
Explain the process of using Windows Deployment Services to deploy Windows Server.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-13
What Are the Windows Deployment Services Prerequisites?

Key Points
The specific requirements for installing the Windows Deployment Services role depend on whether you
are deploying a Deployment Server or only a Transport Server.
Note: The transport server, and its prerequisites, is discussed in the following topic.
In order to install a Deployment Server, your network and target server must meet the following
requirements.
AD DS. Your Windows Deployment Services server must be either a member of an AD DS domain or a
domain controller for an AD DS domain.
Note: The AD DS domain and forest functional levels are not relevant; all domain and forest
configurations support Windows Deployment Services.
DHCP. You must have a working DHCP server with an active scope on the network because Windows
Deployment Services uses PXE, which relies on DHCP to allocate Internet Protocol (IP) configurations.
Domain Name System (DNS). You must have a working DNS server on the network so that client
computers can locate the required services for deployment.
NTFS file system volume. The server running Windows Deployment Services requires an NTFS volume
for the image store. Windows Deployment Services accesses the image store within the context of the
logged on user. Therefore, deployment user accounts must have sufficient permissions on image files.
In addition, although not required, Windows AIK enables you to create and manage answer files for use
with automated Windows Deployment Services deployments.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-14 Deploying Windows Server 2008
Note: To install the Windows Deployment Services role, you must be a member of the Local
Administrators group on the server. To initialize the server, you must be a member of the Domain
Users group.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-15
What Is The Transport Server?

Key Points
When you deploy the Windows Deployment Services server role, you can choose the default
configuration in which both the Deployment Server and Transport Server role services are deployed;
alternatively, you can choose to deploy only the Transport Server role service. It is the Deployment Server
role service that provides the image server; the Transport Server does not provide imaging functionality.
The Deployment Server enables an end-to-end deployment solution while the Transport Server provides a
platform that you use to create a custom multicast-deployment solution.
The following table compares the two role services.
Deployment Server Transport Server
Requirements
AD DS, DHCP, and DNS No infrastructure requirements
PXE
Uses the default PXE provider You must create a PXE provider
Image server
Includes Windows Deployment
Services image server
None
Transmission
Unicast and multicast Multicast only
Management
Both the WDSUtil.exe
command-line tools and the
Windows Deployment Services
Microsoft Management
Console (MMC) snap-in
WDSUtil.exe only
Target
computer
Uses Windows Deployment
Services client or
Wdsmcast.exe
Wdsmcast.exe only

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-16 Deploying Windows Server 2008
Note: Wdsmcast.exe is provided in Windows AIK.
Transport Server Functionality
You can use the Transport Server to provide the following functions:
Boot from the network. The Transport Server provides only a PXE listener; this is the component that
listens and accepts incoming traffic. You must write a custom PXE provider in order to use a Transport
Server to boot a computer from the network.
Multicasting. The multicast server in Windows Deployment Services consists of a multicast and a
content provider:
Multicast provider. Transmits data over the network.
Content provider. Interprets the data and passes it to the multicast provider. This is installed with
both the Transport and Deployment Servers and can be used to transfer any file type, although it
has specific knowledge about the WIM image file format.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-17
Installing and Configuring Windows Deployment Services

Key Points
Once your network infrastructure meets the prerequisites, you can install the Windows Deployment
Services server role.
Installing the Windows Deployment Services Server Role
Use the following high-level steps to provide guidance on installing the role.
1. Open Server Manager, and then add the Windows Deployment Services server role.
2. Choose whether you want to install the Deployment Server role service (which includes the Transport
Server role), or just the Transport Server role service.
3. Complete the wizard to install the required role.
Initial Windows Deployment Services Configuration
Once Windows Deployment Services is installed, open Windows Deployment Services from Administrative
Tools, and then use the following high-level guidance to configure Windows Deployment Services.
1. Select your server in the console, and launch the Configuration wizard.
2. Specify a location to store images. This location:
Must be an NTFS partition.
Must be large enough to accommodate the images you anticipate needing.
Should be a separate physical disk from that on which the operating system is installed to help
optimize performance.
3. If the DHCP server role is co-hosted on the Windows Deployment Services server, you must:
Prevent the PXE server from listening on User Datagram Protocol (UDP) port 67; this port is used
by DHCP.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-18 Deploying Windows Server 2008
Configure DHCP option 60 to PXEClient; this enables the PXE client to locate the Windows
Deployment Services server port.
Note: If you deploy Windows Deployment Services to a server already running the DHCP Server role,
these changes are made automatically. If you subsequently add the DHCP Server role to a Windows
Deployment Server, you must ensure that you make these changes.
4. Determine how you want the PXE server to respond to clients:
The default is that the PXE server does not respond to any clients; this is useful when you are
initially configuring Windows Deployment Services as you do not yet have any images available
for clients.
Alternatively, you can choose to configure the PXE server to:
Respond to known client computers; these are computers that you have prestaged.
Respond to all client computers, whether you have prestaged them or not; if you select this
option, you can additionally define that administrator approval is required for unknown
computers. While awaiting approval, client computers are held in a pending queue.
Note: If necessary, you can reconfigure these settings after the initial configuration is complete.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-19
Managing Deployments with Windows Deployment Services

Key Points
Once Windows Deployment Services is installed and configured, you can then prepare Windows
Deployment Services to service client deployments; this involves the following procedures.
Configuring Boot Settings
Add boot images. A boot image is a Windows PE image that you use to boot a computer in order to
install the install image. Typically, you use the boot.wim file on the Windows Server 2008 R2 product
DVD in the \sources folder. You may also decide to create a capture image, which is a specific type of
boot image that you can use to capture a currently installed operating system on a reference
computer.
Configure the PXE Boot Policy for known and unknown clients. This policy determines the required
installer behavior during the initial part of the deployment. By default, both known and unknown
computer policies require the installer to press F12 to connect to the Windows Deployment Services
image server. Failure to do so results in the computer using BIOS settings to determine an alternative
boot method; for example, hard disk or CD ROM. Instead of this default, you can configure the
following options:
Always continue the PXE boot. This option ensures that the computer continues through the
deployment process without any installer interaction.
Continue the PXE boot unless the user pressed the ESC key. This option gives the installer the
ability to cancel the deployment.
Configure a default boot image. If you have multiple boot images, for example, to support multiple
platforms, you can configure a default boot image for each of them; this image is selected after a
timeout period on the PXE client computer.
Associate an answer file for setup. For each client architecture, you can define an associated answer
file. This answer file provides information used during the initial setup phase and enables the
Windows Deployment Services image server to select the appropriate install image for the client,
without installer intervention.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-20 Deploying Windows Server 2008
Create discover images. Not all computers support PXE network boot. For those that do not, you can
create a discover image based on a boot image and export it to a removable storage device. To
create a discover image, specify:
The image name and description.
The boot image on which it is based.
A filename to store the image.
The name of the Windows Deployment Services server that will be used for deployment.
Configuring Install Settings
Add install images. This is the operating system image that you use to install Windows Server.
Typically, you start with the installation image, install.wim, in the \sources folder on the Windows
Server 2008 R2 product DVD. Thereafter, you might choose to create custom images for groups of
computers that have similar configurations.
Note: Before you can create install images, you must define an install image group in which to
consolidate the related images. If you do not do so, the Windows Deployment Services administration
program creates a generic group.
Associate an answer file with an install image. If you have created an answer file, for example by using
Windows AIK, you can associate it with an install to provide the necessary information to complete
deployment of the computer with no installer interaction.
Configure a client naming policy. You can use the client naming policy to define computer names for
unknown computers during deployment. The policy uses a number of variables to create a unique
name:
%First. The installers first name. Placing a number after the % sign results in using only that many
characters. For example, %3First uses the first three characters of the installers first name.
%Last. The installers last name. You can also define the number of characters to use.
%Username. The installers user name. Again, you can limit the number of characters by
specifying a number after the % sign.
%MAC. The Media Access Control (MAC) address.
%[n]#. You can use this sequence to define a unique identifying sequential number to the
computer name containing n digits. If you want to use a three-digit number, padding with
leading zeros, place [0] after the % sign. For example, %2# results in the sequential numbers 1, 2,
3, and so on. %02# results in 01, 02, and 03.
Specify the AD DS location for computer accounts. The default is to use the same AD DS domain as
the Windows Deployment Services server. Alternatively, you can select between:
The same domain as the user performing the deployment
The same organizational unit as the user performing the deployment
A specified AD DS location
Note: The Windows Deployment Services computer requires Create Computer object and Write All
Properties permissions on the AD DS container that you specify.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-21
Configuring Transmission Settings
Configure multicast transmissions. Unicast transmission is enabled by default; that is, you need do nothing
further and you can deploy clients using unicast. However, to enable multicast transmission, specify:
The multicast transmission name.
An install image with which the transmission is associated.
A method of multicast transmission. Choose between Auto-Cast and Scheduled-Cast. If the later, you
can define both a threshold minimum number of clients before transmission starts and the start date
and time.
Configuring Drivers
Windows Deployment Services in Windows Server 2008 R2 enables you to add and configure driver
packages on the server, and then to deploy them to client computers during installations based on their
hardware.
Use the following high-level steps to configure drivers.
Obtain the drivers that you need. These must be in the form of an .inf file rather than an .msi or .exe
file.
Configure filters, if desired, on the driver group. These filters determine which computers receive the
drivers based on the hardware characteristics of the client computers. For example, you can create a
filter that applies the drivers only to computers that have a BIOS manufactured by Contoso.
Add the drivers as a driver package; driver packages must be associated with a driver group. If you
associate the driver package with an unfiltered group, all computers receive the driver.
You can use Windows Deployment Services to add driver packages to your Windows 7 and Windows
Server 2008 R2 boot images; consequently, you do not have to export the image. Use the tools in the
Windows AIK to add driver packages manually, and then add the updated boot image.
Question: What is the advantage of defining a client naming policy?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-22 Deploying Windows Server 2008
Lesson 3
Administering Windows Deployment Services

When you have completed the configuration of Windows Deployment Services, you must create and
administer boot images, install images, and optionally capture and discover images. In addition, you must
make these images available to client computers with the desired level of automation using an
appropriate transmission mechanism.
Objectives
After completing this lesson, you will be able to:
Describe the common management tasks.
Add and configure boot, capture, discover, and install images.
Associate answer files with boot and install images.
Configure transmission to deploy your images.
Manage and deploy drivers with boot images.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-23
Common Administration Tasks

Key Points
There are a number of common administration tasks and a number of tools provided to help you
complete these tasks.
Configuring DHCP
Creating and servicing images
Managing the boot menu
Prestaging client computers
Automating deployment
Configuring transmission
Configuring DHCP
Clients booting using PXE require a dynamically allocated IPv4 configuration. You must create and
configure an appropriate DHCP scope for this purpose. Additionally, if the DHCP and Windows
Deployment Services server roles are co-hosted, then you must configure how the PXE server listens for
client requests; there is an inherent conflict as both DHCP and Windows Deployment Services use UDP
port 67.
To create and manage DHCP scopes, you can use the DHCP snap-in or the Netsh.exe command-line tool.
Creating and Servicing Images
You can create and manage images with the Windows Deployment Services snap-in, Windows SIM, the
WDSUtil.exe command-line tool, or the Dism.exe command-line tool.
For example, to add a boot image, use the following command:
WDSUTIL /Verbose /Progress /Add-Image /ImageFile:<path> /ImageType:Boot
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-24 Deploying Windows Server 2008
To create a capture image, use the following command:
WDSUTIL /New-CaptureImage /Image:<source boot image name> /Architecture:{x86|ia64|x64}
/DestinationImage /FilePath:<file path>
To add an install image, use the following commands:
WDSUTIL /Add-ImageGroup /ImageGroup:<image group name>
And then:
WDSUTIL /Verbose /Progress /Add-Image /ImageFile:<path to .wim file> /ImageType:Install
Note: You can also perform these management tasks using the Windows Deployment Service
management console.
Managing the Boot Menu
The boot environment for Windows 7 and Windows Server 2008 R2 has been redesigned. An aspect of
this redesign is a new data store that contains Boot Configuration Data (BCD); this store defines how the
boot menu is configured. You can customize the store using Bcdedit.exe.
Note: When you customize the BCD store, you must force it to be recreated in order for your
changes to take effect. To do this, run the following commands to restart the Windows Deployment
Services server: wdsutil /stop-server and then wdsutil /start-server.
There are certain limitations on the boot menu user interface:
Screen size. Only 13 images can be displayed on the menu. If you have more, the installer must scroll
down to see them.
Mouse. There is no mouse pointer.
Keyboard. There is no support for alternate keyboards, other than what the BIOS supports.
Localization. There is limited support for localization, other than what the BIOS supports.
Accessibility. There is limited support for accessibility.
Note: For additional information, visit the Microsoft TechNet Web site:
http://go.microsoft.com/fwlink/?LinkId=195791.
Prestaging Client Computers
Windows Deployment Services supports deployment to unknown clients. You can exert some control over
unknown clients by configuring administrator approval. This ensures that clients attempting to deploy
with Windows Deployment Services are placed in a pending queue awaiting your approval. You can also
configure the client computers name during approval.
However, if you want more specific control over deployments, you can prestage the computers in AD DS;
this enables you to configure the client to:
Start from a different Windows Deployment Services server.
Use a different network boot program.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-25
Use a specific unattend file.
Use a specific boot image.
Join a particular AD DS domain.
You can use the WDSUtil.exe command-line tool to prestage computers:
WDSUTIL /Add-Device /Device:<name> /ID:<GUIDorMACAddress>
<GUIDorMACAddress> is the identifier of the new computer.
Note: If you use a MAC address, you must precede it with twenty zeros.
Automating Deployment
You can automate Windows Deployment Services deployments from end-to-end. You can use the
Windows Deployment Services snap-in and Windows SIM to complete these tasks.
Configuring Transmission
Multicasting enables you to deploy an image to a large number of client computers without consuming
excessive network bandwidth.
Consider enabling multicast transmissions if your organization:
Anticipates many concurrent deployments.
Has routers that support the propagation of multicasts; that is support for the Internet Group
Membership Protocol (IGMP).
You can use the Windows Deployment Services snap-in or the WDSUtil.exe command-line tool to manage
multicast transmission.
For example, to create a multicast transmission with Auto-Cast, use the following command:
WDSUTIL /New-MulticastTransmission /Image:<image name> /FriendlyName:<friendly name>
/ImageType:Install /ImageGroup:<Image group name> /TransmissionType:AutoCast
To create a Scheduled-Cast transmission, use the following command:
WDSUTIL /New-MulticastTransmission /Image:<image name> /FriendlyName:<friendly name>
/ImageType:Install /ImageGroup:<Image group name> /TransmissionType:ScheduledCast
[/Time:<yyyy/mm/dd:hh:mm>][/Clients:<no of clients>]
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-26 Deploying Windows Server 2008
Demonstration: How to Administer Images

Key Points
In this demonstration, you will see how to manage images using Windows Deployment Services.
Demonstration Steps
1. Use WDSUtil.exe to add a new boot image.
2. Create a capture image from the boot image.
3. Add an install image for Windows Server 2008 R2.
Note: You require the 6418C-NYC-DC1 and 6418C-NYC-SVR2 virtual machines to complete this
demonstration.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-27
Automating Deployments

Key Points
There are four phases that you can automate during the deployment process. These are:
PXE Boot Policy. You can determine how the PXE server responds to clients and whether the installer
is required to press F12 to connect to the Windows Deployment Services server and select a boot
image. For example, the Always continue the PXE boot option ensures that the computer continues
through the deployment process without any installer interaction.
The default boot image. If you configure a default boot image, the installer does not need to make a
selection.
The Windows Deployment Services screens. When the client computer connects using the TFTP
protocol to the Windows Deployment Services server and selects a boot image, the installer must
then provide credentials and select an operating system image to install. You can create an answer
file to automate this phase.
Windows Setup. When the install image has been selected, automatically or manually, the setup
program can be customized to complete the installation process with no installer intervention. This is
the same type of automation that you use to automate installations with Windows AIK.
Use Windows SIM to create both types of answer files and then use the Windows Deployment Services
snap-in to associate the answer files with the required deployment phase.
Automate Client Unattend
Use the following procedure to associate an answer file for the client unattend deployment phase:
1. Create the unattend.xml file in Windows AIK with settings appropriate to Windows Deployment
Services.
2. Copy the file to a folder under \RemoteInstall on the Windows Deployment Services server.
3. Open Windows Deployment Services.
4. View the Properties for the Windows Deployment Services server in the console.
5. On the Client tab, enable unattended installation and then select the answer file you created earlier.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-28 Deploying Windows Server 2008
Sample answer file for Windows Deployment Services Client Unattend
The following is a portion of a sample answer file required to automate the Windows Deployment Services
Client Unattend phase:
<WindowsDeploymentServices>
<Login>
<WillShowUI>OnError</WillShowUI>
<Credentials>
<Username>Installer</Username>
<Domain>Contoso.com</Domain>
<Password>Pa$$w0rd</Password>
</Credentials>
</Login>
<ImageSelection>
<WillShowUI>OnError</WillShowUI>
<InstallImage>
<ImageName>Windows Server 2008 R2</ImageName>
<ImageGroup>Contoso Server Images</ImageGroup>
<Filename>Install.wim</Filename>
</InstallImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>1</PartitionID>
</InstallTo>
</ImageSelection>
</WindowsDeploymentServices>
Automate Windows Setup
To automate the Windows Setup process, use the following steps:
1. Create the unattend.xml file in Windows AIK with settings appropriate to Windows Setup.
2. Copy the file to a suitable location on the Windows Deployment Services server.
3. In Windows Deployment Services, view the properties of the appropriate install image.
4. Enable the Allow image to install in unattended mode option, and then select the answer file you
created.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-29
Demonstration: How to Configure Multicast Transmission

Key Points
In this demonstration, you will see how to create a multicast transmission for the Windows Server 2008 R2
install image.
Demonstration Steps
Create a multicast transmission for the Windows Server 2008 R2 install image.
Note: You require the 6418C-NYC-DC1 and 6418C-NYC-SVR2 virtual machines to complete this
demonstration.


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-30 Deploying Windows Server 2008
Demonstration: How to Deploy Drivers (Optional)

Key Points
In this demonstration, you will see how to deploy drivers.
Demonstration Steps
1. Create a driver group.
2. Add a driver package.
3. Configure driver filters.
Note: You require the 6418C-NYC-DC1 and 6418C-NYC-SVR2 virtual machines to complete this
demonstration.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-31
Lab: Using Microsoft Windows Deployment Services
to Deploy Windows Server

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR2.
Lab Scenario
Contoso, Ltd is deploying servers to branch offices throughout the region for the Research department.
You have been tasked with helping to automate this deployment. You suggest using Microsoft
Windows Deployment Services to deploy the Windows Server 2008 R2 operating system to the branch
offices. Your suggestion is accepted. Ed Meadows has sent you some instructions regarding the
deployment by e-mail. Read these instructions and then install and configure Windows Deployment
Services to support the deployment.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-32 Deploying Windows Server 2008
Exercise 1: Installing and Configuring Windows Deployment Services
Scenario
To assist with the process of configuring Windows Deployment Services, Ed Meadows has sent you a
document with the appropriate configuration information.
Branch Office Deployment Guide
Document Reference Number: EM310710/1
Document Author
Date
Ed Meadows
31
st
July
Requirements Overview
To configure Microsoft Windows Deployment Services to aid in the deployment of branch office servers.
Additional Information
Deployment method: automated standard image deployments.
Configuration information
NYC-SVR2 is to be used to host Windows Deployment Services. It currently supports the Dynamic
Host Configuration Protocol (DHCP) role.
Configure Multicast transmission to use Auto-Cast.
Configure automatic naming to identify branch servers.
Place branch servers in the Research organization unit (OU); admin approval required.
Operating System Version: the Windows Server 2008 R2 Enterprise operating system.
Full or Server Core: Server Core.
Use answer file for configuration.
To domain-join branch servers, use the following credentials:
Username: Administrator
Password: Pa$$w0rd
Domain: Contoso.com
Questions
1. Does the fact that the NYC-SVR2 server is running both Windows Deployment Services and
DHCP raise any issues?
2. How many installation images are required?
3. What issues does placement of branch servers in the Research OU raise?
The main tasks for this exercise are as follows:
1. Read the supporting documentation.
2. Answer the questions in the Branch Office Deployment Guide document.
3. Install the Windows Deployment Services role.
4. Configure Windows Deployment Services.
Task 1: Read the supporting documentation
Read the supporting documentation.
Task 2: Answer the questions in the Branch Office Deployment Guide document
Answer the questions in the document.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-33
Task 3: Install the Windows Deployment Services role
1. Switch to the NYC-SVR2 computer.
2. Open Server Manager.
3. Install the Windows Deployment Services server role with both role services.
4. Close Server Manager.
Task 4: Configure Windows Deployment Services
1. Open Windows Deployment Services from Administrative Tools.
2. Right-click NYC-SVR2.Contoso.com, and then click Configure Server.
3. Use the following information to complete configuration:
a. On the Remote Installation Folder Location page, accept the defaults.
b. Accept the System Volume Warning message.
c. On the DHCP Option 60 page, enable both Do not listen on port 67 and Configure DHCP
option 60 to PXEClient.
d. On the PXE Server Initial Settings page, select the Respond to all (known and unknown)
client computers option.
e. When prompted, choose to not add images to the server.
Results: After this exercise, you should have installed and configured the Windows Deployment
Services role.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-34 Deploying Windows Server 2008
Exercise 2: Creating Operating System Images with Windows Deployment
Services
Scenario
Windows Deployment Services is installed and configured. You must now create various operating system
images to aid the deployment process.
The main tasks for this exercise are as follows:
1. Add a Windows Preinstallation Environment (Windows PE) boot image.
2. Use WSDUtil to add a boot image.
3. Create a capture image.
4. Add an install image.
Task 1: Add a Windows Preinstallation Environment (Windows PE) boot image
1. If necessary, open Windows Deployment Services snap-in.
2. Add a new boot image using the following information to complete the process:
a. On the Image File page, use the following file name: C:\Program Files
\Windows AIK\Tools\PETools\x86\winpe.wim.
b. Accept the defaults on the Image Metadata page.
c. Accept the defaults on the Summary page.
d. On the Task Progress page, click Finish.
3. Minimize Windows Deployment Services.
Task 2: Use WDSUtil to add a boot image
1. Open a Command Prompt and type the following command and then press ENTER.
wdsutil /progress /add-image /imagefile:"E:\labfiles\mod02\boot.wim" /imagetype:boot
/name:"Microsoft Windows Setup (x64)"
2. Close the command prompt.
3. Switch to Windows Deployment Services and verify the presence of the new boot image.
Question: How many boot images are listed?
Task 3: Create a Capture Image
1. If necessary, open Windows Deployment Services snap-in.
2. Add a new capture image using the following information to complete the process:
Note: This can take around ten minutes.
a. Source boot image: Microsoft Windows Setup (x64).
b. Location and filename: E:\labfiles\mod03\capture_image.WIM.
c. On the Task Progress page, select the Add image to the Windows Deployment Server now
check box, and then click Finish.
d. Accept the defaults on the Image File page.
e. Image name: Contoso Capture (x64).
f. Image description: Contoso Capture (x64).

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-35
Task 4: Add an install image
1. If necessary, open Windows Deployment Services snap-in.
2. Add a new Image Group with the image group name of Windows Server 2008 R2.
3. Add a new install image to this group using the following information to complete the process:
Note: This can take around twenty minutes.
a. On the Image File page, use the following file name: E:\labfiles\mod02
\ install.wim.
b. On the Available Images page, clear all checkboxes except Windows Server 2008 R2
SERVERENTERPRISECORE, and then click Next.
c. Accept the defaults on the Summary page.
d. Click Finish on the Task Progress page.
4. Minimize Windows Deployment Services.
Results: After this exercise, you should have installed the necessary operating system images to begin
deployment of branch servers.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-36 Deploying Windows Server 2008
Exercise 3: Using an Unattended File with Windows Deployment Services
Scenario
You have been provided with an answer file by a colleague. You must check its validity and then configure
Windows Deployment Services and the appropriate installation image to use the answer file.
The main tasks for this exercise are as follows:
1. Configure Windows Deployment Services Unattended file.
2. Enable Client Unattend.
Task 1: Configure Windows Deployment Services Unattended file
1. Open the E:\labfiles\Mod03\WDSClientUnattend.xml file for editing.
2. Locate each of the following parts of the file and verify the indicated text.
<Username>Administrator</Username>

<Domain>Contoso.com</Domain>

<Password>Pa$$w0rd</Password>

<ImageName>Windows Server 2008 R2 SERVERENTERPRISECORE</ImageName>

<ImageGroup>Windows Server 2008 R2</ImageGroup>

3. On the File menu, click Save.
4. Close Notepad.
5. Copy WDSClientUnattend.xml to C:\RemoteInstall\WdsClientUnattend\.
6. In Windows Deployment Services, open the properties of NYC-SVR2.Contoso.com.
7. On the Client tab, enable unattended installation and for x64 architecture installations, browse and
select the C:\RemoteInstall\WdsClientUnattend
\WDSClientUnattend.xml file.
Task 2: Enable Client Unattend
1. In Windows Deployment Services, open the properties of NYC-SVR2.Contoso.com and on the Boot
tab, for x64 architecture installations, select the Microsoft Windows Setup (x64) image as the
default boot image.
2. In the console, locate the Windows Server 2008 R2 image group and then view the properties of the
Windows Server 2008 R2 SERVERENTERPRISECORE image.
3. Select Allow image to install in unattended mode and specify the file to use as
E:\LabFiles\Mod03\WDSClientUnattend.xml.
Results: After this exercise, you should have enabled unattended installation.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-37
Exercise 4: Configuring Custom Computer Naming
Scenario
In order to automate computer naming, you must configure the custom naming properties for Windows
Deployment Services as per the document Ed Meadows sent you. This also involves configuring
delegation on the AD DS organizational unit that will contain the computer accounts. Admin approval is
required, so you must also configure that.
The main tasks for this exercise are as follows:
1. Configure Automatic Naming.
2. Configure Admin Approval.
3. Configure AD DS permissions.
Task 1: Configure Automatic Naming
1. In Windows Deployment Services, view the properties of NYC-SVR2.Contoso.com.
2. On the AD DS tab, use the following information to configure automatic naming:
a. In the Format box, type BRANCH-SVR-%02#.
b. Under Computer Account Location, select the Research OU in the Contoso.com domain.
Task 2: Configure Admin Approval
1. In Windows Deployment Services, view the properties of NYC-SVR2.Contoso.com.
2. On the PXE Response tab, select Require administrator approval for unknown computers. Also
change the PXE Response Delay to 3 seconds.
3. Open a command prompt and type the following command to create a message for installers to view
while awaiting admin approval:
WDSUTIL /Set-Server /AutoAddPolicy /Message:The Contoso administrator is authorizing
this request. Please wait.
4. Close the command prompt.
Task 3: Configure Active Directory Domain Services (AD DS) permissions
1. Switch to the NYC-DC1 computer and open Active Directory Users and Computers.
2. On the Research organizational unit, use the Delegate Control wizard to delegate the NYC-SVR2
computer account the ability to create computer objects in the OU. Use the following information to
help:
a. Create a custom task to delegate.
b. On the Active Directory Object Type page, click Only the following objects in the folder,
select the Computer objects check box, select the Create selected objects in this folder check
box.
c. On the Permissions page, in the Permissions list, select the Full Control check box.
Results: After this exercise, you should have configured automatic naming for Windows Deployment
Services deployments.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-38 Deploying Windows Server 2008
Exercise 5: Deploying Images with Windows Deployment Services
Scenario
You have provided instructions for a branch supervisor to initiate the installation process on the branch
office server computer. The installation will now take place.
The main tasks for this exercise are as follows:
1. Configure Windows Deployment Services Server for Multicast transmission.
2. Configure the client for Pre-Boot Execution Environment (PXE) Booting.
Task 1: Configure Windows Deployment Services Server for Multicast transmission
1. Switch to the NYC-SVR2 computer.
2. Create a new multicast transmission using the following information to complete the process:
a. Transmission name: Windows Sever 2008 R2 Branch Servers
b. Image group: Windows Server 2008 R2
c. Image: Windows Server 2008 R2 SERVERENTERPRISECORE
d. Multicast type: Auto-Cast
Task 2: Configure the client for Pre-Boot Execution Environment (PXE) Booting
1. On the host computer, switch to Hyper-V Manager.
2. In the Virtual Machines list, right click 6418C-NYC-BLANK, and then click Settings.
3. In the Settings for 6418C-NYC-BLANK dialog box, click BIOS.
4. In the results pane, click Legacy Network adapter.
5. Use the arrows to move Legacy Network adapter to the top of the list and then click OK.
6. In Hyper-V Manager, click 6418C-NYC-BLANK, and in the Actions pane, click Start.
7. In the Actions pane, click Connect.
8. When the computer reboots, note the PXE DHCP notice. When prompted, press F12 for Network
Boot.
Question: Do you see the admin approval message?
9. Switch to the NYC-SVR2 computer.
10. In Windows Deployment Services, click Pending Devices.
11. Right-click the pending request and click Approve.
12. In the Pending Device dialog box, click OK.
13. Switch to the NYC-BLANK computer.
Question: Which image is the default?
Question: Does setup start?
14. Switch to NYC-DC1.
15. In Active Directory Users and Computers, in the Research folder, click Refresh.
Question: Can you see a new computer object?
Question: What is it called?
Note: You can let the installation proceed if you wish, but this is not required.

Results: After this exercise, you should have started the automated deployment process for a new
branch server.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Using Microsoft Windows Deployment Services 3-39
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-BLANK and 6418C-NYC-SVR2.
5. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next modules lab, click 6418C-NYC-DC1, and then in the
Actions pane, click Connect.
Important: Start the 6418C-NYC-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
7. Wait for 6418C-NYC-DC1 to start, and then start 6418C-NYC-SVR2. Connect to the virtual machine.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
3-40 Deploying Windows Server 2008
Module Review and Takeaways

Review Questions
1. Windows Deployment Services supports two types of multicast transmission. Which type is suitable
for minimizing total network traffic during a deployment to a fixed number of clients?
2. How is Windows AIK useful with Windows Deployment Services deployments?
3. What steps are necessary to automate the end-to-end deployment process?
Tools
Tool Use for Where to find it
Windows AIK Managing image files
Configuring answer files
Download from Microsoft Web site
WDSUtil.exe Command-line management
of Windows Deployment
Services
Part of Windows Deployment Services
Dism.exe Offline and online servicing of
images
Part of Windows AIK
Netsh.exe Command-line tool for
managing network-related
settings
Part of Windows Server
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-1
Module 4
Implementing the Microsoft Deployment Toolkit
Contents:
Lesson 1: Introducing the Microsoft Deployment Toolkit 4-3
Lesson 2: Configuring the Microsoft Deployment Toolkit 4-13
Lesson 3: Performing Lite-Touch Deployments 4-23
Lesson 4: Performing Zero-Touch Deployments 4-30
Lesson 5: Maintaining Images with Microsoft Deployment Toolkit 4-40
Lab: Implementing the Microsoft Deployment Toolkit 4-48

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-2 Deploying Windows Server 2008
Module Overview

The Microsoft Deployment Toolkit 2010 (MDT 2010) forms a unifying framework for Microsoft
Windows Deployment Services, the Windows Automated Installation Kit (Windows AIK), and Microsoft
System Center Configuration Manager 2007 (Configuration Manager 2007) with documentation on best
practices to help system administrators and deployment engineers deploy the Windows Server 2008 R2
operating system more easily. In addition, MDT 2010 includes some tools that accelerate image creation
and deployment. MDT 2010, together with the supporting documentation and tools, helps lower the
effort required for server deployment.
Objectives
After completing this module, you will be able to:
Describe the MDT 2010.
Configure MDT 2010 with the Deployment Workbench.
Perform lite-touch deployments.
Perform zero-touch deployments.
Use MDT 2010 to maintain image files.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-3
Lesson 1
Introducing the Microsoft Deployment Toolkit

The MDT 2010 is a collection of tools, documentation, and best practices guidance that enables you to
perform end-to-end deployments of the Windows 7 operating system, Windows Server 2008 R2, and
earlier versions of Windows operating systems. This lesson explores the features and functions of
MDT 2010.
Objectives
After completing this lesson, you will be able to:
Describe the MDT 2010.
List the requirements for MDT 2010.
Describe the benefits of lite-touch deployment.
Describe the benefits of zero-touch deployment.
Select a deployment method.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-4 Deploying Windows Server 2008
What Is the Microsoft Deployment Toolkit 2010?

Key Points
Server deployment introduces some unique challenges beyond those presented by workstation
deployment. Hardware configurations are often more complicated and network configuration may
involve static IP addresses, multiple network adapters, and advanced network components, like TCP/IP
offloading, Network Load Balancing, and clustering.
Correct server role installation and configuration is very important, security is crucial, and upgrades are
more common in some scenarios.
There are many tools and strategies available for deploying operating systems. MDT 2010 is a unified set
of tools and resources designed to simplify the complex and time-consuming process involved with
deploying desktop and server software. It provides end-to-end process guidance, a common deployment
console, and tools to automate deployment tasks.
Some organizations have deployment processes that require extensive interaction by an administrator or
end-user, whereas other organizations have their deployment tasks completely automated. With
MDT 2010 and the integration with Microsoft System Center Configuration Manager 2010, organizations
can choose between Lite-Touch and Zero-Touch deployment methodologies to perform high-volume
deployment.
Microsoft Deployment Toolkit Advantages
MDT 2010 shows you how to use the new deployment tools together as part of an end-to-end
deployment process. MDT 2010 also provides tools and scripts to increase automation and lower costs, as
well as leveraging and enhancing other Microsoft tools and products.
MDT 2010 contains three main components:
The Deployment Workbench
Guidance and tools for Lite-Touch Deployment
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-5
Guidance and tools for Zero-Touch Deployment
MDT 2010 supports Windows Server 2008 R2 in the following scenarios:
New computer
Upgrade
Migration
Lite-Touch
Supported Operating Systems
MDT 2010 enables you to deploy the following operating systems in either lite-touch or zero-touch
deployments.
Operating System Lite-touch

Zero-touch
Windows 7
Window Server 2008 R2
Windows Preinstallation Environment
(Windows PE) version 3.0

Windows Vista operating system (with
Service Pack 1 [SP1] and later)

Windows Server 2008 operating system
(all service pack levels)

Windows XP operating system (with SP3)
Windows Server 2003 R2 operating
system

Windows PE version 2.1

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-6 Deploying Windows Server 2008
MDT 2010 Requirements

Key Points
To install MDT 2010, the computer must meet the following minimum hardware and infrastructure
prerequisites.
Processor running at 1.4 gigahertz (GHz) or faster
512 megabytes (MB) or greater physical memory
Availability of Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP)
Software Requirements for Lite-Touch Deployments
To support Lite-Touch Installation (LTI) deployments, MDT 2010 requires the following components,
regardless of which operating system you are deploying. You must install these components on the
computer where you install MDT 2010:
Microsoft Management Console (MMC) version 3.0
Microsoft .NET Framework 2.0 or later
Microsoft Windows PowerShell command-line interface, version 1.0 or 2.0 Community Technology
Preview 3 (CTP3) or later
Windows AIK
Software Requirements for Zero-Touch Deployments
To support Zero-Touch Installation (ZTI) deployments, MDT 2010 requires the following components:
If deploying Windows 7 or Windows Server 2008 R2, Configuration Manager 2007 with SP2 is
required. The installation of Configuration Manager 2007 also upgrades the Windows AIK to the
version compatible with Windows 7.
If deploying earlier versions of the Windows operating system (such as Windows Vista or Windows
Server 2003), you can continue to use Microsoft Configuration Manager 2007 with SP1.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-7
Note: MDT 2010 fully supports Configuration Manager 2007 with SP1, although you cannot use the
Deployment Workbench in this configuration to maintain an MDT 2010 database, as the Deployment
Workbench requires the Windows AIK for Windows 7. If you are using an MDT 2010 database with
Configuration Manager 2007, use Configuration Manager 2007 with SP2.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-8 Deploying Windows Server 2008
Considerations for a Lite-Touch Deployment Strategy

Key Points
Lite-Touch deployment is a deployment methodology that requires minimal interaction from the
administrator or user who has administrator access to enter customized information during deployment.
Lite-Touch is a high-volume deployment strategy, targeted for medium-sized organizations that have an
information technology (IT) staff that sometimes uses partners to help with technology adoption.
Lite-Touch deployment is based on the MDT 2010 LTI method. The only mandatory infrastructure
requirement for a Lite-Touch deployment is a file server and a local area network (LAN).
With LTI, you start the deployment on each computer and configure deployment settings. Thereafter, the
deployment is usually automated and requires no intervention. Microsoft recommends this strategy to
organizations with dedicated IT staff that have managed networks that have 200 to 500 computers.
Lite-Touch Installation Scenarios
LTI supports the following scenarios:
New Computer (Bare Metal). In this scenario, Windows Server 2008 R2 is installed on a new computer.
This scenario assumes that there is no user data or profile to preserve.
Upgrade Computer. In this scenario, the current Windows operating system on the destination
computer is upgraded to Windows Server 2008 R2. Existing settings, data, and applications are
retained. This scenario focuses on in-place operating system replacement.
Refresh Computer. In this scenario, a computer is refreshed using the wipe-and-load process to
remove the existing operating system completely and then replace it with Windows Server 2008 R2.
This does not imply a complete disk wipeit only implies a complete operating system wipe; data
remains on non-system drives.
Replace Computer. In this scenario, a computer is replaced with another computer. The existing data
on the original computer is saved and then restored on the new computer after Windows Server 2008
R2 is installed.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-9
Considerations
There are several things to consider when choosing a server deployment method for your organization.
The following list describes considerations for the Lite-Touch deployment strategy.
Infrastructure. Lite-Touch deployment requires a file server to store the Windows images. Typically,
you use Lite-Touch server deployment when you have at least one office with more than 25 servers.
In addition, the following tools and technologies are available to assist Lite-Touch deployment:
Microsoft Assessment and Planning (MAP) Toolkit
Microsoft Application Compatibility (ACT) Toolkit
Volume-licensed media
MDT 2010
Windows AIK
Installation media or Windows Deployment Services to start the client computers during
deployment
IT department skill and deployment experience. Even a small IT department can use the Lite-Touch
deployment strategy. Lite-Touch deployment can be scaled simply, which makes it a good choice for
small and medium-sized organizations.
Number of servers. Lite-Touch deployment requires limited interaction at the beginning of the
installation. This can be done by the IT department or by technically knowledgeable users who can
visit each of the server computers to be deployed. In addition, Lite-Touch deployment is best suited
for deployment scenarios of up to 500 server computers.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-10 Deploying Windows Server 2008
Considerations for a Zero-Touch Deployment Strategy

Key Points
Zero-Touch server deployment is primarily targeted toward enterprise-class organizations that have
deployed network infrastructure prerequisites. These organizations can take advantage of robust server
deployment automation capabilities and can choose whether any end-user involvement is required.
Zero-Touch server deployment is a deployment methodology that requires no manual interaction during
the installation process. Zero-Touch deployment builds upon many techniques and processes that are
used for Lite-Touch deployment. It is a high-volume deployment strategy, which is targeted for large
organizations that have dedicated IT staff that have expertise in deployment and networking.
Zero-Touch deployment is based on the MDT 2010 ZTI method. ZTI requires Configuration Manager 2007
SP2 to provide fully-automated deployment of the operating system and applications, without the need
of user intervention.
ZTI is best implemented in a network environment that consists of an Active Directory Domain Services
(AD DS) infrastructure, Group Policy, and effective management processes. A dynamic environment also
includes structured monitoring and reporting, in addition to self-provisioning capabilities.
With ZTI, you deploy operating systems from Configuration Manager 2007 distribution points. The
installation process can be initiated by Configuration Manager 2007. The Zero-Touch deployment process
is initiated automatically, which eliminates the need to visit each of the computers.
ZTI Scenarios
By using MDT 2010 and Configuration Manager 2007, the ZTI supports new computer, refresh computer,
and replace computer scenarios. Configuration Manager 2007 does not support the upgrade computer
scenario. However, an upgrade scenario can be performed by using standard software distribution tasks
from within Configuration Manager 2007.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-11
Considerations
Zero-Touch server deployment requires significant investment compared to Lite-Touch deployment.
However, it also provides a better deployment experience in a large-scale server deployment. The
following list describes several considerations for Zero-Touch server deployment strategy.
Infrastructure. Zero-Touch deployment requires a network environment that includes the following:
Configuration Manager 2007 SP2. The primary foundation of the Zero-Touch deployment is the
centralized management and infrastructure provided by Configuration Manager 2007 SP2.
Operating system deployments take place using distribution points that are located strategically
close to the clients.
Windows Deployment Services. This engine can be used by specific operating system deployment
scenarios that are managed by Configuration Manager 2007. Configuration Manager 2007
provides a site server role called a Pre-Boot Execution Environment (PXE) service point that
integrates with the Windows Deployment Services engine.
All deployment configuration and management tasks are performed at the Configuration
Manager 2007 console instead of the Windows Deployment Services administration console.
AD DS and Active Directory. This is used by clients to find Configuration Manager 2007
management points and to store metadata related to Windows Deployment Services.
In addition, several network services such as DNS and DHCP are required to support ZTI.
Network bandwidth. The destination computers must have a high-speed, persistent connection
to the servers used in the deployment process. These include Configuration Manager 2007
servers and Windows Deployment Services servers.
In addition, several tools and technologies are available to assist Zero-Touch deployment:
MAP
ACT
Volume-licensed media
MDT 2010
Windows AIK
IT department skill and deployment experience. Zero-Touch deployment requires that the IT
department has expertise in deployment, networking, and familiarity with Configuration Manager
2007. Zero-Touch deployment requires the IT department to provide all configuration settings for
each destination computer to be deployed using ZTI. Customizing ZTI requires more effort than
customizing LTI and also requires more up-front configuration time.
Number of servers. Zero-Touch deployment requires no interaction during the installation process.
The installation is initiated automatically by using Configuration Manager 2007.
Supported deployment scenario. Zero-Touch deployment supports the following deployment
scenarios: new computer, refresh computer, and replace computer. It does not support the upgrade
computer scenario. Based on the existing environment, you can select any combination of these
scenarios in deploying Windows with Zero-Touch deployment.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-12 Deploying Windows Server 2008
Discussion: Selecting a Deployment Strategy

Key Points
You work in a large multi-national corporation, Contoso, Ltd, which is headquartered in New York.
Contoso has decided to deploy Windows Server 2008 R2 throughout the organization. You are in charge
of the deployment project for the European offices, which are located in Rome, London, and Paris.
You work at the main office in Rome, which has around ten servers. The offices in London and Paris have
approximately five servers each. The Paris office is connected with a high-speed internet link to the Rome
office, whereas the London office has a slower internet connection. The servers in Europe are all new and
exceed the recommended minimum requirements for Windows Server 2008 R2. In each office, there is a
sole IT support person that helps troubleshoot daily computer issues on-site.
You have received a custom Windows Server 2008 R2 image from your corporate headquarters in New
York. You have been tasked with deploying this custom image to all servers in Europe. All required
applications are included in the custom image, and any software updates are managed by Group Policy.
You have two servers that you can use for this deployment project. You have decided to deploy this
custom image by using the LTI process.
Question: What elements in your current infrastructure support Lite-Touch Installations?
Question: How might you use your current resources to perform LTI deployment?
Question: What deployment method do you choose for the three offices?

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-13
Lesson 2
Configuring the Microsoft Deployment Toolkit

Because MDT 2010 enables you to perform both lite-touch and zero-touch deployments, it is important
that you know how to configure MDT 2010 in order to perform your preferred deployment method.
Objectives
After completing this lesson, you will be able to:
Use the Deployment Workbench.
Perform initial configuration of MDT 2010.
Describe advanced configuration options.
Manage selection profiles.
Use linked deployment shares.
Describe deployment media.
Describe the MDT 2010 database.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-14 Deploying Windows Server 2008
The Deployment Workbench

Key Points
Deployment Workbench
After installing MDT 2010, you can use the Deployment Workbench to configure MDT 2010. The
following table lists the top-level nodes in the Deployment Workbench and the types of tasks that can be
performed in each node.
Node Description
Information Center Provides access to documentation, displays breaking news about
MDT 2010, and lists the elements required to use the Deployment
Workbench.
Deployment Shares Lists operating systems, applications, operating system packages, task
sequences, and out-of-box drivers populated in Deployment
Workbench.
Verify Required Components
From Deployment Workbench, you can view the list of components that may be required or can help to
deploy Windows Server using MDT 2010.
These components include Windows AIK, MAP, ACT, and several others. To make sure that the required
components are installed, perform the following steps:
1. Click Start, All Programs. Click Microsoft Deployment Toolkit, and then click Deployment
Workbench.
2. In the Deployment Workbench console tree, expand Information Center, and then click
Components.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-15
3. In the Components pane, in the Installed section, confirm that Windows Automated Installation Kit
(x86) 2.0 (for 32-bit operating systems) or Windows Automated Installation Kit (x64) 2.0 (for 64-bit
operating systems) is installed.
The Deployment Workbench can help automate the process of downloading and installing the
components used in the MDT 2010 deployment process for LTI-based deployments. After these
components are downloaded and installed, the Deployment Workbench uses these components to help
perform LTI-based deployments.
To download and install Deployment Workbench components, perform the following steps:
1. In the Deployment Workbench console tree, expand Information Center, and then click
Components.
2. In the Components pane, in the Available for Download section, click component_name (where
component_name is the name of the component that you want to download).
3. In the Details pane, click Download. After downloading the component from the Internet, the
component is listed in the Downloaded section in the Details pane.
4. In the Details pane, in the Download section, click the downloaded component, and then click
Browse. You can view the installation file of the component and install it. The installation process for
the respective component is initiated. Complete the installation process for the component by using
the instructions that are provided for the component.
5. After the component is installed, the component appears in the Installed section of the Details pane.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-16 Deploying Windows Server 2008
Performing the Initial Configuration

Key Points
After you prepare the MDT 2010 environment and install the Deployment Workbench elements, perform
the following steps in the Deployment Workbench:
1. Create an MDT 2010 deployment share. This deployment share is the repository for the operating
system images, language packs, applications, device drivers, and other software deployed to the
destination computers.
2. Add operating system files to the deployment share. You can add the operating system in the
operating systems node in Deployment Workbench by using the Import Operating System Wizard.
The Import Operating System Wizard copies the operating system files to the deployment share in
Operating Systems\operating_system folder (where operating_system is the name of the operating
system that is added).
3. Add device drivers to the deployment share. After Windows Server 2008 R2 has been added to
Deployment Workbench, add any device drivers that are required. These device drivers will be added
to Windows PE and deployed with the operating system. You can add the device drivers in the Out-
of-box Drivers node in Deployment Workbench by using the New Driver Wizard. The New Driver
Wizard copies the device driver files to the deployment share in Out-of-Box Drivers\device_driver
(where device_driver is the name of the device driver added to the deployment share).
4. Create task sequences. You can create a task sequence to deploy to a reference computer and
capture the image of the reference computer. You can create another task sequence to deploy the
captured image or any Windows image for actual deployment.
5. Update the deployment share. Updating the deployment share updates all of the
MDT 2010 configuration files and generates a customized version of Windows PE boot images
(Windows Imaging file format (WIM) and International Organization for Standardization (ISO) files).
The customized version of Windows PE is used to start the computer and initiate the LTI deployment
process.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-17
Advanced Configuration Options

Key Points
The Deployment Workbench includes advanced configuration options that extend the features provided
in basic LTI deployments. These configuration options provide a more granular selection of content to
include in the deployment process, support deployments in larger organizations, and support
deployments from stand-alone media, without the need to connect to a deployment share.
The advanced configuration tasks include the following:
Manage selection profiles
Manage linked deployment shares
Manage deployment media
Manage the MDT 2010 database
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-18 Deploying Windows Server 2008
Managing Selection Profiles

Key Points
Selection profiles enable you to select one or more folders in the Deployment Workbench that contain
one or more items. These items include: applications, device drivers, operating systems, operating system
packages, and task sequences. A selection profile can include any combination of these Deployment
Workbench items.
Use selection profiles to group items and then use those groupings of items to do the following:
Include the appropriate device drivers for Windows PE.
Include the appropriate device drivers for the target operating system in the Inject Drivers task
sequence step type.
Identify the operating system packages to deploy in the Install Updates Offline task sequence step
type:
As the basis for creating linked deployment shares.
As the basis for creating MDT 2010 deployment media.
MDT 2010 creates several default selection profiles, which are used as defaults in the Deployment
Workbench. The following table shows these default selection profiles.
Selection profile Description
Everything Includes all folders from all nodes in the Deployment Workbench. This
selection profile includes all applications, operating systems, device drivers,
operating system packages, and task sequences.
All Drivers Includes all folders from the Out-of-Box Drivers node in the Deployment
Workbench. This includes all device drivers.
All Drivers and Packages Includes all folders from the Applications and Out-of-Box Drivers nodes in
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-19
Selection profile Description
the Deployment Workbench. This includes all applications and device drivers.
Nothing Includes no folders in Deployment Workbench. This selection profile includes
no items.
Sample This is a sample that illustrates how to select a subset of the items and
include all folders from the Packages and Task Sequences nodes in the
Deployment Workbench. This includes all operating system packages and
task sequences.
You can use the Deployment Workbench to create new selection profiles, modify existing selection
profiles, copy, move, rename and delete selection profiles.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-20 Deploying Windows Server 2008
Using Linked Deployment Shares

Key Points
Linked deployment shares in MDT 2010 provide a logical connection between a source and a target
deployment share. The items to be linked between the source and target deployment share are
determined by a selection profile. When creating the link between the deployment shares, you can select
to merge or replace content in the target deployment share.
Linked deployment shares allow you to replicate an entire deployment share or parts of a deployment
share to another deployment share with ease. This enables you to change one deployment share and then
update others based on the selection profiles that you selected when creating the linked deployment
shares.
You can use the Deployment Workbench to create new linked deployment shares, modify existing linked
deployment shares, copy, move, rename and delete linked deployment shares, and replicate content to
linked deployment shares.
Create linked deployment shares in Deployment Workbench by using the New Linked Deployment Share
Wizard. You can modify existing linked deployment shares in the Linked Deployment Shares node in
Deployment Workbench by using the properties actions. You can replicate the content between the
linked deployment shares in Deployment Workbench by using the Replicate to Linked Deployments Share
Wizard.
The folders and the content specified selection profile in the linked deployment share is replicated from
the source deployment share to the destination deployment share. Depending on the configuration of the
linked deployment share, the folders and content on the target deployment share is merged or replaced.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-21
Deployment Media

Key Points
Deployment media in MDT 2010 enables you to perform LTI-based deployments solely from local media,
without connecting to a deployment share. The media can be stored on a DVD, Universal Serial Bus (USB)
hard disk, or other portable device. After creating the deployment media, generate bootable WIM images
that enable the deployment to be performed from portable media devices that are locally available on the
destination computer.
The items to be included on the deployment media are determined by a selection profile specified when
the media is created. Deployment media lets you generate stand-alone media that can be used to
perform LTI-based deployments. The Deployment Workbench automatically includes Windows PE in the
media so that Windows PE is started from the media at the destination computer. When Windows PE
starts, the Windows Deployment Wizard is automatically started as is in any LTI-based deployment.
You can use the Deployment Workbench to create new deployment media, modify existing deployment
media, copy, move, rename, and delete deployment media, and generate WIM and ISO file images for the
deployment media.
You create new deployment media by using the New Media Wizard. You can modify existing media in the
Media node in Deployment Workbench by using the Properties action. You can generate media images of
the media content in the Deployment Workbench by using the Update Media Content Wizard. This
wizard updates the media content and creates WIM and ISO file images of the media content that can be
used to perform stand-alone, LTI-based deployments from media.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-22 Deploying Windows Server 2008
The MDT 2010 Database

Key Points
Use the optional MDT 2010 database to provide configuration settings for LTI-based and ZTI-based
deployments. The MDT 2010 database provides centralized configuration and management of
configuration settings for the destination computers. Conceptually, the MDT 2010 database can be
viewed as a centralized version of the CustomSettings.ini file.
The main advantage of using the MDT 2010 database is that it provides a centralized repository for
managing deployment configuration settings, which eases large-scale deployments. Although large-scale
deployments can be performed by using the CustomSettings.ini file, it is recommended that you use the
MDT 2010 database for large-scale deployments instead, especially in ZTI-based deployments.
You can configure the MDT 2010 database through Deployment Workbench in MDT 2010, or any other
data management tools that can modify information stored in Microsoft SQL Server. The MDT 2010
database can be stored on the same SQL Server used for Configuration Manager 2007, on a SQL Server on
the same computer where MDT 2010 is installed, or on any other SQL Server in your organization.
Microsoft SQL Server 2005 or higher is required to use MDT 2010 database. In addition, if you want to
enable SQL replication, you need to use Microsoft SQL Server 2005 Standard Edition or higher for the
master server and SQL Server 2005 Express Edition or higher for the child servers.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-23
Lesson 3
Performing Lite-Touch Deployments

If you are planning to deploy Windows Server in a medium-sized enterprise, with between 200 and 500
computers, it is important that you understand the process of configuring MDT 2010 to support lite-touch
deployments.
Objectives
After completing this lesson, you will be able to:
Prepare to perform lite-touch deployments.
Perform initial configuration.
Create a task sequence.
Create the required images.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-24 Deploying Windows Server 2008
Preparing for Lite-Touch Deployments

Key Points
Although LTI requires minimal interaction from an administrator (or user with administrative access) to
input customized information during deployment, the setup process is usually started manually; custom
information is provided by a preconfigured answer file or by a deployment wizard that appears when the
installation process starts.
Organizations that implement LTI are typically in a standardized network environment, which consists of
AD DS and Active Directory and prerequisites in place to implement Windows Server 2008 R2 using
automated techniques provided by MDT 2010.
The process of deploying Windows Server 2008 R2 by using LTI with MDT 2010 consists of several high-
level steps. These steps include the following:
Design the LTI environment
Implement the LTI infrastructure
Install MDT 2010
Create and populate a deployment share
Create and customize a task sequence
Create the Windows PE and Windows Server 2008 images
Deploy the operating system images to the target computers
Design the LTI Environment
Designing the LTI environment is a planning process. At this step, you must ensure that the required
infrastructure exists to support LTI tools. The LTI tools use this infrastructure during the LTI deployment
process. The planning process helps you to prepare for deployments in a production environment.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-25
The process starts with conceptual designs, which are proven and refined in a test environment. The result
of the planning process is a set of design documents that you can use to build an MDT 2010 deployment
infrastructure and to perform automated operating system and application deployments in a production
environment.
Implement the LTI Infrastructure
Several server roles may be required to support the Lite-Touch deployment process. Often, these server
roles are combined into one physical server. However, they can be distributed throughout your
environment, depending on infrastructure requirements. These server roles may include the following:
Build server. This is the source for custom deployment images, including out-of-box drivers, service
packs, and additional language packs. When you are planning the requirements for the build server,
consider the space that is required for the deployment images.
Application installation server. This is used to store the source files for core and supplemental
application installations. Installing the application installation server involves creating another series
of folders and network shares. This server role is used to store significant amounts of data in the form
of software installations. Therefore, there will also be a large dedicated NTFS file system volume for
this share.
Windows Deployment Services server. This is the engine for PXE booting. The Windows Deployment
Services server stores both boot and installation images for deployment and provides support for
bare-metal installations. This role is optional. If you prefer to use Windows PE media, you do not need
to have Windows Deployment Services servers.
Database server. This optional server can be used as a centralized repository for managing
deployment configuration settings.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-26 Deploying Windows Server 2008
Install MDT 2010 and Perform Initial Configuration

Key Points
Typically, MDT 2010 is installed on the build server. MDT 2010 may also be installed on a technician
computer and configured to point the deployment share to the build server or the data server.
After you have ensured that all prerequisites are met, you can install a new instance of MDT 2010 on each
computer where you want to manage MDT 2010 deployment shares. To install MDT 2010, run the
MDT 2010 installer (MicrosoftDeploymentToolkit_platform.msi). After MDT 2010 is installed, you can open
the Deployment Workbench.
Note: MDT 2010 also includes a Windows PowerShell provider that allows for the automation of
MDT 2010 management tasks.
You can install MDT 2010 on a computer that has previous versions of the Microsoft Deployment Toolkit
and Business Desktop Deployment (BDD), the Microsoft Deployment Toolkit predecessor. MDT 2010
automatically uninstalls previous versions of Microsoft Deployment Toolkit and BDD. You can upgrade an
existing BDD or MDT 2010 deployment share by opening the existing deployment share in the MDT 2010
Deployment Workbench and select to upgrade the deployment share. You can also use the Upgrade
Deployment Share Wizard to upgrade deployment shares that are already listed in the Deployment
Workbench.
Create and Populate a Deployment Share
A deployment share is a storage location for all of the scripts, operating systems, applications, drivers, and
other files that you need to perform an operating system deployment. The deployment share contains all
of the information and settings that Microsoft Deployment uses and also the entire content used during
the LTI process. Typically, the deployment share is created on the build server, but it can also be located
on the data server.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-27
Create and Customize a Task Sequence

Key Points
Task sequences in MDT 2010 contain the steps to be performed during an LTI deployment and the
sequence of those steps. Task sequences in MDT 2010 use the same task sequence engine as
Configuration Manager 2007. However, Configuration Manager 2007 is not required to perform LTI
deployments.
Task sequences are stored in the deployment share. You create and manage the task sequences that are
used to perform the deployments to the reference and destination computers in your organization by
using Deployment Workbench. You can use the New Task Sequence wizard to create new task sequences.
MDT 2010 includes task sequence templates that are used to perform common deployment scenarios. In
many instances, you can perform deployments using the templates without any modification to the task
sequence. However, you can modify task sequences created from the templates to meet the requirements
of your organization. The following table shows the available templates.
Template Description
Capture Only Select this option to prepare the system for capture, and then
capture the image.
Standard Client Task Sequence Select this option to create the default task sequence for
deploying operating system images to client computers,
including desktop and portable computers.
Standard Client Replace Task
Sequence
Select this option to back up the system entirely, back up the
user state, and wipe the disk.
Custom Task Sequence Select this option to create a customized task sequence that does
not install an operating system.
Standard Server Task Sequence Select this option to create the default task sequence for
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-28 Deploying Windows Server 2008
Template Description
deploying operating system images to server computers.
Lite-Touch OEM Task Sequence Select this option to pre-load operating systems images on
computers in a staging environment prior to deploying the
target computers in the production environment (typically by a
computer OEM).
Post OS Installation Task Sequence Select this option to configure an Operating System after
installation.
Task sequences consist of a combined series of steps that are designed to complete an action. Task
sequences can operate across a computer restart and can be configured to automate tasks on a computer
without requiring user intervention.
Each task sequence step performs a specific task. Examples are: validating that the target computer is
capable of receiving the deployment image, storing user data in a safe location, deploying an image to a
target computer, and restoring saved user data.
In addition, task sequence steps can be added to a task sequence group, which helps to keep similar task
sequence steps together for better organization and error control. The following information is provided
for each task sequence group and step:
Name: the name of the task sequence group or step
Description: a description of the purpose of the task sequence group or step and any pertinent
information regarding its customization
Properties: the valid configuration properties that can be specified for the task sequence group or
step that define how the task is performed
Options: the valid configuration options that can be specified for the task sequence group or step
that define if and when the task is performed and what is considered a successful exit code from the
task
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-29
Create the Windows PE and Windows Server 2008 Images

Key Points
After the LTI infrastructure is in place, you can use the Deployment Workbench to manage the Windows
PE boot images and the operating system images that will be deployed.
You can create the Windows PE image to be used to initiate the LTI deployment process by updating the
deployment share. Updating the deployment share updates all the MDT 2010 configuration files and
generates a customized version of Windows PE.
You can use the default image from the product DVD, or you can install Windows Server 2008 R2 to a
reference computer, capture the image of the reference computer, and deploy this custom image as a
standardized deployment throughout your organization.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-30 Deploying Windows Server 2008
Lesson 4
Performing Zero-Touch Deployments

If you are planning to deploy Windows Server in a large-sized enterprise, it is important that you
understand the process of configuring MDT 2010 to support zero-touch deployments.
Objectives
After completing this lesson, you will be able to:
Prepare to perform zero-touch deployments.
Design the ZTI infrastructure.
Install MDT 2010.
Create and distribute images and packages.
Configure and advertise a task sequence.
Create collections.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-31
Preparing for Zero-Touch Deployments

Key Points
The process of deploying Windows Server 2008 R2 by using ZTI with MDT 2010 consists of several high-
level steps:
1. Design the ZTI environment.
2. Implement the ZTI infrastructure.
3. Install Configuration Manager 2007.
4. Install MDT 2010.
5. Integrate Configuration Manager 2007 and MDT 2010.
6. Configure the PXE service.
7. Create and distribute images and packages.
8. Configure and advertise a Task Sequence.
9. Create collections as needed.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-32 Deploying Windows Server 2008
Design and Implement the ZTI Infrastructure

Key Points
Design the ZTI Environment
Designing the ZTI environment is a planning process. The design process consists of the following high-
level steps:
1. Select the appropriate deployment scenarios.
2. Select the deployment methods.
3. Ensure that the required infrastructure exists.
4. Determine the appropriate processing rules. This is only needed if you are using MDT 2010 or
Configuration Manager 2007.
5. Determine the monitoring plan.
6. Train team members.
For most production environments, the majority of services required for deployment already exist.
However, you must verify that the required infrastructure exists to support ZTI-based deployments before
continuing the deployment process. In addition, you may need to determine:
The Windows Deployment Services server role to use: Full Windows Deployment Services or Transport
Server.
The appropriate processing rules for MDT 2010 and Configuration Manager 2007.
This step starts with conceptual designs, which are proven and refined in a test environment. The
result of the planning process is a set of design documents you can use to build a Configuration
Manager 2007 infrastructure and to perform automated operating system and application
deployments in a production environment.
Implement the ZTI Infrastructure
As with LDT deployment, several server roles may be required to support the Zero-Touch deployment
process. Often, these server roles are combined into one physical server. However, they can be distributed
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-33
throughout the environment depending on infrastructure requirements. These server roles may include
the following:
Build server.
Application installation server.
Windows Deployment Services server.
Database server.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-34 Deploying Windows Server 2008
Install Configuration Manager 2007 and MDT 2010

Key Points
To set up a new Configuration Manager 2007 site, use either the Configuration Manager 2007 Setup
Wizard or perform an unattended installation using a scripted installation method. Configuration
Manager 2007 is a service that can be installed in any server role depending on infrastructure needs. After
Configuration Manager 2007 is installed, open the Configuration Manager 2007 console.
Note: Typically, the design and installation of the Configuration Manager 2007 environment is done
by the infrastructure team. The Operating System Deployment team does any additional design.
Install MDT 2010
After you ensure that all prerequisites are met, install a new instance of MDT 2010 on each computer
where you want to manage MDT 2010 deployment shares.
Integrate Configuration Manager 2007 and MDT 2010
Integrate Configuration Manager 2007 and Microsoft Deployment Toolkit 2010 to make Zero-Touch
deployments of the Windows Server 2008 R2 operating system quicker and more straightforward to
configure, and to contribute additional functionality to the deployment process. The process of creating
and implementing new task sequences for deploying operating systems is greatly enhanced by the Import
Microsoft Deployment Task Sequence Wizard. MDT 2010 adds new scripts to Configuration Manager
2007.
Configure the PXE Service
The PXE service point is a Configuration Manager 2007 site role that responds to PXE requests from
computers that have been imported into Configuration Manager 2007. The PXE service point must be
configured to respond to PXE boot requests by Configuration Manager 2007 clients so that they can
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-35
interact with the Configuration Manager 2007 infrastructure to determine the appropriate installation
actions to take.
To provide PXE boot services, configure the Windows Deployment Services server role. When you perform
the Windows Deployment Services installation, configure Windows Deployment Services to not respond
to clients. After the installation, all Windows Deployment Services tasks are performed from within the
Configuration Manager 2007 console.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-36 Deploying Windows Server 2008
Create and Distribute Images and Packages

Key Points
Operating system and boot images are used to deploy an operating system to a Configuration Manager
2007 client. Add operating system and boot images to use with your deployments by using the
Configuration Manager 2007 console.
When you create the operating system image to deploy to target computers, the image contains the
operating system and related files. Other applications and tools can be installed:
As a separate task sequence step.
Manually, after the operating system is installed.
Pre-installed as part of the image.
Boot images are similar to operating system images except that they contain the appropriate version of
Windows PE rather than a full operating system, and they are stored with the .WIM file name extension.
These .WIM files are not captured from reference computers, but are supplied and customized by the
Configuration Manager 2007 administrator or obtained from an external source. Configuration Manager
2007 includes two boot images: one to support x86 platforms and one to support x64 platforms. It is
recommended that you use these images unless you have specific drivers to include.
Also similar to operating system images, boot images are distributed to distribution points. When
deployed as a package to a Configuration Manager 2007 client, the image is copied to and booted from
the hard drive of the destination computer. When deployed using bootable media, the destination
computer boots from the media and loads Windows PE.
Configuration Manager 2007 uses distribution points to store files needed for packages to run on client
computers. These distribution points function as distribution centers for the files that a package uses,
allowing users to download and run these files, programs, and scripts when a package is advertised.
To run advertised programs requiring files that do not reside on the local computer, clients must have
access to at least one distribution point from which they can download or run those files. Therefore,
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-37
specify for each package at least one distribution point for each site in which the target collection has
members.
You can add packages for use with your setup-initiated operating system deployments by using the
Configuration Manager 2007 console. The packages are copied to distribution points so that they are
available for Configuration Manager 2007 computers to install them.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-38 Deploying Windows Server 2008
Configure and Advertise a Task Sequence

Key Points
Task sequences provide the mechanism for performing multiple steps or tasks on a computer without
requiring user intervention. You can create task sequences that:
Allow you to install an existing image package.
Build and capture a reference operating system image.
Perform a customized task using variables.
Custom task sequences can be used to perform specialized operating system deployments or to perform
other custom actions or steps.
Create a task sequence to deploy an existing operating system image to a target computer by using
the New Task Sequence Wizard in the Configuration Manager 2007 console.
After you have created the task sequence, edit the task sequence by selecting the Task Sequences
node, right-clicking the task sequence to change, and then clicking Edit to open the Task Sequence
Editor.
Advertise task sequences to collections by using the New Advertisement Wizard in the Configuration
Manager 2007 console. Before you run the New Advertisement Wizard, identify the target collections and
desired run-time behavior you want for the advertisement. Read access to the task sequence is required to
advertise the task sequence, and the task sequence must exist prior to creating the advertisement.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-39
Create Collections As Needed

Key Points
Collections represent groups of resources and can consist not only of computers, but also of Windows
Server users and user groups, in addition to other discovered resources. Collections provide the means to
organize resources into manageable units, enabling you to create an organized structure that logically
represents the kinds of tasks that you want to perform.
Collections also serve as targets for performing Configuration Manager 2007 operations on multiple
resources at one time (such as operating system or service pack updates). By default, Configuration
Manager 2007 provides 16 default collections.
To create a new collection, you must have Create permission for collections. To advertise a program to a
collection, you must have Advertise permission for collections.
Before you distribute Operating System images, examine all of the collections in the Configuration
Manager 2007 hierarchy and adjust them if necessary. Prepare the collections you want to use at the
preliminary stage of the process so you can select from existing collections when you deploy a Windows
Server image.
Question: What is the main benefit of integrating MDT 2010 and Configuration Manager 2007?

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-40 Deploying Windows Server 2008
Lesson 5
Maintaining Images with Microsoft Deployment
Toolkit

Once you have prepared MDT 2010 and your network infrastructure to support your preferred
deployment method, it may be necessary to update images, maintain device drivers, and manage
packages including language packs. This lesson provides guidance on using Deployment Workbench
and associated tools to perform these tasks.
Objectives
After completing this lesson, you will be able to:
Explain the process for maintaining images.
Manage device drivers.
Manage language packs.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-41
Maintaining Images

Key Points
You can perform a number of image management tasks with MDT 2010. These include:
Import images.
Capture images.
Associate an answer file with images.
Service the images.
You can perform some of these tasks with only the MDT 2010 tools. Some tasks require additional
components, such as Windows System Image Manager; however, many of these tasks can be launched
from within MDT 2010.
Import Images
Use the following procedure to import an image into a Deployment Share:
1. Open the Deployment Workbench.
2. Create a new Deployment Share.
3. In the selected deployment share, right-click Operating Systems, and then click Import Operating
System.
You can choose to import:
Full set of source files. You require the product DVD.
A custom image file. A WIM file that you have previously captured.
Windows Deployment Services images. If your Windows Deployment Services configuration has
appropriate images available, you can direct MDT 2010 to use these images.
4. Specify the source of the image, or else the name of the Windows Deployment Services server hosting
the required image.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-42 Deploying Windows Server 2008
5. Answer selection-specific questions to complete the import process.
Capture Images
When you create a Deployment Share in the Deployment Workbench, you can specify if, during
deployment, the installer should be asked if an image should be captured; this option is enabled by
default. Once the operating system has been deployed, it is captured to the MDT 2010 server.
Associate Answer Files with Images
Use the following procedure to edit and associate an answer file with an MDT 2010 image:
1. In Deployment Workbench, expand the relevant deployment share, and then expand Task
Sequences.
2. Right-click the relevant task sequence, and then click Properties.
3. On the OS Info tab, click Edit Unattend.xml.
4. Windows SIM opens. Modify the answer file as required.
5. Validate and then save the file.
6. Close Windows SIM.
7. Close the task sequence.
Service Images
You can service images using the command-line tool Dism.exe. The Deployment Image Servicing and
Management (DISM) tool is a new command-line tool for Windows 7 and Windows Server 2008 R2 that
enables you to view components of an applied or mounted operating system image and add or remove
packages, software updates, and drivers. You can use DISM to service Windows images offline before
deployment or to prepare a Windows PE image.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-43
Injecting Device Drivers

Key Points
Before deploying operating system images to target computers, add any device drivers that must be
installed with the operating system. Add the drivers to be installed using the:
Import Driver Wizard in Deployment Workbench.
$OEM$ folder structure for original equipment manufacturer (OEM)supplied drivers.
Add Drivers Using the Import Driver Wizard in Deployment Workbench
You can use the Import Driver Wizard from the Deployment Workbench to import drivers into a
deployment share.
Out-of-Box Drivers
Use this feature to install drivers on client computers that are not included in the Windows operating
system image.
Import a Device Driver
To import device drivers to a deployment share, complete the following steps:
1. In the Deployment Workbench console tree, expand Deployment Shares, expand the specific
deployment share to which you want to add your drivers, right-click Out-of-Box Drivers, and then
click Import Drivers. The Import Driver Wizard starts.
2. On the Specify Directory page, type or browse to the path containing the device drivers to be added
to the distribution share using Driver source directory.
3. Select or clear the check box to Import drivers even if the drivers are duplicates of an existing
driver, and then click Next.
4. On the Summary page, click Next and then on the Confirmation page, click Finish.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-44 Deploying Windows Server 2008
Deployment Workbench adds all of the device drivers it finds in the folder and its subfolders. After adding
device drivers to the deployment share, they appear in the Out-of-Box Drivers Details pane. In addition,
the device drivers appear in the distribution share in the Out-of-Box Drivers folder.
Remove a Device Driver
To remove a device driver from the distribution share, complete the following steps:
1. In the Deployment Workbench console tree, expand Deployment Shares, expand the specific
deployment share from which you wish to remove the driver, and then click Out-of-Box Drivers.
2. In the Details pane, right-click the device driver that you want to remove, and then click Delete.
3. In the Delete Selected Items wizard, on the Options page, click Next.
4. On the Summary page, click Next, and on the Confirmation page, click Finish.
Note: When a device driver is deleted from Deployment Workbench, it is also removed from the Out-
of-Box Drivers folder in the distribution share.
View a Device Drivers General Information
To view the general properties of a device driver, complete the following steps:
1. In the Deployment Workbench console tree, expand Deployment Shares, expand the specific
deployment share that contains the driver you want to view, and then click Out-of-Box Drivers.
2. In the Details pane, right-click the device driver that you want to view, and then click Properties.
3. Click the General tab and the Details tab, view the properties, and then click OK to close the
window.
Note: You can enable or disable a driver from the General tab of the drivers properties.
Determining Which Drivers Should Install
By default, all drivers are installed during the image application process. However, if you want to exert
more control, you can use the Advanced Configuration
\Selection Profiles node in Deployment Workbench to determine which drivers are installed.
To define groups of drivers, complete the following steps:
1. In the appropriate deployment share, right-click Out-of-Box Drivers and then click New Folder.
2. In the New Folder wizard, on the General Settings page, enter a Folder name and click Next.
3. Complete the New Folder wizard.
4. Import your drivers into this folder using the process described earlier in this topic.
5. In the appropriate deployment share, expand Advanced Configuration, right-click Selection
Profiles, and click New Selection Profile.
6. In the New Selection Profile Wizard, on the General Settings page, enter a descriptive name and
click Next.
7. On the Folders page, select the check box for the folder you created earlier and click Next.
8. Complete the wizard to create your new profile.
9. Next, either:
a. Right-click the deployment share that you want to update and click Properties.
b. On the Windows PE x64 Components tab, in the Selection profile list, select the profile you just
created and click OK.
10. Or:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-45
a. Right-click the installation task sequence and then click Properties.
b. Click the Task Sequence tab, and under Preinstall, click Inject Drivers.
c. Specify the selection profile you created earlier. The default is All Drivers.
Use Legacy $OEM$ Folders
In addition to the drivers configured in Deployment Workbench, you can add OEM-supplied drivers by
populating the $OEM$ folder structures residing in the deployment share folder on the file system.
Include drivers that are typically installed during graphical user interface (GUI)mode setup or post-setup
by standard Plug and Play enumeration. Doing so enables you to preload OEM Plug and Play drivers that
they can use later, when the associated hardware is introduced in the system.
During the LTI deployment process, LTIApply.wsf scans for $OEM$ folders that contain drivers in the
following order:
The build of the target operating system
The version of the target operating system
The processor architecture of the target computer
Globally, for all target computers
Although MDT 2010 supports using legacy $OEM$ folders to organize and copy supplemental files to the
destination computer, when you are deploying Windows 7 or Windows Server 2008 R2, it is better to use
data WIM files.
An $OEM$ folder contains supplemental files. The following list describes each folder that you can create
within a $OEM$ folder to organize these files:
$$. Windows Setup copies the contents of this folder to %SystemRoot% on each destination
computer. It replicates all of the folders, subfolders, and files that this folder contains in the
%SystemRoot% folder of each destination computer. For Windows Setup to copy a file to
%SystemRoot%\System32 on each destination computer, for example, put the file in
$OEM$\$$\System32.
$1. Windows Setup copies the contents of this folder to %SystemDrive% on each destination
computer. It replicates all the folders, subfolders, and files that this folder contains in the
%SystemDrive% folder on each destination computer. Typically, this is drive C on most computers.
Drive. Drive is a drive letter (C, D, E, and so on). Windows Setup copies the contents of this folder to
the root of the corresponding drive on each destination computer. It replicates all of the folders,
subfolders, and files that this folder contains in the corresponding drive during the setup process. For
example, Windows Setup copies any files put in $OEM$\D to the root of drive D on each destination
computer. Microsoft recommends that the team not use these folders. The folders rely on a
very specific disk configuration on the destination computer. Use $1 to represent %SystemDrive%
instead. In most installations, $OEM$\$1 and $OEM$\C write to the same location: the root of drive C.
TEXTMODE. For Windows XP and Windows Server 2003, this folder contains hardware-specific files
that Windows Setup and text-mode Setup install on the destination computer during the text-mode
phase of the installation process. These files might include OEM Hardware Abstraction Layers (HALs),
mass-storage device drivers, and the Txtsetup.oem file. The Txtsetup.oem file describes how to load
and install these files. List these files in the [OemBootFiles] section of the answer file.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-46 Deploying Windows Server 2008
Slipstreaming Language Packs

Key Points
Language packs enable a multilingual Windows environment. Windows Server 2008 R2 is language-
neutral, and all language and locale resources are added to Windows Server 2008 R2 through language
packs (Lp.cab files). By adding one or more language packs to Windows Server 2008 R2, you can enable
those languages when installing the operating system. As a result, you can deploy the same Windows
Server 2008 R2 image to regions with different language and locale settings, reducing development and
deployment time.
Operating System Packages
Before deploying operating system images to target computers, add any packages that must be installed
after the operating system is installed. Add the packages to be installed using the Import Package Wizard
on the Packages node in Deployment Share. Following are examples of packages that are installed after
the operating system is installed:
Security updates
Service packs
Language packs
To add new Operating System Packages:
1. Start Deployment Workbench.
2. In the console tree, under the appropriate deployment share, right-click Packages, and then click
Import OS Packages. The Import Package Wizard starts.
3. On the Specify Directory page, in the Package source directory box, type the fully qualified path to
the package source files and then click Next.
4. On the Summary page click Next, and on the Confirmation page, click Finish.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-47
Note: you can determine which packages to associate with a deployment share by using selection
profiles as discussed in the previous topic.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-48 Deploying Windows Server 2008
Lab: Implementing the Microsoft Deployment Toolkit

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
a. User name: Administrator
b. Password: Pa$$w0rd
c. Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR2.
Lab Scenario
Having completed the branch server deployments at the regional branch offices, Ed Meadows wants you
to take a look at creating a lite-touch deployment environment to enable on-going server deployments
within the head office. You recommend using a combination of MDT 2010 and Windows Deployment
Services. Ed accepts your suggestion, and you are now tasked with creating and configuring the required
environment to support these ad-hoc deployments.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-49
Exercise 1: Configuring the Microsoft Deployment Toolkit (MDT 2010)
Scenario
MDT 2010 is already installed on NYC-SVR2. This server also has DHCP installed and configured. You must
now configure MDT 2010.
The main tasks for this exercise are as follows:
1. Create a Deployment Share in Deployment Workbench.
2. Mount the Windows Server product DVD.
3. Add an operating system in Deployment Workbench.
Task 1: Create a Deployment Share in Deployment Workbench
1. On NYC-SVR2, open the Deployment Workbench.
2. Create a new Deployment Share using the following information to complete the process:
a. In the New Deployment Share Wizard, on the Path page, accept the defaults.
b. On the Share page, accept the defaults.
c. Deployment share description: Contoso Deployment Share.
d. Clear the Ask if an image should be captured check box.
e. On the Allow Admin Password page, accept the defaults.
f. On the Allow Product Key page, accept the defaults.
Task 2: Mount the Windows Server product DVD
1. On your host computer, in the 6418C-NYC-SVR2 on localhost Virtual Machine Connection
dialog box, on the Media menu, point to DVD Drive and then click Insert Disk.
2. In the Open dialog box, in the File name box, type C:\Program Files
\Microsoft Learning\6418\Drives\ WServer2008R2_Eval.iso and then click Open.
3. In the 6418C-NYC-SVR2 virtual machine, close the AutoPlay dialog box.
Task 3: Add an operating system in Deployment Workbench
1. In the Deployment Workbench console tree, expand Deployment Shares, expand Contoso
Deployment Share (C:\DeploymentShare), and then click Operating Systems.
2. Use the following information to import an operating system:
Note: This operation can take around fifteen minutes.
a. On the OS Type page, click Full set of source files.
b. On the Source page, type D:\.
c. Destination directory name: Windows Server 2008 R2 x64.
Note: In the Details pane of Deployment Workbench, multiple Windows Server 2008 R2 operating
systems are listed.

Results: After this exercise, you should have added an operating system to MDT 2010.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-50 Deploying Windows Server 2008
Exercise 2: Creating and Customizing a Task Sequence
Scenario
You must now create a task sequence in MDT 2010 to deploy the Windows Server 2008 R2 operating
system.
The main tasks for this exercise are as follows:
1. Create a task sequence in Deployment Workbench.
2. Customize a task sequence in Deployment Workbench.
Task 1: Create a task sequence in Deployment Workbench
1. In the Deployment Workbench console tree, right-click Task Sequences and then click New Task
Sequence.
2. Use the following information to complete the process of adding a new task sequence:
a. Task sequence ID: 1
b. Task sequence name: Deploy WS08 F&P Server
c. On the Select Template page, select Standard Client Task Sequence
d. Operating System: Windows Server 2008 R2 SERVERENTERPRISE in Windows Server 2008 R2
x64 install.wim
e. Select Do not specify a product key at this time
f. On the OS Settings page:
i. Full Name: Authorized User
ii. Organization: Contoso
iii. Internet Explorer Home Page: contoso.com
iv. Administrator Password: Pa$$w0rd
Task 2: Customize a task sequence in Deployment Workbench
1. In Deployment Workbench select the Task Sequences folder.
2. View the properties of Deploy WS08 F&P Server.
3. In the Deploy WS08 F&P Server Properties dialog box, click the Task Sequence tab.
4. In the Task Sequence list, click Apply Network Settings.
5. Click the New Item button.
Note: The New Item button is a yellow star on the Properties pane.
6. In the Network Settings dialog box, in the Name box, type LAN Connection.
7. Click Use the following IP address.
8. Click the New IP Address button in the Network Settings section.
Note: The New IP Address button is a yellow star.
a. IP address: 10.10.10.30
b. Subnet mask: 255.255.0.0
9. In the Gateway Settings section, click the New Gateway Settings button.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-51
Note: The New Gateway Address button is a yellow star.
10. The TCP/IP Gateway Address dialog box appears.
Gateway: 10.10.10.1
11. Click the DNS tab.
12. Select Use the following DNS Servers.
Note: The New DNS Server button is a yellow star.
a. DNS server: 10.10.10.10
b. Register this connection's address in DNS
13. In the Deploy WS08 F&P Server Properties dialog box, click OK.
Results: After this exercise, you should have created a task sequence.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-52 Deploying Windows Server 2008
Exercise 3: Configuring the Deployment Share
Scenario
Having created the task sequence successfully, you must now configure the deployment share. You will
modify the driver settings for Windows Preinstallation Environment (Windows PE) x64 and then update
the deployment share.
The main task for this exercise is to configure the Deployment Share in Deployment Workbench.
Task 1: Configure the Deployment Share in Deployment Workbench
1. Right-click Contoso Deployment Share (C:\DeploymentShare) and then click Properties.
2. Clear the x86 check box and then click the Windows PE x64 Components tab.
3. Under Driver Injection select the following check boxes and then click OK:
Include all video drivers in the selection profile
Include all system-class drivers in the selection profile
4. Right-click Contoso Deployment Share (C:\DeploymentShare), and then click Update
Deployment Share.
5. In the Update Deployment Share Wizard, on the Options page, click Next.
6. On the Summary page, click Next.
Note: This operation can take around 25 minutes. Please move on to Exercise 4 while this operation
completes.

Results: After this exercise, you should have configured the deployment share.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-53
Exercise 4: Performing a Lite-Touch Deployment
Scenario
Rather than distribute the Windows PE image on DVD or memory stick, you have elected to use Windows
Deployment Services to initiate the Lite-Touch deployment. Once Windows Deployment Services is
installed, you must add the Lite-touch Windows PE image you created earlier to the Boot Images folder in
Windows Deployment Services. Then you will test the lite-touch deployment by connecting a new server
to Windows Deployment Services by using Pre-Boot Execution Environment (PXE) network startup.
The main tasks for this exercise are as follows:
1. Install the Windows Deployment Services role.
2. Configure the Windows Deployment Services role.
3. Add a Windows PE boot image.
4. Configure the client for PXE Booting.
5. Perform a Lite-Touch Installation.
6. Validate Lite-Touch Deployment (optional).
Task 1: Install the Windows Deployment Services role
1. Switch to the NYC-SVR2 computer.
2. Open Server Manager.
3. Install the Windows Deployment Services server role with both role services.
4. Close Server Manager.
Task 2: Configure the Windows Deployment Services role
1. Open Windows Deployment Services from Administrative Tools.
2. Right-click NYC-SVR2.Contoso.com, and then click Configure Server.
3. Use the following information to complete configuration:
On the Remote Installation Folder Location page, accept the defaults.
Accept the System Volume Warning message.
On the DHCP Option 60 page, enable both Do not listen on port 67 and Configure DHCP
option 60 to PXEClient.
On the PXE Server Initial Settings page, select the Respond to all client computers (known
and unknown) option.
When prompted, choose to not add images to the server.
4. Switch back to the Update Deployment Share Wizard.
Note: You must wait until the update is completed before moving to step 5.
5. On the Completion page, click Finish.
6. In Windows Explorer, navigate to C:\DeploymentShare\boot.
7. Verify that LiteTouchPE_x64.wim is present.
8. Close Windows Explorer.
9. Close Deployment Workbench.
Task 3: Add a Windows Preinstallation Environment (Windows PE) boot image
1. If necessary, open Windows Deployment Services snap-in.
2. Add a new boot image using the following information to complete the process:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-54 Deploying Windows Server 2008
a. On the Image File page, use the following file name
C:\DeploymentShare\boot\LiteTouchPE_x64.wim.
b. Accept the defaults on the Image Metadata page.
c. Accept the defaults on the Summary page.
d. Click Finish on the Task Progress page.
3. Close Windows Deployment Services.
Task 4: Configure the client for Pre-Boot Execution Environment (PXE) Booting
1. On the host computer, switch to Hyper-V Manager.
2. In the Virtual Machines list, right click 6418C-NYC-BLANK, and then click Settings.
3. In the Settings for 6418C-NYC-BLANK dialog box, click BIOS.
4. In the results pane, click Legacy Network adapter.
5. Use the arrows to move Legacy Network adapter to the top of the list and then click OK.
6. In Hyper-V Manager, click 6418C-NYC-BLANK, and in the Actions pane, click Start.
7. In the Actions pane, click Connect.
8. When the computer reboots, note the PXE DHCP notice. When prompted, press F12 for Network
Boot. (Note: You need to press F12 quickly.)
Task 5: Perform a Lite-Touch Installation
1. When the boot process is complete, the Welcome Windows Deployment window appears.
2. Click Run the Deployment Wizard to install a new Operating System, and then use the following
information to launch the lite-touch installation process:
a. User Name: administrator
b. Password: Pa$$w0rd
c. Domain: contoso
d. Deploy WS08 F&P Server
e. Computer name: NYC-SVR3
f. Join a domain
g. Domain: contoso
3. On the Language and other preference page, accept the defaults.
4. On the Set the Time Zone page, accept the defaults.
5. On the Specify the BitLocker configuration page, accept the defaults.
6. On the Ready to begin page, click Begin.
Note: This operation can take around 40 minutes or more to complete. It is optional to allow the
installation to complete.
Task 6: Validate Lite-Touch Deployment (optional)
1. When installation is complete, the computer restarts and you are automatically logged on; the Lite-
touch installation proceeds after logon.
2. In the Deployment Summary window, click Finish.
Question: In Initial Configuration Tasks, what is the IPv4 address?
Question: What is the computer name?
3. Click Start, and then click Internet Explorer.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Implementing the Microsoft Deployment Toolkit 4-55
4. In Set Up Windows Internet Explorer 8, click Ask me later.
5. In Internet Explorer, on the toolbar, click the Home button.
6. Verify that the Internet Explorer home page is set to Contoso.com.
Results: After this exercise, you should have deployed Windows Server 2008 R2.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-BLANK and 6418C-NYC-SVR2.
5. In the Virtual Machines pane, click 6418C-LON-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next modules lab, click 6418C-LON-DC1, and then in the
Actions pane, click Connect.
Important: Start the 6418C-LON-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
7. Wait for 6418C-LON-DC1 to start, and then start 6418C-LON-SVR1. Connect to the virtual machine.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
4-56 Deploying Windows Server 2008
Module Review and Takeaways

Review Questions
1. Your organization wishes to implement a lite-touch deployment strategy. Aside from MDT 2010, what
tools would prove useful in helping you to perform lite-touch deployments?
2. You want to associate a collection of specific drivers with a particular deployment image. How could
you do this?
3. You have created an answer file to help automate the deployment process. How can you associate
the answer file with a deployment image?
Tools
Tool Use for Where to find it
Deployment
Workbench
Configuring and managing
MDT 2010
Start Menu
Deployment Image
Servicing and
Management
Managing images Command-line (part of Windows AIK)
Best Practices Related to Deployment
Supplement or modify the following best practices for your own work situations:
Use the MDT 2010 Database to help to manage large-scale server deployments; it provides a
centralized view of deployment configuration settings.
Use Windows Deployment Services if you do not want to use Windows PE media to initiate your
deployments; Windows Deployment Services supports PXE startup.



New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-1
Module 5
Migrating Active Directory Directory Service
Contents:
Lesson 1: Overview of Upgrading Windows Server 2008 R2 AD DS 5-3
Lesson 2: Upgrading Domain Controllers to Windows Server 2008 5-14
Lab: Migrating Active Directory Directory Service 5-23
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-2 Deploying Windows Server 2008
Module Overview

Active Directory Domain Services (AD DS) and Active Directory directory service is the centerpiece of
any enterprise that uses Microsoft technologies. It provides authentication, authorization and
accountability for the network and all Active Directory integrated applications, such as Microsoft
Exchange Server or Microsoft SQL Server. Migrating to the latest version of AD DS and Active Directory
provides many new features, security and efficiency.
This module provides guidance for upgrading and migrating Active Directory directory service from a
Microsoft Windows 2000 Server operating system or a Windows Server 2003 operating system to a
Windows Server 2008 R2 operating system. This module provides the best practices for AD DS and Active
Directory upgrades.
Objectives
After completing this module, you will be able to:
Describe the considerations and changes resulting from the AD DS and Active Directory upgrade.
Upgrade a legacy forest.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-3
Lesson 1
Overview of Upgrading Windows Server 2008 R2 AD
DS

AD DS and Active Directory is the backbone of the Windows enterprise infrastructure. It is a directory
service with authentication, authorization and management capabilities, as well as full integration with
thousands of applications. It was launched with Windows 2000 Server, and has evolved since then.
Companies that still run Active Directory directory service with Windows 2000 Server or Windows Server
2003 will be interested in upgrading their infrastructures to AD DS with Windows Server 2008 R2 since
there are many advantages in this version. Nevertheless, before upgrading, the administrators must be
aware of the migration process, as well as any discontinued features.
Objectives
After completing this lesson, you will be able to:
Apply considerations for upgrading your Active Directory forest.
Apply considerations for migrating your Active Directory forest.
Explain the process for preparing your forest for the upgrade.
Describe the features enabled at domain and forest-functional levels.
Migrate roles related to AD DS.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-4 Deploying Windows Server 2008
Considerations for Upgrading AD DS and Active Directory

Key Points
Upgrading to AD DS is not a complicated process, but it requires full understanding of how AD DS works,
which features are gained with the upgrade, and which features are no longer there. Also, depending on
the complexity of the infrastructure, it might take time or collaboration between different teams.
Ways to Upgrade
There are three different ways to accomplish the migration:
In-place upgrade
In an in-place upgrade, the different domain controllers are directly upgraded to Windows Server 2008
R2. This can be done if the source computer is running a Windows Server 2003 x64 operating system,
Windows Server 2003 R2 x64 operating system, or Windows Server 2008 x64 operating system with the
latest updates and Service Packs. These are the editions that can be upgraded as a source and destination:
Source Edition (x64 and Service
Pack 2 is required)
Can Upgrade To Windows Server 2008 R2 Operating System (Full
or Server Core installation)
Windows Server 2003 or Windows
Server 2003 R2 Standard Edition
operating system
Standard Edition, Enterprise Edition
Windows Server 2003 or Windows
Server 2003 R2 Enterprise Edition
operating system
Enterprise Edition, Datacenter Edition
Windows Server 2003 or Windows
Server 2003 R2 Datacenter Edition
operating system
Datacenter Edition

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-5
Source Edition (x64 is required) Can Upgrade To Windows Server 2008 R2 Operating System
(same type of installation)
Windows Server 2008 Web Edition
operating system
Web Edition, Standard Edition
Windows Server 2008 Standard
Edition operating system
Standard Edition, Enterprise Edition
Windows Server 2008 Enterprise
Edition operating system
Enterprise Edition, Datacenter Edition
Windows Server 2008 Datacenter
Edition operating system
Datacenter Edition
Windows Server 2008 Foundation
operating system (Service Pack2 is
required)
Standard Edition
Note: dcpromo.exe does not need to be run after the upgrade, as the AD DS role is installed by
default.
Transitioning
In a transition environment, member servers running Windows Server 2008 R2 are promoted to domain
controllers. Then, the Flexible Single Master Operations (FSMO) roles are moved to the Windows Server
2008 R2 domain controllers. Finally, the Windows 2000 Server or Windows Server 2003 domain controllers
are demoted to member servers.
Note: The transition upgrade can only be performed in forests running in a Windows 2000 native
level or higher.
Restructuring
In a restructure, a new Windows Server 2008 R2 forest is created, and the objects from the older forest are
moved to it. This process requires tools such as the Active Directory Migration Tool (ADMT).
A restructure environment takes much longer than the other two processes, but it provides a much
cleaner infrastructure for the new domain.
After the Upgrade
After fully upgrading the domain to Windows Server 2008 R2, the following must be considered:
No new Windows Server 2008 R2 domains can be created with a single-label name.
Windows Server 2008 R2 is the minimum version for any new domain controller.
Question: Why are your organizations exploring upgrading their Active Directory domains to Windows
Server 2008 R2?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-6 Deploying Windows Server 2008
Considerations for Migrating AD DS and Active Directory

Key Points
Migrations must be carefully planned to avoid errors and inconsistencies. The following questions should
be considered before migrating:
Will the hardware support the new operating system in an upgrade?
Are all of the domain controllers completely updated?
If any exist, are all of the Exchange servers completely updated?
Is there any software not supported by the new operating system?
Does the recovery plan contemplate domain controllers? Are they fully backed up?
Is the Active Directory restore mode password known and recorded somewhere? Are the passwords
of the service accounts also recorded somewhere?
Is every important aspect of the infrastructure documented, for instance roles, Global Catalogs,
domains, sites, topology, and IP addresses?
Is every aspect of the migration documented?
Migration Phases
When preparing a migration project, it must be divided in phases to ease delegation and organization:
1. Infrastructure preparation.
2. Installation of the first Windows Server 2008 R2 domain controller (by upgrading a domain controller
or promoting a server).
3. Verification of correct migration.
4. Installation of additional Windows Server 2008 R2 domain controllers.
5. Demotion of older domain controllers.
6. Execution of post-migration tasks.
These phases are covered in the next lesson in more depth.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-7
What Are the New Features in AD DS?

Key Points
Since Windows 2000 Server, many new features have been added to AD DS. They are the following:
Main Features and Technologies Added in Windows Server 2003 and Windows Server 2003
Functional Level
Domain rename. Administrators can rename domains by using the Domain Rename Tool.
Domain controller rename. Administrators can rename domain controllers by using the Domain
Controller Rename Tool.
Forest trusts. Forest-wide trusts can be created from a forest root to another forest root.
Enhanced replication. Linked-value replication provides a faster and more secure replication method
for group members.
Selective cross-domain and cross-forest resource access.
Secure LDAP traffic. All Lightweight Directory Access Protocol (LDAP) traffic is signed and encrypted
by default.
Active Directory Quotas. Administrators can specify a maximum number of objects an entity can own
in an Active Directory domain.
Universal group membership caching. Prevents the use of Global Catalog servers in remote sites with
a slow Wide Area Network (WAN) link.
Improved tombstone lifetime (Service Pack 1). Deleted objects are stored for 180 days by default.
Improved metadata removal (Service Pack 1). Metadata from old domain controllers is more easily
erased using ntdsutil.exe.
Improved authoritative restore (Service Pack 1). Objects that were created before raising the
functional level of the domain to Windows Server 2003 can be restored. Also, a LDAP Data
Interchange Format (LDIF) file can be created to restore object links in other domains.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-8 Deploying Windows Server 2008

Main Features and Technologies Added in Windows Server 2003 R2
Active Directory Application Mode (ADAM). ADAM allows administrators to create new directory
services for applications.
Active Directory Federation Services (AD FS). Provides a Single Sign-On technology for web
applications.

Main Features and Technologies Added in Windows Server 2008 and Windows Server 2008
Functional Level
AD DS Auditing. Administrators can track changes in attribute values, saving in the audit logs the old
and the new values. This is enabled by using the Directory Service Changes audit policy.
Fine-Grained Password Policies. Administrators can apply different password policies to global
security groups and users. This is enabled by using Password Settings objects (PSOs) that are linked to
the different accounts. This feature requires Windows Server 2008 functional level in the domain.
Read-Only Domain Controllers (RODC). RODCs can be deployed to branch offices to provide selective
credential caching in that site. This feature requires Windows Server 2003 functional level in the
domain.
Restartable AD DS. AD DS is now a service available in the services console, and can be started,
stopped and paused like any other service. This eases tasks like NTDS.dit defragmentation.
Database Mounting Tool. Dsamain.exe can be used to mount an NTDS.dit backup. Then, an
administrator can compare objects and attributes to decide what to restore or to check an older
value.
DFS-Replicated SYSVOL. To improve replication speed, scalability, and manageability, DFS Replication
can be used instead of File Replication Service (FRS) for the System Volume (SYSVOL) folder. This
feature requires Windows Server 2008 functional level in the domain. The DFSRMIG.exe tool is
provided to perform the migration, which is executed in three steps in case reverting is necessary
before the migration is complete.
Main Features and Technologies Added in Windows Server 2008 R2 and Windows Server 2008 R2
Functional Level
Active Directory Recycle Bin. This is the main addition to AD DS in Windows Server 2008 R2. The
Active Directory Recycle Bin provides a new container where deleted objects in AD DS will be placed
for a determined time. An administrator can recover the objects from the container without losing
any information, attributes or security identifiers (SID). Also, this process doesnt require rebooting in
Directory Services Restore Mode, improving the server availability. This feature requires Windows
Server 2008 R2 functional level in the forest and enabling it is irreversible.
Note: You can enable the Active Directory Recycle Bin in a domain by using the Microsoft Windows
PowerShell cmdlet Enable-ADOptinalFeature or with ldp.exe.
Active Directory PowerShell module. To enhance AD DS administration, a PowerShell module to
manage Active Directory objects is available.
Note: To use the Active Directory management module in any PowerShell session in the server, you
can use the following cmdlet:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-9
Import-Module ActiveDirectory
Active Directory Administrative Center. This provides a task oriented management console for Active
Directory objects. The Active Directory Administrative Center uses PowerShell to ease and speed up
administration tasks, such as creating objects or running queries to find objects. It can also be
extended to perform custom tasks.
Active Directory Best Practices Analyzer. This tool can help administrators identify and solve issues in
their Active Directory environment by scanning many different configuration settings.
Active Directory Web Services. This service is required for the Active Directory Administrative Center
and the Active Directory PowerShell module, and provides a connection point for these and other
tools to manage the AD DS.
Offline domain join. Using Djoin.exe, an administrator can join a Windows 7 operating system
computer and a Windows Server 2008 R2 computer to the domain without using any network
connectivity.
Managed Service Accounts. These new account types enhance service isolation and manageability of
applications running as services, like SQL Server. Usually, when an administrator sets up a service
running under an account, the credentials must be kept safe, and passwords must be tightly
controlled. Managed Service Accounts have automatic password management and can be delegated
to other administrators if required. This feature requires Windows Server 2003 functional level in the
domain.
Read-Only DFS-R SYSVOL Replication for RODCs. To enhance security on RODCs, the SYSVOL
replication is now executed with Read-Only DFS-R.
Question: Which features would your companies be more interested in?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-10 Deploying Windows Server 2008
Preparing the Legacy Forest

Key Points
Before introducing a Windows Server 2008 R2 domain controller, the forest and the domain must be
prepared to accept it.
Adprep.exe is used, like in older versions of Windows, to prepare the environment by modifying the
schema and access control lists, and adding new default groups. This will allow the new domain controller
to be created in the domain and the new features to be enabled.
There are two versions of the Adprep tool; adprep32.exe is used in 32-bit domain controllers and
adprep.exe in 64-bit domain controllers. These tools are located in the \support\adprep32 and
\support\adprep folders of the installation media respectively.
Note: All of the commands in the following section are run in a computer with the Windows Server
2008 R2 DVD installation media inserted in the D: drive. You can copy the contents of
\sources\adprep or \sources\adprep32 to the domain controller and run the tool from the local
folder.
Note: If the tools are run on a Windows Server 2008 domain controller, it must be done in an
elevated command prompt.
Note: Before using Adprep.exe, it is recommended to test the forest throughout (replication, security,
Domain Name System (DNS)) and performing a system state backup of at least one domain controller
on each domain. It is also recommended to test the execution of Adprep.exe in a testing lab before
executing it on the real forest.
Preparation Phases
The environment preparation is divided into three phases:
1. The forest schema must be extended. Windows Server 2008 R2 requires many new classes and
attributes to support the new features. The tool must be run on the domain controller that holds the
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-11
schema master role in the forest, and the user that runs the tool must belong to the Enterprise
Admins, Schema Admins and Domain Admins security groups. The command must be run as follows:
In a 64-bit domain controller:
D:\sources\adprep\adprep.exe /forestprep
In a 32-bit domain controller:
D:\sources\adprep32\adprep32.exe /forestprep
2. If RODCs will be deployed to the forest, it must be extended to support them. The tool must be run in
a Windows Server 2003 functional level domain, on the domain controller that holds the schema
master role in the forest, and the user that runs the tool must belong to the Enterprise Admins
security group. The command must be run as follows:
In a 64-bit domain controller:
D:\sources\adprep\adprep.exe /rodcprep
In a 32-bit domain controller:
D:\sources\adprep32\adprep32.exe /rodcprep
Note: This step can be run before or after adprep.exe /domainprep, but it is usually performed right
after adprep.exe /forestprep because the credentials required are similar and they must be run on the
schema master.
3. The administrator must prepare every domain in which a Windows Server 2008 R2 domain controller
will be added. The preparation process modifies security settings and, when upgrading from a
Windows 2000 Server domain, it makes GPO security compatible with Windows Server 2008 R2. The
tool must be run on the domain controller that holds the Infrastructure Master role in the domain,
and the user that runs the tool must belong to the Domain Admins security group.
The command must be run as follows if preparing a Windows 2000 Server domain:
In a 64-bit domain controller:
D:\sources\adprep\adprep.exe /domainprep /gpprep
In a 32-bit domain controller:
D:\sources\adprep32\adprep32.exe /domainprep /gpprep
The command must be run as follows if preparing a Windows 2003 Server domain or higher:
In a 64-bit domain controller:
D:\sources\adprep\adprep.exe /domainprep
In a 32-bit domain controller:
D:\sources\adprep32\adprep32.exe /domainprep
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-12 Deploying Windows Server 2008
Migrating AD DS-Related Roles

Key Points
There are some roles that support AD DS in different ways, such as Active Directory Certificate Services
(AD CS) and DNS, and these are usually roles that need to be migrated to newer servers.
Migrating AD CS to Windows Server 2008 R2
There are many role services in the AD CS role, but the only migratable role service is the certification
authority (CA). A legacy CA can be easily migrated to Windows Server 2008 R2 by following these steps:
1. Pre-Migration (Preparation). In the Pre-Migration phase, Windows Server 2008 R2 is installed to the
destination server. Also, the following should be backed up on the source server: CA database, private
key, and registry settings. If the CA is an Enterprise CA, the template list should also be backed up.
Keep a record of the CAs cryptographic service provider (CSP) and signature algorithm, and publish a
Certificate Revocation List (CRL) with a longer validity.
Note: Most of these tasks can be performed using certutil.exe.
2. Migration. Once the Pre-Migration phase is complete, the CA role service is removed from the source
server. It is important to do that before installing the role service on the destination server to avoid
problems. After that, the source server must be removed from the domain. The destination server
must then be renamed to the same name of the source server, and joined to the domain after (do not
join the computer if the CA is a standalone CA that is not a domain member). Now, import the CA
certificate with the private key on the destination server and add the CA role service selecting the
imported certificate. Finally, restore the CA database and registry settings.
3. Verification. Verify certificate enrollment, certificate autoenrollment and CRL publishing.
4. Post-Migration and Troubleshooting. If anything failed during the migration or verification phases, it
should be fixed now. If necessary, a full rollback of the steps must be performed to ensure continuity
of the service.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-13
Migrating DNS to Windows Server 2008 R2
DNS is usually installed in a domain controller, and therefore, migrated together. The process for a
standalone migration is very similar, and it is the one described here.
Note: In the next lesson, the AD DS migration steps will be discussed.
1. Pre-Migration (Preparation). Install Windows Server 2008 R2 to the destination server, then, install the
DNS Server role to the destination server. The source DNS server should be completely backed up.
Note: In case there are several DNS Servers, secondary servers must be migrated first.
2. Migration. Once the Pre-Migration phase is complete, stop the DNS Server service on the source
computer. Then, use the reg.exe command to export DNS settings and save the files to
%windir%\system32\DNS:
reg export HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
%Windir%\System32\DNS\Dns-Service.REG

reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS
Server" %Windir%\System32\DNS\Dns-Software.REG
After the export, copy all of the files and subfolders under %windir%\System32\DNS to a network
location accessible by the destination server. Start the DNS Server service on the source computer.
To import all of the data and settings, stop the DNS Server service on the destination computer.
Copy all of the files from the network location to the %windir%\system32\DNS folder. Run both
Dns-Service.REG and Dns-Software.REG to import the registry settings. Then, start the DNS Server
service. If migrating a secondary server, check the zone transfer settings on the primary server to
ensure correct zone transfers.
Finally, change the source server IP address to a different static IP address, and assign the original IP
to the destination server.
Note: Migrating an AD DS integrated zone is a simple process. Once the new Domain Controller
exists, it will try to replicate the contents from another Domain Controller on the domain. To check if
there are additional directory partitions, in the source server, the dnscmd /enumdirectorypartitions
command should be used, and the dnscmd / EnlistDirectoryPartition command should be used to
enlist those partitions in the destination server.
3. Verification. Use nslookup.exe to verify name resolution. Test zone transfers if necessary.
Note: To verify the migration of DNS integrated zones, the DNS Convergence Check Utility can be
used. It can be found at: http://go.microsoft.com/fwlink
/?LinkId=195877.
4. Post-Migration and Troubleshooting. If anything failed during the migration or verification phases, it
should be fixed now. If necessary, a full rollback of the steps must be performed to ensure continuity
of the service.
Question: Does your company need to migrate any AD DS related role?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-14 Deploying Windows Server 2008
Lesson 2
Upgrading Domain Controllers to Windows Server
2008

Migrating from a Windows 2000 Server or a Windows Server 2003 Active Directory forest is very
important, as it will provide many features already discussed and a more secure environment.
It is essential to determine whether to perform an in-place upgrade or a transition migration, keeping in
mind the system requirements and the hardware limitations.
Objectives
After completing this lesson, you will be able to:
Explain the process for upgrading Windows 2000 Server Active Directory directory service to AD DS.
Explain the process for upgrading Windows Server 2003 Active Directory directory service to AD DS.
Completing the upgrade to Windows Server 2008 R2 AD DS.
Understand and plan an AD DS forest restructure.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-15
Migrating from Windows 2000 Server Active Directory Directory Service

Key Points
Migrating from a Windows 2000 Server Active Directory directory service environment is possible and can
be completed only by performing a transition migration. In-place upgrading from Windows 2000 Server is
no longer possible because Windows Server 2008 R2 was released only for x64 computers and Windows
2000 Server was released only for x86 computers.
Active Directory Migration from Windows 2000 Server
The four phases in the migration are Pre-Migration, Migration, Verification and Migration Completion.
Pre-Migration
1. Check the required credentials for the forest and domain preparations. (See Lesson 1: Overview of
Upgrading Windows Server 2008 R2 AD DS.)
2. Add a Windows Server 2008 R2 member server to the domain.
3. Perform a full backup of the domain (NTDS.dit and SYSVOL).
Migration
1. Perform the forest and domain preparation by using Adprep.exe. (See Lesson 1: Overview of
Upgrading Windows Server 2008 R2 AD DS.)
2. Install the AD DS role on the Windows Server 2008 R2 member server. Then, run dcpromo.exe and
promote the server to the domain controller of the domain. The user running dcpromo.exe must be a
member of the Domain Admins security group.
3. Update permissions on all GPOs in the domain by using adprep.exe /gpprep or running the following
command on an elevated prompt:
cd /d %programfiles%\Microsoft Group Policy\GPMC Sample Scripts

Cscript GrantPermissionOnAllGPOs.wsf Enterprise Domain Controllers /permission:read
/domain:DNSDomainName /Replace
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-16 Deploying Windows Server 2008
Note: Step 3 must only be run when upgrading from a Windows 2000 Server domain.
4. Wait for all the data to replicate between the different sites.
Verification
1. Check domain data replication between the new domain controller and the rest.
2. Ensure that the DNS SRV records for the new domain controller are created properly.
3. Use dcdiag.exe to check the new domain controller.
Note: It is recommended to add at least a second Windows Server 2008 R2 domain controller before
following the next steps.
Migration Completion
Tasks performed after the migration process. This phase will be explained in the next topic.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-17
Migrating from Windows Server 2003 Active Directory Directory Service

Key Points
Contrary to migrating from Windows 2000 Server, Windows Server 2003 can be in-place upgraded to
Windows Server 2008 R2, but there are some requirements to meet:
Only the Windows Server 2003 x64 Edition operating system can be upgraded.
The server must be running Windows Server 2003 with Service Pack 2 or Windows Server 2003 R2.
Windows Server 2003 Standard Edition can be upgraded to Windows Server 2008 R2 Standard or
Enterprise Edition.
The Enterprise Edition can be upgraded to the Enterprise or Datacenter Edition.
The Datacenter Edition can only be upgraded to the Datacenter Edition.
The server can be upgraded only to a full installation of Windows Server 2008 R2.
The hardware of the server must meet the requirements of Windows Server 2008 R2.
Note: Keep in mind all of these requirements before performing an in-place upgrade.
Note: Migrating from a Windows Server 2008 forest is very similar to migrating from a Windows
Server 2003 forest.
In-place Upgrade
Using the Microsoft Assessment and Planning (MAP) Toolkit, an administrator can identify which
computers can perform an in-place upgrade easily. The Discovery and Readiness node of the Inventory
and Assessment section generates reports for different scenarios: client upgrade, server upgrade,
application upgrade, virtualization recommendations and many others.
The four phases in the migration are Pre-Migration, Migration, Verification and Migration Completion.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-18 Deploying Windows Server 2008
Pre-Migration
1. Check the required credentials for the forest and domain preparations. (See Lesson 1: Overview of
Upgrading Windows Server 2008 R2 AD DS.)
2. Perform a full backup of the domain controller.
3. Update the domain controller with the latest updates.
4. Verify domain controller synchronization and replication with dcdiag.exe and repadmin.exe.
Migration
1. Perform the forest and domain preparation by using Adprep.exe. (See Lesson 1: Overview of
Upgrading Windows Server 2008 R2 AD DS.)
2. Log on to the domain controller with a user that belongs to the Domain Admins or Enterprise Admins
security groups.
3. Run the following command:
<dvd or network path>:\setup.exe
4. Wait for the command to complete.
Verification
1. Check domain data replication between the domain controller and the rest.
2. Use dcdiag.exe to check the domain controller.
Note: It is recommended to add at least a second Windows Server 2008 R2 domain controller before
following the next steps.
Migration Completion
Tasks performed after the migration process. This phase will be explained in the next topic.
Transition Migration from Windows Server 2003
The four phases in the migration are Pre-Migration, Migration, Verification and Migration Completion.
Pre-Migration
1. Check the required credentials for the forest and domain preparations. (See Lesson 1: Overview of
Upgrading Windows Server 2008 R2 AD DS.)
2. Add a Windows Server 2008 R2 member server to the domain.
3. Perform a full backup of the domain (NTDS.dit and SYSVOL).
Migration
1. Perform the forest and domain preparation by using Adprep.exe. (See Lesson 1: Overview of
Upgrading Windows Server 2008 R2 AD DS.)
2. Install the AD DS role on the Windows Server 2008 R2 member server. Then, run dcpromo.exe and
promote the server to the domain controller of the domain. The user running dcpromo.exe must be a
member of the Domain Admins security group.
3. Wait for all the data to replicate between the different sites.
Verification
1. Check domain data replication between the new domain controller and the rest.
2. Ensure that the DNS SRV records for the new domain controller are created properly.
3. Use dcdiag.exe to check the new domain controller.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-19
Note: It is recommended to add at least a second Windows Server 2008 R2 domain controller before
following the next steps.
Migration Completion
Tasks performed after the migration process. This phase will be explained in the next topic.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-20 Deploying Windows Server 2008
Completing Migration to Windows Server 2008

Key Points
Post-migration tasks are usually optional, but they help ensure a successful migration process and a
healthy forest infrastructure:
1. Test domain and forest correct functionality using dcdiag.exe and repadmin.exe.
2. Transfer all the FSMO roles of the domain to the same Windows Server 2008 R2 domain controller.
This could either be done using the different management consoles or Ntdsutil.exe.
3. One by one, demote the legacy domain controllers by using dcpromo.exe. This must be run by a user
that belongs to the Domain Admins security group.
4. Clean the erased server metadata from the domain by using Ntdsutil.exe. You should select the
domain and site, and check if any erased servers still show up.
5. When only Windows Server 2008 R2 domain controllers exist in the domain, raise the domain
functional level to Windows Server 2008 R2. If there are no Windows Server 2003 domain controllers
left, but there is any Windows Server 2008 domain controller, you could raise the domain functional
level to Windows Server 2008 until they are demoted.
6. Enable DFS-R SYSVOL replication by running the following command:
dfsrmig /SetGlobalState 1
7. When all of the domains in the forest operate in Windows Server 2008 R2 functional level, raise the
forest functional level to Windows Server 2008 R2.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-21
Restructuring Active Directory Domains

Key Points
An AD DS restructure migration comprises the creation of a new Active Directory forest and the migration
of all Active Directory objects from the original forest to the new one. The only requirement is that the
source forest must run in Windows 2000 native functional level.
Restructuring the forest can help reduce the number of domains in the organization, therefore reducing
its administrative complexity and management costs. The drawback is the higher difficulty of the
migration, which usually takes much longer than an in-place upgrade or a transition. The use of ADMT
will help ease that process, because it provides an automated migration system for accounts and security
settings.
These are some good practices to take into account when using ADMT:
Keep updated backups of domain controllers in both source and target domains.
Test restructures in a lab environment before proceeding. Check object creation, data access, and
permissions.
Keep an updated recovery plan for all the phases in the restructure.
Avoid using EFS in any domain controller when performing restructures.
Time synchronization is extremely important. Double check that all domains in the restructure have
the correct time.
A restructure migration has six phases:
Planning
1. Determine the structure of the new forest.
2. Determine the administration structure of the new forest.
3. Determine forest coexistence schedule.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-22 Deploying Windows Server 2008
Forest Creation
1. Create the new Windows Server 2008 R2 forest.
2. Establish a two-way forest root trust relationship between the source and destination forests.
Pre-Migration
1. Determine which objects will be migrated from each domain of the forest.
2. Determine object migration schedules.
3. Create the user that will execute the migration. Add the user to the Domain Admins security group of
every domain in both forests.
4. Install ADMT in the target domains.
Note: The rest of the steps in the phases must be repeated in every destination domain following the
migration schedule.
Migration
1. Migrate the service accounts using ADMT.
2. Migrate the security groups using ADMT.
3. Migrate the user and computer accounts using ADMT. It is recommended to migrate in batches of
100 objects to ease the process. Users profiles can also be migrated, whether they are local or
roaming.
4. Migrate the servers and workstations using ADMT.
5. Migrate all but two domain controllers in the source domain by first demoting them, transferring
them to the destination domain, and promoting them again to domain controllers.
6. Translate security on the member servers so that migrated users can access them.
Verification
1. Test all services that run under a migrated service account.
2. Check security group membership.
3. Check resource access.
4. Test domain functionality with dcdiag.exe.
Post-Migration
1. Demote all domain controllers in the source domain.
2. When all domains have been migrated, eliminate the forest-wide trust.
3. Delete the migration user account.
Question: Would your company benefit from a domain restructure? How would you plan for it?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-23
Lab: Migrating Active Directory Directory Service

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Adatum
5. Repeat these steps for 6418C-LON-SVR1.
Lab Objectives
After completing this lab, you will be able to:
Prepare the existing forest for the new domain controller.
Deploy a Windows Server 2008 R2 operating system domain controller in the domain.
Remove legacy domain controllers.
Enable new Windows Server 2008 R2 domain features.
Lab Scenario
Contoso, Ltd. has a partner organization, A. Datum Corporation. This forest is running Windows Server
2003 Active Directory directory service. Your task is to upgrade this forest to Active Directory Domain
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-24 Deploying Windows Server 2008
Services (AD DS) with a Windows Server 2008 R2 functional level. The new domain must have the Active
Directory Recycle Bin activated to minimize risks and SYSVOL must replicate using DFS-R.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-25
Exercise 1: Preparing the Existing Forest for the New Domain Controller
Scenario
The administrator must prepare adatum.com to contain a Windows Server 2008 R2 domain controller.
The main task for this exercise is as follows:
Run the ADPREP command to prepare the existing forest.
Task: Run the ADPREP command to prepare the existing forest
1. On the host computer, mount the C:\Program Files\Microsoft
Learning\6418\Drives\WServer2008R2_Eval.iso file to the 6418C-LON-DC1 virtual machine.
2. On LON-DC1, open a command prompt and browse to the Support folder on drive D and then run
adprep32 /forestprep to prepare the forest.
3. On LON-DC1, run adprep32 /domainprep /gpprep to prepare the domain.
Results: After this exercise, you should have prepared the A. Datum forest for the addition of a
Windows Server 2008 R2 domain controller.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-26 Deploying Windows Server 2008
Exercise 2: Deploying a Windows Server 2008 R2 Domain Controller
Scenario
The Windows Server 2008 R2 computer must be promoted to a domain controller.
The main task for this exercise is as follows:
Promote a Windows Server 2008 R2 server to a domain controller.
Task: Promote a Windows Server 2008 R2 server to a domain controller
On LON-SVR1, run dcpromo.exe to install Active Directory Domain Services (AD DS) with the
following options:
Network Credentials: Adatum\Administrator
Domain: Adatum.com
Additional Domain Controller Options: Global catalog and DNS server
Directory Services Restore Mode Administrator Password: Pa$$w0rd
Restart the server and log back on as Adatum\Administrator with the password of Pa$$w0rd.
Results: After this exercise, you should have promoted LON-SVR1 to domain controller with Global
Catalog and Domain Name System (DNS) Server.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-27
Exercise 3: Removing Legacy Domain Controllers
Scenario
After promoting LON-SVR1, it is important to demote LON-DC1 to raise the forest and domain functional
levels to Windows Server 2008 R2.
The main tasks for this exercise are as follows:
1. Migrate settings to the new domain controller.
2. Remove the legacy domain controller.
3. Change the domain and forest functional levels to support required features.
Task 1: Migrate settings to the new domain controller
1. On LON-SVR1, open a command prompt and run Ntdsutil.exe.
2. Use Ntdsutil to move all FSMO roles to LON-SVR1. If there is an error, wait for five minutes, and then
retry.
Task 2: Remove the legacy domain controller
On LON-DC1, run dcpromo.exe to remove Active Directory directory service from LON-DC1. Use
Pa$$w0rd as the Administrator password.
Task 3: Change the domain and forest functional levels to support required features
1. On LON-SVR1, start Active Directory Domains and Trusts.
2. Raise the domain functional level to Windows Server 2008 R2.
3. Raise the forest functional level to Windows Server 2008 R2.
Results: After this exercise, you should have removed the legacy domain controller from adatum.com
and elevated the forest functional level to Windows Server 2008 R2.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-28 Deploying Windows Server 2008
Exercise 4: Enabling New Windows Server 2008 R2 Domain Features
Scenario
Now that the forest is ready, we will enable the Active Directory Recycle Bin feature to comply with the
organization requirements.
The main tasks for this exercise are as follows:
1. Enable AD DS replication with DFSRMIG.
2. Enable Active Directory Recycle Bin.
Task 1: Enable Active Directory Domain Service (AD DS) replication with DFSRMIG
1. On LON-SVR1, start an elevated command prompt.
2. Run dfsrmig /getGlobalState to check the current state.
3. Run dfsrmig /setGlobalState 1 to prepare for the migration.
4. Run dfsrmig /getMigrationState to confirm the migration has been prepared.
5. Run dfsrmig /setGlobalState 2 to start the migration.
6. Run dfsrmig /setGlobalState 3 to finish the migration.
7. Run dfsrmig /getGlobalState to check the current state.
Task 2: Enable Active Directory Recycle Bin
1. On LON-SVR1, start an elevated Microsoft Windows PowerShell prompt.
2. Run the Enable-ADOptionalFeature cmdlet to enable the Active Directory recycle bin:
Enable-ADOptionalFeature Identity CN=Recycle Bin Feature,CN=Optional
Features,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=adatum,DC=com Scope ForestOrConfigurationSet
Target adatum.com
Results: In this exercise, you enabled SYSVOL DFS Replication and the Active Directory Recycle Bin.
Lab Shutdown
After you complete the lab, you must shut down the virtual machines.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
5. To connect to the virtual machine for the next modules lab, click 6418C-NYC-DC1, and then in the
Actions pane, click Connect.
Important: Start the NYC-DC1 virtual machine first, and ensure that it is fully started before starting
the other virtual machines.
6. Wait for NYC-DC1 to start, and then start 6418C-NYC-SVR1. Connect to the virtual machine.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Active Directory Directory Service 5-29
Module Review and Takeaways

Review Questions
1. What are the different types of AD DS migrations available?
2. Can a Domain Admin prepare the forest for the deployment of a Windows Server 2008 R2 domain
controller?
Common Issues
An AD DS restructure must be taken very seriously, as it is very easy to forget any of the numerous
steps in the migration.
DFS Replication of the SYSVOL folder can generate many errors with Windows Server 2008 without
Service Pack 2 installed.
Tools
Active Directory Migration Tool 3.1
Microsoft Assessment and Planning Toolkit 4.0

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
5-30 Deploying Windows Server 2008

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-1
Module 6
Migrating File, Print and Web Services
Contents:
Lesson 1: Introducing Server Migration 6-3
Lesson 2: Migrating File and Print Servers 6-13
Lab A: Migrating Windows Server 2003 File and Print Services 6-29
Lesson 3: Migrating Web and Application Servers 6-34
Lab B: Migrating a Web Application to Windows Server 2008 R2 and
Internet Information Services (IIS) 7 6-48

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-2 Deploying Windows Server 2008
Module Overview

After the installation and configuration of a Windows Server 2008 R2 operating system server, the next
step is to migrate data and settings from older Windows Server 2003 or 2008 servers to the new
computer. This and the following modules focus on those tasks.
The Windows Server Migration Tools are used to easily and effectively migrate data and settings.
Administrators use this tool to select specific roles and configurations of the server to be migrated. With
the Windows Server Migration Tools, administrators can also use the versatility of Microsoft Windows
PowerShell to script the entire process.
In the following module, we will discuss how to migrate different roles from legacy operating systems,
especially File server, Print server and Web server roles, and use different Microsoft tools to accomplish
those tasks.
Objectives
After completing this module, you will be able to:
Describe the Windows Server Migration Tools.
Upgrade file and print servers.
Upgrade Web and application servers.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-3
Lesson 1
Introducing Server Migration

Getting a server up and running is a complex task, which generally comprises of compiling settings and
data from older servers and transferring the settings and data to the new one. Completing this task is
usually time consuming and requires extensive planning and execution.
To assist administrators, Microsoft provides the Windows Server Migration Tools. This is a set of utilities
that organize, prepare, and accomplish the migration of selected Windows Server Roles, Features and
associated settings, such as Dynamic Host Configuration Protocol (DHCP), File Services, BranchCache,
Hyper-V and others.
This lesson is an introduction to a server migration and the installation and use of the Windows Server
Migration Tools.
Objectives
After completing this lesson, you will be able to:
Describe server migration.
Explain the process of migrating server roles from earlier versions of Windows Server.
Describe the Windows Server Migration Tools.
Describe what you can migrate with the Windows Server Migration Tools.
Explain the process of using the Windows Server Migration Tools.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-4 Deploying Windows Server 2008
What Is Server Migration?

Key Points
Server migration is the process of moving data and settings from one server to another server. This is
usually performed because the original server is either malfunctioning or old. By doing this, you could
decide to migrate some of the original servers roles to a new server and the rest to another, thereby
improving the role efficiency and response rate.
The Microsoft Windows 2000 Server operating system, the Windows Server 2003 operating system, the
Windows Server 2008 operating system, and Windows Server 2008 R2 servers can be migrated to other
Windows Server 2008 R2 servers by using different sets of tools, depending on the role migrated and the
source operating system.
Upgrading vs. Migrating
Choosing whether to upgrade or migrate a server depends on several factors:
New hardware availability. Server migration requires a completely new server to which the data and
settings could be migrated.
Old hardware compatibility. Server upgrading requires that the hardware in the existing server be
compatible with the new planned environment, which is Windows Server 2008 R2.
Operating system upgrading compatibility. Only Windows Server 2003 x64 with Service Pack 2,
Windows Server 2003 R2 x64, and Windows Server 2008 x64 can be upgraded to Windows Server
2008 R2. A server migration does not require a specific operating system edition or the use of a 64-bit
source server.
Upgrade and migration speed. Usually, a server upgrade takes less time than a server migration. In a
server upgrade, the administrator is only required to do the operating system installation and all data,
settings and applications remain unmodified. In a server migration, the administrator must install the
operating system and applications required for the server, and transfer data and settings from the old
server.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-5
Why Migrate?
Migrating a server or a server role is usually performed when one or more of these circumstances occur:
An in-place upgrade is impossible due to hardware or software restrictions.
The current server has reached its maximum performance capacity and it is necessary to increase it.
The current server hardware cannot provide determinate requirements for specific features, such as
BitLocker Drive Encryption.
It is necessary to restructure a specific role, such as Active Directory Domain Services (AD DS).
Some of the current servers features must be placed in a different server to comply with security or
performance requirements.
Question: Have you migrated a server from an older version of Windows to another server?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-6 Deploying Windows Server 2008
The Process of Migrating to Windows Server 2008 R2

Key Points
Migrating from an older operating system to Windows Server 2008 R2 is, as are many other tasks, a critical
process. In order to ease the migration process and make it as manageable as possible, it is usually divided
into phases.
Migration Phases
The migration phases are as follows:
Planning (pre-migration). During the Planning phase, the administrator checks the service quality and
makes certain that everything is running correctly. Then, the administrator ensures that both source
and destination computers meet the requirements for the migration. After that, the administrator
prepares the destination computer and then the source computer for the migration.
Execution (migration). In the Execution phase, the administrator migrates the data and/or settings
from the selected role to the new server. This is usually performed using tools, such as the Windows
Server Migration Tools, to ease the process. When finalizing this phase, if the migration was a full
migration, the source server is usually decommissioned temporarily until the verification phase is
complete.
Post-Migration (verification). In the Verification phase, the administrator checks if the migration was
carried out effectively and confirms no errors appear. When a full verification is completed and the
new server is running the new service or services with no errors, the older server is permanently
decommissioned.
Troubleshooting. Finally, during the Troubleshooting phase, if there are any options that are not
configured correctly, the administrator can perform the export again and/or fix the wrong settings. If
there is no solution or the export fails continuously, the administrator can return to using the original
source server.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-7
Overview of Different Role and Feature Migrations
There are many roles and features that can be migrated to Windows Server 2008 R2. Some of the roles
and features are listed below:
Active Directory Certificate Services. The Certification Authority (CA) can be migrated while preserving
issued and revoked certificates in a new server.
AD DS. An Active Directory forest can be migrated to a new forest to restructure it completely.
BranchCache. Although BranchCache is a brand new feature in Windows Server 2008 R2, it is possible
to migrate it from one server to another.
DHCP. The DHCP server role can be migrated maintaining scopes, reservations, and other settings to
a new server.
File Services. Shared folders can be migrated while preserving NTFS file system and shared folder
permissions in the new server.
Hyper-V. Migrating the Hyper-V server role allows the transfer of virtual machines and virtual
networks to the new server.
Windows Server Update Services (WSUS). A WSUS server can be migrated, transferring downloaded
updates and settings to the new server.
As mentioned before, the Windows Server Migration Tools can be used to help migrate some of these
server roles and features, as well as server configuration settings.
Question: Which server roles are you interested in migrating?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-8 Deploying Windows Server 2008
Introduction to Windows Server Migration Tools

Key Points
The Windows Server Migration Tools were developed to make migration much easier and therefore, more
accessible to non-experts. Generally moving data from one server to another, importing permissions or
transferring settings can be tedious, slow and prone to error. With Windows Server Migration Tools you
can take a source computer, running one of the supported operating systems, and transfer selected
settings and information to a destination computer in a relatively straightforward manner.
Installing Windows Server Migration Tools
The Windows Server Migration Tools must be installed both in the destination and the source computers.
Below is a list of supported source operating systems.
Windows Server 2003 with Service Pack 2 (x86 or x64)
Windows Server 2003 R2 (x86 or x64)
Windows Server 2008 (full installation) (x86 or x64)
Windows Server 2008 R2 (full installation) (x64 only)
Windows Server 2008 R2 (Server Core installation) (x64 only)
Below is a list of supported destination operating systems (x64 only).
Windows Server 2008 R2 (full installation)
Windows Server 2008 R2 (Server Core installation)
Below is a list of the Windows Server editions supported on both source and destination servers.
Foundation
Standard
Enterprise
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-9
Datacenter
There are several steps involved in installing the Windows Server Migration Tools and there are differing
requirements for installation depending on the source operating system. The installation steps can be
broken down into the following:
1. The administrator must install the Windows Server Migration Tools as a feature on the Windows
Server 2008 R2 destination computer. This installation comprises the Windows PowerShell cmdlets as
well as the smigdeploy.exe command-line tool that is used for many tasks.
2. Where the source computer is not Windows Server 2008 R2 the administrator must create a
deployment folder on the destination computer using smigdeploy.exe. This deployment folder
contains the Windows Server Migration Tools installer files for the source computer.
3. The administrator must copy the deployment folder to the source computer, and then use it to install
the Windows Server Migration Tools.
Note: Where the source operating system is Windows Server 2008 (i.e. pre-R2) you need to ensure
that Windows Powershell version 1.0 or higher is installed and where the source operating system is
Windows Server 2003 you need to ensure that Microsoft .NET Framework 2.0 is also installed.
For source computers that are not Windows Server 2008 R2 you may also need to register the Windows
Server Migration Tools snap-in with Windows PowerShell before it can be used. This is done using
smigdeploy.exe.
Once the installation is complete the administrator will use Windows PowerShell to generate migration
packages on the source computer and import the packages onto the destination computer. You also need
to be aware that some migrations can migrate data directly over the network and in order to be able to
do this successfully the ports in the following bulleted list must be open on both computer firewalls
manually, i.e they are not opened by default. The ports can be opened manually from the command line
using netsh.
TCP 7000 In
User Datagram Protocol (UDP) 7000 In/Out
After installing the Windows Server Migration Tools, the administrator runs the Windows PowerShell
commands to specify what to export or import.
Note: Both physical and virtual machine migrations are supported, and both source and destination
operating systems must be installed in the same user interface (UI) language.
Also, the Windows Server Migration Tools cannot be used on Windows Server 2008 Server Core
installations as the .NET framework is not available in this environment.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-10 Deploying Windows Server 2008
Migrating Server Roles by Using Windows Server Migration Tools

Key Points
Many roles, features, services and configurations can be migrated using the Windows Server Migration
Tools. Some of these services and configurations are:
BranchCache
DHCP
File Services (older systems, such as the Windows 2000 Server can be migrated using the Microsoft
File Server Migration Toolkit)
Hyper-V
IP Configuration
Local Users and Groups
Routing and Remote Access Service
Windows Server Update Services 3.0 with Service Pack 2
Note: There are other services that can be migrated without using the tools, such as Active Directory
Certificate Services or Print Services. Print Services migration will be covered later in this module.
How Do the Windows Server Migration Tools Work?
After deciding which roles will be migrated and planning the migration, the Windows Server Migration
Tools can be used to ease the data and settings transfer process (the execution phase.) This is an overview
of the process of migrating a server using the Windows Server Migration Tools:
1. Plan the migration. Test the source and destination server. Check the server health before starting the
migration.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-11
2. Install the Windows Server Migration Tools feature on the destination server.
3. Install the appropriate role on the destination server.
4. Back up the source server.
5. Create a deployment folder on the destination server and copy it to the source server.
6. Install the Windows Server Migration Tools on the source server using the deployment package inside
the deployment folder.
7. Use the Windows Server Migration Tools to transfer settings and data to the destination server using
the Export-SmigServerSetting and Import-SmigServerSetting Windows PowerShell cmdlets.
8. Disable the source server.
9. Test the destination servers functionality and performance.
10. Troubleshoot any issues that might arise.
11. Decommission the source server when there are no more issues and the destination server has been
thoroughly tested.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-12 Deploying Windows Server 2008
Demonstration: Migrating Server Roles by Using Windows Server
Migration Tools

Key Points
In this demonstration, you will see how to prepare to migrate a File server from Windows Server 2003 to
Windows Server 2008 R2.
The instructor will demonstrate how to install and configure Windows Server Migration Tools.
Demonstrate how to install the migration tools.
Demonstrate how to prepare to migrate roles from a Windows Server 2003 server to one that is
running Windows Server 2008 R2.
Demonstration Steps
1. Install Windows Server Migration Tools in the destination server.
2. Install the File Server role.
3. Create a deployment folder for the source server.
4. Install Windows Server Migration Tools in the source server.
Question: What did the administrator have to copy from the new server to the old server?
Question: Should the administrator perform any other tasks on the source server before proceeding with
the migration?

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-13
Lesson 2
Migrating File and Print Servers

This lesson covers the new features of the File Services role in Windows Server 2008 R2, changes in
storage, File Services, Print Services, and migration processes using the Windows Server Migration Tools
and the File Server Migration Toolkit.
Objectives
After completing this lesson, you will be able to:
Explain why you should migrate Files Services to Windows Server 2008 R2.
Explain why you should migrate Print Services to Windows Server 2008 R2.
Migrate File Services from Windows Server 2003.
Migrate File Services from Windows 2000 Server.
Apply considerations for Encrypting File Systems (EFS).
Migrate Print Services to Windows Server 2008 R2.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-14 Deploying Windows Server 2008
Discussion: Why Migrate Files Services to Windows Server 2008 R2?

Key Points
There have been many changes to the File Services role in Windows Server 2008 R2 which may influence
your decision to migrate your existing File service infrastructure. These changes provide improved
performance, security, manageability and scalability. Below is a list of some of the changes.
Changes in File Service Functionality in Windows Server 2008 R2
Distributed File System (DFS). The DFS Service provides an administrator with a means of sharing data
on different servers through a distributed namespace thus making them available to users as a single
set of folders.
Distributed File System Replication (DFS-R). DFS-R provides high availability and improved
performance of the DFS namespace by managing the replication across the different servers.
Some significant changes are Access-based Enumeration for DFS resources, which allows
administrators to hide files and folders to a user who does not have Read permission, or Read-
Only replication.
More performance counters to monitor different aspects of DFS.
Better performance when using namespaces of 5,000 or more DFS folders.
DFS Replication can now be used in a failover cluster.
Network File System (NFS). NFS enables a mixed environment enterprise to share files between
Windows and UNIX systems.
Support for Netgroup, which provides a simplified control of login and shell access.
Support for RPCSEC_GSS, which allows NFS to use Kerberos v5 authentication.
Remote NFS management is available by using Windows Management Instrumentation (WMI).
New access for unmapped UNIX users is available, providing users with custom NFS security
identifier (SID) independent to Windows SIDs.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-15
The following versions of UNIX are now supported: Sun Microsystems Solaris version 9, Red Hat
Linux version 9, IBM AIX version 5L 5.2, and Hewlett Packard HP-UX version 11i.
File Server Resource Manager (FSRM): The FSRM, introduced in Windows Server 2003 R2, provides
administrators with a centralized console to manage folders, create limits, and block users from saving
specific types of files. It also provides the ability to create customized reports. The following are the
main changes:
File classification permits an administrator to define classification properties for files, and assign
values using classification rules.
File management tasks can be used to create different scheduled tasks, such as file expiration,
based on time and type of access. Also, notifications can be created to alert an administrator of
occurrences through the event log, an e-mail, or by running a script.
Scenario
Fabrikam, Inc. has an existing File Services infastructure running on Windows Server 2003 R2 and
Windows 2000 Server environments. Some computers use UNIX. Also, Some folders must be available in
read-only state in different locations.
Question: What are some of problems that the Fabrikam administrator can encounter when managing
and maintaining this infrastructure?
Question: Which technology could help Fabrikam have a shared read-only copy of a group of folders?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-16 Deploying Windows Server 2008
Discussion: Why Migrate Print Services to Windows Server 2008 R2

Key Points
In Windows Server 2008 R2 the server role Print Services has changed to a new role named Print and
Document Services. This role provides enhanced management and functionality for managing printers,
scanners and print and scanner servers as well as increased functionality and support for documents
consumed by those. Also, the Print Management and Scan Management consoles provide a centralized
point to manage print and scan queues from different servers.
New Functionalities of the Print and Document Services Role
Changes in the Print and Document Services role since Windows Server 2003 are:
Print migration enhancements. There are new features provided in the Printer Migration Wizard and
the Printbrm.exe command-line tool. These features include better reporting and rollback capabilities
or more granularities in the restoration of the security settings of a print queue. Theres is also support
for Print Server migration directly from Windows 2000 Server and Windows Server 2003 to Windows
Server 2008 R2. These tools are further explained later in this lesson.
Printer driver isolation. This feature enables the print spooler process to keep running in the event of
a printer driver failure. This provides greatly improved fault tolerance and a method of testing new
drivers more safely.
Print administrator delegation. This feature permits an administrator to delegate common tasks to
other users in an easy and secure manner.
Print Management snap-in improvements. This feature, which was first introduced in Windows Server
2003 R2, provides improvements such as a central viewer of all the printers installed on the network,
as well as a printer driver manager.
Client-Side Rendering performance improvements. This feature reduces network usage and enhances
the print server operations.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-17
XML Paper Specification (XPS) print path improvements. These improvements provide the XPS printer
(introduced in Windows Server 2008) with a much faster engine, better image and color capture, and
a new application programming interface (API) layer for independent programmers.
Location-aware printing improvement. With these improvements, users can set up default printers
depending on the network they are connected to.
Distributed Scan Server role service. With this service administrators can manage Web Services on
Devices (WSD) network scanners in a centralized console. Administrators can also use it to create scan
processes, which are groups of instructions that determine how to scan a document, who receives it,
where it is stored, and what users and groups can apply these processes.
Scenario
Fabrikam is preparing to migrate its Print servers. The current print servers are on Windows 2000 Server
and Windows Server 2003 computers. The new servers will be Windows Server 2008 R2 computers. Some
of the goals of the migration include: reducing network bandwidth, improving server utilization, and
easing administration.
Question: What are the main problems administrators can face before upgrading?
Question: Which tools can the administrator use to migrate printers from the old servers?
Question: Which new feature of Windows Server 2008 R2 Print Services will help reduce bandwith use in
the companys network?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-18 Deploying Windows Server 2008
Preparing to Migrate File Services

Key Points
As with all significant changes you make to your infrastructure you must first understand what it is you are
trying to achieve and why, then carefully plan your actions so that you fully understand the requirements,
the process and the risks involved.
As discussed earlier in this module, there are four distinct phases that you need to consider in order to
have a successful migration.
Planning (pre-migration)
Execution (migration)
Post-Migration (verification)
Troubleshooting
Planning Phase
In this, and the next topic, we consider a migration from a Windows Server 2003 infrastructure to provide
some context but the process and considerations are effectively the same for any migration.
Scenarios and configurations that are supported migration scenarios include the following:
The file server is joined to a domain.
The file server is in a workgroup.
File server data and shared folders that are located in a SAN or other external storage location that
preserves data and shared folder permissions, except data for local users and groups.
File server data and shared folders that are located on the server disk, such as direct-attached storage,
that preserves data and shared folder permissions.
The system uses Distributed File System Namespaces or Distributed File System Replication.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-19
File Server Resource Manager migration from Windows Server 2003 R2, Windows Server 2008, and
Windows Server 2008 R2 to Windows Server 2008 R2.
Shadow Copies of Shared Folders is also supported.
Supported Operating Systems are:
Source
server
processor
Source server operating
system Destination server operating system
Destination
server
processor
x86 or x64 Windows Server 2003 with
Service Pack 2
Windows Server 2008 R2, both full and
Server Core installation
x64
x86 or x64 Windows Server 2003 R2 Windows Server 2008 R2, both full and
Server Core installation
x64
x86 or x64 Windows Server 2008, full
installation
Windows Server 2008 R2, both full and
Server Core installation
x64
x64 Windows Server 2008 R2 Windows Server 2008 R2, both full and
Server Core installation
x64
x64 Windows Server 2008 R2,
Server Core installation
Windows Server 2008 R2, both full and
Server Core installation
x64
Note: You can also migrate between physical and virtual operating systems.
Tasks in the Planning Phase
The following are tasks that must be performed to ensure a successful migration.
1. Determine which File Services are installed on the source server and which need to be migrated to the
destination server. Ensure there is enough disk space available on the destination server, and if any
Disk Quotas would obstruct the transfer.
2. If the migration includes FSRM, then the drive letters on both servers must be the same.
3. Block remote user access to the destination server until the migration is completed to avoid possible
disruptions and data corruption.
4. File Services migration preserves permissions on files and folders. If there is any inherited permission
you must make the destinations parent folder permissions match the sources parent folder
permissions.
5. If the migration includes DFS, then the DFS Namespaces and the DFS Replication role services must
be installed on the destination server. The destination server must belong to the same AD DS domain
as the source server.
Also, a full backup or a system state backup of the source server and the domain should be executed
prior to the migration, as well as an export of the DFS namespace information configuration of each
namespace using DFSUtil.exe. For example:
DFSUTIL.exe root export <\\domain\Namespace> <Filename>
Note: DFSUtil is available by default in Windows Server 2008 R2 and is available for download for
Windows Server 2003 R2.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-20 Deploying Windows Server 2008
6. After completing the above steps, the Windows Server Migration Tools must be installed first on the
destination server and then on the source server. This is discussed in more detail in the following
topics.
7. On the source server, test DFS replication by using DFSRDiag backlog to check synchronization with
the other partners. You can do this by completing the following commands on each replication
folder:
DFSRdiag backlog /ReceivingMember:<Source Server> /SendingMember:<Replication Partner
Server> /RGName:<Replication Group Name> /RFName:<Replicated Folder Name>
and
DFSRdiag backlog /ReceivingMember:<Replication Partner Server> /SendingMember:<Source
Server> /RGName:<Replication Group Name> /RFName:<Replicated Folder Name>
8. Notify users that the service will not be stable for the time of the migration because performance and
connection could be reduced or lost. It is recommended to ask users to stop accessing the server for
the duration of the migration.
General Considerations When Planning to Migrate File Services
When planning your migration, it is easy to forget the following:
If the hard disk drive that contains your data is physically moved from the source server to the
destination server, the file and folder permissions for local users are not preserved.
You need to determine and manually migrate reparse points, hard links, and mounted volumes, as
they are not migrated when data is copied.
To determine reparse points type:
Dir <X:\Test\*> /s /A:L.
Where X is the drive letter, test is a test folder and /A:L specifies only reparse points be returned
from the command.
To enumerate hard links on a file in Windows Server 2008 R2 you can use the following command:
Fsutil hardlink list <X:\Test\Test.txt>
If you wish to determine all hard links on all files in a particular folder in Windows Server 2008 R2
you can do so using the Windows PowerShell command:
Get-ChildItem D:\* | %{'Links for: ' + $_.FullName; fsutil hardlink list $_.FullName;
""}
To facilitate migrating file and shared folder permissions, you must migrate local users and groups as
part of the migration procedure. However, not all user and group attributes are migrated.
Remember to open TCP and UDP ports 7000 on both servers to allow data transfer.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-21
Migrating File Services

Key Points
After planning, the administrator should execute the migration and then check that everything was
successfully completed.
Execution Phase
During the execution phase, settings and data are transferred from the source server to the destination
server. Also, during this phase, administrators should not modify the configuration of either the source
server or the destination server until the migration is fully completed. The following are the steps for the
execution phase:
1. If the source server is running Windows Server 2008 R2, the administrator should consider migrating
BranchCache settings and data, Offline Files settings, and scheduled file management tasks.
2. An inventory of DFS Namespaces must be created using the DFS Management Console on Windows
Server 2003 R2 or higher. DFSUtil.exe should be used on Windows Server 2003. In addition, an
inventory of DFS replicated folders must be created, which should include replication groups that the
source server is part of, replicated folders on the source server and their paths, connections to other
servers, and Disk Quotas.
3. When migrating FSRM, export the FSRM configuration using Windows PowerShell and then copy the
configuration files of each volume. Also, scheduled reports configuration must be migrated.
4. If shadow copy settings are modified, they should be migrated as well.
5. Execute the migration of local users and groups from the source server to the destination server using
Windows PowerShell.
6. The data can now be migrated. Data can be copied or physically moved from the source server to the
destination server. If data is copied, Receive-SmigServerData and Send-SmigServerData must be
run within five minutes and while using elevated privileges. The destination location is not required to
be the same as the source. Data is encrypted while traveling on the network using a password.
7. If a shared folder is migrated, the Include share modifier of the Send-SmigServerData command
should be used to transfer shared folder settings to the destination server.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-22 Deploying Windows Server 2008
8. When data is copied successfully to the destination server, the source server identity must be
migrated to ensure correct connectivity. The destination server should obtain the sources computer
name and IP address.
9. Finally, every setting that was exported from the source server must be imported on the destination
server.
Physical Migration
Physically migrating a server requires physically moving the storage device i.e. hard disks or logical unit
numbers from the source server to the destination server.
The benefits of physical migration are:
A faster operation for large amounts of data.
All data on the disk is transferred i.e. hard links and mount points.
Shadow copies are preserved if the shadow copies are on the migrated disk drive.
Potential Issues with Physical Migration
Permissions for local users that are not default computer accounts, such as local administrator, are
lost even if the same user name is used when creating the user account on the destination server.
EFS files cannot be migrated.
Encrypted volumes from BitLocker, cannot be migrated.
Remote Storage cannot be migrated.
When you are physically migrating disk drives that have FSRM quotas enabled, it is best to dismount
the drive to avoid unnecessary scans that may occur later.
Post-Migration Phase
During this phase, all migrated settings and data is checked to validate a correct transfer. The
administrator should verify the following, if applicable:
BranchCache settings
Local users and groups
Data and shared folder migration
DFS Namespaces
DFS Replication
FSRM migration
Client connectivity
The source server must be retired, eliminating all data, DFS Namespaces, and DFS Replication groups.
To remove DFS namespaces from the source server you can do so using DFSUtil.exe as follows for
stand-alone namespaces:
DFSutil.exe root remove <\\SourceServer\Namespace>
For domain-based namespaces if there are more than one namespace servers you do not need to do
anything further. If a temporary server was added to the namespace for migration purposes you will
again need to use DFSutil.exe.
To remove the source server from DFS Replication groups use the DFS Management snap-in from all
the listed groups.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-23
When satisified your migration has completed successfully you can simply shut down the source
server and disconnect from the network.
In case the migration did not succeed, a restore procedure should be followed until the issues are solved.
Troubleshooting Phase
During this phase, all migration issues are checked and resolved to ensure a successful migration. After
troubleshooting, another Migration phase usually follows.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-24 Deploying Windows Server 2008
Migrating File Services from Windows 2000 Server

Key Points
Migrating data and settings from a legacy server, such as Windows 2000 Server and older, cannot be
completed using the Windows Server Migration Tool and must be completed separately. The FSMT is a
free solution that allows settings and data migration from legacy servers to Windows Server 2003 and
later. You can use the FSMT to:
Help consolidate multiple obsolete servers into a new Windows Server 2008 R2 file server.
Facilitate the task of copying files and folders with their security permissions from one or more servers
to a destination server, since the tool is based on a graphical interface. There is also a wizard that
creates a step-by-step process to make it even more user-friendly.
Reduce the impact of the migration if there is a DFS root on the source server.
Transfer shared folder files more successfully, even in the case of a name duplication conflict,
renaming them according to the source server by default and allowing any customization to the
names of every server.
Provide full cluster support, both for source and target servers.
Execute a rollback that restores access to the source servers, in case there is a disruption in the file
copy.
Migration Steps
After installing the FSMT, you can run the File Server Migration Wizard to start migrating data. The File
Server Migration Wizard is a component of the File Server Migrations Toolkit and its use is divided into
four phases: setup, copy, finalize and complete.
Setup phase. Before the migration can start, the administrator must specify the source file servers,
shared folders both in the source and destination servers, destination location, and DFS root and link.
All these settings are recorded to an XML file that might be used for troubleshooting or at a later
time.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-25
Copy phase. At this time, the destination folders are created and the file copy begins. Users can still
access files in the source server (open files are copied on the finalize phase) but it is recommended to
block access to them before the copy starts to maximize network bandwidth. Once finished, a report
is created with the results. If there was an error, the phase can be repeated and only changed files are
copied.
Finalize phase. At this point, all users are disconnected from the server and the open files in the copy
phase are now copied. A new report is created with the final results of the file copies. If there are
errors, a rollback can be executed at this point.
Complete phase. A final report is created that links to any errors from other phases, as well as, source
and destination server details.
If necessary, the DFS Root Consolidation Wizard must be executed afterwards.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-26 Deploying Windows Server 2008
Considerations for Migrating Encrypted Files

Key Points
Encrypting File System (EFS) is used to encrypt files and folders on NTFS file system volumes. It is
certificate-based and thus relies on your Public Key Infrastructure.
Considerations for EFS Migration
The Windows Server Migration Tool does not provide support for migrating EFS protected files.
One solution for EFS migrating is to use Robocopy, which has been added as a command-line tool to
Windows Server 2008 and Windows Server 2008 R2, to copy EFS-encrypted files without the decryption
key. Files that are copied using Robocopy remain encrypted.
Backing up the files prior to migration is an important consideration and as such you need to be aware of
the following:
Windows Server Backup, available as a feature in Windows server 2008 R2, maintains the files EFS
settings. This is relevant if migrating from a Windows Server 2008 environment.
NTBackup, present in Windows Server 2000 and 2003, has been removed from Windows Server 2008
R2. Previous backups made on the Windows XP operating systems, Windows 2000 Server and on
Windows Server 2003 can be restored on the Windows 7 operating system and Windows Server 2008
R2 by using the Windows NT Backup Restore utility.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-27
Migrating Print Services to Windows Server 2008 R2

Key Points
The Printer Migration Wizard and the Printbrm.exe tools provide a simple and straightforward method to
migrating Print Servers to Windows Server 2008 R2.
Note: Migration from servers prior to Windows Server 2003 is not supported; these should be
migrated to the Windows Vista operating system and from there, to Windows Server 2008 R2.
The Printer Migration Wizard can also be used during a reinstallation or upgrade to back up and
restore the print server settings.
Administrators execute the wizard from the Print Management console. The administrator must select the
Print Server where settings are exported from and then click Export printers to a file.
Printbrm.exe is a command-line tool with a very easy syntax that can export and import Print Server
settings from a command prompt with administrative credentials. Some advantages of using this tool are
the scripting and scheduling possibilities, as well as the ability to create backups and selectively restore
specific printers.
Below is an example of the tool syntax, run usually from the destination server:
To export the settings:
%WINDIR%\System32\Spool\Tools\Printbrm -s \\<sourcecomputername> -b -f
<filename>.printerExport

To import the settings:
Printbrm -s \\<destinationcomputername> -r -f <filename>.printerExport
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-28 Deploying Windows Server 2008
Note: Keep in mind that Windows Server 2008 R2 is a 64-bit operating system; therefore, 64-bit
drivers should be loaded in advance on source servers that run on a 32-bit operating system. If this
step is not taken, Windows will try to use drivers from its Drivers folder, if available.
Printbrm.exe has many other possibilities, such as preventing the use of the source server access
control list (ACL). To check all of these options, run printbrm /?

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-29
Lab A: Migrating Windows Server 2003 File and Print
Services

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR1 and 6418C-NYC-SVR2.
Lab Scenario
Contoso, Ltd. is finishing its upgrade to the Windows Server 2008 R2 operating system environment.
Now that the operating systems are installed, the services on the old legacy servers must be migrated to
the new servers. The most important services for Contoso are the File and Print Services, so they decide to
start the migration with those two.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-30 Deploying Windows Server 2008
Exercise 1: Installing the Appropriate Tools to Enable Migration of File and
Print Services
In this exercise, the students will:
1. Install file and print server roles on Windows Server 2008 R2.
2. Configure the Distributed File System (DFS) infrastructure to support the content migration.
Task 1: Install File and Print Server roles on Windows Server 2008 R2
1. On NYC-SVR2, open Server Manager and install the File Services and Print and Document Services
server roles with the following options:
Print and Document Services: Print Server
File Services: File Server, Distributed File System
Choose to create a DFS namespace later.
Task 2: Configure Distributed File System (DFS) to support migration
1. On NYC-SVR1, open a command prompt and use DFSUtil.exe to find which namespaces are hosted
on NYC-SVR1.
2. Use DFSUtil.exe to find which kind of namespaces are hosted and which servers host those
namespaces.
3. Use DFSUtil.exe to create a backup of the DFS configuration on NYC-SVR1.
Note: It is recommended to add a second namespace server to a single-server namespace to keep its
permissions. If that is not possible, the permissions should be noted as above.

Note: A full backup of the server is recommended, as well as a System State backup of a domain
controller for a namespace integrated in Active Directory DomainServices (AD DS).

Results: After this exercise, you should have installed the File Services and Print Services roles on NYC-
SVR2. Also, you have prepared NYC-SVR1 for migration.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-31
Exercise 2: Enabling Windows Server Migration Tools
In this exercise, the students will:
1. Install the Windows Server Migration Tools.
2. Create a deployment package.
3. Register Windows Server Migration Tools.
Task 1: Install the Windows Server Migration Tools
On NYC-SVR2, use Server Manager to install the Windows Server Migration Tools Feature.
Task 2: Create a deployment package for NYC-SVR1
1. On NYC-SVR2, use SmigDeploy.exe to create a deployment package for NYC-SVR1. Store the
package in a folder called C:\Migration.
2. Copy the Migration folder to C:\ drive on NYC-SVR1.
Task 3: Register Windows Server Migration Tools on NYC-SVR1
On NYC-SVR1, use SmigDeploy.exe to install the Windows Server Migration Tools. After the tool is
installed, close all open windows.
Results: After this exercise, you should have installed the Windows Server Migration Tools feature on
NYC-SVR2 and registered them on NYC-SVR1.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-32 Deploying Windows Server 2008
Exercise 3: Migrating File Services
In this exercise, the students will:
1. Export local users and groups.
2. Import local users and groups.
3. Migrate data.
4. Rename the printer.
Task 1: Export local users and groups from NYC-SVR1
On NYC-SVR1, start the Windows Server Migration Tools and use the Export-SmigServerSetting
cmdlet to export the local users and groups to C:\Migration\UsersGroups.
Task 2: Import local users and groups to NYC-SVR2
1. On NYC-SVR2, copy the folder C:\Migration from NYC-SVR1 to C:\.
2. Use the Import-SmigServerSetting cmdlet to import the local users and groups from NYC-SVR1.
Task 3: Migrate data from NYC-SVR1 to NYC-SVR2
1. On NYC-SVR2, use the Receive-SmigServerData cmdlet to prepare the server for data reception.
2. On NYC-SVR1, use the Send-SmigServerData cmdlet to export data in C:\Files to NYC-SVR2.
3. On NYC-SVR2, share the C:\Files folder with Administrator full control and Everyone Read permission.
4. On NYC-SVR1, open the Distributed File System console and add NYC-SVR2.Contoso.com as a new
root target.
Task 4: Rename NYC-SVR2 to NYC-SVR1
1. Rename NYC-SVR1to NYC-OLD and shut it down.
2. Rename NYC-SVR2, to NYC-SVR1 and restart the computer. Log back on as Administrator with the
password of Pa$$w0rd.
Results: In this exercise, you migrated the File Server and Printer Server role settings to NYC-SVR2,
NYC-SVR1 was renamed to retire it in the future, and NYC-SVR2 was renamed to take its place.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-33
Exercise 4: Verifying the Successful Migration of File and Print Services
Scenario
In this exercise, the students will verify that file and print services have been migrated successfully.
Task 1: Verify that file and print services have been successfully migrated
1. On NYC-SVR2 (now NYC-SVR1), go to start, click run, and then type cmd.exe.
2. Run net user to get a list of all local users.
3. Run net localgroup to get a list of all local groups.
4. Open DFS Management and verify that the \\contoso.com\sharedfiles namespace exists.
5. Remove the \\NYC-SVR2 namespace server.
6. Go to Start, Control Panel, and then click Printers.
7. Verify that Printer1 exists and is shared.
Results: In this exercise, you validated the services have migrated successfully to the new server.
To prepare for Lab B
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. In the virtual machines pane, click 6418C-NYC-DC1, and then in the actions pane, click Start.
5. To connect to the virtual machine for the next lab, click 6418C-NYC-DC1, and then in the Actions
pane, click Connect.
Important: Start the NYC-DC1 virtual machine first, and ensure that it is fully started before starting
the other virtual machines.
6. Wait for 6418C-NYC-DC1 to start, and then start 6418C-NYC-SVR2 and 6418C-NYC-SVR1. Connect
to the virtual machines.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-34 Deploying Windows Server 2008
Lesson 3
Migrating Web and Application Servers

Companies are investing in Web presence more and more each year. Also, many internal applications
employ a Web server to provide a rich front-end to the user. A usual hurdle to overcome is migrating
settings from Internet Information Services (IIS) 6.0 to IIS 7.5, as the configuration files work differently
and many applications are not ready for the new version.
To assist in this task, Microsoft has developed the Microsoft Web Deployment Tool (MS Deploy), a tool
that helps administrators migrate Web servers or Web sites from a Windows Server 2003 computer
running IIS 6.0 to a Windows Server 2008 R2 computer with IIS 7.5. Also, IIS 7.5 provides many different
options to help with these migrations, such as the Integrated Mode, the .NET Framework 1.1
compatibility, and the pipelining in Classic mode.
Objectives
After completing this lesson, you will be able to:
Describe the Application Server in Windows Server 2008.
List new features in IIS 7 and explain changes from IIS 6.0.
Describe what is new in .NET Framework 3.
Describe what Application Pools are.
Describe the advantages of Integrated Mode.
Describe Metabase Compatibility.
Describe considerations for migrating ASP .NET applications.
Determine the migration considerations.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-35
Application Server in Windows Server 2008

Key Points
An application server is a software framework dedicated to the efficient execution of procedures, such as
programs, routines, and scripts, for supporting the construction of applications. A very common
application server is a Web server, in which these procedures are intended to generate dynamic pages.
In Windows Server 2008 R2 there are three main application roles; the Application Server role, the Web
server role, and the Remote Desktop Services role.
The Application Server Role
The Application Server role provides an integrated environment to install and execute server business
applications based on .NET Framework 3.0 or higher. This role supports technologies such as, COM+, Web
services or Windows Presentation Foundation among others.
Note: An Application Server is different from a Web Server because it hosts applications that run
natively on the server and the client, instead of preparing and providing content to a browser.
The Application Server role was completely rebuilt in Windows Server 2008 to provide easier installation
and management environments. In Windows Server 2008 R2, the performance has been enhanced and
support for the .NET Framework 3.5.1 and 4.0 has been added.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-36 Deploying Windows Server 2008
Introducing New Features in Internet Information Services
8
Key Points
IIS 7.5 provides an extensive set of new features that are aimed at easing the administrators job and
providing a much faster and personalized service. The most important new features since IIS 6.0 are:
Shared Configuration. Shared Configuration provides a unique configuration file for the whole server
that can be shared with other servers in the organization. This provides a much easier implementation
of settings to load-balanced servers or a Web-server farm. Sharing the configuration file is very
simple, and can be performed with appcmd.exe or the management console.
Automatic Application Pool Isolation. IIS 6.0 introduced Application Pools to group different
applications that worked together, but they were not simple to set up and use. By default, many
applications ignored this feature.
In IIS 7 and 7.5, application pool creation is linked to site creation, providing isolation and security by
default.
Componentized Installation. The modularity of IIS 7 and 7.5 allows administrators to selectively install
only the required components for the applications to run, providing a much smaller attack surface.
Administrators can select which components form part of the processing pipeline of each application,
such as authentication or throttling. Another improvement is the possibility of installing external
components, such as Hypertext Preprocessor (PHP), and assigning them to the different sites.
Improved Management Experience. Management complexity is dramatically reduced in IIS 7 and
even more in IIS 7.5. The management console is now feature-focused and provides easy access to all
of the options available for each component. Unfortunately, this new management tool is not
compatible with IIS 6.0. Administrators will manage any servers older than IIS 6.0 with the IIS 6.0
management console.
Security delegation has been eased by providing granular XML Web.config files that can affect a complete
server, a site, an application pool, a virtual directory or even a URL. These files are the evolution of the IIS
6.0 Metabase configuration file, and provide a simpler, more modular approach.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-37
To manage IIS 7 and 7.5 from a command prompt, there is a new IIS Manager Administration tool called
appcmd.exe that can carry out many different tasks. Also, there is a new Windows PowerShell snap-in to
manage IIS 7.5 by using cmdlets.
Note: The Windows PowerShell snap-in can also be downloaded and installed in a Windows Server
2008 to manage IIS 7. Visit http://go.microsoft.com/fwlink
/?LinkId=195907 to download it and learn more.
IIS 7.5 Specific Improvements
These are the most important new features that are not available in Windows Server 2008 with IIS 7:
Many of the extensions available before in the IIS Administration Pack are also included in IIS 7.5.
Request Filtering is now a module instead of an extension.
File Transfer Protocol (FTP) and Web-Distributed Authoring and Versioning (WebDAV) are greatly
improved.
Microsoft IIS Best Practices Analyzer is included to check for compliance and reduce configuration
mistakes.
Extended logging and tracing capabilities.
The application pools are now unique processes to provide a more hardened environment.
Integration with Windows Service Accounts is added to avoid password expiration issues.
IIS 7.5 now supports .NET Framework in Server Core installations of Windows Server 2008 R2. Now,
administrators can host ASP.NET applications on Server Core or manage the server with Windows
PowerShell.
The Web Core of IIS can be embedded in custom applications.


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-38 Deploying Windows Server 2008
Introducing .NET Framework 3.0

Key Points
The most important components in the Windows Server 2008 R2 Application Server role are the .NET
Frameworks 3.0, 3.51 and 4.0. The runtime components for the 3.0 release of the framework is preinstalled
on Windows Vista and the components of the NET Framework 3.51 is installed on Windows 7 and can be
added to Windows Server 2008 R2 through the Server Manager Add Features Wizard. The framework is
also available for Windows Server 2003 and Windows XP, which provides a wide selection of systems to
which developers can write applications.
Many different technologies lie beneath the .NET Framework 3.0. Some of those technologies are:
Windows Communication Foundation (WCF)
Windows Workflow Foundation (WF)
Windows Presentation Foundation (WPF)
Microsoft Silverlight
Language Integrated Query (LINQ)
Developers can use those components to create their applications, and each one of them provides
different functionalities.
Windows Communication Foundation
WCF is an application programming interface that allows developers to create connection and service-
oriented applications. A service-oriented application is based on the concept of services used by an
undetermined number of clients, and WCF provides a platform-independent connection point. This type
of application is becoming increasingly more important for in-house developers as they employ secure,
reliable, and transacted Web services that communicate across platforms and interoperate with other
existing systems and applications in the organization.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-39
WCF enables developers to compose or combine the various technologies that are available today for
building distributed applications in ways that make sense for your organizations business needs and
computing environment.
Windows Workflow Foundation
WF is the programming model and engine for building workflow-enabled applications quickly on
Windows Server 2008. A workflow-based program is different from a traditional one in the following ways:
WF uses declaration of activities instead of line-by-line execution.
Workflows can be transferred to databases or durable storage when the workload is low.
Workflows can adapt to conditions, allowing them to be modified dynamically.
WF provides clear differentiation between execution code and business logic, being able to update
each other independently.
Workflows can work sequentially or based on events (discontinued on .NET Framework 4.0).
Workflows can be represented visually with little effort.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-40 Deploying Windows Server 2008
Application Pools

Key Points
Application pools are isolated environments in which one or more URLs are served by one or more
processes. This means that any external application cannot affect the ones inside the application pool.
Migrating Application pools is a very typical process in medium to large sized companies, as they usually
arrange their Web sites in Application pools to provide better security and availability.
Main Benefits
Application pools provide enhanced performance at the server and application levels. An
administrator can group applications to contain the system resources they might require, providing
the rest of the applications with a concise amount of processor or memory.
Higher availability with application pools. Because application pools are self contained, their failure
would not affect the rest of the applications in the server.
Application pools also provide higher security. Because applications within an application pool cannot
access other applications if they do not belong to the same application pool.
Application Pool Modes
Integrated mode. Application pools running in Integrated Mode will use the execution pipeline of IIS
and ASP.NET to execute requests. This mode is new in Windows Server 2008 and Windows Server
2008 R2.
Classic Mode. Application pools running in Classic Mode will use the older aspnet_isapi.dll to process
requests. This provides higher compatibility, especially with applications developed for IIS 6.0.
The Advantages of Integrated Mode
In IIS 7, ASP.NET works in Integrated Mode by default, providing many improvements over Classic Mode,
such as better performance or the ability to customize the request processes more easily.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-41
The request processing mode is determined by each Application Pool. By default IIS provides two
different Application Pools, each for one of the different processing modes: DefaultAppPool works in
Integrated Mode and Classic.Net AppPool in Classic Mode. Of course, an administrator could create other
Application Pools and assign them request processing modes using the IIS Manager.
To create other Application Pools and assign them request processing modes:
1. Open IIS Manager.
2. Open the connections pane, select the appropriate server, open the Application Pools node, and
then select the appropriate Application Pool.
3. Click Basic Settings in the actions pane.
4. In the Managed Pipeline Mode list, select Integrated or Classic, and then click OK.
Note: APPCMD.EXE can also be used to accomplish this task.
The most important advantage of IIS Integrated Processing Mode is the ability of adding modules
(standard or custom-made) to any Application Pool, such as an URL rewriting script, enhanced
authentication module or response filter.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-42 Deploying Windows Server 2008
Metabase Compatibility

Key Points
The metabase configuration is removed from IIS 7 except for some minor services such as Simple Mail
Transfer Protocol (SMTP). IIS 7 uses a set of XML files that define settings in every different level of
configuration at the Server, Site, Application, Virtual Directory, or File levels. This hierarchy of settings
allows a much better and more granular application of permissions and privileges to each object. Also, it
helps create a good delegation structure.
XML Configuration Files
The file used for server configuration is called applicationHost.config, and includes settings that would be
applied to the complete server. In the different folders of the server, an administrator could also configure
Web.config files that define specific settings for those folders and their contents.
Copying settings from a server to another is now a very easy task; simply copy the appropriate Web.config
files that modify the sites configuration. An administrator would normally copy the entire contents of a
site folder, now these settings would also be copied without requiring any extra effort. A good application
of this improvement is the creation of Web server farms by copying the contents of the sites.
Using Older Scripts or Applications
IIS 7 can easily provide support for legacy applications or scripts that access the metabase by using two
different tools: ABO Mapper and the Metabase Compatibility component.
ABO Mapper. If a legacy application uses the Admin Base Object (ABO) to access and modify the
metabase, the IIS 6 compatibility feature includes the ABO Mapper tool, which remaps any access to
the metabase to the applicationHost.config.
Metabase Compatibility component. If a script or application uses the IIS 6 programming API to
access configuration settings, the Metabase Compatibility component provides an abstraction layer
that will keep them running until new ones are developed.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-43
These applications and scripts should be rewritten as soon as possible, because using these tools provides
less features and performance than native IIS 7 ones. Once they are migrated, the compatibility tools
should be uninstalled.
Note: To install these features, an administrator should go to Roles, Add roles, Internet Information
Services, Web Management Tools and install IIS 6.0 Management Capability Feature with its different
sub-features.
Limitations of Legacy Mappings
Using these compatibility tools requires that administrators double check that IIS 7 mandatory settings are
provided and that discontinued settings are not used.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-44 Deploying Windows Server 2008
Considerations for Migrating ASP .NET Applications

Key Points
Upgrading older ASP.NET applications is a very important step when migrating to Windows Server 2008
R2 as the .NET Framework 1.0 is no longer supported.
Migrating to ASP.NET 2.0 is more difficult than migrating to ASP.NET 1.1, but it is the recommended step
as it provides many new features and better compatibility.
Using Request Processing Modes
As seen in previous topics, IIS 7 provides the Integrated and the Classic processing modes for the different
Application Pools running in the server.
When Windows Server 2008 R2 is installed in a bare metal server, Integrated mode is configured by
default. This affects any application that is later migrated to this server.
On the other hand, when you upgrade a server to Windows Server 2008 R2, Classic mode is used, which
provides better compatibility for applications running on the server by default.
Compatibility with ASP.NET 1.1
To run applications that use .NET 1.1 in IIS 7, the following steps must be taken:
1. Ensure that IIS Metabase Compatibility is installed.
2. Install .NET Framework v1.1 and .NET Framework v1.1 SP1.
3. Enable the ASP.NET v1.1 ISAPI Extension.
4. Add the IgnoreSection Handler to Framework v1.1 machine.config to system.webServer.
5. Move your site or application to a Framework v1.1 application pool.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-45
Discussion: Why Migrate Web Services?

Key Points
The following scenarios present two companies that have a Web environment that should be migrated to
IIS 7.5 for different reasons:
Scenario 1
Woodgrove Bank has many different IIS 6.0 Web servers. The pages hosted on the servers are ASP.NET.
There are new security requirements that must be met:
All of the Web servers must be hosted on computers with encrypted disks.
The attack surface of the servers must be minimized.
The servers must require the lowest number of updates and restarts possible.
Question: How can Woodgrove Bank comply with the new requirements?
Scenario 2
Contoso is a large enterprise that has an intranet Web site visited by thousands of employees daily:
Currently, the Web site is hosted at an IIS 6 Web Server farm.
Every time the developers need to change the configuration, they must update every server in the
farm with the new settings.
Backing up and restoring the configuration files is time demanding and hard to manage.
Adding new servers to the farm takes a long time and is a very demanding task.
Question: How can IIS 7.5 help Contoso manage the Web farm?

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-46 Deploying Windows Server 2008
Considerations for Migrating IIS Servers

Limitations and Changes
When migrating from older versions of IIS, there are several limitations and implications that should be
taken into account, such as:
The IIS Migration Tool is no longer used. This tool was required for performing migrations from IIS 4.0
or 5.0 to 6.0, but it is not supported in IIS 7.
There are many authentication changes in IIS 7 from IIS 6.0, and the Passport authentication is
removed. If necessary, developers could use the Windows Live ID Web Authentication SDK to migrate
applications to Live ID.
The authorization model has changed from the AZMan rules in IIS 6.0 to two different solutions: using
the ASP.NET authorization model or the IIS 7 authorization architecture.
Secure Sockets Layer (SSL) is processed in the HTTP.SYS configuration store instead of the Metabase.
The Web Service Restriction List and the IP Restriction have not changed very much, but there are
some new features that should be taken into account.
The Microsoft Web Deployment Tool
MS Deploy facilitates migration, management, and deployment of IIS Web servers, Web applications and
Web sites. By using this tool, an administrator can do the following:
Perform migrations from IIS 6.0 to IIS 7, determining incompatibilities beforehand and having a
preview of the changes that would be committed before executing the migration process.
Synchronize contents between Web servers in a server farm.
Prepare packaged settings and contents of Web applications (even with databases) for later
deployments or restores.
Set granular permissions over the different objects.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-47
Execute any of these tasks using the IIS Manager, command-line commands, Windows PowerShell
cmdlets or API.
MS Deploy can migrate Web servers in two different modes: Offline and Remote. Using the offline mode,
the tool will create a package that must be copied from the source server to the destination server to
perform the migration. Using the remote mode, one of the servers will have a service running that allows
the other server to connect to it. Depending on which server is running the service, this is called a Push
migration (destination server is running the service) or a Pull migration (source server is running the
service.)
Performing a Migration
To successfully perform a migration, an administrator should follow these steps:
1. Install MS Deploy on both servers. Decide whether you want to use Remote service or Offline mode
to perform the migration.
2. Check the source Web site for any dependencies or special requirements.
3. Prepare the destination server installing the Web Server (IIS) role and any required components.
4. Create a backup of the destination server for an easy recovery if anything fails.
5. Run a sync using the msdeploy command. This could be done using offline mode, remote push or
remote pull. Wait for the synchronization to complete.
6. Verify the Web site by browsing it on the destination server and checking its different settings.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-48 Deploying Windows Server 2008
Lab B: Migrating a Web Application to Windows
Server 2008 R2 and Internet Information Services
(IIS) 7.0

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR1 and 6418C-NYC-SVR2.
Lab Scenario
Contoso, Ltd. is finishing its upgrade to a Windows Server 2008 R2 operating system environment. Now
that the operating systems are installed, the Intranet Web site must be migrated from the older Windows
Server 2003 operating system server. To accomplish this, the administrator will use the Microsoft Web
Deployment Tool.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-49
Exercise 1: Installing the Web Server (IIS) Role with the Required
Components
Scenario
In this exercise, the students will install the Web server (IIS) role on Windows Server 2008 R2.
Task: Install the Web Server (IIS) role
1. On NYC-SVR2, install the Web Server (IIS) role.
2. Install the IIS 6 Management Compatibility role service (including all sub-role services).
Note: In this case, it is not necessary to install Microsoft .NET Framework 1.1, but it might be a
requirement in a real environment. Other IIS components may be necessary also, depending on the
application.
A full backup of the destination server is recommended before installing IIS.

Results: After this exercise, you should have installed the Web Server (IIS) role on NYC-SVR2.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-50 Deploying Windows Server 2008
Exercise 2: Installing the Microsoft Web Deployment Tool
In this exercise, the students will:
1. Install the Microsoft Web Deployment Tool on both servers.
2. Install the Microsoft Web Deployment Tool on NYC-SVR1 with Remote Service.
Task 1: Install Microsoft Web Deployment Tool on NYC-SVR2
On NYC-SVR2, install WebDeploy_x64_en-US from E:\Labfiles\Mod06 in normal mode.
Task 2: Install Microsoft Web Deployment Tool on NYC-SVR1 with Remote Service
1. On NYC-SVR1, install WebDeploy_x86_en-US from \\NYC-SVR2
\E$\Labfiles\Mod06 and select the Custom installation.
2. Install the Remote Agent Service.
3. Start the MSDEPSVC service.
Results: After this exercise, you should have installed the Microsoft Web Deployment Tool on NYC-
SVR2 and NYC-SVR1, and have enabled Remote Services on NYC-SVR1.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-51
Exercise 3: Migrating Web Services to Windows Server 2008 R2
In this exercise, the students will:
1. Run the msdeploy command to do a pull migration of the Intranet Web site.
2. Modify the Intranet DNS record.
Task 1: Run the msdeploy command to do a pull migration of the Intranet Web site
1. On NYC-SVR2 use msdeploy to perform a pull migration of the Intranet Web site on NYC-SVR1. Use
the following command:
msdeploy -verb:sync -source:metakey=lm/w3svc/1,computername=NYC-SVR1 -
dest:metakey=lm/w3svc/1
2. Shut down NYC-SVR1.
Note: You could add whatif at the end of the command to see what would happen if the command
was executed.
Task 2: Modify the Intranet DNS record
On NYC-DC1 modify the DNS record for Intranet to point to nyc-svr2.contoso.com.
Results: In this exercise, you migrated the Intranet Web site to NYC-SVR2. You also modified the
Domain Name System (DNS) record that points to intranet.contoso.com.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-52 Deploying Windows Server 2008
Exercise 4: Verifying the Successful Migration
Scenario
In this exercise, the students will verify that the Intranet Web site has been migrated successfully.
Task: Verify that the Internet Web site has been migrated successfully
On NYC-DC1 use Internet Explorer to connect to http://intranet.contoso.com.
Results: In this exercise, you checked if the Web site has migrated successfully to the new server.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for every virtual machine used in this Lab.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating File, Print and Web Services 6-53
Module Review and Takeaways

Review Questions
1. What are the main tools used to perform migrations to Windows Server 2008 R2?
2. From which Operating Systems can a Windows Server 2008 R2 receive settings and data?
3. Are the tools available in Server Core?
Tools
Downloads
Infrastructure Planning and Design guide
Windows Server 2008 R2 Migration Utilities
Real-Life Scenarios
Question: If your company needs to migrate a File server located on a Windows 2000 Server, which tool
would you need to use?
Question: A File server located on a Windows Server 2003 server contains a folder that needs to be
migrated to a new Windows Server 2008 R2 server. This folder is an EFS encrypted folder. Which utility
should you use to migrate those files?

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
6-54 Deploying Windows Server 2008

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-1

Module 7
Deploying Branch Office and Remote Access Services
Contents:
Lesson 1: Implementing Read-Only Domain Controllers 7-3
Lab A: Deploying a Read-Only Domain Controller to a Branch Office 7-16
Lesson 2: Implementing Remote Infrastructure 7-21
Lab B: Implementing BranchCache 7-35
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-2 Deploying Windows Server 2008
Module Overview

Remote offices usually present challenges for administrators. They are more difficult to control and the
network connections with main offices may have limited available bandwidth.
Remote users also present similar problems for administrators such as managing remote computers and
keeping them connected with an easy to use virtual private network (VPN).
The Windows Server 2008 R2 operating system provides significant new features for managing these
scenarios. Many of these improvements build on what was available in the Windows Server 2003
operating system and Windows Server 2008 operating system.
Objectives
After completing this module, you will be able to:
Implement read-only domain controllers (RODCs) to support branch offices.
Implement remote infrastructure features to support branch offices.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-3
Lesson 1
Implementing Read-Only Domain Controllers

Setting up a secure remote office is difficult and there are many obstacles that make the task complicated.
For example, users must be able to authenticate easily, even if the link to the main office is broken.
Sometimes the delegation of duties is faulty and more privileges are provided to the branch
administrators than necessary. Occasionally branch administrators are not prepared to manage a domain
controller correctly.
An RODC addresses all of those issues by providing a read-only copy of the Active Directory database
that prevents important attributes from being replicated to it.
This lesson will provide the required information on how the RODC works and how to deploy the RODC
on an Active Directory Domain Services (AD DS) infrastructure.
Objectives
After completing this lesson, you will be able to:
Describe RODC.
Apply considerations for deploying an RODC.
Describe the process of deploying an RODC.
Explain the options for unattended domain controller deployment.
Explain how to secure the RODC following deployment.
Configure an RODC.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-4 Deploying Windows Server 2008
What Is an RODC?

Key Points
An RODC is a very important component in the Windows Server 2008 operating system and Windows
Server 2008 R2 AD DS branch office strategy. It contains a read-only subset of the AD DS database and
can contain read-only AD DS integrated Domain Name System (DNS) zones. When the RODC is deployed,
the administrator can choose which passwords are stored there. This not only provides much improved
security, but also simplifies remote credentials management and improves remote office authentication
speed.
The branch offices still require authentication with AD DS without an active link to a central location.
RODCs could also be deployed in environments where physical security is not guaranteed or where
unauthorized personnel need to log on to domain controllers to perform tasks such as installing software
updates.
RODCs can be used in any Active Directory domain running in Windows Server 2003 functional level or
higher, and because of their read-only status, replication is a one-way inbound direction to the site from
any Windows Server 2008 or higher domain controller.
RODCs have a read-only DNS zone and a read-only System Volume (SYSVOL) folder. The DNS update
requests that clients generate are forwarded to Primary DNS Servers. The SYSVOL folder is generated
using File Replication Services (FRS) or Distributed File System Replication (DFSR), and in Windows Server
2008 R2, using DFS-R read-only mode.
RODCs and Backup Domain Controllers (BDCs)
Sometimes, RODCs are confused with the Microsoft Windows NT Server 4.0 operating system BDCs.
Although both are read-only servers, they differ dramatically from each other in the following ways:
BDCs contain the full domain partition data, while RODCs only contain a read-only copy of the NTDS
database with only some attributes of the objects.
BDCs contain all of a users credentials, while RODCs only contain preselected credentials.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-5
BDCs can be promoted to primary domain controllers if required, while RODCs cannot be promoted
to writeable domain controllers.
While an RODC is a server role, a BDC is an installation choice. This makes RODCs more flexible.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-6 Deploying Windows Server 2008
Preparing to Deploy RODCs

Key Points
Deploying one or more RODCs in a company requires many checks to minimize possible errors. A basic
list of the checks is:
The Active Directory domains and forest must be in Windows Server 2003 functional level or higher.
There must be at least one writable Windows Server 2008 or Windows Server 2008 R2 Domain
Controller in the same domain.
The forest must be prepared by using adprep.exe.
Forest Functional Level
The forest functional level must be Windows Server 2003 or higher, which ensures that all the domains in
the forest are working in Windows Server 2003 functional level or higher. This provides:
Linked-value replication. With linked-value you can only replicate attribute updates through the
domain, saving network bandwidth and improving the database consistency.
Kerberos constrained delegation. A computer can impersonate specific entities in the domain, and the
delegation can only be carried by one computer in the delegation chain.
Writable Domain Controller
An RODC that runs Windows Server 2008 R2 can replicate with a writable domain controller running
Windows Server 2008 or Windows Server 2008 R2. It is recommended, for fault tolerance, to deploy at
least two valid writable domain controllers in the domain.


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-7
Note: Before deploying a domain controller running Windows Server 2008 or Windows Server 2008
R2 in a Microsoft Windows 2000 Server operating system or Windows Server 2003 forest, adprep
/forestprep must be executed on the Schema Master Domain Controller to update the schema of the
forest.

Also, in every Windows 2000 Server or Windows Server 2003 domain in which any Windows Server
2008 or Windows Server 2008 R2 domain controller is deployed, the administrator must execute
adprep /domainprep /gpprep on the domain controller that carries the Infrastructure Master role
on the domain.

Keep in mind that an RODC requires the forest run in Windows Server 2003 functional level, therefore
no Windows 2000 Server domain controller, domain or forest can exist in the infrastructure.
Forest Preparation
Before deploying an RODC in the forest, the domains must be prepared running adprep /rodcprep in
any computer of the forest. This computer must have network access to every domain controller that
carries out the Infrastructure Master role in the forest. The user that adprep/rodcprep must belong to is
the Enterprise Admins security group. This could be performed only once in the forest, as it tries to update
every domain. Also, it can be run any number of times if any Infrastructure Master could not be contacted
on the first try.
Note: The adprep.exe tool can be found in the /Sources/adprep folder in the Windows Server 2008
DVD and in the /Support/adprep folder in the Windows Server 2008 R2 DVD.

Note: If you are running Adprep on a 32-bit domain controller, adprep32.exe must be used instead
of adprep.exe.
RODC Limitations
The administrator must keep these limitations in mind:
Many applications cannot run properly in a site that only contains RODCs, such as Microsoft Exchange
Server.
RODCs should never be placed in a site that contains writable Domain Controllers.
No versions of Microsoft Windows 2000, either client or server, are compatible with RODCs. Also,
some older operating systems require the KB944043 hotfix to use RODCs, such as the Windows XP
operating system, Windows Server 2003 or the Windows Vista operating system without Service
Pack 1.
Note: You can download the hotfix from http://go.microsoft.com/fwlink
/?LinkId=196006.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-8 Deploying Windows Server 2008
Deploying an RODC

Key Points
Administrators must decide how and where to deploy an RODC based on these options:
Installing an RODC on a Windows Server 2008 R2 Full installation server
Installing an RODC on a Windows Server 2008 R2 Server Core server
Upgrading from an older operating system
Using physical or virtual computers
Using Staged or Direct installation
Consider using BitLocker Drive Encryption
Installing an RODC on a Windows Server 2008 R2 Full Installation Server
Although this is the easiest method, it is also used fewer times, because RODCs are usually managed
remotely and do not require a full graphical user interface (GUI). Also, a full installation requires more
updates and many more reboots.
Installing an RODC on a Windows Server 2008 R2 Server Core Server
A server running a Server Core installation can run fewer roles than one with a Full installation, and RODC
is one of them. Installing a Server Core has some benefits and drawbacks, such as:
Less updates required. This means fewer reboots and incompatibilities after updates.
More secure environment. With a smaller server installation, fewer files can be attacked. Also, only
specific credentials are cached on the server when users log on to their computers, minimizing the
impact of somebody physically stealing the server.
Less disk space required and less memory utilized.
More difficult direct management.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-9
Fewer compatible applications.
A Server Core cannot convert to a full installation, or the reverse.
Usually, but not always, this installation method is combined with a staged installation.
Upgrading from an Older Operating System
Windows Server 2003 with Service Pack 2, Windows Server 2003 R2 operating system, or Windows Server
2008 can be directly upgraded to Windows Server 2008 R2. By doing this, the server retains its name,
Internet protocol (IP) address, and other settings.
If a domain controller is updated to Windows Server 2008 R2 to install an RODC, the administrator must
demote the domain controller before or after the upgrade.
Note: Only Server Core installations of Windows Server 2008 can be directly upgraded to a Server
Core installation of Windows Server 2008 R2.
Supported Direct Upgrade Scenarios:
Source: Windows Server 2003 (SP2, R2) Destination: Windows Server 2008 R2
Windows Server 2003 Standard operating
system
Windows Server 2008 Standard operating system,
Windows Server 2008 Enterprise operating system
Windows Server 2003 Enterprise Edition
operating System
Windows Server 2008 Enterprise, Windows Server
2008 Datacenter operating system
Windows Server 2003 Datacenter Edition
operating system
Windows Server 2008 Datacenter

Source: Windows Server 2008 Destination: Windows Server 2008 R2
Windows Web Server 2008 operating system Windows Web Server 2008 R2 operating system,
Windows Server 2008 R2 Standard operating system
Windows Server 2008 Standard Windows Server 2008 R2 Standard, Windows Server
2008 R2 Enterprise operating system
Windows Server 2008 Enterprise Windows Server 2008 R2 Enterprise, Windows Server
2008 R2 Datacenter operating system
Windows Server 2008 Datacenter Windows Server 2008 R2 Datacenter
Web Core Web Core, Standard Core
Standard Core Standard Core, Enterprise Core
Enterprise Core Enterprise Core, Datacenter Core
Datacenter Core Datacenter Core
Using Physical or Virtual Computers
Server virtualization is now a big trend in the industry. Many administrators choose to use it because it
provides many benefits, such as better hardware utilization, improved fault tolerance, or a better energy
consumption rate.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-10 Deploying Windows Server 2008
When deploying a virtual RODC, the administrator must take into account the following issues:
Domain controller or RODC cloning is not supported in any way.
Pausing virtual machines is not supported, because this can generate problems with time
synchronization.
By using virtual machines, it is easier to isolate RODCs from other server roles. It is also recommended to
centralize domain controllers and DNS servers in specific virtualization servers.
Using Staged or Direct Installation
The Direct installation mode is very similar to the installation of a writable domain controller. The steps
are as follows:
1. On the server that will become the RODC, a Domain Admin must run dcpromo.exe in advanced
installation mode.
2. When prompted at the Additional Domain Controller Options screen, the administrator must
select Read-Only Domain Controller (RODC) and then specify the Password Replication Policy and
the Users or Group that are delegated to administer the RODC.
3. The installation could also be performed using dcpromo.exe in text mode or with an answer file.
By using a Staged installation, the administrator divides the installation process in two stages: Account
creation and RODC creation.
1. Account creation. During the first stage, a Domain Admin generates the computer account for the
RODC and, optionally, delegates an entity (user or group) the capability of performing the second
stage of the installation. This first stage is usually executed in the main office.
2. RODC creation. In the second stage, a delegated user runs dcpromo.exe to complete the RODC
installation. Dcpromo can be used graphically, in text mode, or with an answer file. Passwords could
also be pre-populated so that the users can log on directly using the RODC.
Note: An RODC installation is often combined with the Install from Media (IFM) installation to reduce
the bandwidth required.
Consider Using BitLocker Drive Encryption
BitLocker Drive Encryption encrypts selected partitions of the server. This is not required for the
deployment of an RODC because passwords are never stored in the server. However, by encrypting an
RODC you prevent any additional data, such as attributes that are replicated to the server, shared folders,
Group Policy objects (GPOs), etc., from being revealed if the server was stolen.
Implementing BitLocker is complicated and requires more management time than an unencrypted server.
It usually requires a Trusted Platform Module (TPM) chip on the server and a specific organization for the
disk partitions. Also, data partitions cannot be encrypted if the system partition is not encrypted before.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-11
Using Unattended Deployment
Options

Key Points
To perform an unattended RODC installation using the command-line, the administrator must run
dcpromo from a command prompt in the following manner:
dcpromo /unattend /<unattendOption>:<value> /<unattendOption>:<value> ...
There are many options that can be used. The most typical ones are:
InstallDNS. Specifies whether to install the DNS Server role on the server.
ConfirmGC. Specifies whether the domain controller (DC) is a global catalog server.
ReplicaOrNewDomain. Specifies whether the DC is an RODC (value would be ReadOnlyReplica), a new
DC on an existing domain (Replica) or a new DC on a new domain (Domain).
ReplicaDomainDNSName. Specifies the name of the domain in which the DC is being promoted.
SiteName. Specifies the name of the site in which the DC will be placed.
DatabasePath. Specifies the location for the NTDS.DIT file.
LogPath. Specifies the location for the Active Directory log files.
SysvolPath. Specifies the location for the SYSVOL directory.
SafeModeAdminPassword. Specifies the password for the Active Directory Recovery Mode startup
option.
PasswordReplicationAllowed. Specifies which users, computers or groups will have their passwords
cached on the RODC. Add the option once for each Security Principal added.
PasswordReplicationDenied. Specifies which users, computers or groups will never have their
passwords cached on the RODC. Add the option once for each Security Principal added.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-12 Deploying Windows Server 2008
Install an RODC Using an Answer File
An administrator could also provide an answer file to less experienced personnel to perform the
installation of an RODC. The person would only need to execute dcpromo /unatted:filename.txt to run
the installation.
The options included in the unattended file are the same used in the dcpromo command-line installation,
and they appear like this:
[DCINSTALL]
InstallDNS=Yes
ConfirmGC=Yes
; Comment
SysvolPath=C:\Sysvol

If the user executing dcpromo is not a Domain Admin, the right credentials should be supplied using the
User and Password options in the unattended file or delegating the installation using the staged
installation method.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-13
Securing the RODC

Key Points
Because RODCs are deployed at branch offices, administrators should prepare to provide security
measures. The most common ways to secure an RODC are to:
Create specific security groups that include administrators from the branch office and delegate them
the permissions to manage the RODC.
Set explicit and restrictive password caching policies. Try to avoid Domain Admins or similarly
important accounts to have cached credentials on any RODC.
Use Server Core installation instead of Full installation.
Use Staged installation with unattended file.
Implement Windows BitLocker Drive Encryption, if the conditions require and allow it. This should be
done if the server contains any sensitive information.
Password Replication Policy
One of the most important features in RODCs is the capability of storing only specific passwords. With this
feature, administrators can choose which users can log on directly through an RODC and which ones must
contact a writable domain controller to do so. Depending on how strict the Password Replication Policy is,
the amount of passwords that could potentially be stolen from an RODC would vary. To increase security,
always try to be as specific as possible when selecting users and groups on the Password Replication
Policy.
To manage the Password Replication Policy of an RODC, the administrator must access the Password
Replication Policy tab in the RODCs Properties window by using Active Directory Users and
Computers. There, the administrator can choose to add any user, computer, or security group to either
the Allowed List or the Denied List, allowing or denying the credential caching of that entity.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-14 Deploying Windows Server 2008
Note: The Denied List takes precedence over the Allowed List, so if a user belongs to both, the
credentials will not be cached on the server.
Domain Management of the Password Replication Policy
To ease credentials caching management, two new security groups are created in a Windows Server 2008
or Windows Server 2008 R2 domain. The Allowed RODC Password Replication group is allowed to every
RODC created in the domain by default. However, the Denied RODC Password Replication group is
denied on every RODC of the domain by default. Many important security groups, such as Domain
Admins or Enterprise Admins are already members of this group to avoid critical credentials caching on
the RODCs.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-15
Demonstration: Configuring an RODC

Key Points
In this demonstration, your instructor will show you how to:
Install and run the Microsoft Remote Server Administration Tools (RSAT) to manage a Windows Server
2008 R2 RODC.
Administer a password replication policy.
Question: Why did the administrator have to use the RSAT from a client computer instead of logging on
to the Domain Controller?
Question: Why did the administrator add the Bellevue Users group of users to the Password Replication
Policy?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-16 Deploying Windows Server 2008
Lab A: Deploying a Read-Only Domain Controller to a
Branch Office

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-RODC1.
Lab Scenario
Contoso, Ltd. is planning to create new branch offices to support its regional sales effort. Security is a
concern and the wide area network (WAN) links fail sporadically.
To support the users authentication at the branch offices, Contoso plans to deploy RODCs. Your task is to
deploy the RODC at the Bellevue branch office, and then perform post-deployment configuration.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-17
Exercise 1: Enabling the Forest to Support Read-Only Domain Controller
Deployment
Scenario
Before being able to deploy the RODC in the Bellevue office, the administrator must prepare the domain.
The main task for this exercise is to prepare the schema and forest to support RODCs.
Task: Prepare the schema and forest to support read-only domain controllers (RODCs)
1. On NYC-DC1, mount the C:\Program Files\Microsoft Learning\6418
\Drives\WServer2008R2_Eval. iso file.
2. On NYC-DC1, run the following command in an elevated privileges command prompt:
D:\support\adprep\adprep /rodcprep
Note: In this case, it is not necessary to run adprep /forestprep or /domainprep because a
Windows Server 2008 R2 Domain Controller already exists in the domain.

Results: After this exercise, you should have prepared the forest for the installation of RODCs.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-18 Deploying Windows Server 2008
Exercise 2: Deploying an RODC Role on Server Core
Scenario
The main office administrator must prepare an answer file to promote the server to RODC in the branch
office.
The main tasks for this exercise are as follows:
1. Modify a sample DCPROMO answer file.
2. Use the answer file to promote the Server Core to RODC.
Task 1: Modify a sample DCPROMO answer file
1. On NYC-RODC1, modify the file C:\Tools\dcpromo.txt with Notepad.
2. Scroll down to ReplicaOrNewDomain and modify the value after = to ReadOnlyReplica.
3. Scroll down to ReplicaDomainDNSName, and then verify that the value after = is set to
Contoso.com.
4. Verify that the values of InstallDNS and ConfirmGC are both Yes.
5. Click Save, and then click Exit to exit Notepad.
Task 2: Use the answer file to promote the Server Core to RODC
1. On NYC-RODC1, type the following commands:
Cd \Tools
Dcpromo /unattend:dcpromo.txt
2. Wait for the Read-Only Domain Controller role to be installed. After the reboot, log back on as
Contoso\Administrator with the password of Pa$$w0rd.
Results: After this exercise, you should have installed the RODC role on
NYC-RODC1.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-19
Exercise 3: Creating the Branch Office Site
Scenario
The users in the remote office will authenticate to the RODC; but, for that to happen, a site representing
the remote office must be created.
The main tasks for this exercise are as follows:
1. Use Active Directory Domain Services tools to create a new site.
2. Configure site replication.
3. Move the RODC to the new site.
4. Verify functionality.
Task 1: Use Active Directory Domain Services (AD DS) tools to create a new site
On NYC-DC1, open Active Directory Sites and Services and create a new site named BellevueBranch.
Select the DefaultIPSiteLink.
Task 2: Configure site replication
1. On NYC-DC1, create a Site Link named WAN-NYC-BEL.
2. Select NewYork and BellevueBranch as Sites in this site link. Click OK.
Task 3: Move the RODC to the new site
On NYC-DC1, move NYC-RODC1 to BellevueBranch.
Task 4: Verify functionality
1. On NYC-DC1, in the Active Directory Users and Computers console, connect to NYC-RODC1.
2. Right-click the Users container. Review that there is no New option.
Results: In this exercise, you configured the new BellevueBranch site and its link to the central New
York site. Then, you moved the RODC to this site so that users can authenticate using it.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-20 Deploying Windows Server 2008
Exercise 4: Securing the RODC
Scenario
After the RODC is deployed to the remote office, the administrator must configure which users will save
their credentials on the RODC and which can manage it.
The main tasks for this exercise are as follows:
1. Configure the password replication policy.
2. Configure administration role separation.
Task 1: Configure the password replication policy
1. On NYC-DC1, in the Active Directory Users and Computers console, connect to NYC-DC1.
2. Modify the Password Replication Policy for NYC-RODC1 to allow Bellevue Users to replicate
passwords.
Task 2: Configure administration role separation
On NYC-DC1, modify the managers for NYC-RODC1, and then select Bellevue Admins.
Results: In this exercise, you configured the security for the RODC by selecting which users can
manage the RODC and which ones can cache their credentials in it.
Lab Shutdown
Shut down 6418C-NYC-RODC1. Keep 6418C-NYC-DC1 running for the next Lab.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-21
Lesson 2
Implementing Remote Infrastructure

Windows Server 2008 R2 has two new features that focus on remote users and branch offices:
DirectAccess and BranchCache. Both features are only available for Windows Server 2008 R2 and
Windows 7 operating system computers.
DirectAccess is a service that provides remote users with an automatic virtual private network (VPN)
tunnel to the main office. Users do not need to configure or start any program, since the computer
seamlessly connects even before the user has logged on.
BranchCache is a technology that improves bandwidth consumption for branch offices. When users access
a document in a different location or the Internet, that document is cached locally in the site, so if any
other users try to access it, the cached copy is retrieved instead.
In this lesson, you will learn more about these features.
Objectives
After completing this lesson, you will be able to:
Describe DirectAccess.
Enable DirectAccess.
Describe BranchCache.
Monitor BranchCache.
Configure BranchCache.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-22 Deploying Windows Server 2008
What Is DirectAccess?

Key Points
VPN connections are ubiquitous at the present time. They are required not only for users to access files
and services in central locations, they are also important for administrators to manage client computers if
required. Normally, users need to start the VPN connection manually, and consequently, it can only be
done when the user is already logged into the computer.
To improve connectivity, security, and manageability, Windows Server 2008 R2 provides a new service
called DirectAccess.
With DirectAccess remote computers can automatically connect to the companys local area network
(LAN). No user interaction is required, and it is protected with the security that Internet Protocol version 6
(IPv6), Internet Protocol Security (IPSec) and Network Access Protection (NAP) provide.
Another important feature is the client manageability, which functions as if the user is connected directly
to the local network.
DirectAccess is a technology available only for Windows Server 2008 R2, the Windows 7 Enterprise, or
Windows 7 Ultimate computers, so no older operating systems are included in a DirectAccess
infrastructure.
Requirements
DirectAccess is a service that has very specific and, in some cases, complicated requisites, and the
administrator must be aware of them. These requisites are:
AD DS. DirectAccess clients and servers must be members of an Active Directory domain. Also, at least
a Windows Server 2008 R2 domain controller and a DNS server must be present in the domain.
DirectAccess server. The DirectAccess server is a Windows Server 2008 R2 server that has at least two
different network interfaces. One of the interfaces must be connected to the internal network, and
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-23
the other to the external network. Also, the external interface must have two consecutive public IPv4
addresses assigned.
DirectAccess client. The DirectAccess client can be a Windows 7 Enterprise operating system or a
Windows 7 Ultimate operating system computer configured to use DirectAccess as soon as an
Internet connection is available.
Network Location Server. The Network Location Server is a Web server that is accessible through
Hypertext Transfer Protocol Secure (HTTPS) only on the internal network. With the Network Location
Server, clients can determine whether they are located in the internal or the external network. This
server can be integrated in the DirectAccess server if no extra machines are available.
IPv6. IPv6 is the newest Transmission Control Protocol/Internet Protocol (TCP/IP) standard and
provides enhanced security, billions of IP addresses, IPSec integration and IPv4 compatibility.
Public Key Infrastructure (PKI). The server and the clients will authenticate using PKI Certificates.
IPSec. The traffic will be encrypted using IPSec Encapsulating Security Payload (ESP) mode.
NAP. Although NAP is not a required component, it provides extra measures to check the clients
security compliance.
Connection Modes
DirectAccess can provide two different connection modes for the infrastructure:
End-to-End protection. DirectAccess clients establish an IPSec session through the DirectAccess server
with the desired application server located on the intranet.
End-to-Edge. DirectAccess clients establish an IPSec session with the DirectAccess server, which then
forwards unprotected traffic to the internal network.
The most secure method is End-to-End protection, because it provides direct authentication and,
optionally, encryption to the connections.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-24 Deploying Windows Server 2008
How DirectAccess Works

Key Points
The DirectAccess connection process happens automatically, without requiring user intervention.
DirectAccess clients use the following process to connect to intranet resources:
1. The DirectAccess client computer running Windows 7 detects whether it is connected to a network.
2. The DirectAccess client computer attempts to connect to an intranet Web site that is specified during
the DirectAccess configuration. If the Web site is available, the DirectAccess client verifies that the
client computer is already connected to the intranet and the DirectAccess connection process stops. If
the Web site is not available, the DirectAccess client verifies that the client computer is connected to
the Internet and the DirectAccess connection process continues.
3. The DirectAccess client computer connects to the DirectAccess server using IPv6 and IPSec. If a native
IPv6 network is not available, the client establishes an IPv6-over-IPv4 tunnel by using 6to4 or Teredo.
Note that the user does not have to be logged on to the computer for this step to complete.
4. If a firewall or proxy server prevents the client computer from using 6to4 or Teredo from connecting
to the DirectAccess server, the client computer automatically attempts to connect by using the IP-
HTTPS protocol, which uses a Secure Sockets Layer (SSL) connection to ensure connectivity.
5. To establish the IPSec session, the DirectAccess client and server authenticate each other by using
computer certificates.
6. By validating Active Directory directory service group memberships, the DirectAccess server verifies
that the computer and user are authorized to connect by using DirectAccess.
7. If NAP is enabled and configured for health validation, the DirectAccess client obtains a health
certificate from a Health Registration Authority (HRA) located on the Internet prior to connecting to
the DirectAccess server. The HRA forwards the DirectAccess clients health status information to a NAP
health policy server. The NAP health policy server processes the policies defined within the Network
Policy Server (NPS) and determines whether the client is compliant with system health requirements.
If the client is compliant, the HRA obtains the health certificate for the DirectAccess client. When the
DirectAccess client connects to the DirectAccess server, the health certificate is submitted for
authentication.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-25
8. The DirectAccess server begins forwarding traffic from the DirectAccess client to the intranet
resources to which the user has been granted access.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-26 Deploying Windows Server 2008
Enabling DirectAccess

Key Points
Before running the DirectAccess wizard, these preparation steps must be carried out:
1. Install Windows Server 2008 R2 on a computer that has two network adapters. These are the
DirectAccess server and the network location server.
2. Join the server to an Active Directory domain that has a PKI available.
3. Install two computer certificates on the DirectAccess server. One is for the Web server; the other is for
computer authentication.
4. Connect one network adapter to the Internet and the other to the LAN.
5. Configure the IP addresses of both adapters. The external adapter requires two consecutive external
IP addresses (never use 10.x.x.x, 172.16.x.x-172.31.x.x or 192.168.x.x) and must be an adapter set to
use a Public or Private firewall profile setting, while the internal adapter must be a Domain profile
adapter. These addresses can be configured using IPv4 (6to4 will be used to translate the addresses.)
Remember to configure the Windows Firewall with the correct exceptions. See the exceptions in the
note below.
6. Double-check that client computers have IPv6 enabled.
7. Add all the DirectAccess client computer accounts to a security group.
8. Install the Web server or Internet Information server (IIS) role on the server. Configure the Web server
as the network location server.
9. An A record must be created on a public DNS server pointing to the DirectAccess servers first
external address.
Note: Firewall exceptions are:
DirectAccess Server, Inbound and Outbound: ICMPv4, ICMPv6
DirectAccess clients, Inbound and Outbound: ICMPv4, ICMPv6
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-27
Installation Process
After the preparation steps are executed, the DirectAccess wizard must be run:
1. Install the DirectAccess Management Console feature on the DirectAccess server.
2. Run the DirectAccess Setup Wizard. Follow the instructions, indicating the root certificate, the
network location server, and the application servers. Note the IPv6 address.
3. Refresh the IPv6 ISATAP addresses on the domain controller and the clients by stopping and
starting the IPHLPSVC service.
4. Update the Group Policy on the clients using gpupdate. Check that the clients have a computer
certificate issued by the certification authority.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-28 Deploying Windows Server 2008
What Is BranchCache?

Key Points
BranchCache is a new service provided by Windows Server 2008 R2 that provides a branch office with a
centralized or distributed cache for its clients, saving communication costs and access latency.
When branch office users access a document in a remote File or Web server running in a BranchCache
enabled Windows Server 2008 R2 server, the contents are locally cached for future access by any user in
the same office. The location of the cache depends on which BranchCache mode is configured: a central
cache server or spread throughout different machines in the site. To determine which files are already
cached, the File and Web servers generate an identifier of each retrieved file using the Secure Hash
Algorithm (SHA) 256.
BranchCache is only compatible with Windows Server 2008 R2 and Windows 7, and it is one of the main
advantages of the combination of both operating systems.
Requirements
BranchCache only works with traffic flows from a Windows Server 2008 R2 server to a Windows Server
2008 R2 or Windows 7 client. To use BranchCache, you must use:
A Windows Server 2008 R2 server that hosts a Web site or a shared folder. If it is a Web server, the
BranchCache feature must be installed. If it is a file server, the BranchCache for remote files role
service of the file services role must be installed, and a GPO must be created to configure the servers
options.
Windows Server 2008 R2 or Windows 7 clients. They must have the BranchCache feature enabled and
configured using GPOs.
BranchCache Modes
BranchCache works in two different modes:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-29
Hosted Cache mode. In Hosted Cache mode, all cached content in the remote office is saved in a
specific Windows Server 2008 R2 server. When a client tries to access a file from the central site, it
retrieves the file identifier from the File or Web server and then contacts the BranchCache server to
check if that file has already been cached. If the file was already cached, the client accesses the
BranchCache file directly. If it was not cached, the client downloads it from the central server and then
the BranchCache server downloads it from the client.
Distributed Cache mode. In Distributed Cache mode, the cached contents are distributed between the
BranchCache client computers in the remote office. When a client tries to access a file from the
central site, it retrieves the file identifier from the File or Web server and then does a local search of it.
If the file was already cached in another client, it is downloaded from it. If it was not cached, the client
downloads the file from the central server and then caches the file for the rest of the clients in the
remote location.
Note: The client computers firewall must be configured to allow incoming
HTTP (TCP 80) and HTTPS (443) in Hosted Cache mode and incoming
HTTP (TCP 80), HTTPS (443) and WS-Discovery (UDP 3702) in Distributed Cache mode.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-30 Deploying Windows Server 2008
Enabling BranchCache

Key Points
To enable BranchCache, both the server and the clients must be configured. Some of those settings can
also be configured using GPOs.
File Server Preparation
To prepare a file server to be part of a BranchCache infrastructure, follow these steps:
1. Select a file server that runs Windows Server 2008 R2.
2. In the Server Manager, select Roles.
3. Select the file services role, and then click Add or Remove Role Services.
4. Select the BranchCache for network files role service and the click Next. Wait for the role service to
be installed.
5. In the Share and Storage Management console, right-click a share that will be used with
BranchCache, and then click Properties.
6. On the Caching tab, select Only the files and programs that users specify are available offline.
7. Select Enable BranchCache, and then click OK.
8. Repeat steps 5 through 7 with every share that will be used with BranchCache.
Web Server Preparation
To prepare a Web server, or a Background Intelligent Transfer Service (BITS) application to be part of a
BranchCache infrastructure, follow these steps:
1. Select a Web or Application server that runs Windows Server 2008 R2.
2. In the Server Manager, select Features, and then click Add or Remove Features.
3. Select the BranchCache Feature, and then click Next. Wait for the Feature to be installed.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-31
Note: You can configure the maximum percentage of physical disk space used to store file identifiers
by modifying the registry key HashStorageLimitPercent in
HKLM\CurrentControlSet\Service\LanmanServer\Parameters.

Note: If you are configuring a clustered File server, the cryptographic seed for the file identifiers must
be shared between the servers of the cluster. To do this, the following command must be used in
every server of the cluster:

netsh branchcache set key passphrase=CUSTOM_PASSPHRASE
BranchCache Service Configuration
After the servers are prepared, GPO must be used to configure the BranchCache settings. Configure
BranchCache Service by using the following steps:
1. Create a GPO using the Group Policy Management Console.
2. Right-click the GPO, and then choose Edit.
3. Go to Computer Configuration, Policies, Administrative Templates, Network, Lanman Server,
and then double-click Hash Publication for BranchCache.
4. Select Enabled. In the drop-down list, select Allow hash publication for file shares tagged with
Windows BranchCache support.
5. Link the GPO to the Organizational Unit (OU) where the computer accounts of the BranchCache
enabled servers are located.
BranchCache Clients Configuration
BranchCache is disabled by default on client computers. Use the following steps to enable BranchCache
on client computers by using a GPO:
1. Create a GPO using the Group Policy Management Console.
2. Right-click the GPO, and then choose Edit.
3. Go to Computer Configuration, Policies, Administrative Templates, Network, BranchCache.
4. Double-click Turn on BranchCache.
5. Select Enabled.
6. Depending on the BranchCache mode that will be enabled, double-click Turn-on BranchCache
Distributed Mode or Turn on BranchCache Hosted cache mode and then enable it.
7. If BranchCache is used with a File server, double-click BranchCache for network files, click Enabled,
and then select the latency required between the client and the server for a client to try to retrieve
the file from a local source.
8. Link the GPO to the Organizational Unit (OU) where the computer accounts of the remote clients are
located. It could also be linked to the remote site.
Note: Remember that you could configure the client Firewall settings in the same GPO.


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-32 Deploying Windows Server 2008
Note: You can configure the maximum percentage of disk space used for the client cache by
configuring this GPO setting:

Computer Configuration, Policies, Administrative Templates, Network, BranchCache, Set
percentage of disk space used for client computer cache.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-33
Monitoring BranchCache

Key Points
BranchCache Monitoring includes the following functions:
BranchCache events monitoring. You can monitor BranchCache events in Event Viewer. BranchCache
has two types of event logs, operational logs and audit logs. The operational log appears in the Event
Viewer at Applications and Services Logs\Microsoft\Windows\PeerDist\Operational and you can view
the audit log events in the Security log.
Work and performance monitoring. You can monitor BranchCache work and performance by using
the BranchCache performance monitor counters. BranchCache performance monitor counters are
useful debugging tools for monitoring BranchCache effectiveness and health. You can also use
BranchCache performance monitor for determining the bandwidth savings in the Distributed Cache
mode or in the hosted cache mode. If you have System Center Operations Manager 2007 SP2
implemented in the environment, you can use BranchCache Management Pack for System Center
Operations Manager 2007.
Infrastructure querying. You can query the infrastructure by using the netsh branchcache show
status all command. The command displays the BranchCache service status, the location of the local
cache, the size of the local cache, and the status of the firewall rules for the HTTP and WS-Discovery
protocols that BranchCache uses.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-34 Deploying Windows Server 2008
Demonstration: Configuring BranchCache

Key Points
In this demonstration, you will see how to:
Install the BranchCache components for Web servers.
Question: What types of servers can be used with BranchCache?
Question: What should the administrator configure after these steps?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-35
Lab B: Implementing BranchCache

Lab Setup
1. 6418C-NYC-DC1 should still be running from the previous lab.
2. If necessary, log on to NYC-DC1 as Contoso\Administrator with the password of Pa$$w0rd.
Lab Scenario
Users in the Bellevue branch office report that the access to the web server from NYC-DC1 is sometimes
slow due to WAN link latency problems. The system administrator decides to implement BranchCache to
improve access speed.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-36 Deploying Windows Server 2008
Exercise 1: Configuring BranchCache on a Server
Scenario
The administrator must prepare NYC-DC1 to act as a BranchCache server.
The main task for this exercise is as follows:
Configure NYC-DC1 as a BranchCache server.
Task: Configure NYC-DC1 as a BranchCache server
1. On NYC-DC1, open Server Manager and then install the BranchCache and WINS Server features.
2. On NYC-DC1, install the Web Server (IIS) Server role with default options.
3. Open a command prompt and start the BranchCache service using the Net Start command.
4. In the command prompt, run the Netsh command to verify that the BranchCache service is running
and configured.
Results: After this exercise, you should have configured BranchCache on NYC-DC1.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-37
Exercise 2: Configuring BranchCache Distributed Cache Mode
Scenario
The administrator decides that hosting the cache in the different client machines in the Bellevue remote
office will be the most efficient mode.
The main task for this exercise is to configure BranchCache client-side settings in Distributed Cache mode.
Task: Configure BranchCache client-side settings in Distributed Cache mode
1. Start both 6418C-NYC-CL1 and 6418C-NYC-CL2 and log on to both computers as
Contoso\Administrator with the password of Pa$$w0rd.
2. On NYC-CL1, open the command prompt and then use Netsh to enable BranchCache in distributed
mode.
3. Use Netsh to verify that the BranchCache service is running and configured.
4. Repeate steps 2 and 3 on NYC-CL2.
Results: After this exercise, you should have configured BranchCache client settings in Distributed
Cache mode.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-38 Deploying Windows Server 2008
Exercise 3: Verifying BranchCache Functionality
Scenario
After installing and configuring BranchCache, the administrator must check if it is working properly.
The main task for this exercise is to use two client computers to verify BranchCache in distributed cache
mode.
Task: Use two client computers to verify BranchCache in distributed cache mode
1. On NYC-CL1, start perfmon.msc and remove the default counters from the graphic display.
2. Add the BranchCache counter category.
3. Change the graph type to a Report.
4. Open Internet Explorer and browse to http://NYC-DC1.
5. Press CTRL+F5 to refresh the Browser window
6. Check in the Performance Monitor graph that Retrieval: Bytes from cache stays in zero and Retrieval:
Bytes from server raises.
7. On NYC-CL2, repeat steps 1-5.
8. Check in the Performance Monitor graph that Retrieval: Bytes from cache raises.
Results: In this exercise, you checked if BranchCache was working.
Lab Shutdown
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Deploying Branch Office and Remote Access Services 7-39
Module Review and Takeaways

Review Questions
1. What are the different types of Active Directory migrations available?
2. Can a Domain Admin prepare the forest for the deployment of a Windows Server 2008 R2 domain
controller?
Common Issues
DirectAccess can be easily misconfigured because there are many steps involved. Pay close attention to
IPv6, and keep in mind that the DirectAccess server must have two different public IP addresses
configured on one interface.
Tools
DirectAccess Connectivity Assistant

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
7-40 Deploying Windows Server 2008

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-1
Module 8
Migrating Workloads to Microsoft Virtual Machines
Contents:
Lesson 1: Overview of Microsoft Virtualization Technologies 8-3
Lesson 2: Installing Hyper-V 8-10
Lesson 3: Migrating Workloads to Hyper-V 8-20
Lab: Migrating Workloads to Microsoft Virtual Machines 8-32
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-2 Deploying Windows Server 2008
Module Overview

Currently, virtualization is the leading Information Technology (IT) trend. There are many virtualization
technologies, such as application virtualization, presentation virtualization or server virtualization, and all
of them will be discussed in the following module. Also, strategies for migrating servers to a virtual
environment and tools to support it will be discussed.
This module provides guidance for migrating existing workloads to a virtual machine environment using
the Microsoft Hyper-V Server 2008 R2
Hyper-V role.
Objectives
After completing this module, you will be able to:
Describe Microsoft server virtualization technologies.
Install and configure Hyper-V.
Plan the migration of workloads to Microsoft virtual machines.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-3
Lesson 1
Overview of Microsoft Virtualization Technologies

Microsoft provides a complete set of products that provide virtualization solutions in many scenarios. You
can use these virtualization products in many different ways to make the IT infrastructure more efficient
and effective. This module provides an overview of the Microsoft virtualization solutions, and details how
you can use them to address many of todays IT infrastructure issues.
Objectives
After completing this lesson, you will be able to:
Describe virtualization.
Explain why you use virtualization.
Describe the features and benefits of Hyper-V.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-4 Deploying Windows Server 2008
What Is Virtualization?

Key Points
Virtualization separates the application and operating system components that users work with from the
actual physical components that provide the application or operating system services. For example, virtual
machines provide all of the functionality of physical servers, but the operating system is not tied to any
particular piece of hardware, and can be made available where it is most convenient.
Applications traditionally have run on an operating system that is running on a particular piece of
hardware. With application and presentation virtualization, those applications may be running on a
centralized server or in a virtual environment that is completely portable to other operating systems or
hardware devices.
Virtualization Solutions
Microsoft provides virtualization solutions that address most of the virtualization requirements for most
organizations:
Server virtualization. Windows Server 2008 Hyper-V and Microsoft Virtual Server 2005 R2 enable
server virtualization, so that you can run multiple virtual machines on a single physical server. This
allows greater density of resource use (hardware, utilities, space) while allowing you to maintain
operational isolation and security. Hyper-V is available either as a standalone product with Hyper-V
Server 2008 R2 or as a role with the Windows Server 2008 operating system or the Windows Server
2008 R2 operating system.
Application virtualization. Application virtualization enables you to run applications in a virtualized
environment on a users desktop. Application virtualization separates the application configuration
layer from the desktop operating system, thereby reducing the potential for application conflicts.
With application virtualization, the application is isolated from the underlying operating system
because the application is encapsulated in a virtual environment. With application virtualization, you
also can configure centralized servers to distribute the applications and simplify the distribution of
updated virtual applications. Microsoft Application Virtualization (App-V) is an example of an
application virtualization platform.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-5
Desktop virtualization. Desktop virtualization is provided by running Microsoft Virtual PC on the
Windows Vista operating system, or Windows Virtual PC and Windows XP Mode on the Windows
7 operating system. Desktop virtualization enables you to run multiple operating systems on a single
workstation, and to run an incompatible legacy or line-of-business (LOB) application within a more
current desktop operating system.
Microsoft (MED-V): Microsoft provides a way to manage a complex desktop virtualization
environment through Microsoft Enterprise Desktop Virtualization (MED-V). With MED-V, you can
create and manage a centralized collection of Virtual PC images, and then deliver those images to
client computers as required.
Presentation virtualization. Remote Desktop Protocol (RDP) in Windows Server 2008 R2 provides
presentation virtualization. RDP is an upgrade of Terminal Services, which was in previous Windows
versions. Presentation virtualization enables you to run applications and maintain application storage
on centralized servers, while providing users with a familiar application interface on their
workstations.
Virtual Desktop Infrastructure (VDI): Microsoft extends the concepts of presentation and desktop
virtualization with VDI. Using VDI, you can host client virtual machines on a Hyper-V infrastructure
and provide access to the virtual machine through RDP.
User state virtualization. User state virtualization enables users to take advantage of separating their
documents and profile information from a specific computer, making it easy to get working again on
a new machine in case of a stolen or dropped laptop. User state virtualization also makes it easy for
users to move between computers, or to experience the same desktop environment when using one
of the other virtualization technologies. To provide user state virtualization, administrators use
roaming profiles or folder redirection, enabling users to access their data from any computer they
might log on to.
Virtualization management. One of the critical components in deploying virtualization is to be able to
manage the solution, including both the physical and virtual components. The Microsoft System
Center suite of tools provides virtualization management. System Center Virtual Machine Manager
2008 R2 (VMM 2008 R2) provides a familiar set of tools for managing both the virtual environment
and the physical layer that hosts the virtual environment, and System Center Configuration Manager
2007 R2 and System Center Operations Manager 2007 R2 can help deploy, manage or monitor virtual
machines and virtualization servers.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-6 Deploying Windows Server 2008
Why Virtualize Workloads?

Key Points
Most organizations are considering virtualization because of the challenges that they are facing and the
associated benefits that they can derive from virtualization. The challenges that organizations are facing
include:
Data Centers Are Reaching Capacity
In many organizations, data centers quickly reach capacity for power and space. These organizations
frequently deploy new servers for every new project or requirement. Building new data centers for most
organizations is cost prohibitive. The data centers also require large amounts of power for cooling and
running the servers. As the cost of electricity increases, this can add significant cost to running the IT
infrastructure as well as wasting resources.
Server Utilization Is Very Low
Most servers run at very low utilization, which is a problem that often aggravates data center capacity. It is
common for servers to run at less than ten percent of capacity. This issue typically develops over time as
organizations purchase more powerful servers to replace end-of-life, underutilized servers. For example, it
is common for organizations to replace old servers that are running at less than five percent utilization
with new servers that are many times more powerful, but without a corresponding increase in server load.
Managing Servers Requires Significantly More Effort
As organizations deploy more servers running many different roles, the effort required to deploy, support
and secure the servers also increases. Frequently, these servers or the applications running on the server
require specialized management tools. Just applying all of the updates required to maintain the servers
can be a significant task as the number of servers increase.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-7
Supporting Legacy Systems Is Difficult
Legacy hardware and systems are becoming increasingly costly to maintain. Many organizations have
business applications that were developed many years ago and have not been upgraded to run on new
operating systems (OS) or on new hardware. Maintaining the old systems is expensive and the potential of
system failure is high, but the cost of updating the systems often is very expensive.
Application Compatibility Can Be Complicated
Most large organizations run many different applications, frequently including different versions of the
same applications. The applications can be expensive to deploy and maintain, and they may be
incompatible, either with the operating systems that the organization deploys or with other required
applications.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-8 Deploying Windows Server 2008
What Is Hyper-V?

Key Points
Hyper-V is a hypervisor-based server virtualization technology, and is included as a role with the Windows
Server 2008 operating system and Windows Server 2008 R2. It is also available as a stand-alone product
called Microsoft Hyper-V Server 2008 R2.
Hyper-V enables a server to run multiple virtual machines, both 32-bit and 64-bit, using part of the
servers resources as their own. Those virtual machines can be used for server virtualization or VDI
environments.
Benefits of Server Virtualization
Server virtualization provides many benefits, including:
Server consolidation. Many servers that organizations deploy are underutilized. By deploying multiple
virtual machines on a much lower number of physical servers, you can increase the server resource
utilization significantly while decreasing the number of physical servers. You can deploy many virtual
machines on one physical server. In most organizations, this will result in a significant decrease in
power and space consumption in the data centers.
Service or application isolation. Server virtualization enables you to run each service or application on
an isolated operating system. This means that you can prevent one application from impacting
another application when upgrades or changes are made. This is preferable to running multiple
applications or services on a single operating system.
Simplified server deployment and management. By creating standard virtual machine builds, you can
deploy new server builds more easily. Because you are deploying virtual machines rather than
physical servers, you also do not need to acquire new hardware, or locate data center space and
power, for each new server.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-9
Note: You may need to invest in new server and storage hardware when first implementing server
virtualization, but an important result of server virtualization is the decrease in the number of physical
servers that your organization has.
Increased service and application availability. Because the service or application no longer connects
directly to a specific piece of hardware, it is much easier to ensure high availability and recoverability.
With live migration in Windows Server 2008 R2, you can move a virtual machine to another physical
server with little or no perceived outage.
Multiple operating systems can run on one consistent platform. With server virtualization, you can
deploy multiple operating system technologies on a single hardware platform. For example, you can
deploy a Windows Server 2003 operating system, Windows Server 2008, and Linux on one Windows
Server 2008 R2 Hyper-V host. Server virtualization also makes it much easier to replace hardware
when it becomes obsolete or fails.
About Virtual Desktop Infrastructure
VDI extends the concept of desktop virtualization by running client operating systems as virtual machines
on servers in the data center. This means that the virtual client computers are not running on the user
desktop, but on a centralized Hyper-V environment in the data center. Users can interact with the virtual
machines by using regular computers or thin clients, and then establishing remote desktop connections to
the virtual machines. In Windows Server 2008 R2, VDI has been integrated with RDP to provide a
consistent client experience.
VDI enables you to centralize a users desktop for easier management. With VDI, the user can get an
individualized desktop experience with full administrative control over desktop and applications.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-10 Deploying Windows Server 2008
Lesson 2
Installing Hyper-V

Before you can deploy a Hyper-V virtualization solution successfully, you must ensure that you have all of
the necessary hardware and that you have identified, and prepared to meet, the basic input/output
system (BIOS) and the Unified Extensible Firmware Interface (UEFI) requirements.
As part of the Hyper-V post-deployment, you must configure the user and server settings properly. A
Hyper-V deployment will have different network requirements based on the type of virtual machines that
you deploy. Configuring the virtual networks to support these requirements can improve performance
and security.
Objectives
After completing this lesson, you will be able to:
List the requirements for deploying Hyper-V.
Install Hyper-V.
Configure Hyper-V.
Configure the virtual machines.
Configure storage to support Hyper-V.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-11
What Are the Requirements for Hyper-V?

Key Points
Before you can run virtual machines in Windows Server 2008 R2 Hyper-V, you must ensure that you
properly address and configure all hardware perquisites on the host computer. There are four
requirements that you must meet before you can install the Hyper-V server role successfully. You must
have:
An x64-based processor (IA64 is not supported).
Hardware Data Execution Prevention (DEP).
Hardware-assisted virtualization.
A BIOS that allows you to enable DEP and hardware-assisted virtualization.
DEP
You must have hardware-enforced DEP enabled. Either Advanced Micro Devices (AMD) no execute bit
(NX) or Intel execute disable bit (XD).
Hardware Virtualization
If you want to run Hyper-V, you must have servers that are capable of running AMD Virtualization (AMD-
V) or Intel Virtualization Technology (VT).
Note: A new feature of Windows Server 2008 R2 Hyper-V is support for AMDs Rapid Virtualization
Indexing and Intel's Extended Page Tables. While Hyper-V does not require these two new features, it
does provide performance improvements for processor capabilities. You can install Hyper-V safely on
older hardware, if it meets DEP and hardware virtualization requirements.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-12 Deploying Windows Server 2008
Note: After modifying the BIOS to support hardware virtualization and DEP, you may have to turn off
the server for the settings to take effect. Performing a restart may not enable the new settings. You
must turn off the computer completely, and then restart it.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-13
Demonstration: Installing Hyper-V

Key Points
In this demonstration, you will see how to install the Hyper-V role in a Windows Server 2008 R2 Core
computer.
Demonstration Steps
Install the Hyper-V server role on the destination server.
Question: Why would the administrator uncheck the use of a network adapter during the installation of
the Hyper-V role?
Question: Can a virtual machine run virtual machines?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-14 Deploying Windows Server 2008
Configuring Hyper-V

Key Points
After installing the Hyper-V role, it is important to configure the different server settings. You can use the
Hyper-V Manager to manage Hyper-V R2 server settings, user settings and Virtual Networks.
Server Settings
If you need to change the Hyper-V R2 Server settings, you can right-click the Hyper-V Server, and select
Hyper-V settings. The settings window for the specified Hyper-V Server opens and you can make any
necessary configurations and modifications to the server and user settings.
Server settings allow you to specify the default folder locations in which you want to store the virtual hard
disk files and virtual machine configuration files. By default, the virtual hard disks are located in the folder:
C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
The virtual machine configuration and snapshot files are located in the folder:
C:\Program Data\Microsoft\Windows\Hyper-V
User Settings
Modifying the user settings enables you to customize how the user interacts with a virtual machine. These
configuration modifications can impact the security of the Hyper-V server. Additionally, you can change
what key sequence is used to release the mouse from the virtual machine window if you do not install the
integration services. There also is the option to reset any check boxes and restore default confirmation
messages and wizard pages that were hidden previously.
By default, the minimum requirement to modify user settings is membership in the local Administrators
group or its equivalent within your organization. However, an administrator can use Authorization
Manager to modify the authorization policy so that a user or a group is permitted to modify user settings.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-15
Virtual Networks
The Virtual Network Manager gives you the ability to create a mechanism for binding virtual machines to
a physical network. Virtual Network Manager enables you to create and manage virtual networks. You can
use Virtual Network Manager to add, remove, and modify the virtual networks. Virtual Network Manager
is available from Hyper-V Manager.
When you create a virtual network, Hyper-V creates a virtual switch. The virtual switch forwards traffic
based on either the media access control (MAC) addresses or the Virtual Local Area Network (VLAN)
Identifiers (IDs). The virtual switch modifies the MAC addresses of packets as it is used to forward traffic
with different MAC addresses than the physical network card MAC address. The advantage is that it can
bind to any 802.3 compliant physical Ethernet network adapter.
You cannot connect a virtual network to a wireless network adapter. The virtual switch changes the MAC
address of the source packet so that it does not match its own MAC address. As a result, you cannot
provide wireless networking capabilities to virtual machines, because the 802.11 standard does not
support the MAC address changes. You can attach only one virtual network to a specific physical network
adapter at a time. You cannot attach multiple virtual networks to the same physical network adapter.
When you create a virtual network:
Hyper-V creates a software-based switch.
You can associate only one Hyper-V R2 virtual switch with a single physical network adaptor.
You can use virtual switches to control and secure network traffic that enters and leaves a virtual
machine.
You can use VLAN IDs to isolate network traffic. These must be configured on the virtual network.
There are three types of virtual networks:
External virtual networks. An external virtual network links the virtual switch with the physical network
directly, allowing virtual machines to connect to external resources. The administrator can choose to
allow the Hyper-V server to have access to this physical network adapter to further isolate the server.
Internal virtual networks. An internal virtual network allows the virtual machines to connect between
them and the Hyper-V server, but does not allow any external access.
Private virtual networks. A private virtual network allows the virtual machines in the server to contact
each other, but not the Hyper-V server or any external resource.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-16 Deploying Windows Server 2008
Configuring Virtual Machines

Key Points
Each virtual machine represents an independent computer. Like a real computer, a virtual machine has
many different components that can be modified to adapt to the computer needs. The virtual machine
settings include the following:
BIOS. Use to configure settings such as Num Lock or startup order.
Memory. Use to configure the memory assigned to the virtual machine. The memory can range from
8 megabytes (MB) to 64 gigabytes (GB) (a virtual machine cannot use more memory than is available
on the physical server).
Processor(s). Use to configure the number of virtual processors that will be used by the virtual
machine (this will be available if the server has more than one processor or core).
Integrated Drive Electronics (IDE) controllers. Use to connect IDE virtual disks or DVD drives to the
virtual machine. The maximum of IDE controllers per virtual machine is two with two devices attached
on each controller. The boot disk must be IDE.
Small computer system interface (SCSI) controllers: Use to connect SCSI virtual disks to the virtual
machine. The maximum of SCSI controllers per virtual machine is four with 64 devices attached on
each controller.
Network Adapters. Use to specify the network connection that the virtual machine has with virtual
networks. A virtual machine can use up to eight virtual network adapters. There are two types,
synthetic and legacy. Synthetic network adapters are faster and more efficient, but older operating
systems and Pre-Boot Execution Environment (PXE) are only supported by the legacy
network adapters.
Communication ports. Use to configure the virtual communication port to communicate with the
physical computer through a named pipe.
Diskette drive. Use to connect virtual floppy disks to the virtual machine.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-17
Importing and Exporting Virtual Machines
Every Hyper-V machine has a unique ID. The unique ID of a virtual machine is called a volume globally
unique identifier (GUID), which is generated automatically when you create the virtual machine. The GUID
identifies each virtual machine uniquely, much the same way a security identifier (SID) identifies Active
Directory Directory Services objects. The Hyper-V console does not display the GUID.
You can move virtual machines between Hyper-V servers by exporting and importing them through the
Hyper-V manager window. The import option is located in the Actions window. The export function is
available by right-clicking the virtual machine, but is available only if the virtual machine is in a saved
state or is shut down.
Note: You cannot just copy the virtual machine files from one host to another. If you do, you will
need to create a new virtual machine using the virtual hard disk. When you do this, all virtual
machine changes are lost, and the network settings in the virtual machine are reset.
Virtual Machine Snapshots
Hyper-V utilizes the concept of virtual machine snapshots, which are point-in-time images of a virtual
machine. You can take a snapshot of a virtual machine running any guest operating system, regardless of
whether it is running or stopped. You can take a snapshot of a saved virtual machine, but not when the
virtual machine is paused. A snapshot does not change the virtual machines state.
The snapshot file location can be modified on each virtual machine, but the server sets a location by
default for all of them.
You can take a snapshot by using the Hyper-V Manager. To take a snapshot, select the virtual machine,
and then select Snapshot from the Action menu. You also can right-click the virtual machine, and select
Snapshot.
If the virtual machine is running when the snapshot is taken, users will not experience any server outage.
Creating a snapshot might take some time, depending on what is running on the virtual machine.
However, the process masks the process from users that connect to the virtual machine.
In any given time, you can apply any snapshot that was in the snapshot list. By doing this, you use the
complete virtual machine state from the selected snapshot and discard the current one. Be aware that
applying a snapshot will erase any unsaved data from the active virtual machine. Merging snapshots is
also possible, eliminating unnecessary snapshots. Keep in mind that a snapshot merge will usually require
a long time.
The different snapshots in the snapshot list can be deleted or renamed. You can also manage virtual
machine settings on each of the snapshots. Pending operations on snapshots will take place when the
virtual machine is turned off. If multiple operations accumulate, they could affect the server downtime
when the virtual machines are turned off.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-18 Deploying Windows Server 2008
Configuring Virtual Disks

Key Points
A virtual hard disk provides storage for a virtual machine. Within the virtual machine, the virtual hard disk
(VHD) is represented as a physical disk, and the virtual machine uses it as if it were a physical disk. There
are different types of VHDs that have various advantages and disadvantages.
Dynamically Expanding Disks vs. Fixed Disks
Dynamically expanding VHDs are virtual disks that start very small and then grow as you write data to
them. Dynamically expanding VHDs are ideal for use in an environment where performance is not your
primary consideration. Organizations typically use dynamically expanding disks in test and development
environments. A dynamically expanding disk grows only to the space that you allocate to it when you
create the VHD. Dynamically expanding disk performance has increased and has nearly the same
performance levels as fixed-size disks.
Fixed-size VHDs are disks that use as much physical disk space as you specify when you create the disk.
For example, if you create a 100 GB fixed-size VHD, it will use 100 GB of physical disk space. Use fixed-size
VHDs when performance and ease of deployment is a concern. Typically, a production scenario requires
greater performance, making fixed-size VHDs the ideal solution.
Differencing Disks
A differencing VHD is a VHD associated with another VHD in a parent-child relationship. The differencing
disk is the child and the associated virtual disk is the parent. The parent disk can be any type of VHD. The
differencing disk (the child) stores a record of all changes made to the parent disk and provides a way to
save changes without altering the parent disk. In other words, by using differencing disks, you ensure that
changes are made to the differencing disks and not to the original VHD. You can merge changes from the
differencing disk to the original VHD disk, when appropriate.
Note: Parent hard disks should be write-protected to avoid modification.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-19
Pass-Through Disks
Pass-through disks provide storage by enabling you to associate an external data source with a virtual
machine, and then have the virtual machine write directly to the data source without encapsulation in a
VHD. Compatible storage drives that you can use for pass-through disks for data sources include physical
disks, partitions, logical unit numbers (LUNs), storage area networks (SANs), and Internet Small Computer
System Interface (iSCSI). With pass-through disks, there is no VHD.
Pass-through disks do not have any of the size limitations of a virtual disk, and disk access is forwarded
directly to the physical volume.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-20 Deploying Windows Server 2008
Lesson 3
Migrating Workloads to Hyper-V

The first step in migrating physical servers to virtual machines is to evaluate your organizations current
environment and determine what components you should virtualize. You can use virtualization to address
many issues in most organizations. However, getting the maximum benefit out of virtualization requires
careful planning. This lesson provides an overview of the process and tools that you can use to evaluate
and plan virtualization in an organization.
Objectives
After completing this lesson, you will be able to:
Evaluate the current environment for virtualization.
Describe virtualization solution accelerators.
Describe the assessment features of the Microsoft Assessment and Planning (MAP) toolkit.
Describe how to use MAP to assess the computing environment toolkit.
Design a solution for server virtualization.
Explain the process for migrating physical servers to virtual servers.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-21
Evaluating the Current Environment for Virtualization

Key Points
You can use virtualization to address many business and IT requirements, but you cannot virtualize all
servers and applications. Before implementing virtualization, you need to identify those applications and
servers that are the best virtualization candidates.
Choosing Server Workloads to Virtualize
There are several factors to consider when choosing whether to virtualize server workloads:
Hardware requirements. Typically, virtual machines require approximately the same resources as a
physical server. For example, if a physical server is currently utilizing 1 GB of random access memory
(RAM), you should expect the virtual machine to use the same amount of RAM, assuming that it runs
the same operating system and applications as the physical server.
Note: When planning resource utilization on the host computer, remember that the host computer
will require some additional resources when running the virtual machine. For example, if the virtual
machine requires 1GB of RAM, there is a potential overhead on the host computer of 32 MB for the
virtual machine. For each additional GB of memory that you assign to the virtual machine, there is a
potential overhead of 8 MB on the host machine.
In some cases, a server workload may require hardware resources that make it impractical to deploy
the workload on a virtual machine. For example, if the server workload requires more than four
processors to provide adequate performance, you cannot virtualize the server. Additionally, if the
server workload requires more than half of the hardware resources that are available on a
virtualization host, there may not be any server consolidation benefit.
Compatibility. You also must determine whether the application can run in a virtualization
environment. Business applications range from simple executables to complex, distributed multitier
applications. You need to consider requirements for specific components of distributed applications,
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-22 Deploying Windows Server 2008
such as specific needs for communication with other infrastructure components or requirements for
direct access to the system hardware.
Applications and services that have specific hardware or driver requirements generally are not well-
suited for virtualization. An application may not be a good candidate for application virtualization if it
contains low-level drivers that require direct access to the system hardware. This may not be possible
through a virtualization interface, or it may impact performance negatively.
Supportability. You need to evaluate whether the operating system and the application are supported
in a virtualized environment. Verify third-party vendor support policies for deployment of the
operating system and the application using the virtualization technologies.
Licensing. You also need to evaluate whether you can license the application for use in a virtual
environment. Reduced licensing costs of multiple applications or operating systems could add up and
make a strong financial case for using virtualization.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-23
Overview of Virtualization Solution Accelerators

Key Points
To assist organizations in developing a virtualization strategy and then delivering on that strategy,
Microsoft has developed free solution accelerators. These automated tools help accelerate assessment,
planning, and deployment of Microsoft technologies, such as Windows Server 2008 or virtualization. The
following Microsoft Virtualization Solution Accelerators are available:
MAP Toolkit. You can use MAP to conduct deployment-readiness assessments, network-wide, that
focus on whether you can migrate Microsoft technologies from servers to desktops and applications.
Using MAP, you now can determine which servers you can upgrade to Windows Server 2008 R2,
which servers you can migrate to virtual machines on Windows Server 2008 R2 Hyper-V, and which
client computers you can upgrade to Windows 7.
Infrastructure Planning and Design (IPD) Guides. The IPD guides are free guides that describe the
architectural considerations, and also streamline the design processes, for planning of Microsoft
infrastructure technologies. Each guide addresses a unique infrastructure technology or scenario
including server virtualization, application virtualization, terminal services implementation, and more.
The Windows Server Virtualization guide provides guidance on how to plan and implement server
virtualization on Hyper-V.
Offline Virtual Machine Servicing Tool. One of the issues with virtualization is maintaining updates on
virtual machines that are started only occasionally or that are stored in a Virtual Machine Manager
(VMM) library. The Offline Virtual Machine Servicing Tool provides guidance and automated tools to
keep these virtual machines updated.
Hyper-V Security Guide. Implementing virtualization can increase the number of security issues that
you must consider because you need to secure both the host computer and the virtual machines. The
Hyper-V Security Guide provides guidance and recommendations to address key security concerns
about server virtualization.
Security Compliance Management Toolkit (SCMT) Series. The SCMT series includes several different
security toolkits that you can use to help your organization plan, deploy, and monitor security
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-24 Deploying Windows Server 2008
baselines for Windows operating systems, including Windows 7, Windows Vista, and Windows Server
2008, and for applications such as the Microsoft Office 2007 suites and Windows Internet Explorer
8.
Microsoft Deployment Toolkit (MDT) 2010. The MDT provides guidance and tools to accelerate the
deployment of client and server operating systems. Microsoft Deployment supports the deployment
of Windows Server 2003, Windows Server 2008, the virtualization role on Windows Server 2008, and
other applications.
A typical IT project lifecycle includes three core phases: planning, delivery and operation. Solution
accelerators provide guidance and tools for each of these three key elements of the Microsoft Operations
Framework (MOF).
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-25
Assessment Features of the MAP Toolkit

Key Points
MAP is one of the virtualization solution accelerators, and is the primary tool to help you identify which
applications, desktops, and servers would make ideal candidates for virtualization.
MAP Toolkit Features
The MAP Toolkit performs three key functions:
Hardware inventory. MAP uses a secure process, which does not utilize an agent, to collect and
organize system resources and device information across your network from a single networked
computer. Some of the examples of the information that the MAP tool returns includes operating
system information, system memory details, installed drivers, and installed applications. MAP saves
this information in a local database and then uses it to provide you with specific reports and
recommendations. MAP uses technologies already available in your IT environment to perform
inventory and assessments. These technologies include Windows Management Instrumentation
(WMI), the Remote Registry Service, Simple Network Management Protocol (SNMP), Active Directory
Domain Services (AD DS), and the computer browser service.
Data Analysis. MAP performs a detailed analysis of hardware and device compatibility for migration
to Windows 7, Windows Server 2008 R2, Windows Server 2008, Microsoft Office 2007, Microsoft
Application Virtualization, and Windows Vista. The tool helps to gather performance metrics and
generate server consolidation recommendations that identify the candidates for server virtualization
and how you might place the physical servers in a virtualized environment.
Readiness Reporting. MAP generates reports containing both summary and detailed assessment
results for each migration scenario. The results are provided in both Microsoft Office Excel and
Microsoft Office Word documents.
Installing the MAP Toolkit
You can download the MAP Toolkit from the Microsoft Web site. When you install the MAP Toolkit, you
also receive a prompt to install Microsoft SQL Server 2008 Express. The MAP Toolkit creates Word and
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-26 Deploying Windows Server 2008
Excel files, so Microsoft Office 2003 SP2 or a later version of Office should be installed for generating
reports.
If you already have SQL Server installed, a new instance of SQL is installed, and the appropriate databases
are created. This is configured for use only by the MAP Toolkit wizards, and you should not modify it. By
default, access to this instance is only enabled for users who have local administrator credentials.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-27
Demonstration: Using MAP to Assess the Computing Environment

Key Points
In this demonstration, you will see how to:
Use MAP to create an inventory of servers in your IT environment.
Run the Server Consolidation Wizard, and review the proposal and reports that the wizard generates.
Demonstration Steps
1. Use MAP to create an inventory of servers in your IT environment.
2. Run the Server Consolidation Wizard, and review the proposal and reports that the wizard generates.
Question: How can the information that the MAP Toolkit collects be useful?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-28 Deploying Windows Server 2008
Designing a Solution for Server Virtualization

Key Points
Implementing virtualization in an enterprise environment likely will be a multiyear endeavor that will
include many different projects that you have to complete. As a general guideline, each virtualization
project should include the following steps:
1. Determine the virtualization scope. The first step in planning a virtualization solution is to define the
projects scope. In a large enterprise, there may be several projects, each addressing different parts of
an overall virtualization strategy. To ensure that a project is successful, you need to define which
virtualization components, and which locations in the organization, to include.
2. Create a list of potential workloads that you want to virtualize. After defining the projects scope, you
need to identify those workloads within the scope that you can virtualize. For example, if the project
scope includes server virtualization for one of the company data centers, you will need to develop an
inventory of the servers deployed in the data center, and whether they meet the hardware or
software requirements for virtualization. At this point in the project, you can use the MAP Toolkit or
Operations Manager 2007 R2 to collect the relevant information.
3. Determine backup and fault tolerance requirements for each workload. You will use these when
designing the virtual server deployment. For example, some server workloads may require frequent
and consistent backup of data located inside the virtual machine, while other server workloads may
require just a virtual machine level or configuration information backup. You will use the fault
tolerance requirements for the server workload when you deploy clustered virtual machines or to
provide another method for ensuring high availability for the virtual machine.
4. Design and place hardware for a virtualization host. After you understand all of the server workloads
that you will virtualize, and the requirements for each workload, you can start the design of the host
server infrastructure that will be required to enable the virtual environment. As a best practice, to
simplify host server management, you should develop one standard design for all virtualization hosts.
As part of the host server design, you also need to consider the number of virtual machines that will
be running on each host computer.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-29
5. Map workloads to hosts. After designing the host server hardware, you can start mapping the virtual
machines to the host servers. There are many factors that you need to consider during this design,
including:
Host server capacity. How many virtual machines can you place on a host?
Reserve capacity. How much of a resource buffer do you want to implement on each host
computer?
Virtual machine performance characteristics and resource utilization. Can you characterize the
network, CPU, disk, and memory utilization for each of the virtual machines on a host? You may
choose to deploy virtual machines with different resource requirements on the same host.
6. Design host backup and fault tolerance. Use the information that you collected on the backup and
fault tolerance requirements for the virtual machines to design a backup and high availability solution
for the host computers.
7. Determine storage requirements. As part of the server workload discovery, you should have
documented the storage requirements for each virtual machine. Before moving the server workloads
to virtual machines, ensure that you have space for both the operating system virtual hard drives and
the data associated with each virtual machine. You also need to include storage availability and
performance requirements.
8. Determine network requirements. As a final step in the virtual machine design, you also should plan
the network design. There are a number of factors to consider:
What type of network access do the virtual machines require? Most virtual machines likely will
require access to the physical network, but some virtual machines may only need to
communicate with other virtual machines on the same host computer?
How much network bandwidth does each virtual machine require?
What are the network reliability requirements for each virtual machine?
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-30 Deploying Windows Server 2008
Migrating Workloads with System Center VMM 2008 R2

Key Points
Using Hyper-V with the Hyper-V Management Console is not complicated, but there are many features
that are not supported directly, such as migrating physical machines to virtual machines, or managing
virtual machine workloads between servers. To perform these tasks, System Center Virtual Machine
Manager 2008 R2 must be installed in the environment.
What is Virtual Machine Manager (VMM) 2008 R2?
VMM 2008 R2 enables you to administer and manage virtual environments from a central location, helps
increase physical server utilization, and enables the VMM administrator and authorized self-service end
users to provision new virtual machines rapidly. It is a solution that solves many of the challenges found in
a virtualized infrastructure.
You specifically can use Virtual Machine Manager to:
Manage Hyper-V hosts.
Manage virtual server hosts.
Manage VMware hosts.
Manage and deploy virtual machines.
Perform physical-to-virtual (P2V) and virtual-to-virtual (V2V) conversions.
Support Hyper-V.
Migrating Physical Machines Using VMM 2008 R2 (Physical to Virtual or P2V)
VMM converts an operating system that is running on physical hardware to an operating system that is
running within a virtual machine in a Hyper-V environment. VMM provides a conversion wizard, which
automates much of the conversion process.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-31
During a P2V conversion process, VMM makes disk images of the hard disks on the physical computer. It
creates VHD files for the new virtual machine, using the disk images as a basis. Also, it creates a hardware
configuration for the virtual machine similar to, or the same as, the hardware in the physical computer.
The new virtual machine has the same computer identity as the physical computer on which it is based.
Because of that, we do not recommend that you use both a physical computer and its virtual replica
simultaneously. After the P2V conversion is done, you typically disconnect the physical computer from the
network and decomission it.
P2V conversion is done in Online or Offline mode. In Online mode, the source operating system is running
during the conversion process. In Offline mode, the operating system is not running, and conversion
occurs through the Windows Preinstallation Environment (Windows PE). Later topics in this lesson
describe these modes and their specifics.
Migrating Virtual Machines Using VMM 2008 R2 (Virtual to Virtual or V2V)
VMM 2008 R2 allows you to convert existing Virtual Server or VMware virtual machines to virtual
machines running on the Hyper-V platform. This process is known as a V2V conversion. With V2V
conversion, administrators can easily and quickly consolidate a virtual environment that is running various
virtual platforms without rebuilding virtual machines from scratch or moving data.
VMM allows you to copy existing VMware virtual machines and create Hyper-V virtual machines. You can
copy VMware virtual machines that are on an ESX Server host, in the VMM library, or on a Windows share.
Although V2V is called a conversion, V2V is a read-only operation that does not delete or affect the
original source virtual machine.
During the conversion process, the VMM converts the VMware .vmdk files to .vhd files, and makes the
operating system on the virtual machine compatible with Microsoft virtualization technologies. The virtual
machine that the wizard creates matches VMware virtual machine properties, including name, description,
memory, and disk-to-bus assignment.
Note: V2V cannot copy virtual machines that are running. There are no exceptions. You must turn off
the virtual machine that you want to copy.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-32 Deploying Windows Server 2008
Lab: Migrating Workloads to Microsoft Virtual
Machines

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-CL1.
Lab Scenario
A. Datum Corporation is planning on implementing a Hyper-V virtualization infrastructure to improve
server utilization in their company. To do that, youll have to evaluate the current environment to
determine which servers should be migrated.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-33
Exercise: Planning to Migrate Workloads
Scenario
The administrator must decide which servers should be migrated to a virtual environment.
The main tasks for this exercise are as follows:
1. Examine supporting documentation.
2. Use the MAP Toolkit to assist.
Supporting documentation
E-mail thread of correspondence with Allison Brown:
E-mail
From:
Sent:
To:
Subject:
Attachments:
Allison Brown [Allison@adatum.com]
4 Aug 2009 10:22
Gregory@adatum.com
Security Plan for Finance Application
Servers.doc
Greg,
Thanks again for taking the lead on this project. I need my most knowledgeable server person to take
care of this for me. I really dont trust anyone else to come up with the right answers. The IT
management committee likes the idea of beginning to virtualize our servers. The cost savings and
flexibility were very compelling for them. I need you to come up with a plan for our pilot project. We
have a limited budget, so the pilot will involve only a single host for now, and try to keep the
requirements somewhat modest.
What I need in the plan is:
Which servers will be virtualized?
How will those servers be virtualized?
Why were those servers selected?
Do we need any additional tools besides Hyper-V?
What are the hardware specifications for the server?
Which operating system should be used on the hosts?
Ive attached a list of our servers and their specification to get you started.
Regards,
Allison
Servers.doc
Name Purchase date
Processor
utilization
Memory
utilization Disk space
NYC-DC1 November 17 2006 45% 1 GB 15 GB
NYC-SVR1 April 23 2008 12% 1.5 GB 30 GB
Task 1: Examine supporting documentation
1. Read the supporting documentation.
2. Evaluate the servers based on their hardware capabilities. Determine if you need any more
information and ask your instructor to clarify if required.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-34 Deploying Windows Server 2008
Task 2: Use the Microsoft Assessment and Planning Toolkit (MAP) to assist
1. On NYC-CL1, use MAP to review the environment and its virtualization capabilities.
2. Select the MapHoldb-03 database when prompted to access sample data.
3. Review Performance Metrics for Server Consolidation.
4. Run a Server Consolidation Wizard for Windows Server 2008 R2 Hyper-V virtualization and Intel
CPU. A maximum of five virtual machines should run per server. The computer names are located in
the file C:\Tools
\network-computers1.txt.
5. Review the report.
Results: After this exercise, you should have reviewed the enterprise documentation and used MAP to
assist on the virtualization decisions.
Lab Shutdown
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Migrating Workloads to Microsoft Virtual Machines 8-35
Module Review and Takeaways

Review Questions
1. How can server virtualization help in an organization?
2. How can an administrator perform P2V and V2V migrations automatically?
Common Issues
Be careful when installing Hyper-V in older servers, as they might not be compatible.
Remember to switch off the server completely after enabling hardware virtualization on the BIOS.
Real-World Scenario
You are an IT architect at a large insurance provider with seven physical locations, 12,000 users, and
220 servers. Your organization wants to use server virtualization to reduce management and
hardware costs by combining existing servers on new hardware.
Question: What criteria will you use when you select servers for consolidation?
Tools
Hyper-V ROI Calculator
This tool can help IT administrators calculate how long it will take to start saving money when
implementing a Hyper-V infrastructure.
Microsoft Assessment and Planning Toolkit 4.0
HyperGreen Tool
This tool can help IT administrators calculate how much power and heat is saved when implementing a
Hyper-V infrastructure.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
8-36 Deploying Windows Server 2008
Course Evaluation

Your evaluation of this course will help Microsoft understand the quality of your learning experience.
Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential and will use your responses to
improve your future learning experience. Your open and honest feedback is valuable and appreciated.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Planning to Install Windows Server 2008 L1-1
Module 1: Installing and Configuring Windows Server 2008
Lab A: Planning to Install Windows Server 2008
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR1 and 6418C-NYC-CL1.
Exercise 1: Using the Microsoft Assessment and Planning Toolkit
Task 1: Perform readiness analysis using the Microsoft Assessment and Planning Toolkit
1. Switch to the NYC-CL1 computer.
2. Click Start, point to All Programs, click Microsoft Assessment and Planning Toolkit, and then
click Microsoft Assessment and Planning Toolkit.
3. In the Microsoft Assessment and Planning Toolkit dialog box, click Create an inventory
database, in the Name box, type Contoso Inventory and then click OK.
4. In Microsoft Assessment and Planning Toolkit, in the navigation pane, expand Discovery and
Readiness.
5. Click Windows Server 2008 R2 Readiness.
6. In the results pane, click Inventory and Assessment Wizard.
7. In the Inventory and Assessment Wizard, on the Computer Discovery Methods page, click Next.
8. On the Active Directory Credentials page, use the following information to complete configuration
and then click Next.
Domain: Contoso.com
Domain account: Contoso\Administrator
Password: Pa$$w0rd
9. On the Active Directory Options page, click Next.
10. On the Windows Networking Protocols page, click Next.
11. On the WMI Credentials page, click New Account.
12. In the Inventory Account dialog box, use the following information to complete the dialog box, and
then click Save.
Domain name: Contoso
Account name: Administrator
Password and Confirm password: Pa$$w0rd
Account use: Use on all computers
13. On the WMI Credentials page, click Next.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L1-2 Lab A: Planning to Install Windows Server 2008

14. On the Summary page, click Finish.
15. When the assessment is complete, click Close.
Task 2: Analyze the summary results
In the Microsoft Assessment and Planning Toolkit, use the Windows Server 2008 R2 Readiness
Summary Results page to answer the following questions:
a. How many computers met the minimum system requirements for Windows Server 2008 R2?
Answer: Answers may vary, but 2 or 3 depending upon which virtual machines are running.
b. How many cannot run Windows Server 2008 R2?
Answer: None.
c. In the Operating System Summary, what operating systems were discovered?
Answer: Answers may vary, but might include Windows Server 2003 Enterprise Edition SP2,
Windows Server 2008 R2 Enterprise unknown service pack, and Windows Server 2008 R2
Enterprise.
Task 3: Generate reports and proposals
1. In the Actions pane, click Generate report/proposal.
2. When the reports have been generated, in the Status dialog box, click Close.
Task 4: View saved reports and proposals
1. In Microsoft Assessment and Planning Toolkit, on the View menu, click Saved Reports and
Proposals.
2. In Microsoft Windows Explorer, double-click the spreadsheet whose title begins with
WS2008R2HardwareAssessment. When the User Name dialog box appears, click OK.
3. In Windows Explorer, double-click the document whose title begins with WS2008R2Proposal.
Task 5: Analyze the detailed results
1. Switch to Microsoft Office Excel.
2. On the Summary tab, how many computers do not meet requirements?
Answer: 0.
3. On the ServerAssessment tab, what were the names of the servers assessed?
Answer: Answers might vary, but should include NYC-DC1.Contoso.com and NYC-
SVR1.Contoso.com.
4. On the ServerInventory tab, do all servers meet the Windows Server readiness requirements?
Answer: No.
5. On the ServerAssessment tab, what are the reasons given for nyc-svr1 not being Windows Server
2008 R2 capable?
Answer: Cannot determine CPU and missing DVD drive.
6. What recommendations are made regarding these issues?
Answer: No recommendations about the CPU are made; however, a network installation is suggested
because of the missing DVD drive.
7. Switch to Word and review the report.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Planning to Install Windows Server 2008 L1-3
Task 6: Suggest a course of action
Note: Your instructor may choose to perform this lab as a group discussion rather than an individual
activity.
Complete the Contoso Windows Server 2008 R2 Migration Proposal document.
Contoso Windows Server 2008 R2 Migration Proposal
Document Reference Number: CW060510/2
Document Author
Date
Charlotte Weiss
6th May
Requirements Overview
Provide recommendations about any hardware or other changes required to support the migration
of all legacy servers to Windows Server 2008 R2.
Additional Information
The Microsoft Assessment and Planning Toolkit was used to perform readiness analysis. Summary
reports are available upon request.
Proposals
1. Does the NYC-SVR1.contoso.com computer meet the minimum hardware requirements for
Windows Server 2008 R2?
Answer: No
2. Would you recommend any changes to the configuration of
NYC-SVR1.contoso.com?
Answer: Answers might vary, but students should be thinking about adding memory to the
server and perhaps installing a DVD drive.
3. To which version of Windows Server 2008 R2 could this server be upgraded?
Answer: Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter
4. What roles are installed on the assessed computers? (Hint: examine the Word document
produced by MAP on NYC-CL1 for further information.)
Answer: AD DS, 2xDNS, DHCP, and Web Server.
To prepare for the next lab
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-SVR1 and 6418C-NYC-CL1.
5. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next lab, click 6418C-NYC-DC1, and then in the Actions
pane, click Connect.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L1-4 Lab A: Planning to Install Windows Server 2008

Lab B: Installing Windows Server and
Configuring Post-Installation Settings
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
Exercise 1: Installing Windows Server 2008 R2
Task 1: Read server installation instructions
View the contents of the e-mail message in the lab scenario to determine the required information
for the planned installation.
Task 2: Mount the Windows Server product DVD
1. On your host computer, switch to Hyper-V Manager.
2. In the Virtual Machines list, right-click 6418C-NYC-BLANK and then click Settings.
3. In the navigation pane, under IDE Controller 1, click DVD Drive.
4. In the results pane, under Media, click Image file and in the Image file box, type C:\Program
Files\Microsoft Learning\6418\Drives\
WServer2008R2_Eval.iso, and then click OK.
5. In the Virtual Machines list, right-click 6418C-NYC-BLANK and then click Snapshot.
6. In the Virtual Machines list, right-click 6418C-NYC-BLANK and then click Start.
7. In the Virtual Machines list, right-click 6418C-NYC-BLANK and then click Connect.
Task 3: Install Windows Server 2008 R2 as per instructions in
the e-mail
Note: Windows Server setup launches automatically when you start the virtual machine.
1. Switch to the NYC-BLANK virtual machine.
2. In the Install Windows dialog box, in the Language to install list, click English.
3. In the Time and currency format list, click English (United States).
4. In the Keyboard or input method list, click US and then click Next.
5. In the Install Windows dialog box, click Install now.
6. In the Operating system list, click Windows Server 2008 R2 Enterprise (Server Core Installation)
and then click Next.
7. On the Please read the license terms page, select the I accept the license terms check box, and
then click Next.
8. On the Which type of installation do you want page, click Custom (advanced).
9. On the Where do you want to install Windows page, click Next.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Planning to Install Windows Server 2008 L1-5
Note: Setup proceeds; setup copies files, expands files, installs features and updates, and completes
installation. This phase takes around twenty minutes. Your instructor might continue with other
activities during this phase.
Task 4: Set the administrator password
1. At the The users password must be changed before logging on the first time prompt, click OK.
2. In the New password box, type Pa$$w0rd.
3. In the Confirm password box, type Pa$$w0rd and then press ENTER.
4. At the Your password has been changed prompt, click OK.
Note: You are logged on and the Server Core command prompt opens.
Exercise 2: Configuring Server Core
Note: It is assumed that you are logged onto Server Core and the command prompt is open. If you
inadvertently close the command prompt, press CTRL+ALT+END and click Start Task Manager. On
the Applications tab, click New Task. In the Create New Task dialog box, in the Open box, type
cmd.exe and press ENTER. Close Task Manager.
Task 1: Review the post-installation configuration options instructions
Refer to the Post-installation configuration options section of the e-mail from Ed Meadows for
additional guidance about configuring the server.
Task 2: Configure network settings
1. At the command prompt, type the following command and press ENTER:
sconfig
2. At the command prompt, type the following command and press ENTER:
8
3. At the command prompt, type the Index# of your network adapter and press ENTER.
4. At the command prompt, type the following command and press ENTER:
1
5. At the command prompt, type the following command and press ENTER:
S
6. At the command prompt, type the following command and press ENTER:
10.10.10.30
7. At the command prompt, type the following command and press ENTER:
255.255.0.0
8. At the command prompt, type the following command and press ENTER:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L1-6 Lab A: Planning to Install Windows Server 2008

10.10.10.1
9. At the command prompt, type the following command and press ENTER:
2
10. At the command prompt, type the following command and press ENTER:
10.10.10.10
11. At the Enter alternate DNS server (Blank = none): prompt, press ENTER.
12. In the Network Settings dialog box, click OK.
Task 3: Change the computer name
1. At the command prompt, type the following command and press ENTER:
4
2. At the command prompt, type the following command and press ENTER:
2
3. At the command prompt, type the following command and press ENTER:
NYC-SVR-CORE
4. In the Restart dialog box, click Yes.
5. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Task 4: Add the computer to the Contoso.com domain
1. At the command prompt, type the following command and press ENTER:
Sconfig
2. At the command prompt, type the following command and press ENTER:
1
3. At the command prompt, type the following command and press ENTER:
D
4. At the command prompt, type the following command and press ENTER:
Contoso.com
5. At the command prompt, type the following command and press ENTER:
Contoso\administrator
6. At the command prompt, type the following command and press ENTER:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Planning to Install Windows Server 2008 L1-7
Pa$$w0rd
7. In the Change computer name dialog box, click No.
8. At the command prompt, type the following command and press ENTER:
11
9. In the Restart dialog box, click Yes.
10. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
Exercise 3: Enabling Remote Management
Task 1: Review the remote administration options in the e-mail
Refer to the Remote administration options section of the e-mail from Ed Meadows for additional
guidance about configuring remote administration.
Task 2: Enable remote desktop
1. At the command prompt, type the following command and press ENTER:
sconfig
2. At the command prompt, type the following command and press ENTER:
7
3. At the command prompt, type the following command and press ENTER:
E
4. At the command prompt, type the following command and press ENTER:
2
5. In the Remote Desktop dialog box, click OK.
Task 3: Configure remote management
1. At the command prompt, type the following command and press ENTER:
4
2. At the command prompt, type the following command and press ENTER:
2
3. In the Restart dialog box, click Yes.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L1-8 Lab A: Planning to Install Windows Server 2008

Domain: Contoso
5. At the command prompt, type the following command and press ENTER:
sconfig
6. At the command prompt, type the following command and press ENTER:
4
7. At the command prompt, type the following command and press ENTER:
3
8. In the Enabled dialog box, click OK.
9. At the command prompt, type the following command and press ENTER:
1
10. In the Enabled dialog box, click OK.
11. At the command prompt, type the following command and press ENTER:
5
12. At the command prompt, type the following command and press ENTER:
13
Task 4: Verify remote management functionality
1. Switch to the NYC-DC1 domain controller.
2. Click Start, point to Administrative Tools, and then click Server Manager.
3. In Server Manager, in the navigation pane, right-click Server Manager (NYC-DC1) and then click
Connect to Another Computer.
4. In the Connect to Another Computer dialog box, in the Another computer box, type NYC-SVR-
CORE and then click OK.
To prepare for the next lab
Leave all virtual machines running.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Planning to Install Windows Server 2008 L1-9
Lab C: Managing Roles and Features
To start the lab, complete the following steps
The virtual machines should still be running from the previous lab.
Exercise 1: Adding the Domain Name System and Dynamic Host Configuration
Protocol Server Roles
Task 1: Determine the roles and features to be installed
Refer to the e-mail from Ed Meadows for additional guidance about configuring roles and features.
Task 2: Install the Domain Name System role using Deployment Image Servicing and
Management
1. Switch to the NYC-BLANK server.
2. At the command prompt, type the following command and then press ENTER:
Dism /online /enable-feature /featurename:DNS-Server-Core-Role
Task 3: Install the Dynamic Host Configuration Protocol role using Ocsetup
1. At the command prompt, type the following command and then press ENTER:
start /w ocsetup DHCPServerCore
2. At the command prompt, type the following command and then press ENTER:
netsh dhcp add server nyc-svr-core.contoso.com 10.10.10.30
Exercise 2: Managing Server Core
Task 1: Verify the installed roles are running
1. Switch to the NYC-DC1 domain controller.
Note: It is assumed that Server Manager is running and connected remotely to NYC-SVR-CORE. If this
is not the case, repeat the following steps:
1. Click Start, point to Administrative Tools, and then click Server Manager. In Server Manager, in
the navigation pane, right-click Server Manager (NYC-DC1), and then click Connect to Another
Computer.
2. In the Connect to Another Computer dialog box, in the Another computer box, type NYC-SVR-
CORE, and then click OK.
2. In Server Manager, in the navigation pane, click Roles.
3. Which roles are installed?
Answer: DNS Server and DHCP Server
Task 2: Start Dynamic Host Configuration Protocol Server
1. In the navigation pane, click DHCP Server.
2. In the results pane, under System Services, right-click DHCP Server and then click Start.
3. In the Server Manager dialog box, click OK.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L1-10 Lab A: Planning to Install Windows Server 2008

4. In the Actions pane, click Go to Services.
5. In the Name list, double-click DHCP Server.
6. In the DHCP Server Properties (nyc-svr-core) dialog box, in the Startup type list, click Automatic
and then click OK.
7. In Server Manager, in the navigation pane, click DHCP Server.
8. In the results pane, under System Services, right-click DHCP Server and then click Start.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-BLANK.
5. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next modules lab, click 6418C-NYC-DC1, and then in the
Actions pane, click Connect.
Important: Start the 6418C-NYC-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
7. Wait for 6418C-NYC-DC1 to start, and then start 6418C-NYC-SVR2. Connect to the virtual machine.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Planning to Install Windows Server 2008 L1-11
Lab D: Configuring Windows Server 2008
Licensing
To start the lab, complete the following steps
For this lab, you do not require any virtual machines.
Note: Your instructor may choose to perform this lab as a group discussion rather than an individual
activity.
Exercise 1: Planning Volume Activation
Task 1: Review the supporting documentation
Read the Contoso documentation.
Task 2: Answer the questions and complete the Contoso Volume Activation Plan
document
Complete the Contoso Volume Activation Plan document.
Contoso Volume Activation Plan
Document Reference Number: CW120510/1
Document Author
Date
Charlotte Weiss
12th May
Requirements Overview
Provide recommendations about how to handle volume activation for various locations within the Contoso
network.
Additional Information
Proposals
1. How do you propose to handle activations in Branch Office 1?
Answer: Branch Office 1 has insufficient computers to reach the thresholds imposed by KMS. Given
there is an Internet connection, perhaps the sensible approach would be to configure independent
MAK activation. MAK proxy activation is also a consideration.
2. How do you propose to handle activations in Branch Office 2?
Answer: Branch Office 2 does not have Internet connectivity. Activations must be by telephone. A
possible scenario is to use KMS; obtain the KMS activation key by telephone and install it on a local
KMS host. The other computers within the branch office can connect periodically to the KMS host
to activate. There are sufficient hosts in the branch to meet the KMS requirements.
3. How do you propose to handle activations in the head office?
Answer: KMS is logical; both the number of hosts and the fact that they are all connected to the
corporate network indicate this as the logical choice. Multiple KMS hosts provide for high
availability.
4. Are there any special considerations for the isolated network?
Answer: There are fewer than 25 hosts, and this network is disconnected from the rest of
the corporate network. Consequently, MAK is indicated.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L1-12 Lab A: Planning to Install Windows Server 2008


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Deploying Windows Server 2008 with an Answer File L2-1
Module 2: Implementing Deployment Technologies
Lab: Deploying Windows Server 2008 with an
Answer File
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR2.
Exercise 1: Creating an Answer File
Task 1: Read the Branch Office Server Configuration document
Read the Branch Office Server Configuration document.
Branch Office Server Configuration
Document Reference Number: EM010610/1
Document Author
Date
Ed Meadows
1
st
June
Requirements Overview
To automate the deployment of branch office servers.
Additional Information
Deployment method: automated high-touch retail media deployments.
Configuration information
Operating System Version: Windows Server 2008 R2 Enterprise
Full or Server Core: Server Core
Installation location: C:\Windows
Disk partition size: 20 GB
File system: NTFS
Domain: Contoso.com
User account to use for domain join operation: Administrator
Enable Windows Firewall
Use Dynamic Host Configuration Protocol to obtain IPv4 configuration
Task 2: Create an answer file
1. Switch to the NYC-SVR2 server.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L2-2 Lab: Deploying Windows Server 2008 with an Answer File

2. Click Start, point to All Programs, click Microsoft Windows AIK, and then click Windows System
Image Manager.
3. In Windows System Image Manager, click File, and then click New Answer File.
4. In the Windows System Image Manager dialog box, click Yes.
5. In the Select a Windows Image dialog box, in the File name box, type
E:\labfiles\Mod02\install.wim, and then click Open.
6. In the Select an Image dialog box, click Windows Server 2008 R2 SERVERENTERPRISECORE and
then click OK.
7. In the Windows System Image Manager dialog box, click Yes.
Note: This operation might take 10-20 minutes.
Task 3: Add required settings to answer file
1. In Windows System Image Manager, under Windows Image, expand Components.
2. Right-click amd64_Microsoft-Windows-International-Core-WinPE_6.1.7600.16385_neutral, and
then click Add Setting to Pass 1 windows PE.
3. Right-click amd64_Microsoft-Windows-Setup_6.1.7600.16385_neutral, and then click Add
Setting to Pass 1 windows PE.
4. Expand amd64_Microsoft-Windows-Setup_6.1.7600.16385_neutral, right-click
DiskConfiguration and then click Add Setting to Pass 1 windows PE.
5. Expand DiskConfiguration, right-click Disk and then click Add Setting to Pass 1 windows PE.
6. Expand Disk, expand CreatePartions, right-click CreatePartition, and then click Add Setting to
Pass 1 windowsPE.
7. Expand ModifyPartions, right-click ModifyPartition and then click Add Setting to Pass 1
windowsPE.
8. Under amd64_Microsoft-Windows-Setup_6.1.7600.16385_neutral, right-click ImageInstall and then
click Add Setting to Pass 1 windows PE.
9. Under amd64_Microsoft-Windows-Setup_6.1.7600.16385_neutral, right-click UserData and then click
Add Setting to Pass 1 windows PE.
10. Under Components, right-click amd64_Microsoft-Windows-Shell-Setup_6.1.7600.16385_neutral,
and then click Add Setting to Pass 4 specialize.
11. Expand amd64_Microsoft-Windows-Shell-Setup_6.1.7600.16385_neutral, right-click OOBE, and
then click Add Setting to Pass 7 oobeSystem.
12. Under Components, expand amd64_Microsoft-Windows-
UnattendedJoin_6.1.7600.16385_neutral, expand Identification, right-click Credentials and then
click Add Setting to Pass 4 specialize.
Task 4: Configure answer file settings
1. In Windows System Image Manager, under Answer File, under 1 windows PE, click
amd64_Microsoft-Windows-Internationl-Core-WinPE_neutral.
2. In the results pane, under Microsoft-Windows-International-Core-WinPE Properties, under Settings,
configure the following settings:
a. In the InputLocale box, type 0409:00000409.
b. In the SystemLocale box, type en-US.
c. In the UILanguage box, type en-US.
d. In the UserLocale box, type en-US.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Deploying Windows Server 2008 with an Answer File L2-3
3. Under Answer File, expand amd64_Microsoft-Windows-International-Core-WinPE_neutral and
then click SetupUILanguage.
4. In the results pane, under SetupUILanguage Properties, under Settings, in the UILanguage box, type
en-US.
5. Under Answer File, click amd64_Microsoft-Windows-Setup_neutral, and then in the result pane,
under Microsoft-Windows-Setup Properties, under Settings, configure the following settings:
a. In the EnableFirewall list, click true.
b. In the EnableNetwork list, click true.
6. Under Answer File, expand amd64_Microsoft-Windows-Setup_neutral, and then click
DiskConfiguration.
7. In the results pane, under DiskConfiguration Properties, under Settings, in the WillShowUI list, click
OnError.
8. Under Answer File, under DiskConfiguration, click Disk.
9. In the results pane, under Disk Properties, under Settings, configure the following settings:
a. In the DiskID box, type 0.
b. In the WillWipeDisk list, click true.
10. Under Answer File, under DiskConfiguration, expand Disk, expand CreatePartitions and then click
CreatePartition.
11. In the results pane, under CreateConfiguration Properties, under Settings, configure the following
settings:
a. In the Order box, type 1.
b. In the Size box, type 20000.
c. In the Type list, click Primary.
Note: If your host machine does not have 20GB of free disk space, modify the Size value accordingly.
12. Under Answer File, under DiskConfiguration, under Disk, expand ModifyPartitions and then click
ModifyPartition.
13. In the results pane, under ModifyConfiguration Properties, under Settings, configure the following
settings:
a. In the Active list, click true.
b. In the Extend list, click false.
c. In the Format list, click NTFS.
d. In the Label box, type System.
e. In the Letter list, click C.
f. In the Order box, type 1.
g. In the PartitionID box, type 1.
14. Under Answer File, under amd64_Microsoft-Windows-Setup_neutral, expand ImageInstall, and then
click OSImage.
15. In the results pane, under OSImage Properties, under Settings, in the WillShowUI list, click OnError.
16. Under Answer File, under OSImage, right-click InstallFrom and then click Insert New MetaData.
17. In the results pane, under MetaData Properties, under Settings, configure the following settings:
a. In the Key box, type /IMAGE/Name.
b. In the Value box, type Windows Server 2008 R2 SERVERENTERPRISECORE.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L2-4 Lab: Deploying Windows Server 2008 with an Answer File

18. Under Answer File, expand OSImage, and then click InstallTo.
19. In the results pane, under InstallTo Properties, under Settings, configure the following settings:
a. In the DiskID box, type 0.
b. In the PartitionID box, type 1.
20. Under Answer File, click UserData.
21. In the results pane, under UserData Properties, under Settings, configure the following settings:
a. In the AcceptEula list, click true.
b. In the FullName box, type Registered User.
c. In the Organization box, type Contoso.
22. Under Answer File, expand UserData, and then click ProductKey.
23. In the results pane, under ProductKey Properties, under Settings, in the WillShowUI list, click
OnError.
Note: You will see an option to type a product key but we do not have one. The installation will
continue anyway.
24. Under Answer File, under Components, expand 4 specialize, and then click amd64_Microsoft-
Windows-Shell-Setup_neutral.
25. In the results pane, under Microsoft-Windows-Shell-Setup Properties, under Settings, in the
ComputerName box, type BRANCH-SVR1.
26. Under Answer File, under 4 specialize, under amd64_Microsoft-Windows-UnattendedJoin_neutral,
click Identification.
27. In the results pane, under Identification Properties, under Settings, configure the following settings:
In the JoinDomain box, type Contoso.com.
28. Under Answer File, click Credentials.
29. In the results pane, under Credentials Properties, under Settings, configure the following settings:
a. In the Domain box, type Contoso.com.
b. In the Password box, type Pa$$w0rd.
c. In the Username box, type Administrator.
30. Under Answer File, under 7 oobeSystem, under amd64_Microsoft-Windows-Shell-Setup_neutral, click
OOBE.
31. In the results pane, under OBBE Properties, under Settings, configure the following settings:
a. In the HideEULAPage list, click true.
b. In the ProtectYourPC box, type 3.
Task 5: Verify and save answer file
1. When you have completed the configuration process, in Windows System Image Manager, click
Tools, and then click Validate Answer File.
Note: Some settings have not been modified and will not be saved. This is normal.
2. When you have completed the verification process, in Windows System Image Manager, click File,
and then click Save Answer File.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Deploying Windows Server 2008 with an Answer File L2-5
3. In the navigation pane, click Desktop.
4. In the File name box, type Autounattend.xml and then click Save.
Task 6: Copy the answer file to removable media
1. Close Windows System Image Manager.
2. Click Start, click Computer, and then double-click Floppy Disk Drive (A:).
3. Drag Autounattend.xml from the Desktop to the open Windows Explorer window.
4. Close the Floppy Disk Drive (A:) window.
Exercise 2: Using the Answer File
Note: It is necessary to eject the floppy disk from the NYC-SVR2 virtual machine and insert it on the
NYC-BLANK virtual machine.
Task 1: Configure the virtual machine
Note: You are now going to move the answer file between the virtual machines. This requires that you
change the settings for the virtual machines so that the virtual floppy diskette is accessible from the
second virtual machine.
1. On the host computer, in the 6418C-NYC-SVR2 on localhost Virtual Machine Connection window,
on the Media menu, point to Diskette Drive and then click Eject floppy.vfd.
Note: You have now ejected the floppy disk from the first virtual machine.
2. Switch to Hyper-V Manager.
3. In the Virtual Machines list, right click 6418C-NYC-BLANK, and then click Settings.
4. In the Settings for 6418C-NYC-BLANK dialog box, click Diskette Drive.
5. In the results pane, click Virtual floppy disk (.vfd) file.
6. In the Virtual floppy disk (.vfd) file: box, type C:\Program Files
\Microsoft Learning\6418\Drives\floppy.vfd and then click OK.
Note: You have now inserted the floppy disk into the second virtual machine.
7. In Hyper-V Manager, click 6418C-NYC-BLANK, and in the Actions pane, click Start.
8. In the Actions pane, click Connect.
Task 2: Verify that setup starts
Does setup start?
Answer: Yes
Note: Let the installation proceed.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L2-6 Lab: Deploying Windows Server 2008 with an Answer File

Task 3: Verify that setup was successful
1. Logon with the following credentials:
Username: Administrator
Password: Pa$$w0rd
Domain: Contoso
2. At the command prompt, type hostname and then press ENTER.
3. What is the computer name?
Answer: Branch-svr1
4. At the command prompt, type ipconfig /all and then press ENTER.
5. What is the IP address?
Answer: 10.10.10.151/16 although answers might vary
6. From where was this configuration obtained?
Answer: DHCP Server
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-BLANK and 6418C-NYC-SVR2.
5. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next modules lab, click 6418C-NYC-DC1, and then in the
Actions pane, click Connect.
Important: Start the 6418C-NYC-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
7. Wait for 6418C-NYC-DC1 to start, and then start 6418C-NYC-SVR2. Connect to the virtual machine.




New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Using Microsoft Windows Deployment Services to Deploy Windows Server L3-1
Module 3: Using Microsoft Windows Deployment Services
Lab: Using Microsoft Windows Deployment
Services to Deploy Windows Server
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR2.
Exercise 1: Installing and Configuring Windows Deployment Services
Task 1: Read the supporting documentation
Read the supporting documentation.
Task 2: Answer the questions in the Branch Office Deployment Guide document
Answer the questions in the following document.
Branch Office Deployment Guide
Document Reference Number: EM310710/1
Document Author
Date
Ed Meadows
31
st
July
Requirements Overview
To configure Microsoft Windows Deployment Services to aid in the deployment of branch office
servers.
Additional Information
Deployment method: automated standard image deployments.
Configuration information
NYC-SVR2 is to be used to host Windows Deployment Services. It currently supports the Dynamic
Host Configuration Protocol (DHCP) role.
Configure Multicast transmission to use Auto-Cast.
Configure automatic naming to identify branch servers.
Place branch servers in the Research organizational unit (OU); admin approval required.
Operating System Version: the Windows Server 2008 R2 Enterprise operating system.
Full or Server Core: Server Core.
Use answer file for configuration.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L3-2 Lab: Using Microsoft Windows Deployment Services to Deploy Windows Server

Branch Office Deployment Guide
To domain-join branch servers, use the following credentials:
Username: Administrator
Password: Pa$$w0rd
Domain: Contoso.com
Questions
1. Does the fact that the NYC-SVR2 server is running both Windows Deployment Services and
DHCP raise any issues?
Answer: Yes; the DHCP server and the Windows Deployment Services server both listen on
the same port for client activity. You must configure DHCP options 60 to ensure proper
functionality of Windows Deployment Services.
2. How many installation images are required?
Answer: One is specified; Windows Server 2008 R2 Enterprise Server Core.
3. What issues does placement of branch servers in the Research OU raise?
Answer: The Windows Deployment Services server computer object requires Active
Directory Domain Services (AD DS) permissions on this OU; specifically, create computer
object permissions.

Task 3: Install the Windows Deployment Services role
1. Switch to the NYC-SVR2 computer.
2. Click Start, point to Administrative Tools, and then click Server Manager.
3. In the Roles Summary section, click Add Roles.
4. In the Add Roles Wizard, click Next.
5. On the Select Server Roles page, select the Windows Deployment Services check box, and then
click Next.
6. On the Overview of Windows Deployment Services page, click Next.
7. On the Select Role Services page, click Next.
8. On the Confirm Installation Selections page, click Install.
9. On the Installation Results page, click Close.
10. Close Server Manager.
Task 4: Configure Windows Deployment Services
1. Click Start, point to Administrative Tools, and then click Windows Deployment Services.
2. In the console tree, expand Servers.
3. Right-click NYC-SVR2.Contoso.com, and then click Configure Server.
4. In the Windows Deployment Services Configuration Wizard, click Next.
5. On the Remote Installation Folder Location page, click Next.
6. In the System Volume Warning dialog box, click Yes.
7. On the DHCP Option 60 page, select the Do not listen on port 67 and Configure DHCP option 60
to PXEClient check boxes and then click Next.
8. On the PXE Server Initial Settings page, click Respond to all (known and unknown) client
computers, and then click Next.
9. On the Operation Complete page, clear the Add images to the server now check box, and then
click Finish.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Using Microsoft Windows Deployment Services to Deploy Windows Server L3-3
Exercise 2: Creating Operating System Images with Windows Deployment
Services
Task 1: Add a Windows Preinstallation Environment (Windows PE) boot image
1. In Windows Deployment Services, in the console tree, expand
NYC-SVR2.Contoso.com.
2. Right-click Boot Images, and then click Add Boot Image.
3. In the Add Image Wizard, on the Image File page, click Browse.
4. In the Select Windows Image (WIM) File dialog box, in the File name box, type C:\Program
Files\Windows AIK\Tools\PETools\x86\winpe.wim.
5. On the Image File page, click Next.
6. On the Image Metadata page, click Next.
7. On the Summary page, click Next.
8. On the Task Progress page, click Finish.
9. Minimize Windows Deployment Services.
Results: After this exercise, you should have installed and configured the Windows Deployment
Services role.
Task 2: Use WDSUtil to add a boot image
1. Click Start and in the Search box, type cmd, and then press ENTER.
2. At the command prompt, type the following command and then press ENTER:
wdsutil /progress /add-image /imagefile:"E:\labfiles\mod02\boot.wim" /imagetype:boot
/name:"Microsoft Windows Setup (x64)"
3. At the command prompt, type the following command and then press ENTER.
exit
4. Maximize Windows Deployment Services.
5. In Windows Deployment Services, in the console tree, right-click
NYC-SVR2.Contoso.com, and then click Refresh.
6. Expand NYC-SVR2.Contoso.com, and then click Boot Images.
Question: How many boot images are listed?
Answer: Two
Task 3: Create a Capture Image
1. In Windows Deployment Services, in the Details pane, right-click Microsoft Windows Setup (x64),
and then click Create Capture Image.
2. In the Create Capture Image Wizard, in the Location and filename box, type
E:\labfiles\mod03\capture_image.WIM, and then click Next.
Note: This can take around ten minutes.
3. On the Task Progress page, select the Add image to the Windows Deployment Server now check
box, and then click Finish.
4. On the Image File page, click Next.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L3-4 Lab: Using Microsoft Windows Deployment Services to Deploy Windows Server

5. On the Image Metadata page, in the Image name box, type Contoso Capture (x64).
6. In the Image description box, type Contoso Capture (x64) and then click Next.
7. On the Summary page, click Next.
8. On the Task Progress page, click Finish.
Task 4: Add an install image
1. In Windows Deployment Services, in the console tree, right-click Install Images, and then click Add
Image Group.
2. In the Add Image Group dialog box, in the Enter a name for the image group field, type
Windows Server 2008 R2, and then click OK.
3. In the console tree, right-click Windows Server 2008 R2, and then click Add Install Image.
4. In the Add Image Wizard, on the Image File page, click Browse.
5. In the File name box, type E:\labfiles\mod02\ install.wim and then click Open.
6. On the Image File page, click Next.
7. On the Available Images page, clear all checkboxes except Windows Server 2008 R2
SERVERENTERPRISECORE, and then click Next.
8. On the Summary page, click Next.
Note: This can take around twenty minutes.
9. On the Task Progress page, click Finish.
10. Minimize Windows Deployment Services.
Results: After this exercise, you should have installed the necessary operating system images to begin
deployment of branch servers.
Exercise 3: Using an Unattended File with Windows Deployment Services
Task 1: Configure Windows Deployment Services Unattended file
1. Click Start, and then click Computer.
2. In Computer, double-click Allfiles (E:), double-click Labfiles, and then double-click Mod03.
3. Right-click WDSClientUnattend.xml and then click Edit.
4. Locate each of the following parts of the file and verify the indicated text.
<Username>Administrator</Username>

<Domain>Contoso.com</Domain>

<Password>Pa$$w0rd</Password>

<ImageName>Windows Server 2008 R2 SERVERENTERPRISECORE</ImageName>

<ImageGroup>Windows Server 2008 R2</ImageGroup>

5. On the File menu click Save.
6. Close Notepad.
7. Copy WDSClientUnattend to C:\RemoteInstall\WdsClientUnattend\.
8. Close Windows Explorer.
9. Maximize Windows Deployment Services.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Using Microsoft Windows Deployment Services to Deploy Windows Server L3-5
10. In the console tree, right-click NYC-SVR2.Contoso.com, and then click Properties.
11. In the NYC-SVR2 Properties dialog box, click the Client tab.
12. Select Enable unattended installation.
13. Next to x64 architecture, click the Browse button.
14. In the Choose Unattend File dialog box, double-click the WdsClientUnattend folder.
15. Click WDSClientUnattend.xml, and then click Open.
Task 2: Enable Client Unattend
1. In the NYC-SVR2 Properties dialog box, click the Boot tab.
2. Under Default boot image (optional), adjacent to x64 architecture, click Select.
3. In the Select Default Boot Image dialog box, click Microsoft Windows Setup (x64), and then click
OK.
4. In the NYC-SVR2 Properties dialog box, click OK.
5. In the console tree, click Windows Server 2008 R2.
6. In the Details pane, right-click Windows Server 2008 R2 SERVERENTERPRISECORE, and then click
Properties.
7. In the Image Properties dialog box, click Allow image to install in unattended mode.
8. Click Select File.
9. In the Select Unattend File dialog box, click Browse.
10. In the File name box, type E:\LabFiles\Mod03\WDSClientUnattend.xml and then click Open.
11. In the Select Unattend File dialog box, click OK.
12. In the Image Properties dialog box, click OK.
Results: After this exercise, you should have enabled unattended installation.
Exercise 4: Configuring Custom Computer Naming
Task 1: Configure Automatic Naming
1. In Windows Deployment Services, in the console tree, right-click
NYC-SVR2.Contoso.com, and then click Properties.
2. Click the AD DS tab.
3. In the Format box, type BRANCH-SVR-%02#.
4. Under Computer Account Location, click The following location, and then click Browse.
5. In the Browse for a Directory Service Folder dialog box, expand Contoso, click Research, and then
click OK.
6. In the NYC-SVR2 Properties dialog box, click OK.
Task 2: Configure Admin Approval
1. In Windows Deployment Services, in the console tree, right-click
NYC-SVR2.Contoso.com, and then click Properties.
2. Click the PXE Response tab.
3. Select the Require administrator approval for unknown computers check box. Change the PXE
Response Delay to 3 seconds and then click OK.
4. Click Start and in the Search box, type cmd, and then press ENTER.
5. At the command prompt, type the following command and then press ENTER.
WDSUTIL /Set-Server /AutoAddPolicy /Message:The Contoso administrator is authorizing
this request. Please wait.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L3-6 Lab: Using Microsoft Windows Deployment Services to Deploy Windows Server

6. Close the Command Prompt.
Task 3: Configure Active Directory Domain Services (AD DS) permissions
1. Switch to the NYC-DC1 computer.
2. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
3. In Active Directory Users and Computers, expand Contoso.com, right-click Research and then click
Delegate Control.
4. In Delegation of Control Wizard, click Next.
5. On the Users or Groups page, click Add.
6. In the Select Users, Computers, or Groups dialog box, click Object Types.
7. In the Object Types dialog box, select the Computers check box and then click OK.
8. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select
box, type NYC-SVR2, click Check Names and then click OK.
9. On the Users or Groups page, click Next.
10. On the Tasks to Delegate page, click Create a custom task to delegate and then click Next.
11. On the Active Directory Object Type page, click Only the following objects in the folder, select
the Computer objects check box, select the Create selected objects in this folder check box, and
then click Next.
12. On the Permissions page, in the Permissions list, select the Full Control check box, and then click
Next.
13. On the Completing the Delegation of Control Wizard page, click Finish.
Results: After this exercise, you should have configured automatic naming for Windows Deployment
Services deployments.
Exercise 5: Deploying Images with Windows Deployment Services
Task 1: Configure Windows Deployment Services Server for Multicast transmission
1. Switch to the NYC-SVR2 computer.
2. In Windows Deployment Services, in the console tree, right-click Multicast Transmissions, and then
click Create Multicast Transmission.
3. In the Create Multicast Transmission Wizard, on the Transmission Name page, in the Type a name
for this transmission field, type Windows Server 2008 R2 Branch Servers, and click Next.
4. On the Image Selection page, in the Select the image group that contains the image list, click
Windows Server 2008 R2.
5. In the Name list, click Windows Server 2008 R2 SERVERENTERPRISECORE and then click Next.
6. On the Multicast Type page, verify that Auto-Cast is selected, and then click Next.
7. Click Finish.
Task 2: Configure the client for Pre-Boot Execution Environment (PXE) Booting
1. On the host computer, switch to Hyper-V Manager.
2. In the Virtual Machines list, right click 6418C-NYC-BLANK, and then click Settings.
3. In the Settings for 6418C-NYC-BLANK dialog box, click BIOS.
4. In the results pane, click Legacy Network adapter.
5. Use the arrows to move Legacy Network adapter to the top of the list and then click OK.
6. In Hyper-V Manager, click 6418C-NYC-BLANK, and in the Actions pane, click Start.
7. In the Actions pane, click Connect.
8. When the computer reboots, note the PXE DHCP notice. When prompted, press F12 for Network
Boot.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Using Microsoft Windows Deployment Services to Deploy Windows Server L3-7
Question: Do you see the admin approval message?
Answer: Yes.
9. Switch to the NYC-SVR2 computer.
10. In Windows Deployment Services, click Pending Devices.
11. Right-click the pending request and click Approve.
12. In the Pending Device dialog box, click OK.
13. Switch to the NYC-BLANK computer.
Question: Which image is the default?
Answer: Microsoft Windows Setup (x64)
Question: Does setup start?
Answer: Yes
14. Switch to NYC-DC1.
15. In Active Directory Users and Computers, in the Research folder, click Refresh.
Question: Can you see a new computer object?
Answer: Yes
Question: What is it called?
Answer: BRANCH-SVR-01
Note: You can let the installation proceed if you wish, but this is not required.

Results: After this exercise, you should have started the automated deployment process for a new
branch server.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-BLANK and 6418C-NYC-SVR2.
5. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next modules lab, click 6418C-NYC-DC1, and then in the
Actions pane, click Connect.
Important: Start the 6418C-NYC-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
7. Wait for 6418C-NYC-DC1 to start, and then start 6418C-NYC-SVR2. Connect to the virtual machine.




New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L3-8 Lab: Using Microsoft Windows Deployment Services to Deploy Windows Server


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Implementing the Microsoft Deployment Toolkit L4-1
Module 4: Implementing the Microsoft Deployment Toolkit
Lab: Implementing the Microsoft Deployment
Toolkit
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR2.
Exercise 1: Configuring Microsoft Deployment Toolkit (MDT 2010)
Task 1: Create a Deployment Share in Deployment Workbench
1. Switch to the NYC-SVR2 computer.
2. Click Start, point to All Programs, click Microsoft Deployment Toolkit, and then click Deployment
Workbench.
3. In the Deployment Workbench console tree, click Deployment Shares.
4. Right-click Deployment Shares, and then click New Deployment Share.
5. In the New Deployment Share Wizard, on the Path page, click Next.
6. On the Share page, click Next.
7. On the Descriptive Name page, in the Deployment share description box, type Contoso
Deployment Share, and then click Next.
8. On the Allow Image Capture page, clear the Ask if an image should be captured check box, and
then click Next.
9. On the Allow Admin Password page, click Next.
10. On the Allow Product Key page, click Next.
11. On the Summary page, click Next.
12. On the Confirmation page, click Finish.
Task 2: Mount the Windows Server product DVD
1. On your host computer, in the 6418C-NYC-SVR2 on localhost Virtual Machine Connection
dialog box, on the Media menu, point to DVD Drive and then click Insert Disk.
2. In the Open dialog box, in the File name box, type C:\Program Files
\Microsoft Learning\6418\Drives\WServer2008R2_Eval.iso and then click Open.
3. In the 6418C-NYC-SVR2 virtual machine, close the AutoPlay dialog box.
Task 3: Add an operating system in Deployment Workbench
1. In the Deployment Workbench console tree, expand Deployment Shares, expand Contoso
Deployment Share (C:\DeploymentShare), and then click Operating Systems.
2. Right-click Operating Systems, and then click Import Operating System.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L4-2 Lab: Implementing the Microsoft Deployment Toolkit
3. In the Import Operating System Wizard, on the OS Type page, click Full set of source files and then
click Next.
4. On the Source page, click Browse.
5. In the Browse For Folder dialog box, expand Computer, click DVD Drive (D:), and then click OK.
6. On the Source page, click Next.
7. On the Destination page, in the Destination directory name box, verify that Windows Server
2008 R2 x64 appears, and then click Next.
8. On the Summary page, click Next.
Note: This operation can take around fifteen minutes.
9. On the Confirmation page, click Finish.
Note: In the Details pane of Deployment Workbench, multiple Windows Server 2008 R2 operating
systems are listed.

Results: After this exercise, you should have added an operating system to MDT 2010.
Exercise 2: Creating and Customizing a Task Sequence
Task 1: Create a task sequence in Deployment Workbench
1. In the Deployment Workbench console tree, right-click Task Sequences, and then click New Task
Sequence.
2. In the New Task Sequence Wizard, on the General Settings page, in the Task sequence ID box, type
1.
3. In the Task sequence name box, type Deploy WS08 F&P Server, and then click Next.
4. On the Select Template page, in the list, click Standard Client Task Sequence, and then click Next.
5. On the Select OS page, click Windows Server 2008 R2 SERVERENTERPRISE in Windows Server
2008 R2 x64 install.wim and then click Next.
6. On the Specify Product Key page, click Do not specify a product key at this time, and then click
Next.
7. On the OS Settings page, in the Full Name box, type Authorized User.
8. In the Organization box, type Contoso.
9. In the Internet Explorer Home Page box, type contoso.com, and then click Next.
10. On the Admin Password page, in the Administrator Password box, type Pa$$w0rd.
11. In the Please confirm Administrator Password box, type Pa$$w0rd, and then click Next.
12. On the Summary page, click Next.
13. On the Confirmation page, click Finish.
Task 2: Customize a task sequence in Deployment Workbench
1. In the Deployment Workbench console tree, click Task Sequences.
2. In the Details pane, right-click Deploy WS08 F&P Server, and then click Properties.
3. In the Deploy WS08 F&P Server Properties dialog box, click the Task Sequence tab.
4. In the Task Sequence list, click Apply Network Settings.
5. Click the New Item button.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Implementing the Microsoft Deployment Toolkit L4-3
Note: The New Item button is a yellow star on the Properties pane.
6. In the Network Settings dialog box, in the Name box, type LAN Connection.
7. Click Use the following IP address.
8. Click the New IP Address button in the Network Settings section.
Note: The New IP Address button is a yellow star.
9. In the TCP/IP Address dialog box, in the IP address box, type 10.10.10.30.
10. In the Subnet mask box, type 255.255.0.0, and then click Add.
11. In the Gateway Settings section, click the New Gateway Settings button.
Note: The New Gateway Address button is a yellow star.
12. The TCP/IP Gateway Address dialog box appears.
13. In the Gateway box, type 10.10.10.1, and then click OK.
14. Click the DNS tab.
15. Select Use the following DNS Servers.
16. Click the New DNS Server button.
Note: The New DNS Server button is a yellow star.
17. In the TCP/IP DNS Server dialog box, in the DNS server box, type 10.10.10.10, and then click Add.
18. Confirm that Register this connection's address in DNS is selected, and then click OK.
19. In the Deploy WS08 F&P Server Properties dialog box, click OK.
Results: After this exercise, you should have created a task sequence.
Exercise 3: Configuring the Deployment Share
Task: Configure the Deployment Share in Deployment Workbench
1. Right-click Contoso Deployment Share (C:\DeploymentShare) and then click Properties.
2. Clear the x86 check box, and then click the Windows PE x64 Components tab.
3. Under Driver Injection, select the Include all video drivers in the selection profile and Include all
system-class drivers in the selection profile check boxes, and then click OK.
4. In the Details pane of the Deployment Workbench, right-click Contoso Deployment Share
(C:\DeploymentShare), and then click Update Deployment Share.
5. In the Update Deployment Share Wizard, on the Options page, click Next.
6. On the Summary page, click Next.
Note: This operation can take around 25 minutes. Please move on to Exercise 4 while this operation
completes.

New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L4-4 Lab: Implementing the Microsoft Deployment Toolkit
Results: After this exercise, you should have configured the deployment share.
Exercise 4: Performing a Lite-Touch Deployment
Task 1: Install the Windows Deployment Services role
1. Switch to the NYC-SVR2 computer.
2. Click Start, point to Administrative Tools, and then click Server Manager.
3. In the Roles Summary section, click Add Roles.
4. In the Add Roles Wizard, click Next.
5. On the Select Server Roles page, select the Windows Deployment Services check box, and then
click Next.
6. On the Overview of Windows Deployment Services page, click Next.
7. On the Select Role Services page, click Next.
8. On the Confirm Installation Selections page, click Install.
9. On the Installation Results page, click Close.
10. Close Server Manager.
Task 2: Configure the Windows Deployment Services role
1. Click Start, point to Administrative Tools, and then click Windows Deployment Services.
2. In the console tree, expand Servers.
3. Right-click NYC-SVR2.Contoso.com, and then click Configure Server.
4. In the Windows Deployment Services Configuration Wizard, click Next.
5. On the Remote Installation Folder Location page, click Next.
6. In the System Volume Warning dialog box, click Yes.
7. On the DHCP Option 60 page, select the Do not listen on port 67 and Configure DHCP option 60
to PXEClient check boxes, and then click Next.
8. On the PXE Server Initial Settings page, click Respond to all client computers (known and
unknown), and then click Next.
9. On the Operation Complete page, clear the Add images to the server now check box, and then
click Finish.
10. Switch back to the Update Deployment Share Wizard.
Note: You must wait until the update is completed before moving to step 11.
11. On the Completion page, click Finish.
12. Click Start, and then click Computer.
13. Double-click Local Disk (C:), double-click DeploymentShare, and then double-click Boot.
14. Verify that LiteTouchPE_x64.wim is present.
15. Close Windows Explorer.
16. Close Deployment Workbench.
Task 3: Add a Windows Preinstallation Environment (Windows PE) boot image
1. In Windows Deployment Services, in the console tree, expand
NYC-SVR2.Contoso.com.
2. Right-click Boot Images, and then click Add Boot Image.
3. In the Add Image Wizard, on the Image File page, click Browse.
4. In the Select Windows Image (WIM) File dialog box, in the File name box, type
C:\DeploymentShare\boot\LiteTouchPE_x64.wim and then click Open.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Implementing the Microsoft Deployment Toolkit L4-5
5. On the Image File page, click Next.
6. On the Image Metadata page, click Next.
7. On the Summary page, click Next.
8. On the Task Progress page, click Finish.
9. Close Windows Deployment Services.
Task 4: Configure the client for Pre-Boot Execution Environment (PXE) Booting
1. On the host computer, switch to Hyper-V Manager.
2. In the Virtual Machines list, right click 6418C-NYC-BLANK, and then click Settings.
3. In the Settings for 6418C-NYC-BLANK dialog box, click BIOS.
4. In the results pane, click Legacy Network adapter.
5. Use the arrows to move Legacy Network adapter to the top of the list and then click OK.
6. In Hyper-V Manager, click 6418C-NYC-BLANK, and in the Actions pane, click Start.
7. In the Actions pane, click Connect.
8. When the computer reboots, note the PXE DHCP notice. When prompted, press F12 for Network
Boot. (Note: You need to press F12 quickly.)
Task 5: Perform a Lite-Touch installation
1. Allow the boot process to complete.
2. The Welcome Windows Deployment window appears.
3. Click Run the Deployment Wizard to install a new operating system.
4. In the User Credentials dialog box, in the User Name box, type administrator.
5. In the Password box, type Pa$$w0rd.
6. In the Domain box, type contoso, and then click OK.
7. In the Windows Deployment Wizard, select Deploy WS08 F&P Server and then click Next.
8. On the Configure the computer name page, in the Computer name box, type NYC-SVR3, and
then click Next.
9. On the Join the computer to a domain or workgroup page, click Join a domain.
10. In the Domain box, type contoso, and then click Next.
11. On the Language and other preference page, click Next.
12. On the Set the Time Zone page, click Next.
13. On the Specify the BitLocker configuration page, click Next.
14. On the Ready to begin page, click Begin.
Note: This operation can take around 40 minutes or more to complete. It is optional to allow the
installation to complete.
Task 6: Validate Lite-Touch deployment (optional)
1. When installation is complete, the computer restarts and you are automatically logged on; the Lite-
touch installation proceeds after logon.
2. In the Deployment Summary window, click Finish.
Question: In Initial Configuration Tasks, what is the IPv4 address?
Answer: 10.10.10.30
Question: What is the computer name?
Answer: NYC-SVR3.Contoso.com
3. Click Start, and then click Internet Explorer.
4. In Set Up Windows Internet Explorer 8, click Ask me later.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L4-6 Lab: Implementing the Microsoft Deployment Toolkit
5. In Internet Explorer, on the toolbar, click the Home button.
6. Verify that the Internet Explorer

home page is set to Contoso.com.


Results: After this exercise, you should have deployed Windows Server 2008 R2.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6418C-NYC-DC1 in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 6418C-NYC-BLANK and 6418C-NYC-SVR2.
5. In the Virtual Machines pane, click 6418C-LON-DC1, and then in the Actions pane, click Start.
6. To connect to the virtual machine for the next modules lab, click
6418C-LON-DC1, and then in the Actions pane, click Connect.
Important: Start the 6418C-LON-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
7. Wait for 6418C-LON-DC1 to start, and then start 6418C-LON-SVR1. Connect to the virtual machine.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Migrating Active Directory Directory Service L5-1
Module 5: Migrating Active Directory Directory Service
Lab: Migrating Active Directory Directory
Service
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager click 6418C-LON-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-LON-SVR1.
Exercise 1: Preparing the Existing Forest for the New Domain Controller
Task: Run the ADPREP command to prepare the existing forest
1. On the host computer, click Start, select Administrative Tools and click Hyper-V Manager.
2. Right-click 6418C-LON-DC1 and then click Settings.
3. Click DVD Drive, and then in the right pane select Image file, and then click Browse.
4. Browse to C:\Microsoft Learning\6418\Drives and then select WServer2008R2_Eval.iso. Click
Open. Click OK to close the Settings for 6418C-LON-DC1 dialog box.
5. On LON-DC1, click OK to close the Windows Setup prompt. Click Start, click Run, and then type
cmd.exe. Press ENTER.
6. In the command prompt, type the following commands followed by the ENTER key:
D:
Cd \support\adprep
Adprep32 /forestprep
C
Adprep32 /domainprep /gpprep
Results: After this exercise, you should have prepared the A. Datum Corporation forest for the addition
of a Windows Server 2008 R2 domain controller.
Exercise 2: Deploying a Windows Server 2008 R2 Domain Controller
Task: Promote a Windows Server 2008 R2 server to a domain controller
1. On LON-SVR1, click Start, click Run, and then type dcpromo.exe. Click OK.
2. On the Welcome page and the Operating System Compatibility page, click Next. On the Choose
a Deployment Configuration page, click Existing forest, click Add a domain controller to an
existing domain, and then click Next.
3. On the Network Credentials page, ensure that Adatum.com is listed in the text box and then click
Next.
4. On the Select a Domain page, select Adatum.com, and then click Next. Click Yes at the prompt.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L5-2 Lab: Migrating Active Directory Directory Service

5. On the Select a Site page, click Next.
6. On the Additional Domain Controller Options page, select DNS server and Global catalog, and
then click Next. Click Yes at the prompt.
7. On the Location for Database, Log Files, and SYSVOL page, click Next.
8. On the Directory Services Restore Mode Administrator Password page, type Pa$$w0rd in both
the Password and Confirm password boxes. Click Next.
9. On the Summary page, click Next.
10. On the Completing the Active Directory Domain Services Installation Wizard page, click Finish.
11. Restart LON-SVR1 and then log back on as Adatum\Administrator with the password of
Pa$$w0rd.
Results: After this exercise, you should have promoted LON-SVR1 to domain controller with Global
Catalog and Domain Name System (DNS) Server.
Exercise 3: Removing Legacy Domain Controllers
Task 1: Migrate settings to the new domain controller
1. On LON-SVR1, click Start, click Run, and then type cmd.exe.
2. In the command prompt, type Ntdsutil.exe and press ENTER.
3. Type each of the following commands followed by the ENTER key:
Note: Please click "Yes" when prompted by a Role Transfer Confirmation Dialog window.
roles
connections
connect to server localhost
q
transfer schema master
transfer naming master
transfer pdc
transfer infrastructure master
transfer rid master
q
q
4. If there is an error transferring the roles, wait for five minutes. Then, retry.
Task 2: Remove the legacy domain controller
1. On LON-DC1, click Start, click Run, type dcpromo.exe, and then click OK.
2. On the Welcome page, click Next. Click OK at the prompt.
3. Leave This server is the last domain controller in the domain unchecked and then click Next.
4. Type Pa$$w0rd in both password textboxes. Click Next.
5. On the Summary page, click Next. Wait for the process to complete and then click Finish. Restart
LON-DC1.
Task 3: Change the domain and forest functional levels to support required features
1. On LON-SVR1, click Start, point to Administrative Tools and click Active Directory Domains and
Trusts.
2. Right-click Adatum.com. Click Raise Domain Functional Level.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Migrating Active Directory Directory Service L5-3
3. In the drop-down list, select Windows Server 2008 R2. Click Raise. Click OK at the prompt. Click OK
at the second prompt.
4. Right-click Active Directory Domains and Trusts. Click Raise Forest Functional Level.
5. In the drop-down list, select Windows Server 2008 R2, and then click Raise. Click OK at the prompt.
Click OK at the second prompt.
Results: After this exercise, you should have removed the legacy domain controller from
Adatum.com and elevated the forest functional level to Windows Server 2008 R2.
Exercise 4: Enabling New Windows Server 2008 R2 Domain Features
Task 1: Enable Active Directory Domain Service (AD DS) replication with DFSRMIG
1. On LON-SVR1, click Start, click Run, and then type cmd.exe.
2. Type the following commands followed by the ENTER key:
Dfsrmig /getGlobalState
dfsrmig /setGlobalState 1
dfsrmig /getMigrationState
dfsrmig /setGlobalState 2
dfsrmig /setGlobalState 3
dfsrmig /getGlobalState
Task 2: Enable Active Directory Recycle Bin
1. On LON-SVR1, click Start, point to Administrative Tools, right-click Windows PowerShell Modules
and select Run as Administrator.
2. Type the following cmdlet and then press ENTER:
Enable-ADOptionalFeature Identity CN=Recycle Bin Feature,CN=Optional
Features,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=adatum,DC=com Scope ForestOrConfigurationSet
Target adatum.com
3. Type Y and then press ENTER. Wait for the process to complete.
Results: In this exercise, you enabled SYSVOL DFS Replication and the Active Directory Recycle Bin.
Lab Shutdown
After you complete the lab, you must shut down the virtual machines.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. In the Virtual Machines pane, click 6418C-NYC-DC1, and then in the Actions pane, click Start.
5. To connect to the virtual machine for the next modules lab, click 6418C-NYC-DC1, and then in the
Actions pane, click Connect.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L5-4 Lab: Migrating Active Directory Directory Service

Important: Start the NYC-DC1 virtual machine first, and ensure that it is fully started before starting
the other virtual machines.
6. Wait for NYC-DC1 to start, and then start 6418C-NYC-SRV1. Connect to the virtual machine.


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Migrating Windows Server 2003 File and Print Services L6-1
Module 6: Migrating File, Print and Web Services
Lab A: Migrating Windows Server

2003 File
and Print Services
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR1 and 6418C-NYC-SVR2.
Exercise 1: Installing the Appropriate Tools to Enable Migration of File and Print
Services
Task 1: Install File and Print Server roles on Windows Server 2008 R2
1. On NYC-SVR2, start the Server Manager.
2. Click on Roles on the Navigation Tree.
3. Click Add Roles in the Working pane and then on the Before You Begin page, click Next.
4. Select the Print and Document Services server role, and click Next.
5. On the Print and Document Services page, click Next.
6. On the Select Role Services page, ensure that the check box next to Print Server is selected and
then click Next.
7. On the Confirm Installation Selections page, click Install and then click Close.
8. In the Roles pane, scroll down and under File Services click Add Role Services. On the Select Role
Services page, ensure that File Server is selected and then select the check box next to Distributed
File System. Click Next.
9. On the Create a DFS Namespace page, select Create a namespace later using the DFS
Management snap-in in Server Manager. Click Next.
10. On the Confirm Installation Selections page, click Install. Wait for the services to be completely
installed and then click Close. Close Server Manager.
Task 2: Configure Distributed File System (DFS) to support migration
1. On NYC-SVR1, click on Start, and then click Command Prompt.
2. Run the following command and then press ENTER:
DFSUtil.exe /server:NYC-SVR1 /view
3. Write down the namespaces that are hosted on NYC-SVR1.
4. Run DFSUtil.exe /root:\\contoso\SharedFiles /view.
5. Write down the servers that host the namespace SharedFiles.
6. Run DFSUtil.exe /root:\\contoso\SharedFiles /Export:c:\backupconfig.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L6-2 Lab A: Migrating Windows Server 2003 File and Print Services

Note: It is recommended to add a second namespace server to a single-server namespace to keep its
permissions. If that is not possible, the permissions should be noted as above.
A full backup of the server is recommended, as well as a System State backup of a domain controller
for a namespace integrated in Active Directory Domain Services (AD DS).

Results: After this exercise, you should have installed the File Services and Print Services roles on
NYC-SVR2. Also, you have prepared NYC-SVR1 for migration.
Exercise 2: Enabling Windows Server Migration Tools
Task 1: Install the Windows Server Migration Tools
1. On NYC-SVR2, open Server Manager.
2. Click Features on the Navigation Tree.
3. In the results pane, click Add Features.
4. Select Windows Server Migration Tools and then click Next.
5. Click Install.
6. Wait for the installation to finish and then click Close. Close Server Manager.
Task 2: Create a deployment package for NYC-SVR1
1. On NYC-SVR2, click Start, click Run and type cmd.exe. Press ENTER.
2. Type cd \ and then press ENTER.
3. Type md Migration and then press ENTER.
4. Type cd %windir%\System32\ServerMigrationTools and then press ENTER.
5. Run SmigDeploy.exe /package /architecture X86 /os WS03 /path C:\Migration and then press
ENTER.
Task 3: Register Windows Server Migration Tools on NYC-SVR1
1. On NYC-SVR1, click on Start, and then click Run and type \\NYC-SVR2\C$. Click OK.
2. Right click on the Migration folder and click Copy.
3. Browse to C:\ and paste the folder.
4. Click on Start, and then click Command Prompt.
5. Type cd \Migration\SMT_ws03_x86 and then press ENTER.
6. Run smigdeploy.exe.
7. Wait for the tools to be installed.
8. Close all open windows.
Results: After this exercise, you should have installed the Windows Server Migration Tools feature on
NYC-SVR2 and registered them on NYC-SVR1.
Exercise 3: Migrating File Services
Task 1: Export local users and groups from NYC-SVR1
1. On NYC-SVR1, click Start, point to Administrative Tools, point to Windows Server Migration
Tools, and then click Windows Server Migration Tools.
2. In the Windows Server Migration Tools window, run the following command. When prompted for the
password type Pa$$w0rd.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Migrating Windows Server 2003 File and Print Services L6-3
Export-SmigServerSetting -User All -Group -Path C:\Migration\UsersGroups Verbose
Task 2: Import local users and groups to NYC-SVR2
1. On NYC-SVR2, click Start, click Run and type \\NYC-SVR1\C$ and then press ENTER.
2. Right click on the Migration folder and click Copy.
3. Browse to C:\ and paste the folder. Overwrite the existing folder.
4. Click Start, point to Administrative Tools, point to Windows Server Migration Tools, right-click
on Windows Server Migration Tools, and click on Run as administrator.
5. On the Administrator:Windows Server Migration Tools window, run the following command and then
press ENTER. When prompted, provide the password Pa$$w0rd.
Import-SmigServerSetting -User All -Group -Path C:\Migration\UsersGroups Verbose
Task 3: Migrate data from NYC-SVR1 to NYC-SVR2
1. On NYC-SVR2, in the Administrator:Windows Server Migration Tools window, run Receive-
SmigServerData. When prompted for the password type Pa$$w0rd. This will prepare the server to
receive data from NYC-SVR1. Leave the command running and follow the next step.
2. On NYC-SVR1 run the following command in the Microsoft Windows PowerShell screen. When
prompted for the password, type Pa$$w0rd:
Send-SmigServerData -ComputerName NYC-SVR2 -SourcePath C:\Files -DestinationPath
C:\Files -Recurse -Include All Force
3. On NYC-SVR2, open Windows Explorer and Browse to C:\.
4. Right-click the Files folder, point to Share with, and then click Specific People.
5. In the drop-down menu, click Everyone. Click Add and then click Share. Click Done.
6. On NYC-SVR1, click Start, point to Administrative Tools, and then click Distributed File System.
7. Right-click Contoso.com\SharedFiles and then click New Root Target.
8. On the Host Server page, type NYC-SVR2.Contoso.com and then click Next. Click Finish.
9. Close the Distributed File System console.
Task 4: Rename NYC-SVR2 to NYC-SVR1
1. On NYC-SVR1, click Start, right-click My Computer and click Properties.
2. Click the Computer Name tab and change the computer name to NYC-OLD. When prompted,
provide Contoso\Administrator with the password of Pa$$w0rd.
3. Shutdown NYC-OLD.
4. On NYC-SVR2, click Start, right-click Computer and click Properties.
5. Click Advanced system settings.
6. Click the Computer Name tab and then change the computer name to
NYC-SVR1.
7. Restart the computer and log back on as Administrator with the password of Pa$$w0rd.
Results: In this exercise, you migrated the File Server and Printer Server role settings to NYC-SVR2.
Then, NYC-SVR1 was renamed to retire it in the future and NYC-SVR2 was renamed to take its place.
Exercise 4: Verifying the Successful Migration of File and Print Services
Task 1: Verify that the data and printer are successfully migrated
1. On NYC-SVR2 (now NYC-SVR1), click Start, click Run and type cmd.exe and then click OK.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L6-4 Lab A: Migrating Windows Server 2003 File and Print Services

2. Run net user to get a list of all local users.
3. Run net localgroup to get a list of all local groups.
4. Click Start, point to Administrative Tools and then click DFS Management.
5. Expand Namespaces and then click \\contoso.com\sharedfiles.
6. Click the Namespace Servers tab.
7. Right-click the entry with the path of \\NYC-SVR2 and then click Delete. Click Yes and then click OK.
Click Close.
8. Close DFS Management.
9. Click Start, and then click Devices and Printers.
10. Verify that Printer1 exists and is shared.
Results: In this exercise, you checked if the services have migrated successfully to the new server.
To prepare for Lab B
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for every virtual machine used in this Lab.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Migrating Windows Server 2003 File and Print Services L6-5
Lab B: Migrating a Web Application to
Windows Server 2008 R2 and Internet
Information Services (IIS) 7.0
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-SVR1 and 6418C-NYC-SVR2.
Exercise 1: Install the Web Server (IIS) Role with the Required Components
Task 1: Install Web Server (IIS) role
1. On NYC-SVR2, start Server Manager.
2. Click Roles on the Navigation Tree.
3. Click Add Roles on the Working pane and click Next.
4. Select Web Server (IIS) and click Next. At the introduction page, click Next.
5. Select IIS 6 Management Compatibility and click Next. Click Install.
6. Wait for the services to be completely installed and then click Close.
Note: In this case, it is not necessary to install the Microsoft .NET Framework 1.1, but that might be
a requirement in a real environment. Other Internet Information Services (IIS) components can be
needed also, depending on the application.
A full backup of the destination server is recommended before installing IIS.

Results: After this exercise, you should have installed the Web Server (IIS) role on NYC-SVR2.
Exercise 2: Installing the Microsoft Web Deployment Tool
Task 1: Install Microsoft Web Deployment Tool on NYC-SVR2
1. On NYC-SVR2, start Windows Explorer.
2. Browse to E:\Labfiles\Mod06.
3. Double-click to run WebDeploy_x64_en-US to install the tool.
4. On the Choose Setup Type page, click Typical.
5. Click Install to complete the installation. Click Finish.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L6-6 Lab A: Migrating Windows Server 2003 File and Print Services

Task 2: Install Microsoft Web Deployment Tool on NYC-SVR1 with Remote Service
1. On NYC-SVR1, start Windows Explorer.
2. Browse to \\NYC-SVR2\E$\Labfiles\Mod06.
3. Double-click to run WebDeploy_x86_en-US to install the tool.
4. On the Choose Setup Type page, click Custom.
5. On the Custom Setup page, click the drop-down arrow next to Remote Agent Service and then
click Will be installed on local hard drive.
6. Click Next and then click Install to complete the installation. Click Finish when the setup is complete.
7. Open a command prompt and type net start msdepsvc and then press ENTER to start the Remote
agent service.
Results: After this exercise, you should have installed the Microsoft Web Deployment Tool on NYC-
SVR2 and NYC-SVR1, and have enabled Remote Services on NYC-SVR1.
Exercise 3: Migrating Web Services to Windows Server 2008 R2
Task 1: Run the msdeploy command to do a pull migration of the Intranet Web site
1. On NYC-SVR2, click Start, click Run and type cmd.exe. Click OK.
2. Go to the Microsoft Web Deployment Tool directory by running the following command followed by
the ENTER key:
cd %programfiles%\IIS\Microsoft Web Deploy
3. Type the following command followed by the ENTER key:
msdeploy -verb:sync -source:metakey=lm/w3svc/1,computername=NYC-SVR1 -
dest:metakey=lm/w3svc/1
4. Wait for the migration to complete.
5. Shut down NYC-SVR1.
Note: You could add whatif at the end of the command to see what would happen if the command
was executed.
Task 2: Modify the Intranet DNS record
1. On NYC-DC1 click Start, point to Administrative Tools and then click DNS.
2. On the Navigation pane, expand Forward Lookup Zones and then click Contoso.com.
3. Double-click the record named Intranet and modify the target host to be
nyc-svr2.contoso.com. Click OK.
Results: In this exercise, you migrated the Intranet Web site to NYC-SVR2. You also modified the
Domain Name System (DNS) record that points to intranet.contoso.com.
Exercise 4: Verifying the Successful Migration
Task: Verify that the Internet Web site has been migrated successfully
1. On NYC-DC1 start Internet Explorer.
2. In the address bar, type http://intranet.contoso.com.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Migrating Windows Server 2003 File and Print Services L6-7
3. The Intranet Web site appears in the browser.
Results: In this exercise, you checked if the Web site has migrated successfully to the new server.
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for every virtual machine used in this Lab.


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L6-8 Lab A: Migrating Windows Server 2003 File and Print Services





New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Deploying a Read-Only Domain Controller to a Branch Office L7-1
Module 7: Deploying Branch Office and Remote Access Services
Lab A: Deploying a Read-Only Domain
Controller to a Branch Office
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-RODC1.
Exercise 1: Enabling the Forest to Support Read-Only Domain Controller
Deployment
Task 1: Prepare the schema and forest to support read-only domain controllers (RODCs)
1. In the Hyper-V Manager console, right-click 6418C-NYC-DC1, and then click Settings.
2. Click the DVD Drive.
3. In the details pane, select Image file, and then click Browse.
4. Browse to C:\Program Files\Microsoft Learning\6418\Drives and select WServer2008R2_Eval.
iso. Click Open and then click OK.
5. On NYC-DC1, close the Autoplay dialog box. Click Start, point to All Programs, click Accessories,
right-click Command Prompt, and then click Run as administrator.
6. At the command prompt, type the following command followed by the ENTER key:
D:\support\adprep\adprep /rodcprep
7. Wait for the command to complete and then close the Command prompt window.
Note: In this case, it is not necessary to run adprep /forestprep or /domainprep because there
already exists a Windows Server 2008 R2 Domain Controller in the domain.

Results: After this exercise, you should have prepared the forest for the installation of RODCs.
Exercise 2: Deploying an RODC Role on Server Core
Task 1: Modify a sample DCPROMO answer file
1. On NYC-RODC1, type notepad, and then press ENTER.
2. Click File, and then click Open. Browse to C:\Tools, and then select dcpromo.txt. Click OK.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L7-2 Lab A: Deploying a Read-Only Domain Controller to a Branch Office

3. Scroll down to ReplicaOrNewDomain and then modify the value after = to ReadOnlyReplica.
4. Scroll down to ReplicaDomainDNSName, and then verify that the value after = is set to
Contoso.com.
5. Verify that the values of InstallDNS and ConfirmGC are both Yes.
6. Click File, and then Save. Close Notepad.
Task 2: Use the answer file to promote the Server Core to RODC
1. On NYC-RODC1, type the following commands:
Cd \Tools
Dcpromo /unattend:dcpromo.txt
2. Wait for the RODC role to be installed. After the reboot, log back on as Contoso\Administrator with
the password of Pa$$w0rd.
Results: After this exercise, you should have installed the RODC role on
NYC-RODC1.
Exercise 3: Creating the Branch Office Site
Task 1: Use Active Directory Domain Services (AD DS) tools to create a new site
1. On NYC-DC1 go to Start, point to Administrative Tools, and then click Active Directory Sites and
Services.
2. In the Active Directory Sites and Services window, right-click Sites, and then click New site.
3. Name the site BellevueBranch, and then select the DefaultIPSiteLink. Click OK. Click OK at the
prompt.
Task 2: Configure site replication
1. On NYC-DC1, in the Active Directory Site and Services console, expand
Inter-Site Transports, and then click IP.
2. Right-click IP, and then click New Site Link.
3. Name the Site-Link WAN-NYC-BEL.
4. Select NewYork and BellevueBranch as Sites in this site link. Click OK.
Task 3: Move the RODC to the new site
1. On NYC-DC1, in the Active Directory Site and Services console, expand NewYork and then expand
Servers.
2. Right-click NYC-RODC1, and then select Move.
3. In the Move Server dialog box, select BellevueBranch, and then click OK.
Task 4: Verify functionality
1. On NYC-DC1, click Start, point to Administrative Tools and then click Active Directory Users and
Computers.
2. Right-click Active Directory Users and Computers, and then click Change Domain Controller.
3. Select NYC-RODC1.Contoso.com from the list, and then click OK.
4. Review the warning message. Click OK.
5. Expand Contoso.com. Right click the Users container. Review that there is no New option.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab A: Deploying a Read-Only Domain Controller to a Branch Office L7-3
Results: In this exercise, you configured the new BellevueBranch site and its link to the central
NewYork site. Then, you moved the RODC to this site so that users can authenticate using it.
Exercise 4: Securing the RODC
Task 1: Configure the password replication policy
1. On NYC-DC1, in the Active Directory Users and Computers console, right-click Active Directory
Users and Computers, and then select Change Domain Controller.
2. Select NYC-DC1.Contoso.com from the list, and then click OK.
3. Expand Contoso.com and then click the Domain Controllers Organizational Unit, right-click NYC-
RODC1, and then select Properties.
4. Click the Password Replication Policy tab.
5. Click Add, select Allow passwords for the account to replicate to this RODC, and then click OK.
6. Type Bellevue Users, and then click OK.
7. Click OK.
Task 2: Configure administration role separation
1. On NYC-DC1, click the Domain Controllers Organizational Unit.
2. Right-click NYC-RODC1, and then select Properties.
3. Click the Managed By tab.
4. Click Change, type Bellevue Admins, and then click OK.
5. Click OK.
Results: In this exercise, you configured the security for the RODC by selecting which users can
manage the RODC and which ones can cache their credentials in it.
Lab Shutdown
Revert 6418C-NYC-RODC1. Keep 6418C-NYC-DC1 running for the next Lab.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L7-4 Lab A: Deploying a Read-Only Domain Controller to a Branch Office

Lab B: Implementing BranchCache
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-CL1 and 6418C-NYC-CL2.
Exercise 1: Configuring BranchCache on a Server
Task: Configure NYC-DC1 as a BranchCache server
1. On NYC-DC1, open Server Manager, and then click Features.
2. In the results pane, click Add Features.
3. Select the BranchCache feature and select the WINS Server feature, and then click Next.
4. Click Install. When the installation is finished, click Close.
5. In Server Manager, click Roles.
6. In the results pane, click Add Roles and then click Next.
7. On the Select Server Roles page, select Web Server (IIS) and then click Next.
8. On the Web Server (IIS) page and the Select Role Services page, click Next.
9. On the Confirm Installation Selections page, click Install.
10. Click Close and then close Server Manager.
11. Click Start, point to All Programs, click Accessories and then click Command Prompt.
12. At the command prompt, type the following command and then press ENTER:
Net Start BranchCache
13. At the command prompt, type the following command and then press ENTER:
Netsh branchcache show status all
14. Verify that the BranchCache service is running and configured.
Results: After this exercise, you should have configured BranchCache on NYC-DC1.
Exercise 2: Configuring BranchCache Distributed Cache Mode
Task: Configure BranchCache client-side settings in Distributed Cache mode
1. Start both 6418C-NYC-CL1 and 6418C-NYC-CL2 and log on to both computers as
Contoso\Administrator with the password of Pa$$w0rd.
2. On NYC-CL1, click Start and then in the search box type CMD. Press ENTER.
3. In the command prompt window, type the following command and then press ENTER:
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab B: Implementing BranchCache L7-5
Netsh branchcache set service mode=DISTRIBUTED
4. At the command prompt, type the following command and then press ENTER:
Netsh branchcache show status all
5. Verify that the BranchCache service is running and configured and then close the command prompt.
6. Repeat steps 2-5 on NYC-CL2.
Results: After this exercise, you should have configured BranchCache client settings.
Exercise 3: Verifying BranchCache Functionality
Task: Use two client computers to verify BranchCache in distributed cache mode
1. On NYC-CL1, click Start, in the search box type perfmon.msc, and then press ENTER.
2. Expand Monitoring Tools, and then click Performance Monitor.
3. In the graphic display, click the red X.
4. Right-click the graph display and then click Add Counters.
5. Under Available counters, click BranchCache and then click Add. Click OK.
6. Click the Change graph type button and change the graph to a Report.
7. Open Internet Explorer and browse to http://NYC-DC1.
8. Press CTRL+F5 to refresh the Browser window.
9. Check in the Performance Monitor graph that Retrieval: Bytes from cache stays in zero and
Retrieval: Bytes from server raises.
10. On NYC-CL2, repeat steps 1-7.
11. On NYC-CL2, check the Performance Monitor graph that Retrieval: Bytes from cache raises.
Results: In this exercise, you checked if BranchCache was working.
Lab Shutdown
To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.


New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L7-6 Lab A: Deploying a Read-Only Domain Controller to a Branch Office



New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
Lab: Migrating Workloads to Microsoft Virtual Machines L8-1
Module 8: Migrating Workloads to Microsoft Virtual Machines
Lab: Migrating Workloads to Microsoft Virtual
Machines
To start the lab, complete the following steps
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager click 6418C-NYC-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. Click the CTRL+ALT+DELETE
button in the top, left corner of the Virtual Machine Connection window.
4. Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5. Repeat these steps for 6418C-NYC-CL1.
Exercise: Planning to Migrate Workloads
Task 1: Examine supporting documentation
1. Review the documentation.
2. Evaluate the servers based on their hardware capabilities. Determine if you need any more
information and ask your instructor to clarify if required.
Task 2: Use the Microsoft Assessment and Planning Toolkit (MAP) to assist
1. On NYC-CL1, click Start, point to All Programs, click Microsoft Assessment and Planning Toolkit,
and then click Microsoft Assessment and Planning Toolkit.
2. After the Microsoft Planning and Assessment Toolkit starts, on the Create or select a database to
use dialog box, select the Use an existing database radio button. Select MapHoldb-03, and then
click OK.
3. Expand Discovery and Readiness, and then review the information that MAP provides.
4. In the left pane, expand Server Consolidation, and then click Performance Metrics Results.
5. Review the collected information.
6. In the left pane, click Server Consolidation. In the center pane under Configure Host and Run
Analysis Engine, click Server Consolidation to launch the wizard.
7. Select Windows Server 2008 R2 Hyper-V (default), and then click Next.
8. Select Use the current hardware configuration, and then click Next.
9. Select Intel as the manufacturer, and then click Next.
10. Click Next to revisit the default storage configuration.
11. Click Next to revisit the default network and memory configuration.
12. On the Host and Guest Thresholds page, click Select this option if you wish to set the maximum
number of virtual machines to be placed on a host checkbox, type the number 5 in Number of
virtual machines per host, and then click Next.
13. Click Browse to select a file and open the C:\Tools\network-computers1.txt file.
14. Click Next to see a dialog informing you how many machines will be considered for placement, and
then click OK. A summary of the host machine configuration is shown.
15. Click Finish to start the placement assessment.
New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.
L8-2 Lab: Migrating Workloads to Microsoft Virtual Machines

16. When the assessment is complete, click Close.
17. Expand Server Consolidation in the top left tree view, and then click Server Consolidation Results
node. You can review the server consolidation assessment results within the user interface.
18. Click View, select Saved Reports and Proposals, and open the virtualization report with name
matching the date and time of the virtual machine.
Results: After this exercise, you should have reviewed the enterprise documentation and used MAP to
assist on the virtualization decisions.
Lab Shutdown
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.



New Horizons of Kansas City
8/26/2011 7:05:28 PM 902a5120-9038-46e4-9c47-588950d740d0 Lynn Gant
Warning: This is lynn.gant@kcmo.org's unique copy. It is illegal to reprint, redistribute or resell this content. The
Licensed Content is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft
gives no express warranties, guarantees or conditions.Please report any unauthorized use to
mscwinfo@microsoft.com.

You might also like