configuring roles

8/8/2019 Configuring Roles

1/55

The Configure Your Server Wizard provides a central location from which you can install or remove the server rolesavailable on a server running Windows Server 2003. After installing a server role you can use Manage Your Serverto manage that role.

Manage Your Server provides a central location from which you can manage the server roles installed through theConfigure Your Server Wizard. Manage Your Server starts automatically the first time you log on to your servercomputer with administrative credentials.

Server rolesTypical setup for a first serverFile server role: Configuring a file serverPrint server role: Configuring a print serverApplication server role: Configuring an application serverMail server role: Configuring a mail serverTerminal server role: Configuring a terminal serverRemote access/VPN server role: Configuring a remote access/VPN serverDomain controller role: Configuring a domain controllerDNS server role: Configuring a DNS serverDHCP server role: Configuring a DHCP serverStreaming media server role: Configuring a streaming media server

WINS server role: Configuring a WINS serverTo remove a server role

NoteThis feature is not included on computers running the Microsoft Windows Server 2003, Web Edition,operating system. For more information, see Overview of Windows Server 2003, Web Edition.

The Windows Server 2003 family provides several server roles. To configure a server role, install the server role byusing the Configure Your Server Wizard and manage your server roles by using Manage Your Server. After youfinish installing a server role, Manage Your Server starts automatically.

To determine which server role is appropriate for you, review the following information about the server roles that

are available with the Windows Server 2003 family:File server role overview

Print server role overview

Application server role overview

Mail server role overview

Terminal server role overview

Remote access/VPN server role overview

Domain controller role overview

DNS server role overview

DHCP server role overview

Streaming media server role overview

WINS server role overview

File server role overviewFile servers provide and manage access to files. If you plan to use disk space on this computer to store, manage,and share information such as files and network-accessible applications, configure this computer as a file server.

After configuring the file server role, you can do the following:

Use disk quotas on volumes formatted with the NTFS file system to monitor and limit the amount of disk spaceavailable to individual users. You can also specify whether to log an event when a user exceeds the specified

Configuring roles for your server

Server roles

Page 1 of 55Configuring roles for your server

10/28/2010file://D:\Documents%20and%20Settings\Administrator\Local%20Settings\Temp\~hhDA...


2/55

disk space limit or when a user exceeds the specified disk space warning level (that is, the point at which a useris nearing his or her quota limit).Use Indexing Service to quickly and securely search for information, either locally or on the network.Search in files that are in different formats and languages, either through the Search command on the Start menu or through HTML pages that users view in a browser.

For more information about implementing this server role, see File server role: Configuring a file server.

Print server role overviewPrint servers provide and manage access to printers. If you plan to manage printers remotely, manage printers byusing Windows Management Instrumentation (WMI), or print from a server or client computer to a print server byusing a URL, configure this computer as a print server.

After configuring the print server role, you can do the following:

Use a browser to manage printers. You can pause, resume, or delete a print job, and view the printer and print job's status.Use the new standard port monitor, which simplifies installation of most TCP/IP printers on your network.Use Windows Management Instrumentation (WMI), which is the management API created by Microsoft thatenables you to monitor and control all system components, either locally or remotely. The WMI Print Providerenables you to manage print servers, print devices, and other printing-related objects from the command line.With WMI Print Provider, you can use Visual Basic (VB) scripts to perform administrative printer functions. For

more information, see Windows Management Instrumentation Command-line (WMIC) tool.Print from Windows XP clients to print servers running Windows Server 2003 by using a Uniform ResourceLocator (URL).Connect to printers on your network by using Web point-and-print for single-click installation of a sharedprinter. You can also install drivers from a Web site.

For more information about implementing this server role, see Print server role: Configuring a print server.

Application server role overviewAn application server is a core technology that provides key infrastructure and services to applications hosted on asystem. Typical application servers include the following services:

Resource pooling (for example, database connection pooling and object pooling)

Distributed transaction managementAsynchronous program communication, typically through message queuingA just-in-time object activation modelAutomatic XML Web Service interfaces to access business objectsFailover and application health detection servicesIntegrated security

The Windows Server 2003 family includes an application server that contains all of this functionality and otherservices for development, deployment, and runtime management of XML Web services, Web applications, anddistributed applications.

When you configure this server as an application server you will be installing Internet Information Services (IIS)along with other optional technologies and services such as COM+ and ASP.NET. Together, IIS and the WindowsServer 2003 family provide integrated, reliable, scalable, secure, and manageable Web server capabilities over an

intranet, the Internet, or through an extranet. IIS is a tool for creating a strong communications platform of dynamic network applications.

For more information about implementing this server role, see Application server role: Configuring an applicationserver.

Mail server role overviewTo provide e-mail services to users, you can use the Post Office Protocol 3 (POP3) and Simple Mail TransferProtocol (SMTP) components included with the Windows Server 2003 family. The POP3 service implements thestandard POP3 protocol for mail retrieval, and you can pair it with the SMTP service to enable mail transfer. If youplan to have clients connect to this POP3 server and download e-mail to local computers by using a POP3 capable




3/55

mail client, configure this server as a mail server.

After configuring the mail server role, you can do the following:

Use the POP3 service to store and manage e-mail accounts on the mail server.Enable user access to the mail server so that users can retrieve e-mail from their local computer by using ane-mail client that supports the POP3 protocol (for example, Microsoft Outlook).

For more information about implementing this server role, see Mail server role: Configuring a mail server.

Terminal server role overviewWith Terminal Server, you can provide a single point of installation that gives multiple users access to anycomputer that is running a Windows Server 2003 operating system. Users can run programs, save files, and usenetwork resources all from a remote location, as if these resources were installed on their own computer.

After configuring the terminal server role, you can do the following:

Confirm Internet Explorer Enhanced Security Configuration settings.Centralize the deployment of programs on one computer.Ensure that all clients use the same version of a program.

ImportantIn addition to configuring a terminal server, you must install Terminal Server Licensing and configure a TerminalServer License Server. Otherwise, your terminal server will stop accepting connections from unlicensed clientswhen the evaluation period ends 120 days after the first client logon. For more information about TerminalServer Licensing, see Terminal Server Licensing.

For more information about implementing this server role, see Terminal server role: Configuring a terminal server.

Remote access/VPN server role overviewRouting and Remote Access provides a full-featured software router and both dial-up and virtual private network(VPN) connectivity for remote computers. It offers routing services for local area network (LAN) and wide areanetwork (WAN) environments. It also enables remote or mobile workers to access corporate networks as if theywere directly connected, either through dial-up connection services or over the Internet by using VPN connections.If you plan to connect remote workers to business networks, configure this server as a remote access/VPN server.

Remote access connections enable all of the services that are typically available to a LAN-connected user, includingfile and print sharing, Web server access, and messaging.

After configuring the remote access/VPN server role, you can do the following:

Control how and when remote users access your network.Provide network address translation (NAT) services for the computers on your network.Create custom networking solutions using application programming interfaces (APIs).

For more information about implementing this server role, see Remote access/VPN server role: Configuring aremote access/VPN server.

Domain controller role overviewDomain controllers store directory data and manage communication between users and domains, including userlogon processes, authentication, and directory searches. If you plan to provide the Active Directory directoryservice to manage users and computers, configure this server as a domain controller.

NotesYou cannot add the domain controller role to a certification authority (CA). If your computer is already a CA, thedomain controller role is not available in the Configure Your Server Wizard.Computers running Windows Server 2003, Web Edition, cannot function as domain controllers. For moreinformation about Windows Server 2003, Web Edition, see Overview of Windows Server 2003, Web Edition.

After configuring the domain controller role, you can do the following:

Store directory data and make this data available to network users and administrators. Active Directory stores




4/55

information about user accounts (for example, names, passwords, phone numbers, and so on), and enablesother authorized users on the same network to access this information.Add additional domain controllers to an existing domain to improve the availability and reliability of networkservices.Improve network performance between sites by placing a domain controller in each site. With a domaincontroller in each site, you can handle client logon processes within the site without using the slower networkconnection between sites.

For more information about implementing this server role, see Domain controller role: Configuring a domaincontroller.

DNS server role overviewThe Domain Name System (DNS) is the TCP/IP name resolution service that is used on the Internet. The DNSservice enables client computers on your network to register and resolve user-friendly DNS names. If you plan tomake resources in your network available on the Internet, configure this server as a DNS server.

ImportantIf you plan to include computers on the Internet on your network, use a unique DNS domain name. For moreinformation about DNS namespace planning, see Namespace planning for DNS.

After configuring the DNS server role, you can do the following:

Host records of a distributed DNS database and use these records to answer DNS queries sent by DNS clientcomputers, such as queries for the names of Web sites or computers in your network or on the Internet.Name and locate network resources using userfriendly names.Control name resolution for each network segment and replicate changes to either the entire network or globallyon the Internet.Reduce DNS administration by dynamically updating DNS information.

For more information about implementing this server role, see DNS server role: Configuring a DNS server.

DHCP server role overviewDynamic Host Configuration Protocol (DHCP) is an IP standard designed to reduce the complexity of administeringaddress configurations by using a server computer to centrally manage IP addresses and other relatedconfiguration details used on your network. If you plan to perform multicast address allocation, and obtain client IPaddress and related configuration parameters dynamically, configure this server as a DHCP server.

After configuring the DHCP server role, you can do the following:

Centrally manage IP addresses and related information.Use DHCP to prevent address conflicts by preventing a previously assigned IP address from being used again toconfigure a new computer on the network.Configure your DHCP server to supply a full range of additional configuration values when assigning addressleases. This will greatly decrease the time you spend configuring and reconfiguring computers on your network.Use the DHCP lease renewal process to ensure that client configurations that need to be updated often (such asusers with mobile or portable computers that change locations frequently) can be updated efficiently andautomatically by clients communicating directly with DHCP servers.

For more information about implementing this server role, see DHCP server role: Configuring a DHCP server.

Streaming media server role overviewStreaming media servers provide Windows Media Services to your organization. Windows Media Services manages,delivers, and archives Windows Media content, including streaming audio and video, over an intranet or theInternet. If you plan to use digital media in real time over dial-up Internet connections or local area networks(LANs), configure this server as a streaming media server.

After configuring the streaming media server role, you can do the following:

Provide digital video in real time over networks that range from low-bandwidth, dial-up Internet connections tohigh-bandwidth, local area networks (LANs).Provide streaming digital audio to clients and other servers across the Internet or your intranet.




5/55

For more information about implementing this server role, see Streaming media server role: Configuring astreaming media server.

WINS server role overviewWindows Internet Name Service (WINS) servers map IP addresses to NetBIOS computer names and NetBIOScomputer names back to IP addresses. With WINS servers in your organization, you can search for resources bycomputer name instead of IP address, which can be easier to remember. If you plan to map NetBIOS names to IP

addresses or centrally manage the name-to-address database, configure this server as a WINS server.After configuring the WINS server role, you can do the following:

Reduce NetBIOSbased broadcast traffic on subnets by permitting clients to query WINS servers to directlylocate remote systems.Support earlier Windows and NetBIOSbased clients on your network by permitting these types of clients tobrowse lists for remote Windows domains without requiring a local domain controller to be present on eachsubnet.Support DNSbased clients by enabling those clients to locate NetBIOS resources when WINS lookup integrationis implemented. For more information, see WINS lookup integration.

For more information about implementing this server role, see WINS server role: Configuring a WINS server.

The following information describes how to install and configure the first server on a network by using the Typicalsetup for a first server option in the Configure Your Server Wizard.

ImportantBefore you configure the first server on a network, see Checklist: Configuring the typical setup for a first server.

The typical setup for a first server will not run if any of the following conditions are met:

The computer is running Windows Server 2003, Datacenter Edition.The computer is running Windows Server 2003, Web Edition.The computer is joined to a domain.The computer is already configured as a domain controller.The computer is not a domain controller, but the Active Directory Installation Wizard has already been started.

The computer is a certification authority (CA).The computer is already configured as a DNS server.The computer is already configured as a DHCP server.There are zero IP-enabled network adaptors.There is only one IP-enabled network adaptor and the DHCP lease test succeeds.The computer is already running Routing and Remote Access.The computer does not have at least one NTFS partition.The current session is a remote session.

Typical setup configuration processThe typical setup configuration process implements the following steps:

Installs Active Directory and promotes the computer to a domain controller.When you promote a server to a domain controller, a domain is automatically created on the network. After youpromote a server to a domain controller, you can then promote other servers to domain controllers. For moreinformation, see Domain controllers.

When you configure your server using the typical setup for a first server, the local administrator's password isautomatically set as the Restore Mode Administrator password.

Sets up an application naming context in Active Directory on this domain controller for use by Telephony API(TAPI) client applications. For more information, see Application directory partitions.Installs Domain Name System (DNS) and creates a full domain name for your network.

DNS is a networking protocol for naming computers and network services that is organized into a hierarchy of

Typical setup for a first server




6/55


7/55

A file server provides a central location on your network where you can store and share files with users across yournetwork. When users require an important file such as a project plan, they can access the file on the file serverinstead of having to pass the file between their separate computers. If your network users will need access to thesame files and network-accessible applications, configure this computer as a file server.

This topic explains how to use both the Manage Your Server and the Configure Your Server Wizard to install andconfigure a file server. When you have finished setting up a basic file server, you can complete additional tasks byusing Manage Your Server. After you complete the Configure Your Server Wizard, you will have a fully functioningfile server.

This topic covers:

Before you begin

Configuring your file server

Next steps: Completing additional tasks

Before you beginBefore you configure your computer as a file server, verify whether or not:

The operating system is configured correctly. In the Windows Server 2003 family, file services depend on theappropriate configuration of the operating system and its services. If you have a new installation of a WindowsServer 2003 operating system, you can use the default service settings. No further action is necessary. If youupgraded to a Windows Server 2003 operating system or you want to confirm that your services are configuredcorrectly for best performance and security, verify your service settings by comparing them to the table inDefault settings for services.The computer is joined to an Active Directory domain as a member server. If you want to authenticate clients orpublish a shared folder to Active Directory, the file server must be joined to a domain. If you do not need toperform either of these tasks, the file server does not need to be joined to a domain.All available disk space is allocated. You can use Disk Management or DiskPart.exe to create a new partition outof unallocated space. For more information see, To create a partition or logical drive.All existing disk volumes use the NTFS file system. FAT32 volumes are not secure, and they do not support fileand folder compression, disk quotas, file encryption, or individual file permissions.

The following table lists the information that you need to know before you add a file server role.

Configuring your file serverTo configure a file server, start the Configure Your Server Wizard by doing either of the following:

From Manage Your Server, click Add or remove a role . By default, Manage Your Server starts automatically

File server role: Configuring a file server

Before adding a fileserver role Comments

Determine whether youwant to configure diskquotas.

Use disk quotas to track and control disk space usage for NTFS volumes on a per-volume basis. Quotas prevent users from exceeding the designated disk space bylogging an event when a user exceeds a specified disk space limit.

Determine whether youwant to use IndexingService.

Indexing Service creates indexes of the contents and properties of documents locatedon your local hard drive or on shared network drives. These indexes enable users toperform faster, easier searches. Indexing Service can slow down the server, so use itonly if users frequently search the contents of files on this server.

Identify the folders thatyou want to share on thecomputer, and specify a

folder name anddescription.

Users view the shared resources on this file server based on file name. It isrecommended that you create share names that are easy to remember and indicativeof the folder contents. For example, suppose users are provided with 2 gigabytes (GB)each for storing their private information on the file server. You might name the top-level folder on your file server Personal Folders, and then name each of the subfoldersaccording to the user's domain name.

Determine what type of permissions you want toset on the folders.

Assign the most restrictive permissions that still allow users to perform required tasks.Access control on the NTFS file system provides more security than share permissionsalone.




8/55


9/55


10/55

After you finish, click Next .

Permissions

On the Permissions page, specify the share permissions for the shared folder. To ensure that only authorizedusers have access to the information in the folder, you must set permissions on the folder that you created.Share permissions apply only to users who gain access to the resource over the network. They do not apply tousers who gain access to the resource from the computer where the resource is stored. Use the following tableto determine which share permissions are appropriate.

After you finish, click Finish .

Sharing was Successful

On the Sharing was Successful page, the Share a Folder Wizard displays a status and summary of yourselections. If you want to share another folder, click the When I click Close, run the wizard again to shareanother folder check box. When you finish sharing folders, click Close .

Completing the Configure Your Server WizardAfter you complete the Share a Folder Wizard, the Configure Your Server Wizard displays the This Server IsNow a File Server page. To review all of the changes made to your server by the Configure Your Server Wizardor to ensure that a new role was installed successfully, click Configure Your Server log . The Configure YourServer Wizard log is located at systemroot \Debug\Configure Your Server.log. To close the Configure Your ServerWizard, click Finish .

Removing the file server role

If you need to reconfigure your server for a different role, you can remove existing server roles. If you removethe file server role, files and folders on this server are no longer shared and network users, programs, or hoststhat depend on those shared resources will be unable to connect to them.

To remove the file server role, restart the Configure Your Server Wizard by doing either of the following:

From Manage Your Server, click Add or remove a role . By default, Manage Your Server starts automaticallywhen you log on. To open Manage Your Server, click Start , click Control Panel , double-clickAdministrative Tools , and then double-click Manage Your Server .To open the Configure Your Server Wizard, click Start , click Control Panel , double-click AdministrativeTools , and then double-click Configure Your Server Wizard .

On the Server Role page, click File server , and then click Next . On the Role Removal Confirmation page,review the items listed under Summary , select the Remove the file server role check box, and then clickNext . On the File Server Role Removed page, click Finish .

Next steps: Completing additional tasksAfter you complete the Configure Your Server Wizard and create shared resources on the computer, the computeris ready for use as a basic file server that can store, manage, and share information such as files and network-accessible applications. Up to this point, you have completed the following tasks:

If necessary, established disk space limits by enabling disk quotas.

Share permission Comments

All users have read-onlyaccess To restrict all access to read-only, click this option.

Administrators have fullaccess; other users haveread-only access

If you want users to view files and run programs that are located in theshared resource, click this option. Only members of the Administratorsgroup are allowed to change, add, or delete files. Also, only members of the Administrators group are allowed to change the NTFS file permissionson the shared resource.

Administrators have fullaccess; other users haveread and write access

If you want to restrict access to read and write for all users exceptmembers of the Administrators group, click this option.

Use custom share andfolder permissions

If you want to grant or deny access to specific users or groups, click thisoption. You should assign the most restrictive permissions that still allows

users to perform necessary functions.




11/55

If necessary, turned on Indexing Service.Created shared folders and set share permissions for each folder.

The Configure Your Server Wizard automatically installs File Server Management, which you use to manage yourfile server. To open File Server Management, click Start , click Control Panel , double-click Administrative Tools ,and then double-click File Server Management .

The following table lists some of the additional tasks that you can perform on your file server.

If you plan to use this computer to manage and share printers, configure this computer as a print server.

NoteThis feature is not included on computers running the Microsoft Windows Server 2003, Web Edition,operating system. For more information, see Overview of Windows Server 2003, Web Edition.

This document explains how to use the Configure Your Server Wizard to quickly meet the most basic requirementsof a print server. When you are done setting up a basic print server, you can complete additional configurationtasks, depending on how you want to use this print server.

This topic covers:

Before you beginConfiguring your print serverNext steps: Completing additional tasks

Before you beginBefore you configure your server as a print server, verify whether or not:

The operating system is configured correctly. In the Windows Server 2003 family, print services depend on theappropriate configuration of the operating system and its services. If you have a new installation of a WindowsServer 2003 operating system, you can use the default service settings. No further action is necessary. If youupgraded to a Windows Server 2003 operating system or you want to confirm that your services are configuredcorrectly for best performance and security, verify your service settings by comparing them to the table inDefault settings for services.The computer is joined to an Active Directory domain as a member server. If you want to restrict access to aprinter, so that some domain users can print to it and other users cannot, or you want the print server topublish shared printers to Active Directory so that domain users can easily search for those printers, the print

Task Purpose of task Reference

Secure the file server. To ensure that your file server is secure. Best practices forsecurityImplement EncryptingFile System (EFS).

To strengthen security of the files and resources on the fileserver.

Encrypting anddecrypting data

Set permissions onshared files and folders.

To secure resources on the file server and preventunauthorized access. Access control on the NTFS file systemprovides more security than share permissions alone.

To set permissions on ashared resource

Make shared resourcesavailable offline.

To allow users to store local copies of shared resources, so thatthey can access these resources when they are not connectedto the network.

To configure offlinesettings for a sharedresource

Enable shadow copies of shared folders.

To enable shadow copies of shared folders, which providepoint-in-time copies of files on network shares.

To enable ShadowCopies of Shared Folders

Set up a Distributed FileSystem (DFS).

To make it easier for users to access and manage files that arephysically distributed across a network.

Checklist: Creating adistributed file system

Ensure that the fileserver is properlybacked up.

To protect data from accidental loss if your system experienceshardware or storage media failure. Back up data

Use file compression. To conserve storage space by compressing files, folders, andprograms.File compressionoverview

Print server role: Configuring a print server




12/55

server must be joined to a domain. If you do not need to perform either of these tasks, the print server doesnot need to be joined to a domain.All existing disk volumes use the NTFS file system. FAT32 volumes are less secure. For more information aboutencrypting data stored on NTFS volumes, including spooled print jobs, see Storing Data Securely.

The following table lists the information that you need to know before you add a print server role.

Configuring your print serverTo set up a print server, start the Configure Your Server Wizard by doing either of the following:

From Manage Your Server, click Add or remove a role . By default, Manage Your Server starts automaticallywhen you log on. To open Manage Your Server, click Start , click Control Panel , double-click AdministrativeTools , and then double-click Manage Your Server .To open the Configure Your Server Wizard, click Start , click Control Panel , double-click AdministrativeTools , and then double-click Configure Your Server Wizard .

On the Server Role page, click Print server , and then click Next .

This section covers:

Printers and Printer Drivers

Summary of Selections

Before adding a print serverrole Comments

Determine the operating systemversion of the clients that willsend jobs to this printer.

You must have this information to select the correct client printer drivers for yourclient and server computers. After you add this role, the print server canautomatically distribute these drivers to the clients. Additionally, the set of clientoperating systems determines which of these drivers you need to install on theserver during the print server role installation.

At the printer, print aconfiguration or test page thatincludes manufacturer, model,language, and installed options.

You need this information to choose the correct printer driver. The manufacturerand model are usually enough to uniquely identify the printer and its language.However, some printers support multiple languages, and the configurationprintout usually lists them. Also, the configuration printout often lists installedoptions, such as extra memory, paper trays, envelope feeders, and duplex units.

Determine how the print serverconnects to the printer.

If the printer supports Plug and Play and connects to the print server usinginfrared technology, a universal serial bus (USB) port, or an IEEE 1394 port, theprint server will configure itself automatically. You do not need to follow theremaining steps.

Otherwise, if the printer is connected to the print server with a cable, note whichserver port is used. For printers, LPT1 is the most commonly used port.

If the printer is located away from the print server and uses its own networkadapter to receive print jobs, determine the IP address of the network adapter onthe printer.

(Optional) Determine whetheryou need a new or updatedprinter driver.

Most printers are supported by drivers on the installation CD for the WindowsServer 2003 operating system. To save time, you can often skip this stepbecause the wizard that you will use to configure your print server providescompatibility information. If the wizard does not list a driver for your printer, youcan look for an update from the printer manufacturer or Windows Update.

Choose a printer name.

Users running Windows-based client computers choose a printer by using theprinter name. The wizard that you will use to configure your print server providesa default name, consisting of the printer manufacturer and model. The printername is usually less than 31 characters in length.

Choose a share name.A user can connect to a shared printer by typing this name, or by selecting itfrom a list of share names. The share name is usually less than 8 characters inlength for compatibility with MS-DOS and Windows 3.x clients.

(Optional) Choose a locationdescription and a comment.

These can help identify the location of the printer and provide additionalinformation. For example, the location could be "Second floor, copy room" andthe comment could be "Additional toner cartridges are available in the supplyroom on floor 1."




13/55


14/55

To configure this print sever to send print jobs directly to the printer, click Local printer attached to thiscomputer . Typically, print servers send print jobs directly to the printer. A printer with its own networkadapter is considered to be a local printer. If you want to send print jobs directly to a printer with its ownnetwork adapter, click this option.To configure this print server to forward print jobs to a second print server, click A network printer, or aprinter attached to another computer . For example, you can configure a print server at a branch office toforward print jobs to a print server in the main office. You might do this if regulations require you to createprintouts of daily transaction logs and store them at the main office. If you want to do this, click this option.

NoteThe A network printer, or a printer attached to another computer option is included here becausethis dialog box is used on all computers running a Windows Server 2003 operating system so that userscan connect to a network printer. If you need to print from a computer that is not a print server, click Anetwork printer, or a printer attached to another computer .


After you click Next , one of the following wizard pages appears:

New Printer Detection

If you selected the Automatically detect and install my Plug and Play printer check box and the wizardis unable to detect any Plug and Play printers, this page appears. Click Next .

To complete the steps on the Select a Printer Port page, see Select a Printer Port.

Select a Printer Port

If you selected Local printer attached to this computer , this page appears.

On the Select a Printer Port page, choose one of the following options:

If a cable connects the printer directly to a port on the print server, under Use the following port , clickthe name of that port. LPT1 is the most commonly used port for this type of printer.If the printer has its own network adapter and you want to send print jobs to the printer through thenetwork, click Create a new port , and then click the type of port that you want to create. If you do notknow what type of port to create, Standard TCP/IP Port is recommended.

If you click Standard TCP/IP Port , and then click Next , the Add Standard TCP/IP Printer Port Wizardstarts. In the Add Standard TCP/IP Printer Port Wizard, click Next . On the Add Port page, type the nameor IP address of the printer. The IP address is usually listed on the printer configuration page. As you typethe name or IP address, the wizard completes the Port Name field for you. Click Next .

The wizard attempts to connect to the printer. If the wizard is able to connect, the Completing the AddStandard TCP/IP Printer Port Wizard page appears, and you can click Finish . If the wizard is not ableto connect, the Additional Port Information Required page appears. If you think that the address orname you entered is not correct, click Back , retype the name or address, and then click Next .

If you are sure the address or name is correct, select one of the following device types to identify theprinter network adapter:

Standard is the default. If you click Standard , click the manufacturer and model of network adapterfrom the Standard list.If the printer network adapter uses nonstandard settings, click Custom and then click Settings . TheConfigure Standard TCP/IP Port Monitor page appears. Specify the settings that are recommendedby the manufacturer of the printer network adapter, and then click OK .


Specify a Printer

If you selected A network printer, or a printer attached to another computer , this page appears.

On the Specify a Printer page, choose one of the following options to configure your print server to forwardprint jobs to another print server:

If the print server that you want to connect to is available on the network, click Browse for a printer ,click Next , and then, under Shared printers , click the server and printer from the list.If the print server that you want to connect to is temporarily unavailable on the network, click Connect tothis printer (or to browse for a printer, select this option and click Next) , and then, in Name , typethe server and printer names.




15/55

If the print server that you want to connect to belongs to another organization and is available on theInternet, click Connect to a printer on the Internet or on a home or office network .

ImportantUse the options on this page only if you want your print server to forward print jobs to another printserver. If this is not what you want, click Back , click Local printer attached to this computer , clickNext , and then follow the steps in Select a Printer Port.


For this configuration path, you can skip some of the following steps in this document. To continue theinstructions for this configuration path, see Completing the Add Printer Wizard.

Install Printer Software

On the Install Printer Software page of the Add Printer Wizard, under Manufacturer , click the printermanufacturer, and then, under Printers , click the printer model.

NoteWrite down the manufacturer and model that you select, because you will need this information later if youuse the Add Printer Driver wizard to install printer drivers for other Windows-based clients.

If the manufacturer or model is not listed, try each of the steps outlined in the following table, in sequence, toinstall the correct printer software.


Use Existing Driver

If you add an additional printer that is the same manufacturer and model as one previously installed, the UseExisting Driver page appears. Decide whether to keep the same driver or replace it with a new one. If youselect Replace existing driver , the wizard reinstalls the driver files.


Name Your PrinterOn the Name Your Printer page of the Add Printer Wizard, the default name is the manufacturer and model of the printer. You can change this name so that the printer is easier to use and administer. When usingapplications, users often select a printer from a list that displays the names of the available printers. To helpusers decide which printer to select, the application might also list the location or a comment.

Under Do you want to use this printer as the default printer? , click Yes or No . Your response applies onlywhen you print from an application that is running on this print server. Your response does not set this printer asthe one that clients use by default.


Printer Sharing

Step Comments

Check the configurationprintout to confirm the exactspelling of the name of yourprinter manufacturer andmodel.

The Manufacturer and Printers lists show the official product names,which might be different from the names that you normally use.

Click Have Disk , locate thedriver files, and then clickOK .

If you have printer driver files stored somewhere else, follow thesesteps. For example, the printer manufacturer might include a CD-ROMcontaining driver files in the packaging of the printer.

Click Windows Update .

If you want to look for new or updated drivers that are available fromMicrosoft as part of Windows Update, click this option. When you clickWindows Update , the Manufacturer and Printers lists change toshow only the drivers that are available from Windows Update. If the

printer is not listed, return to the original list by clicking Back , and thenclicking Next .

Select the manufacturer andmodel of a compatibleprinter, and then click Next .

To determine which printers are compatible, consult the user guide foryour printer. Also, some manufacturers list compatibility information ontheir Web sites.




16/55

ImportantYou must share at least one printer for this server to act as a print server.

On the Printer Sharing page of the Add Printer Wizard, Share name is selected by default so that the printeris shared. The default share name is the first 8 letters of the printer manufacturer and model, without spaces.You can change this name so that the printer is easier to use and administer.

For compatibility with clients that run MS-DOS or earlier versions of Windows, type a share name that followsthese rules:

The share name contains only letters, digits, and the period (.).The share name contains no more than eight letters and digits, and, optionally, followed by a period, which isfollowed by no more than 3 letters and digits.


Location and Comment

On the Location and Comment page of the Add Printer Wizard, in Location , type a description of the printserver location, and then, in Comment , type a comment. This step is optional, but recommended because thisinformation makes it easier to use and administer your print server. Many applications display the comment orthe location when the user prints a document, so that the user can choose the most appropriate printer.


Print Test Page

On the Print Test Page page of the Add Printer Wizard, choose whether to print a test page to confirm that theprinter is ready to use.

NoteThe test page does not print immediately when you click Next . Instead, it prints when you finish the wizard.


Completing the Add Printer Wizard

On the Completing the Add Printer Wizard page, the Restart the wizard to add another printer checkbox is selected by default. If you leave it selected and click Finish , the wizard restarts to add another printer. If you have finished adding all of the printers that you want to share on this server, clear this check box, and thenclick Finish .

When you click Finish , the wizard installs the printer driver files. Then, if you chose to print a test page, thewizard attempts to print that page. If the printer does not receive the test page, you might have selected anincorrect port. However, if the printer receives the test page and prints it incorrectly, you might have selected anincompatible manufacturer and model.

When you started the Configure Your Server Wizard to configure this server as a print server, you selected oneof the following options on the Printers and Printer Drivers page:

Windows 2000 and Windows XP clients only All Windows clients

If you selected All Windows clients , the Add Printer Driver Wizard starts after you click Finish in the AddPrinter Wizard. You can use the Add Printer Driver Wizard to install client printer drivers onto the print server,

which can then automatically distribute them to clients.NoteThe Add Printer Driver Wizard does not communicate with the Add Printer Wizard. Therefore, the Add PrinterDriver Wizard does not automatically run once for each printer that you add, and it does not automaticallyinstall drivers for the same manufacturer and model of printer. Instead, you must decide how many times torun the Add Printer Driver Wizard, and each time it runs you must decide which manufacturer and model of drivers to install.

Using the Add Printer Driver WizardIf you selected All Windows clients on the Printers and Printer Drivers page of the Configure Your ServerWizard, the Add Printer Driver Wizard starts after the Add Printer Wizard. If you cancel the Add Printer Driver




17/55

Wizard, the Print Spooler service remains installed, and any printers you have added remain, but the additionalclient driver files are not installed on the server, and therefore the server cannot distribute those drivers toclients.

This section describes the following steps in the Add Printer Driver Wizard:

Printer Driver Selection

Processor and Operating System Selection

Completing the Add Printer Driver Wizard

Printer Driver Selection

On the Printer Driver Selection page of the Add Printer Driver Wizard, select the manufacturer and model of aprinter that is shared on this print server, and then click Next .

ImportantThe Add Printer Driver Wizard does not automatically select a manufacturer and model for a printer that youhave already added. Instead, it selects the first manufacturer in the list, and the name of the first printermodel (in alphabetical order) made by that manufacturer. If possible, select the manufacturer and model of aprinter that you have added. If you select a different manufacturer or model, the wizard installs drivers thatmight not work correctly with your printer.

Processor and Operating System Selection

On the Processor and Operating System Selection page of the Add Printer Driver Wizard, select the clientoperating systems and processors.

Drivers for your server operating system are installed automatically when you add a printer. As a result, one of the following is selected automatically and you cannot remove it: Windows 2000, Windows XP and WindowsServer 2003 for x86based processors, or Windows XP and Windows Server 2003 for Itaniumbasedprocessors.


Completing the Add Printer Driver Wizard

On the Completing the Add Printer Driver Wizard page, the Restart the wizard to add another printerdriver check box is selected by default. If you leave it selected and click Finish , the wizard restarts to addanother printer driver. If you have finished adding all of the printer drivers for all of the printers that you want toshare on this server, clear this check box, and then click Finish .

Completing the Configure Your Server WizardAfter you complete the Add Printer Wizard and, if necessary, the Add Printer Driver Wizard, the Configure YourServer Wizard displays the This Server is Now a Print Server page. To review all of the changes made toyour server by the Configure Your Server Wizard or to ensure that a new role was installed successfully, clickConfigure Your Server log . The Configure Your Server Wizard log is located at systemroot \Debug\ConfigureYour Server.log. To close the Configure Your Server Wizard, click Finish .

Removing the print server role

If you need to reconfigure your server for a different role, you can remove existing server roles. If you removethe print server role, each client that sent print jobs only to this print server will be unable to print until youreconfigure the client to send print jobs to a different server. Also, each printer managed only by this printserver will be unable to receive print jobs until you reconfigure another print server to send print jobs to thatprinter.

To remove the print server role, restart the Configure Your Server Wizard by doing either of the following:


On the Server Role page, click Print server , and then click Next . On the Role Removal Confirmation page,review the items listed under Summary , select the Remove the print server role check box, and then clickNext . On the Print Server Role Removed page, click Finish .




18/55

Next steps: Completing additional tasksAfter you complete the Configure Your Server Wizard, the server is ready for use as a print server. By following thesteps in this document, you have:

Added one or more printers.Shared printers so that clients can send print jobs to the printers.If necessary, added client print drivers.

You can use the Add Printer Wizard and Add Printer Driver Wizard to add more printers and client printer drivers.These wizards are available through Manage Your Server.

The following table lists some of the additional tasks that you can perform on your print server.

An application server is a core technology that provides key infrastructure and services to applications hosted on asystem. Typical application servers include the following services:

Resource pooling (for example, database connection pooling and object pooling)Distributed transaction managementAsynchronous program communication, typically through message queuingA just-in-time object activation modelAutomatic XML Web Service interfaces to access business objectsFailover and application health detection servicesIntegrated security

The Windows Server 2003 family includes all this functionality, in addition to services for development,deployment, and runtime management of XML Web services, Web applications, and distributed applications.

This topic explains the basic steps that you must follow to configure an application server. This process involvesusing the Configure Your Server Wizard to configure the server as an application server. When you have finishedsetting up a basic application server, you can complete additional tasks by using Manage Your Server.

This topic covers:

Before you beginConfiguring your application serverNext steps: Completing additional tasks


Set the configurationto match installedoptions.

To provide user access to installed printer options, such as an envelopefeeder or extra memory, that are available on some printers. If yourprinter provides additional features, you must update the configurationso that users can use these features.

To set installableoptions for aprinter

Set printing defaults. To set the default configuration for clients when they connect to theprinter. For example, you can set the default layout or paper source.To set printingdefaults

Assign printerpermissions. To change the permissions that users have for a printer.

To set or removepermissions for aprinter

Choose a separatorpage. To define a page that appears at the beginning of each printout.

To choose aseparator page

Configure networkclients to use theprinter.

To configure clients to connect to the printers that are shared on thisprint server.

Connect clients toa printer

Set advanced printertasks.

To manage your print server more efficiently and effectively. Forexample, to schedule alternate printing times, to enable printer locationtracking, or to set different priority for different groups.

Use advancedoptions

Publish a printer inActive Directory.

To help domain users find printers shared by this print server quickly.For this task, the print server must be a member server.

To publish a printerin Active Directory

Application server role: Configuring an application server




19/55

Before you beginBefore you configure your computer as an application server, verify that:

All existing disk volumes use the NTFS file system. FAT32 volumes are not secure, and they do not support fileand folder compression, disk quotas, file encryption, or individual file permissions. To find out the file systemtype, in My Computer right-click the disk volume, and then click Properties .

Your computer has network connectivity and a static or dynamic IP address.

The following table lists the information that you need to know before you add an application server role.

Configuring your application server

To configure an application server, start the Configure Your Server Wizard by doing either of the following:From Manage Your Server, click Add or remove a role . By default, Manage Your Server starts automaticallywhen you log on. To open Manage Your Server, click Start , click Control Panel , double-click AdministrativeTools , and then double-click Manage Your Server .To open the Configure Your Server Wizard, click Start , click Control Panel , double-click AdministrativeTools , and then double-click Configure Your Server Wizard .

On the Server Role page, click Application server (IIS, ASP.NET) , and then click Next .


Application Server Options


Completing the Configure Your Server Wizard

Removing the application server role

Application Server Options

On the Application Server Options page, you can choose to install the following optional components withyour application server:

FrontPage Server Extensions FrontPage Server Extensions enable multiple users to administer andpublish a Web site from a client computer, remotely. Select this option if you want to enable multiple-users tosimultaneously create Web sites, or enable users to create Web applications from their client computers,remotely, over the Internet.Enable ASP.NET ASP.NET is a unified Web application platform that provides the services necessary to

Before adding an application serverrole Comments

Understand the following technologiesthat are installed automatically whileconfiguring your application server:

Internet Information Services (IIS)Application Server consoleCOM+Distributed Transaction Coordinator(DTC)

IIS 6.0 is a full-featured Web server that provides the infrastructurefor .NET and existing Web applications and Web services.COM + is an extension to the Component Object Model (COM). COM+builds on COM's integrated services and features, making it easier fordevelopers to create and use software components in any language,using any tool.The Application Server console provides a central location from whichyou can administer your Web applications. To open the ApplicationServer console, in Manage Your Server, click Manage thisapplication server .Distributed Transaction Coordinator (DTC) coordinates COM+transactions.

Determine whether you would like toinstall FrontPage Server Extensions.

FrontPage Server Extensions enable users on a client computer topublish and administer Web sites on a server remotely over a network.

Determine whether you would like to runASP.NET applications on your server.

ASP.NET is a unified Web development platform that provides theservices necessary for developers to build enterprise-class Webapplications. You can enable ASP.NET for developing Web applications.




20/55

build and deploy enterprise-class Web applications. ASP.NET offers a new programming model andinfrastructure for more secure, scalable, and stable applications that can target any browser or device. If yourWeb site includes applications that have been developed by using ASP.NET, select this option. If you are notsure that you need to enable ASP.NET, you can enable it later by using IIS Manager. This feature is notavailable on Windows XP 64-Bit Edition and the 64-bit versions of the Windows Server 2003 family. Formore information, see Features unavailable on 64-bit versions of the Windows Server 2003 family. Byenabling ASP.NET, you can use your application server to host ASP.NET applications. Some of the features of ASP.NET include the following:

ASP.NET can run side by side with Active Server Pages (ASP) code on Internet Information Services (IIS).If you are already running ASP code you do not need to upgrade your ASP pages, and you can addASP.NET pages to your applications.ASP.NET has enhanced performance.ASP.NET supports many languages including Visual Basic .NET, C#, and JScript .NET.


Summary of SelectionsOn the Summary of Selections page, you can view and confirm the options that you have selected. If youselected Application server (IIS, ASP.NET) on the Server Role page, the following appears:

Install Internet Information Services (IIS) Enable COM+ for remote transactions

Enable Microsoft Distributed Transaction Coordinator (DTC) for remote access

If you selected FrontPage Server Extensions or ASP.NET, the following items also appear:

Install FrontPage Server Extensions Enable ASP.NET

To apply the selections shown on the Summary of Selections page, click Next . When you click Next , theConfiguring Components page of the Windows Components Wizard appears, and then closes automatically.You cannot click Back or Next on this page.


After the components are configured, the Configure Your Server Wizard displays the This Server is Now anApplication Server page. To review all of the changes made to your server by the Configure Your Server

Wizard or to ensure that a new role was installed successfully, click Configure Your Server log . The ConfigureYour Server Wizard log is located at systemroot \Debug\Configure Your Server.log. To close the Configure YourServer Wizard, click Finish .

If the installation was not successful, the Cannot Complete page appears and IIS could not be installed. Totroubleshoot the installation, click Configure Your Server log .

Removing the application server roleIf you need to reconfigure your server for a different role, you can remove existing server roles. By removingthe application server role, you will uninstall all application server components, such as the IIS. Your server willno longer support serving Web pages, Web applications, or distributed applications.

To remove the application server role, restart the Configure Your Server Wizard by doing either of the following:


On the Server Role page, click Application server (IIS, ASP.NET) , and then click Next . On the RoleRemoval Confirmation page, review the items listed under Summary , select the Remove the applicationserver role check box, and then click Next . When you click Next , the Configuring Components page of theWindows Components Wizard appears, and then closes automatically. You cannot click Back or Next on thispage. On the Application Server Role Removed page, click Finish .




21/55

Next steps: Completing additional tasksAfter you complete the Configure Your Server Wizard and enable the features that you need to run yourapplications, the computer is ready for use as a basic application server. Up to this point, you have completed thefollowing tasks:

Installed Internet Information Services (IIS), ASP.NET, and COM+.If necessary, enabled FrontPage Server Extensions.If necessary, enabled ASP.NET.

The following table lists some of the additional tasks that you might want to perform on your application server.

Configure this computer as a mail server to install E-mail Services, which provides e-mail transfer and retrievalservices. E-mail Services includes the POP3 service, which provides e-mail retrieval, and the SMTP service, whichprovides e-mail transfer. Administrators can use the POP3 service to store and manage e-mail accounts on the mailserver. After configuring this computer as a mail server, users can connect to the mail server and retrieve e-mail to

their local computer using an e-mail client that supports the POP3 protocol, such as Microsoft Outlook.This topic explains how to use the Configure Your Server Wizard to install and configure E-mail Services. After youhave completed the Configure Your Server Wizard, you must perform additional required steps to create mailboxes.After you have completed the Configure Your Server Wizard and created the appropriate mailboxes, you will have afully-functioning mail server.

You can configure both member servers and stand-alone servers to be a mail server. However, the defaultauthentication method and the available authentication methods will vary. For more information about the defaultauthentication methods and the available authentication methods, see Before you begin and Configure POP3Service.

This topic covers:


Secure yourapplication server.

To ensure the security of this server, it is recommended that youimplement security precautions, such as firewalls and Internet Protocolsecurity (IPSec), before placing it in a production environment. Anapplication server may be targeted by attackers because of its exposureto the Internet and other networks. You can secure your applications byusing authentication protocols, access control, Secure Sockets Layer(SSL), and encryption.

Internet ProtocolSecurity (IPSec);Securing yournetwork with BasicFirewall;Security in

Microsoft InternetInformation Services

Secure your fileswith NTFS.

To secure your Web site, applications, databases, and files use NTFSpermissions. This is essential for a secure site.

To set, view,

change, or removepermissions on filesand folders

Configure WebInterface forRemoteAdministration.

To manage your application server using a Web browser on a remotecomputer.

Using Web Interfacefor RemoteAdministration

Create a Web site. To create a Web site to host your Web applications.Web Site Setup in

Microsoft InternetInformation Services

Create applicationswith the latestdevelopment tools.

To learn about the latest development tools from Microsoft that canhelp you develop new applications more quickly and efficiently. Microsoft Web site

Create ASP.NETWeb Applications. To create ASP.NET applications.

Creating ASP.NET

Web Application atthe Microsoft Website

Secure yourASP.NET Webapplications.

To ensure the security of your ASP.NET applications

ASP.NET WebApplication Securityat the Microsoft Website

Mail server role: Configuring a mail server




22/55

Before you begin

Configuring your mail server


Before you beginBefore you configure your computer as a mail server, verify whether or not:

The server on which you intend to install e-mail services has a working Internet connection.There is an NTFS partition available. With an NTFS partition, you can take advantage of the increased securityprovided by disk quotas. For more information about disk quotas, see Configuring disk quotas for the POP3service.You have a registered e-mail domain name. Contact your Internet Service Provider for assistance in registeringan e-mail domain name.A Mail eXchanger (MX) record for your e-mail domain name exists and matches the name of your server.Contact your Internet service provider (ISP) to create an MX record.You have configured your server for static addressing. Contact your Internet Service Provider for the informationnecessary to configure your server for static addressing. For more information on how to configure your mailserver with a static IP address, see To configure TCP/IP for static addressing.

The following table lists the information that you need to know to before you add a mail server role.

Configuring your mail serverTo configure a mail server, start the Configure Your Server Wizard by doing either of the following:


On the Server Role page, click Mail server (POP3, SMTP) , and then click Next .


Configure POP3 Service


Before adding a mailserver role Comments

Determine theappropriate level of security for this server.

A server in this role may be targeted by attackers because of its exposure to the Internetand other networks. To ensure the security of this server, it is recommended that youimplement security precautions, such as firewalls and Internet Protocol security (IPSec),before placing it in a production environment. For more information, see Internet Protocolsecurity (IPSec) and Securing your network with Basic Firewall.

Determine theappropriateauthentication methodfor your configuration.

You must choose an authentication method before you create any e-mail domains on themail server. The authentication method can be changed only if there are no existinge-mail domains on the mail server.

If the computer that you are configuring as a mail server is either a member server or adomain controller, the authentication method setting defaults to Active Directoryauthentication. Otherwise, the setting defaults to local Windows accounts authentication.

Determine that youhave a registerede-mail domain name.

The e-mail domain must be a registered domain name and it must match the MaileXchanger (MX) record created by your ISP. If you do not already have an e-mail domainname, contact your ISP for assistance in registering a domain name.

NoteThe POP3 service supports top-level and third-level domain names. For example,example.com and mailserver.example.com are both supported.




23/55


Creating mailboxes

Removing the mail server role

Configure POP3 Service

On the Configure POP3 Service page, under Authentication method , click the appropriate method for yourdeployment. The Windows Server 2003 family supports the authentication methods listed in the following table.

The authentication methods that are available to you depend on the configuration of your server:

If the computer on which the POP3 service is running is a member server in an Active Directory domain, allthree authentication methods are available.If the computer on which the POP3 service is running is a domain controller, the available authenticationmethods are Active Directory integrated authentication and encrypted password file authentication.Otherwise, the available authentication methods are local Windows accounts authentication and encryptedpassword file authentication.

Under E-mail domain name , type your registered e-mail domain name. You can create additional e-maildomains later by using the POP3 service snap-in or the Winpop command-line tool.



On the Summary of Selections page, you can view and confirm the options that you have selected. If youselected Mail server (POP3, SMTP) on the Server Role page, the following appears:

Install POP3 and Simple Mail Transfer Protocol (SMTP) to enable POP3 mail clients to send and

receive mail

To apply the selections shown on the Summary of Selections page, click Next . After you click Next , theConfiguring Components page of the Windows Components Wizard appears, and then closes automatically.You cannot click Back or Next on this page.


After the components are configured, the Configure Your Server Wizard displays the This Server is Now a MailServer page. To review all of the changes made to your server by the Configure Your Server Wizard or toensure that a new role was installed successfully, click Configure Your Server log . The Configure Your ServerWizard log is located at systemroot \Debug\Configure Your Server.log. To close the Configure Your ServerWizard, click Finish .

At this stage, you have a fully-functioning mail server, but you must also create mailboxes for all of the users inthe domain who will be sending or receiving e-mail. Without mailboxes, users cannot send or receive e-mail.

Creating mailboxesTo send and receive e-mail, each user must have a unique mailbox in the e-mail domain. You can createmailboxes from either the POP3 service MMC snap-in or at the command line. This procedure uses the POP3service MMC snap-in. For more information about creating mailboxes or administering the POP3 service at thecommand line, see Winpop. For more information about creating mailboxes, see To create a mailbox.

Use thisauthentication method When

Local Windows accounts Your mail server is not an Active Directory member server, and you want tostore user accounts on the server on which the POP3 service is installedActive Directory-Integrated Your mail server is a domain controller or a member server

Encrypted Password File Your mail server is not using Active Directory, or you do not want to haveuser accounts for the POP3 service on the local computer

Step Comments

To open the POP3 service snap-in, click Start , click Control Panel , double-clickAdministrative Tools , and then double-click POP3 Service .

Notes




24/55


25/55

Configure this computer as a terminal server by installing the Terminal Server component, which providescentralized deployment of applications.

Using a terminal server, users in remote locations can run programs, save files, and use network resources asthough those resources were installed on the users' own computers. By installing programs on a terminal server,you can ensure that all users are using the same version of a program. If you plan to use this computer to allowmultiple users to access a program at the same time from a single point of installation, configure this computer asa terminal server.

However, if you plan to use this computer for remote administration on Windows Server 2003 operating systems,you do not need to install Terminal Server. Instead, you can use Remote Desktop for Administration (formerlyTerminal Services in Remote Administration mode), which is installed by default on computers running one of theWindows Server 2003 operating systems. After you enable remote connections, Remote Desktop for Administrationallows you to remotely manage servers from any client over a LAN, WAN, or dial-up connection. Up to two remotesessions, plus the console session, can be accessed at the same time, without requiring Terminal Server Licensing.For more information about Remote Desktop for Administration, see Remote Administration using TerminalServices.

This topic explains how to use the Configure Your Server Wizard to install and configure a terminal server. Afteryou have completed the Configure Your Server Wizard, you must perform the following additional steps in order tohave a basic terminal server.

Confirm Internet Explorer Enhanced Security Configuration settings.Configure a Terminal Server License Server on another server.

ImportantThis step is required. If you do not install Terminal Server Licensing, your terminal server will stop acceptingconnections from unlicensed clients when the evaluation period ends, 120 days after the first client logon.

Install client access licenses (CALs) on the Terminal Server License Server.Install programs on the terminal server.

Distribute the latest version of Remote Desktop Connection to clients running earlier versions of RemoteDesktop Connection for Windows.Specify which users have permission to connect to the terminal server.

After you have completed both the Configure Your Server Wizard and these additional required tasks, you will havea basic terminal server.

This topic covers:

Before you begin

Configuring your terminal server

the procedure toconfigure their e-mail clients to usethe mail server.

To connect to the mail server, the user's e-mail client must beconfigured specifically for the mail server.

Configure e-mail clients

Implement diskquotas.

Disk quotas ensure that the mail store does not use an excessiveor unanticipated amount of disk space, which could adverselyaffect the performance of the server on which the POP3 service isrunning. You must have an NTFS partition to implement diskquotas. NTFS partitions allow for greater directory and foldersecurity, which better protects e-mail stored on the local harddisk.

Configuring disk quotasfor the POP3 service

Configure your mailserver to requiresecure e-mail clientauthentication.

The POP3 service supports Secure Password Authentication (SPA)for Active Directory integrated authentication and local Windowsaccounts authentication. Secure Password Authentication requiresthat all e-mail clients transmit both the user name and passwordusing secure authentication. Secure Password Authentication ismore secure than the default of plaintext and, therefore, isrecommended over plaintext. Secure Password Authenticationmust be configured on both the server on which e-mail servicesare running and on every e-mail client that will connect to themail server.

To configure the mailserver to require SecurePassword Authentication;To configure OutlookExpress for SecurePassword Authentication

Terminal server role: Configuring a terminal server




26/55


Before you beginBefore you configure your computer as a terminal server, verify whether or not:

The operating system is configured correctly. In the Windows Server 2003 family, a terminal server depends on

the appropriate configuration of the operating system and its services. If you have a new installation of aWindows Server 2003 operating system, you can use the default service settings. No further action is necessary.If you upgraded to a Windows Server 2003 operating system or you want to confirm that your services areconfigured correctly for best performance and security, verify your service settings with the table in Defaultsettings for services.The computer is a server on a network or in a domain, but is not a domain controller. Installing Terminal Serveron a domain controller affects performance because of the additional memory, network traffic, and processortime required to perform the tasks of a domain controller in a domain.The computer meets processor and memory requirements for supporting multiple concurrent sessions wheredifferent users are logged on. A terminal server requires a minimum of 128 MB RAM, plus additional RAM foreach user to support running each user's programs on the server. An additional 10 MB RAM is recommended foreach light user, who typically runs one program at a time, and up to 21 MB RAM for each power user, whotypically runs three or more programs at the same time. In addition, if you plan to install 16-bit applications onthe terminal server, be aware that they consume additional resources when they run in 32-bit environmentssuch as Windows Server 2003 operating systems.There are no programs installed on the computer. You should add the Terminal Server role before you install theprograms that you want users to access. If there are programs already installed on the computer, you mighthave to reinstall them to ensure that they work correctly in the Terminal Server environment.No users are able to log on remotely to the computer. You should allow users to access the terminal server onlyafter you have installed programs, tested their installation, and performed any tuning necessary for theprograms to work in a multisession environment. For information on disabling terminal services connectionstemporarily, see To disable Terminal Services connections.All existing disk volumes use the NTFS file system. FAT32 volumes do not provide either the required level of security for users in a multisession environment or the ability to set file permissions.

Configuring your terminal serverTo configure a terminal server, start the Configure Your Server Wizard by doing either of the following:


On the Server Role page, click Terminal server , and then click Next .




Confirm Internet Explorer Enhanced Security Configuration Settings

Configuring a Terminal Server License Server

Installing client access licenses on the Terminal Server License Server

Installing programs on the terminal server

Deploying client software

Giving users permission to access the terminal server

Removing the terminal server role




27/55

Summary of SelectionsOn the Summary of Selections page, view and confirm the options that you have selected. If you selectedTerminal server on the Server Role page, the following appears:

Install Terminal Server

To apply the selections shown on the Summary of Selections page, click Next . The following messageappears: "During this process, the Configure Your Server Wizard restarts your computer. Before continuing,close any open programs." If you need to close open programs and you want to cancel the configuration of theterminal server role at this time, you must click Cancel now. When you click Cancel , the Configure Your ServerWizard displays the Cannot Complete page. To close the Configure Your Server Wizard, click Finish .Otherwise, if you click OK , the Configure Your Server Wizard begins the configuration process.

Next, the Configure Your Server Wizard displays the message "Installing Terminal Server." The ConfiguringComponents page of the Windows Components Wizard appears, and then closes automatically. You cannot clickBack or Next on this page. Then, the Configure Your Server Wizard shuts down the computer and restarts it toaccept the configuration changes that make the computer a terminal server.

During the restart process, a dialog box displays progress messages, for example, "Windows is starting up" and"Preparing network connections." Depending on the size of your network, preparing network connections couldtake some time. When the Welcome to Windows dialog box appears, press CTRL+ALT+DEL. In the Log on toWindows dialog box, in Password , type your password. To complete the process, wait for the Configure YourServer Wizard to appear on the screen.


After your server restarts, the Configure Your Server Wizard displays the This Server is Now a TerminalServer page. To review all of the changes made to your server by the Configure Your Server Wizard or toensure that a new role was installed successfully, click Configure Your Server log . The Configure Your ServerWizard log is located at systemroot \Debug\Configure Your Server.log. To close the Configure Your ServerWizard, click Finish .

Next, you must complete the following steps so that your server is ready to function as a basic terminal server:

Confirm Internet Explorer Enhanced Security Configuration settings.Configure a Terminal Server License Server.Install client access licenses (CALs) on the Terminal Server License Server.Install programs on the terminal server.Deploy the Remote Desktop Connection .msi file to clients not running Windows XP or Windows Server 2003operating systems.Give users permission to access the terminal server.

A separate window displays checklists that provide information about these additional requirements. The sameinformation is covered in this document.

To run a terminal server, you need another computer that is configured to function as a Terminal Server LicenseServer. If a Terminal Server License Server is already installed, you can skip the steps for configuring a TerminalServer License Server and installing CALs, and begin Installing programs on the terminal server. Otherwise, if the Manage Your Server page displays a message indicating that a Terminal Server License Server was notfound, you must configure a Terminal Server License Server before you can use your terminal server.

Confirming Internet Explorer Enhanced Security Configuration settingsAfter you complete the Configure Your Server Wizard and install Terminal Server, you can configure InternetExplorer Enhanced Security Configuration settings.

If you activate these settings, Internet Explorer applies the following security settings to a user who logs on asan administrator:

High security settings to the Internet and Local intranet security zonesMedium security settings to the Trusted sites zone

By applying high security settings to the Internet and Local intranet security zones, you disable scripts, MicrosoftActiveX controls, and the Microsoft virtual machine (Microsoft VM) for HTML content in these zones. You alsoprevent users from downloading files in these zones.

By applying medium security settings to the Trusted sites zone, you set standard browsing functionality. If you




28/55

use sites for administrative tasks and Web-based applications that an administrator cannot access after youapply these settings, you can add the site addresses to the list of sites in the Trusted sites zone.

To review or change the Internet Explorer Enhanced Security Configuration settings, in Manage Your Server,click Internet Explorer Enhanced Security Configuration .

In the Windows Server 2003 family, you can implement enhanced security settings for Internet Explorer for allusers and reduce the exposure of your server to Web sites that might pose a security risk. For more information,see Internet Explorer Enhanced Security Configuration.

Configuring a Terminal Server License ServerConfigure a Terminal Server License Server on a computer other than the one on which you have just configuredthe terminal server role. A Terminal Server License Server manages licenses for Terminal Services clientconnections. You are required to activate a Terminal Server License Server only once, after which the TerminalServer License Server becomes the repository for terminal server client licenses. Until the registration process iscompleted, your Terminal Server License Server can issue temporary licenses for clients.

ImportantThis step is required. If you do not configure a Termi