Archive
[Guide] Setting up a Windows Domain with Windows Server 2008 R2
Part 4: DHCP, Computer Creation & Domain Joining
In the previous part of this guide I briefly explained Active Directory and it’s use. I also walked through the process of creating a user object within Active Directory. This part of the guide will cover installing and configuring the DHCP Server role, followed by joining client computers to the domain for user logon.
Let’s get started.
What is DHCP and how does it work?
For the less network-savvy folks out there DHCP stands for Dynamic Host Configuration Protocol. It is essentially the protocol for automatically assigning network devices with an IP Address on a network. For example: in most typical home networks the Router will be the device in which all other computers obtain an IP Address from due to it having an in-built DHCP Server. Most, if not all home Router based devices have this function.
DHCP servers are usually configured with IP Address range for client computers and other network devices. This range ensures that the DHCP server can only assign IP Addresses to those in it’s configured range. For example: a 192.168.101 – 192.168.1.200 range will only assign the addresses within that particular range. This is also referred to as a Scope within Windows Servers DHCP Manager.
DHCP-enabled Clients such as computers obtain a lease for an IP address on a network from a DHCP server. The DHCP server must renew this IP Address lease for the client or the client must obtain a new lease. The DHCP server can be configured to set a defined lease duration, this information is retained and can be viewed the DHCP servers database. For example: in Windows Server the default lease duration for a client is 8 days when configuring the DHCP server role.
DHCP in the Enterprise:
Within medium to large businesses utilising a Windows Server based environment with Active Directory, DHCP is normally configured on servers as opposed to on routers. DHCP servers can then be authorised in Active Directory. Having this option also gives the advantage of creating different DHCP Scopes for different Subnets.
Additionally, Superscopes can be created in order to provide address leases to clients from more than one scope on a single physical network.
Windows Server 2008 R2 also gives the option to split a DHCP scope between different DHCP servers for load balancing and redundancy.
For this part of the guide I will be showing you how to create a basic DHCP scope for a simple network. If you wish to read more about DHCP and advanced configuration within Windows Server have a look at the following TechNet Library page:
http://technet.microsoft.com/en-us/library/cc778368(WS.10).aspx
Before proceeding: If you are attempting to configure a DHCP server within a production environment or home network then please verify that NO other active DHCP servers are present within the same network/subnet.
For example; if you have a home Router which has DHCP enabled then please disable this option before configuring.
Installing and configuring the DHCP Server Role
To install the DHCP server role in Windows Server 2008 R2 go to Server Manager and select “Roles” from the left pane.
From the Wizard select the DHCP Server role and hit next.
Select the IP Address that you want to bind for DHCP on the network, if only one is present this will be selected by default.
Enter the Domain name and DNS server address that DHCP will use for serving clients on the nerwork.
NOTE: if you have already promoted your server to a Domain Controller then the Domain name will be entered by default. For DNS make sure that it points to the set IP address of a DNS server.
For example; 172.16.1.100 is the IP Address of the primary Domain Controller/DNS server on this particular network.
If you have older Windows 9x based systems on your network then you may also want to configure WINS. If you do not require this then select the first option and hit next.
Now the next stage is to configure the DHCP scope that you want to use for clients on your network. To do this click on the Add button.
This will let you configure the options for your Scope.
NOTE: If you have a mixture of wired wireless clients on your network then there is no need to change the default Subnet Type, Wired will work for both.
The Default Gateway will typically be the IP Address of your Router, it’s recommended that you enter this in order for clients on the network to get internet access too.
Once you have configured your Scope you can then check the “Activate Scope” option and select OK, followed by next again to continue.
If you have clients on your network using IPv6 (Internet Protocol version 6) then you can configure DHCPv6. Again, if you do not require this select the option “Disable DHCPv6 stateless mode for this server” and hit next.
The final stage of configuration is to Authorise the DHCP server within Active Directory Domain Services. You can choose to Authorise with the default logged in credentials or with alternate credentials. Please note that the account must have the required Administrative privileges in order to do this.
Finally verify your configuration and select “Install”
DHCP will now install and configure itself to what you have selected.
Now that we have DHCP installed and configured we will go ahead and bring up the DHCP Management console and check that everything has taken effect. To do this go to Start > Administrative Tools > DHCP
To view the configured options expand Server name then IPv4/IPv6
- Scope – The IP set and Scope name that was configured
- Address Pool – The configured IP Address range for client computers
- Address Leases – Currently connected clients and their dynamitic IP Address
- Reservations – Assign DHCP clients with the same IP Address each time
- Scope Options – Lists DNS Servers, Default Gateway and other server types.
- Filters – Allow or Deny DHCP services to MAC addresses added to a list
To view currently connected clients with assigned IP addresses select Address Leases from the left pane.
Joining Client Computers to the Domain:
So now that we have DHCP installed and configured, the next stage is to join connected client computers to the domain and login with our domain user accounts.
Firstly you will want to verify that the computers being joined are getting the correct IP configuration. To do this simply bring up an elevated Command Prompt and type “ipconfig /all” (without quotes) and check the DHCP, DNS server and Default Gateway IP addresses are correct.
Joining a computer to a Domain involves entering the system applet. There are of course many different ways to do this, here is one way:
Bring up the Start Menu, right click on Computer and select Properties
From the System applet select “Change Settings” under Computer name, domain and workgroup settings.
Select the “Change” option under advanced system settings
Select the Domain option and enter your Domain name.
This will prompt you for Administrative credentials, enter an account with sufficient privileges. E.g. the Domain Administrator account.
If all went well you will receive a message welcoming you to your Domain. A reboot will be required.
All that’s left to do now is to login to the computer with the desired Active Directory user account by selecting Switch User and entering the username. Additionally you can also use DOMAIN\Username. E.g. TESTLAB\jsmith
During this process the computer account will be created in the “Computers” container in Active Directory by default.
Well folks, that concludes it for this guide. I hope you have enjoyed and learned a lot from it. Especially those who are new to client server network configurations.
The amount of e-mail and feedback that I have received regarding this guide has been overwhelming to say the least. I didn’t ever think it would gather so much interest.
Thank you so much.
What’s next?
Well some of you may be glad to know that I will be continuing to post content based on the areas of this guide. This will include such things as a more in-depth look into Active Directory, where I will be covering Organizational Units, Groups, Group Policy, Group Policy Objects and remote installations using Windows Deployment Services.
As always, stay tuned!
Part 1: Differences between Workgroup & Domain environments
Part 2: Post-install configuration & Active Directory services setup
Windows 8 Developer Preview: Make the Metro Weather app display temperature in Degrees Celsius
Like many others, I have been playing around with the Windows 8 Developer Preview build regularly for the last 2 weeks or so, and getting a feel for it. Especially since I have the build installed as the primary OS on my desktop and laptop systems.
One thing I did notice however was that by default the Metro Weather app displays the current location temperature in Degrees Fahrenheit. Personally, I like the temperature to be displayed in Degrees Celsius (probably just out of habit) so I decided to go about changing this.
Fortunately this is actually quite simple to change and can be performed in a matter of minutes, so here’s how to do it:
First navigate to C:\Program Files (same location for both x86 and x64) and from the Explorer Ribbon go to the View tab and tick the “Hidden Items” you should now see a folder named “Applications”
Staying within the Ribbon go to File > Open command prompt > open command prompt as administrator
From within Command Prompt execute the command ““takeown /f Applications /r” (without quotes) and wait for it to complete.
Go into the Applications folder then into the folder named “microsoft.weather_1.0.0.26_neutral_neutral_8wekyb3d8bbwe”
Now, the folder that we are interested in here is one named “js” This folder contains the JavaScript files for the Metro Weather application. Inside this folder find the data JScript Script File and copy it to temporary another location eg. desktop.
Right click on the file and select Edit to modify the file data in Notepad.
Look for the following lines within the script
Change the values “C” : “F” ; to “F” : “C” :
Save the edited file and replace the original with it. You can now end the Weather application via Task Manager (if its running) to apply the changes, and proceed to launch it normally again from the Start Screen.
Done!
NOTE: Although the temperature can be changed through the settings in the Charm menu, this didn’t appear to work for me. Hence why I have decided to show others how to do in manually.
Issues with Skype on the Windows 8 Developer Preview? Here are a few basic workarounds.
As many of you will already know, last week Microsoft released a developer preview of Windows 8 at the BUILD conference. Attendees were supplied with Tablet PC’s with the build pre-installed along with the set of developer tools, with the build being made public shortly afterwards.
Since the build went public at 4 AM here in the UK I downloaded it early the next morning and installed it on both my desktop and laptop systems. Everything seemed to be going well until I attempted to launch and sign into Skype. Upon doing this the application hung then crashed in the usual fashion:
Now, this actually comes as no surprise as Skype also suffered issues on previous builds of Windows 8, and even early builds of Windows 7. In fact, it would crash in the very same way, either immediately or a couple a seconds after signing in.
During a hunt around the web I had found out that the nice people over at Skype had released an updated version (5.5.0.117) that was compatible with the Windows 8 Developer Preview. Or was it? I uninstalled the previous version and cleared both the Appdata and Program Data directories of Skype then proceeded to install the updated version.
After the installation I singed in and held my breath, and lone behold the main Skype window popped up, everything seemed to be working correctly. Great! That was until I closed the application and tried launching it for a second time, it signed me in then stopped dead in the water…again.
By this time I had exercised most of all basic troubleshooting techniques, all which resulted in no success in actually getting the thing working again.
So then, just out of curiosity I attempted to launch the application from the new Windows 8 Start Screen (Hey you never know!) and BAM! Skype singed me in and loaded it’s main window! How strange…
Whilst testing this method multiple times, with each deeming successful I also stumbled upon a few other simple methods in which gets Skype functioning properly and also results in Skype crashing, so here they are.
Launch methods that get Skype working correctly:
NOTE: Not all of these will cause the application to startup normally; the issue appears to be intermittent. Results will vary.
- Launching Skype from the Start Screen (already mentioned)
- Signing out of Skype first before quitting the application
- Unchecking automatic sign in to Skype
- Restarting Windows Explorer then launching Skype
Launch methods that cause Skype to crash:
NOTE: Not all of these will cause the application to crash; the issue appears to be intermittent. Results will vary
- Launching Skype from the desktop icon
- Launching Skype from the Taskbar (if pinned)
- Quitting Skype without signing out first
- Checking automatic sign in to Skype
So there you have it, a few basic things in order to get Skype working on the Windows 8 Developer Preview. As of writing this I have not yet looked into finding the root cause of the issue, however I suspect it could potentially be down to the NT versioning change of 0.1 as early Milestone 3 builds of Windows 7 also suffered from this issue.
If I find anything else out regarding this issue I will provide an update. That is unless Skype provide another version update to resolve the issue that they obviously haven’t fixed!
Windows 8 Build 7989 Overview
As many of you will already know, a few days ago a new Windows 8 build leaked into wild and rapidly became available on FTP servers and Torrent sites.
Build 7989.winmain.110421-1825 which is newer than the previously leaked builds 7955 and 7959 but is still part of the Milestone 3 phase of development and is therefore is very similar to the previous two in terms of functionality and performance.
Build 7989 boosts a few more changes this time around compared to 7955 and 7959, some of which I briefly cover.
New Boot Screen:
This build features a new boot screen which brings back the famous Betta fish that was present during Windows 7’s development. It is complete with an animated loading circle accompanied by the words “Welcome” This is a sign that Microsoft are getting ready for the Pre-Beta – Beta phase of development.
[Image Courtesy of Snuffy]
Aero Lite with transparency:
In the previous builds a new visual style known as Aero Lite was present. Although the visual style supported desktop composition based animations it lacked support for the transparency effects which we have grown to love since the early days of Windows Vista. In build 7989 the Aero Lite visual style now fully supports glass and has also been tweaked slightly.
Its also worth mentioning that the Basic theme now has the option to add transparency to both the taskbar and windows, however certain elements such as the start menu still retain the basic grey style, similar to what would normally be seen in the Windows Classic visual style.
Windows Phone 7 inspired Tablet Keyboard:
By default the Tablet PC Input Panel feature is installed upon first boot into desktop. This features a new keyboard which is somewhat similar to the touch screen keyboard in Windows Phone 7. It also includes the ability to switch to the split keypad view for thumb typing, which was first shown off at the All Things Digital conference earlier this month.
Updates to History Vault:
History Vault was first discovered in build 7955 but was somewhat unusable to an extent with no clear indication of it’s exact purpose. In build 7989 History Vault has been updated quite a bit and now includes a set of advanced configuration options. I am also told that it is in fact fully functional in this build although I have yet to test it myself.
Microsoft appear to be incorporating more a more extensive set of disaster recovery tools into the next version of Windows.
Windows SmartScreen settings:
Many of you who use Windows Live Messenger will probably be familiar with SmartScreen. That all so annoying URL that you are taken to after clicking a web link from within Messenger warning you that you are leaving Windows Live to visit another site? Yes that one.
SmartScreen now appears to be built into Windows 8 and was also present in build 7955 and 7959. In this build SmartScreen now has its own settings panel which can be accessed via the action pane from within Action Center.
Portable Workspace Creator:
Another interesting feature possibly making it’s way into Windows 8 is Portable Workspace Creator which enables Windows to be run from a USB drive. Again, this feature was also present in build 7850 and 7955 but has been updated slightly in 7989. As you can see from the shots below it now requires at least a 32 GB USB drive compared to the previous 16 GB.
I’m interested to see how this feature will work and may even test it later once I actually get a hold of a 32 GB flash drive.
You can find this tool under System32 by the name pwcreator.exe
Metro styled Control Panel:
What’s Windows 8 without a bit of Metro eh? The “Immersive” based applications present in the OS resemble somewhat of a Metro look at feel to them, the new start screen is a perfect example. Microsoft are drastically changing elements of the UI to give it a more modern appearance much like the Windows Phone 7 OS.
Hidden within certain areas of these builds are elements of this UI, one of them being another Control Panel. Although already present in build 7955 it has been changed slightly here, but still requires desktop composition to be disabled in order for it to successfully launch.
The only downside is that it somewhat broken (as you would expect for now) therefore I have only decided to take a couple of shots. However, here is a complete list of what options are available from within it:
- Activate Windows
- General
- Ease of Access
- Search
- Wireless
- Devices
- Privacy
- Notifications
- Windows Update
- Desktop Control Panel (Default Control Panel)
The Metro Control Panel can be found under System32 by the name SystemSettings.exe
Hyper-V 3.0 and new VHDX Virtual Hard Disk format:
Rob McLaws recently discovered a bunch of Hyper-V 3.0 based features within 7989:
Storage
- Virtual Fibre Channel Adapter
- Storage Resource Pools
- New .VHDX virtual hard disk format (Up to 16TB + power failure resiliency
Memory/Processor Enhancements
- Support for more than 4 cores
- NUMA – Memory per Node, Cores per node, Nodes per Processor Socket
Networking Enhancements
- Hardware Acceleration (Virtual Machine Queue & IPsec Offload
- Bandwidth Management
- DHCP Guard
- Router Guard
- Monitor Port
- Virtual Switch Extensions
- Network Resource Pools
Changes to the Logon Screen:
Those who used builds 7955 and 7959 will remember the Metro inspired logon screen, which in a way resembled the Windows Phone 7 lock screen.
On a laptop system the logon screen would display the battery status along with the date and time. In 7989 it now also displays the Wireless network status.
Anti-Malware startup driver:
Another interesting find lies within the boot options for the OS. Simply hitting F8 to enter the OS boot option choices and you will come across an option to disable early launch of an Anti-Malware driver.
Are Microsoft aiming to add another layer of protection to Windows? Perhaps a level of Rootkit protection? No one can really say for sure but certainly very interesting.
If I find anything else regarding this then I’ll be sure to update.
Tip: How to fix the User Tile and some “Immersive” applications
Anyone who has currently tested this build will probably be aware that the User Tile down in the right hand corner appears to be broken, and does nothing when clicked on. The Immersive Browser also fails to launch.
The reason for this is because several system files in this build appear to be corrupted. 7989 originally came from a machine which was sysrepped and obviously during that process some things didn’t exactly turn out right. Luckily there is an easy fix.
- Launch Command Prompt as Administrator
- Type the command “sfc /scannow” (without the quotes)
- Wait for the verification process to complete
- Reboot the machine to complete the changes
- Done! The User Tile and Immersive Browser should now work properly.
Note: If you are using any of the RedPill or BluePill patches then please make sure to disable them before applying the above fix, as you will loose all unlocked features.
That’s all for now folks, if I stumble across anything else I’ll update on my findings. If you have found anything else in this build that I’ve not mentioned here then please feel free to contact me or leave a comment and I’ll be sure to add it here.
-Greig
[Guide] Setting up a Windows Domain with Windows Server 2008 R2
Part 3: Active Directory & User Creation
In part 2 of this guide we configured our domain controller by setting up DNS and Active Directory Domain services. Now we shall take a brief look at Active Directory itself including adding users and joining client computers to the domain.
Check network configuration before proceeding:
Before attempting to add users and join clients to the domain you must make sure that your DNS configuration is correct. Active Directory Domain Services rely heavily on DNS for name resolution across the network, hence why you really want to make your first domain controller act as the primary DNS server too.
Like I explained in Part 2, for name resolution to function correctly the server must point to itself for DNS. For example, within TCP/IP settings under DNS Servers set the preferred DNS server address as the servers IP address:
If you have a second Windows DNS server on your network then you can input its IP address into the alternative DNS server entry. If this is the only DNS server on your network then it is recommended to input the loopback address of 127.0.0.1 into this field rather than leaving it blank.
If you are configuring your domain controller in a production environment or even in a home network then you will will also want ensure that your server can properly resolve web addresses from the internet. To do this first enter the DNS Manager by going to Start > Administrative Tools > DNS. From there select your server listed in the left hand pane where you will see the Forwarders option displayed to the right.
Navigate to the properties of this item by right clicking, this will bring you to the Forwarders tab for your DNS server. Forwarders are basically DNS servers that can be used to resolve addresses that your server can’t. For example; www.google.co.uk Servers added to the list of forwarders must be valid DNS servers. To add Forwarders hit the Edit button and type the IP addresses of the DNS servers you want to use, ideally you want at least two.
For this example I am using the OpenDNS server addresses, you can use these or any other valid DNS servers, including your ISP’s. At home I prefer to use OpenDNS.
Now that we have properly configured our network and DNS settings let’s dive into Active Directory.
What is Active Directory?
Active Directory is a directory based service that runs under the Windows Server family of Operating Systems from Server 2000 onwards. Al information and configuration settings are stored within its database. This information can contain such properties as user accounts to physical site links across several geographical locations.
Administrators use Active Directory to manage such things as User Accounts, Computers Network Printers, Groups, Permissions, Resources, Sites and much more.
Things such as Users, Computers, Printers and Groups are defined as Objects within Active Directory.
Adding & Configuring Users
In this section of the guide I will be focusing on Active Directory Users and Computers. Launch this by simply going to Start > Administrative Tools > Active Directory Users and Computers It should look similar to what’s shown below:
What we have here is essentially a fresh panel with nothing added or taken away, with only the default containers. This is where we will add and manage users and client computers in the domain.
By default Active Directory provides us with containers for both Users and Computers, if we select the Users container we will see that it contains the default Administrator user account along with various Security Groups.
In a production environment with a fairly large user base you wouldn’t typically find user accounts being added into this container. However, for the purpose of this example we will create a new user into this container before moving onto a more organised structure later.
To create a new user you can right click on the highlighted users container and go to New > User or simply right click in an empty area within the container and choose New > User Alternatively you can perform the same option from the Action menu at the top.
This will bring up a new object window for you to enter the details for our user including the domain that they will be a part of. I’ve filled out the appropriate fields for the user John Smith.
Hit next where you will enter a password for the user. By default this password has to be a minimum of 7 characters in length and be somewhat complex, similar to what was required at first logon to the server. You also have the option to prompt the user to change their password at next logon along with a few other account options. I would recommend to enforce a password prompt change for production environments, it lets the user choose a password of their choice. The initial password before the change should be something simple such as the users date of birth for example.
By default users are members of the Domain Users security group. Different security groups have different sets of permissions across the domain. For example, a domain user will have less permissions and overall access than a domain admin. You can also add users to different security groups.
- Once you have created the user it will appear within the container in which it was created.
Tip: If you wish to change the password requirements whilst creating a bunch of users then you can. Password requirements are controlled by a security policy set by the domain, a feature known as Group Policy.
Here’s how to change this:
- Go to Start > Administrative Tools > Group Policy Management
- In Group Policy Management expand the Forest, Domains and your domain categories
- Right click on the Default Domain Policy and select Edit
- Under Computer Configuration expand Windows Settings and select Security Settings
- Go to Password Policy and edit the following policies by right clicking and selecting properties on them: Minimum password length and Password must meet complexity requirements
- Close the Group Policy Management Editor
- Within Group Policy Management right click on the Default Domain Policy again and select the Enforced option.
- Update the policy changes by launching Command Prompt and typing “gpupdate” (without the quotes)
- Done!
Adding users to Security Groups:
I mentioned Security Groups briefly, and that there are various default groups available within Active Directory. In your own organisation you may want to add users to other groups for overall efficiently when it comes to such things as assigning and controlling access to resources on the network. You can also create your own groups for specific needs, and have users be part of them.
To add a user to a specific group or groups, right click on the user within Active Directory and select Properties.
From within Properties navigate to the Member Of tab and select the Add button
Select the appropriate object type followed by the location of the group. (Default Security Groups are held within the Users container.)
Finally, enter the name of the group that would want the user to be part of (eg. Domain Admins) and hit check names followed by OK.
The group should now appear in the Member Of list.
In the continuation to this stage I will covering the installation and configuration of the DHCP role, including how to join client computers to the domain.
Stay tuned!
Part 1: Differences between Workgroup & Domain environments
Part 2: Post-install configuration & Active Directory services setup
Back in business!
So as many of you have probably already noticed, I have been away from quite some time. Over the past year or so I have been extremely busy with work related duties and various other projects, so much that I have been unable to devote any time to this blog. However, with everything else back on track now its time to get my blog back to where it left off.
The Windows Server 2008 R2 guides will be back including further in-depth looks into additional server roles. As this year progresses I will also be publishing some other interesting articles as we get closer to the Windows 8 Beta.
Stay tuned as there will be much more content arriving very soon!
-Greig
Update for Windows Activation Technologies Playing Fair?
A few days ago Microsoft released a WGA based update for Windows 7 systems through Windows Update. The update known as “KB971033” was to ensure that all current Windows 7 users had a genuine copy of the OS installed on their machines, but it was also intended to catch out the ever growing number of software pirates using the OS with the famous OEM SLP activation hacks. This update was optional however and unchecked by default making it extremely easily to bypass.
The behaviour of the update is similar to that of Windows Vista once installed on a non-genuine system. After the user has installed the update and restarted Windows, they will then be presented with a message upon logon notifying them that the update is not working and that they may be a victim of software counterfeiting.
Click on the screenshots to enlarge.
Now, all users out there with legit copies of Windows 7 should be fine after installing this update. At least you would think…
Yesterday I happened to receive reports from various people regarding this update. They had installed the update on their genuine copies only to be flagged as non-genuine after the reboot. To make matters worse, all of these people actually acquired their Windows 7 licenses through Microsoft TechNet Subscriptions which obviously offer genuine Microsoft software.
I myself happen to utilize a TechNet Subscription and have yet to see this update even appear on my systems so I can’t say I’ve experienced this yet, although I am very puzzled as to why this has happened to those with perfectly genuine copies of the OS. No doubt there are probably many more genuine users out there suffering from this problem and find themselves completely taken back by it.
So, for all you other genuine users out there that are effected, I have a simple step by step solution that should take care of this.
- Launch Windows Update and view your update history
- Find update KB971033 and uninstall it (a reboot is required)
- Once logged back on launch Command Prompt as Administrator
- From within Command Prompt type “slmgr –rearm” (without quotes) and hit enter
- Reboot once the command has completed
- Once logged back on navigate to System Properties and select the “Change Product Key” option at the Windows Activation section.
- Re-enter your Windows 7 product key and it should successfully activate
- Reboot
Upon logging back on to your system you should see a clean desktop with no WGA messages or watermark. All that’s left to do now is go back into Windows Update, check for updates and hide KB971033 if it decides to show up again. Done!
Hopefully this puts an end to the stress of many genuine users suffering from this rather peculiar issue. I can only think that there is possibly something within this particular update responsible for giving out false positives to many genuine users out there. Either way I hope Microsoft are already aware of this issue and are dealing with it.
Once again, please feel free to leave comments or drop me an e-mail on this issue as I’d be interested to know if anyone else has experienced it.
Taking a look at the Windows 7 Browser Ballot Screen
So as many of you probably already know, just shortly before Windows 7 was due to RTM (Release to Manufacturing ) the EU kicked up a stink (yet again) due to Microsoft bundling Internet Explorer with Windows. This has been well known and rather quiet ongoing case since 1995 when Microsoft first included the popular browser with Windows.
The case was then resumed during the development of Windows 7 with the original decision made by the EU that Microsoft would not be allowed to bundle the browser with Windows 7 in Europe, at all. This caused great concern and raised the question, “How will users access the web with no default browser being pre-installed?” But it wasn’t just the EU that were on the software giant’s back about this, another popular browser company known as Opera also decided to take a stab. For the same reasons they also believed that Internet Explorer was crushing the competition and stealing market share from other popular browsers such as Mozilla’s Firefox, Google’s Chrome and their own of course. Opera also went a step further and suggested that Internet Explorer shouldn’t be bundled with Windows at all in Europe or the US.
After the EU’s rants and raves along with Opera’s sad attempt to try and increase their browsers market share, Microsoft finally came up with an solution. The idea was to present the user with a ballot type screen where they could select a browser of their choice from a list of popular web browsers. Thankfully this method ending up meeting the requirements of both parties and was later approved.
Let’s take a look at it then, shall we?
The browser ballot actually comes in the form of an update via Windows Update which is optional and unchecked by default. It also cannot be removed as stated.
Once you have installed the update and rebooted the system you will notice an icon on your desktop with the name “Browser Choice” You will also notice that Internet Explorer appears to have been unpinned from the taskbar.
Upon double clicking on the icon Internet Explorer will pop up along with a separate window with some information, also telling us that the update conveniently unpinned Internet Explorer from the taskbar, how nice.
After hitting OK we are now presented with the Browser Ballot Screen with the choices which opens in Internet Explorer, funnily enough.
The ballot screen includes a total of 12 browsers for the user to choose from. These include:
- Internet Explorer
- Firefox
- Chrome
- Opera
- Safari
- K-Meleon
- FlashPeak
- Maxthon
- Flock
- Sleipnir
- GreenBrowser
- Avant
It’s also worth noting that each time you start this up the order in which the browser choices are displayed will be randomised.
Hitting Install on any of the choices will immediately activate a direct download.
Finally for those who are interested, the browser choice update installs itself to C:\Windows\System32
Well that concludes this short overview of the Windows 7 Browser Ballot or “Browser Choice Screen” as it’s now called. I definitely think that this method is best as it doesn’t leave the user without a default browser and it’s also a good idea for those who perform regular installs of Windows because it gives them quick and easy access to installing their favourite third-party browser.
I still don’t agree on decision to have the choice in the first place though. Microsoft have already gave users the option in Windows 7 to remove various components including Internet Explorer. This option is ample in my opinion and certainly doesn’t put a downer on the browser competition as the EU claims.
At the end of the day it’s Microsoft’s Operating System and it should really be up to them what they do, not anyone else. Another question still remains however, what about Microsoft’s main competitor, Apple? What makes them so different that they have managed to slip out of this? That’s one that I really can’t answer but in my option they should have also been treated the exact same way that Microsoft were despite the lower market share.
Feel free to comment!
[Guide] Setting up a Windows Domain with Windows Server 2008 R2
Part 2: Post-install configuration & Active Directory Services setup
So now that we’ve talked a bit about what a Windows Domain is and how it compares with a standard Workgroup in part 1, let’s go ahead and get configuring.
Note: Although I’m directing this guide towards Windows Server 2008 R2 most of the things covered here such as Active Directory setup will be very similar if not identical to previous versions like Server 2003 and 2008. However some things will of course be slightly different so please keep that in mind.
Tip: Assuming you haven’t already installed Windows Server 2008 R2 yet, here is a little handy thing to know.
When you approach the disk configuration stage during setup you might want to partition the disk that you will be installing the OS onto, if you don’t already have more than one physical disk in the system. The reason for this is to provide some sort of backup if in the event of a critical system crash. This is why more than one physical disk in the system is preferred.
Click on the screenshots to enlarge
Okay, now that we have Server 2008 R2 installed, the first thing that we have to do is change the default user password. Upon first logon of the OS you are required to change this password before you can log on to the system.
This password must meet the default password policy requirements, in other words the password must be slightly complex in order to be accepted. For example, Pa$$w0rd. Once you have entered the password of your choice the system will notify you of this and proceed to log you on to the desktop.
Once you are logged on to the Server 2008 R2 desktop you will be presented with a window named “Initial Configuration Tasks” This is where you can quickly perform a various number of important first-off configuration tasks to your server before you begin any advanced configuration manually yourself.
I recommend that you set up a few of these options before proceeding to the next stage.
- Configure Windows Updates (keep your server secure)
- Configure Windows Firewall (prevent unauthorised access to your server)
- Configure Remote Desktop (enabling this allows you to connect to your servers desktop remotely from anywhere on your local network)
- Change computer name (give your server a suitable name and description. A reboot is required to apply these changes)
- Activate Windows (in order to fully use your copy of Windows you must activate it with a valid product key for that particular version and edition)
The next thing we now need to do is configure our network settings on the server. You can get quick access to these via the “Initial Configuration Tasks” and selecting the option “Configure Networking”
Upon clicking this you should be presented with a window displaying the current network adapter. Simply right click on this and select “Properties”
This will now bring up configuration options for your network adapter. Highlight “Internet Protocol Version 4 TCP/IPv4” and select “Properties” if you know that you are using an IPv4 based configuration. If you are using an IPv6 based configuration then highlight “Internet Protocol Version 6 TCP/IPv6” and select “Properties” on that.
If you are unsure of what Internet Protocol version you are currently using then you can check this via Command Prompt which you can launch by going to Run then typing “cmd” (without the quotes)
Once Command Prompt is opened simply type “ipconfig” (without the quotes) This command will bring up your network adapter along with your current network configuration.
As you can see from the screenshot above it shows that I’m using IPv4 and displays my IP configuration.
Now that you have selected properties on your chosen connection type you should see the following:
Since this server will be acting as a primary Domain Controller on the network, its best that we assign in with a static IP address in order to prevent any problems that you might run into if using a dynamic IP address.
We want to configure the server with it’s own IP Address and assign it a valid Default Gateway and DNS server addresses. To do this simply select the option “Use the following IP address”
Here is an example:
As you can see, I’ve set my server up with an IP address of 192.168.1.101 with the Default Gateway as 192.168.1.100 and my DNS servers are 208.67.222.222 and 208.67.220.220 (for example)
Depending on what your current network setup consists of, things will vary. Also keep in mind that the first Domain Controller MUST be the a Global Catalog server and is recommended to be a DNS server too for integration with Active Directory. When acting as a DNS server it should point to itself for DNS resolution. To do this you will want to set the primary DNS server as your servers IP address, in this case 192.168.1.101
Now, if you only intend to have one DNS server on your network then there is no problem leaving the alternative DNS server field blank, although it is usually recommended to use the loopback address of 127.0.0.1
Some terms:
Default Gateway – Commonly referred to as your Gateway out to the Internet. In our case a Default Gateway is basically another name a ISP provided device for home networking which enables you to access the Internet, such as a DSL or Cable Modem for example. However, if you happen to be on a network connected by a Router (again another home networking device) then this will effectively take over as your Default Gateway since it’s getting the required configuration from your ISP device which is connected to it.
Domain Name System (DNS) – In it’s simplest form DNS translates hostnames into IP addresses for example; one of the computers in your home may be named “Office-PC” and if that PC is part of a network it will also have an IP Address. In order for any type of network communication to take place the computers name must be found via it’s IP address, so while the user will see the name “Office-PC” the various other computers and network devices will see 192.168.1.101 for example. That’s basically what DNS does, it translates text based names to numerical numbers, those numbers being IP Addresses. This method is treated the very same way for Internet web addresses. Another example of this would be www.google.co.uk which translates to 208.69.34.230
Where can you find your DNS Server addresses?
On a typical home Broadband network your ISP will issue out it’s own DNS server addresses for your connection to use. These will be configured into your Broadband device (DSL or Cable Modem for example)
To find out what your DNS server addresses are you can repeat the same step you used to find your IP Address and network configuration. Only this time instead of typing “ipconfig” type “ipconfig/all” (without the quotes) this will display all available IP configuration including your DNS server addresses.
Great! our server is now ready to be used as a Domain Controller, now it’s time to create our Domain.
For this we will be configuring Server 2008 R2’s Active Directory services. Active Directory is the technology behind user & computer management in a Domain from which many tasks can be performed. Think of Active Directory as a largely organised database made up of users, computers and other servers. After you have set up Active Directory then you can start adding and configuring your users and computers through it which we will discuss in the next part of this guide.
The easiest way to launch the Active Directory installation is by going to Start > Run and typing “dcpromo” (without the quotes)
In doing so you should be presented with the following:
Followed by the installation wizard:
Hit next and you’ll see a little bit of information regarding compatibility:
Next we are given the option to create a new Domain Controller or add this one to an existing Domain. Since we are setting up a Domain for the first time we want to choose “Create a new domain in a new forest”
For the next part we will choose a desired name for our Domain. For example greigmitchell.com
Hit next and the wizard will check if the name is already in use:
The next stage is to select a functional level for our Domain. This basically determines what Windows Server version you would like to base Active Directory on for your clients. Generally speaking if you are using Windows XP clients for example, then it would be best to base your functional level on Server 2003. The same goes for others too.
Windows 2000 Server – Windows 2000 Clients
Windows Server 2008 – Windows Vista Clients
Windows Server 2008 R2 – Windows 7 Clients
You can still run newer client machines on older Server versions but I wouldn’t recommend it due to compatibility issues that you could run into.
Since I am using Server 2008 R2 with Windows 7 Clients I’ll go with the Server 2008 R2 functional level.
Now that’s us pretty much done. You will notice that the near final stage gives us the option to select additional options for our Domain Controller. I would recommend that you also install the DNS service too as this is really required when joining or connecting other machines to your Domain.
You will remember earlier in this guide that I talked about backup, well this next stage is a good example of that. Since Active Directory contains a fairly large amount of saved information and settings these need to be stored. Therefore a database for Active Directory is created along with corresponding log files.
By default these are stored in C:\WINDOWS\NTDS which is fine if you back them up elsewhere but its recommended that you select a different location on a different disk or partition. For example, create two new folders on D:\ called AD Database and AD Log Files and change the default location.
Finally we create an Admin password for Directory Services Restore Mode, again in the event of something going wrong such as a critical system crash.
That’s it! the install wizard should complete the last few necessary steps automatically before telling you that it has successfully completed.
Hit finish and you should be prompted to reboot your server in order to complete changes.
Upon the next logon launch the Server Manager by going to Start > Server Manager and you should see that your server is now joined to the Domain that you just created.
You can also see this information by going to system properties
Go to Start > Administrative Tools and you should see that a new bunch of services have been installed including the Active Directory based ones.
In part 3 of this guide I will be showing you around Active Directory and guiding you through the process of adding users and computers.
[Guide] Setting up a Windows Domain with Windows Server 2008 R2
Part 1: What is a Windows Domain?
Differences between Workgroup & Domain Environments
In this guide I will be demonstrating how to setup, manage and maintain a Microsoft Windows Server based Domain, step by step. This guide will also make use of the following:
- IP Addressing
- Active Directory
- Group Policy
- DNS
- DHCP
- Folder & Network Drive sharing
Many of you are probably familiar with the feature known as Workgroups in Windows and have possibly used it at some point too. A Workgroup is basically just a grouping of Windows based PC’s that are part of the same local network, each of these PC’s can be accessed through the network and both files and folders can be shared on each too. The Workgroup can also be given a name of choice to distinguish itself from others. Pretty straight forward wouldn’t you agree? But, are Workgroups ideal in larger environments such as corporate organisations or enterprises with hundreds to thousands of PC’s? No, they certainly are not and for many valid reasons such as:
- Security
- User & Computer Management
- Computer & Network Monitoring
- Data Access and rights
and so on…
So what is a Windows Domain and how does it differ from a standard Workgroup? A Windows Domain is a logical grouping of both users and computers, and also includes servers and sites. Unlike a Workgroup users and computers are controlled by servers, these are typically known as Domain Controllers and are at the heart of all user and computer based management. This is known as a Client Server Network.
While a Workgroup has a recommended limit to about around 15 PC’s, a Domain is ever expanding, ultimately allowing for an unlimited number of PC’s or “Clients” as they are often referred to as. A Windows Domain can also be expanded even further to include multiple Domains by adding additional Domain Controllers. Since everything can be manually and automatically managed via the Domain Controller this saves a large amount of time because the need to go around each PC and configure various things is done away with.
As you can already see, the advantages over a Windows Domain rather than a Workgroup are already becoming clear. Here are a few others including some which I have already mentioned briefly.
- File & Resource Sharing
- Centralised Management
- Security
- Expandability
- Minimal Effort
- Time Saving
- Cost Effective
That’s it for part 1, in part 2 I will showing you how to configure the server and setup Active Directory based services.
You can also find links to the various parts of this guide over at the Tips & Guides page
Greig Mitchell's Blog 