Coming from a UNIX and mainframe background, I've always missed the ease with which you could manage those systems remotely. Windows operating systems didn't contain a real "in-the-box" solution; mostly, we simply had to muddle through with third-party solutions such as Symantec's pcAnywhere. Although there's nothing wrong with pcAnywhere, it just didn't seem right that there wasn't a built-in operating system solution. Microsoft changed that with Windows 2000 by including Telnet and Terminal Services in the Server Edition of the operating system. These features allow administrators to make remote connections and to remotely control systems, but they are hardly best of class and aren't very easy to configure or manage.

What was missing was a friendly interface and ways to manage both remote control sessions and remote computers easily once you were connected. Windows XP Professional delivered the solution: Remote Desktop Connection, which is essentially a better user interface for Terminal Services that makes it easier to work with remote systems and manage your remote sessions.

Remote Desktop Connection not only brings a friendlier interface but a smarter one as well. It uses the Remote Desktop Protocol (RDP) to manage sessions and connections. Microsoft enhanced RDP so that it works well over slow connections, even over dial-up connections, which makes it seem as if you're sitting at the keyboard of the remote computer no matter where you are or what type of connection you are using. Remote Desktop Connection also gives your remote control session automatic access to your local hard disk drives and printers, which you did not have in Terminal Services in Windows 2000. Remote Desktop Connections also supports multiple screen sizes, colors, and sound. You can, in fact, set the screen size you want to use for the remote session.

Windows Server 2003 offers the remote administration features of Windows XP and extends the feature set to include remote control administration by way of Remote Desktop Web Connection. Once installed and configured, you can remotely manage systems using a Web browser. Although the feature set is limited, you can perform most management functions using the Web interface.

In many organizations, files are distributed across multiple servers, and each department and site usually maintains its own file shares. Users access files locally and typically also have access to files at other sites. Often, files are duplicated between sites to ensure that they are accessible to users no matter where the user is located. This creates the situation in which lots of file shares exist and many systems act as file servers.

Windows 2000 delivered DFS to help manage many distributed file shares. Windows Server 2003 builds on the features previously available and extends them to help administrators consolidate file shares to fewer servers and create file directory trees on an enterprise-wide basis. This means you can create a single enterprise-wide directory tree that spans file shares from multiple servers.

Best of all, the directory tree separates the physical files from the logical structure of the directory so you can move the data, add or remove servers, consolidate shares, and perform other physical data management functions without having to make changes to the way users see the logical DFS directory. You can also provide redundancy and fault tolerance of the physical data using DFS replicas. A DFS replica is essentially a copy of the physical data that serves as a file backup and can be made available to users if the primary DFS data is unavailable for some reason.

Windows 2000 introduced NTFS 5, a major revision of the NT file system (NTFS). NTFS 5 delivers support for Active Directory structures, disk quotas, and data encryption. It also increases the maximum volume size and the maximum file size that could be used with the Windows operating system. In NTFS 5, dynamic disks have a maximum size of 2 terabytes (TB) and file sizes are limited only by the volume size. By combining multiple dynamic disks into a spanned volume, you can create dynamic volumes as large as 64 TB.

Windows Server 2003 delivers a significant addition to NTFS with a feature called Volume Shadow Copy. Volume Shadow Copy can create replicas of file shares called snapshots, and as the name implies, it does this in the background without administrator intervention. Basically, you decide which file shares should have shadow copies, and then you specify the times during the day when snapshots should be taken. After a snapshot is taken, files can be read from the shadow copy to recover them to the specific point in time when the snapshot was created.

To get a better understanding of how Shadow Copy works, consider the following example: You configure the Windows operating system to create shadow copies of a data application share at 7:00 A.M. and 3 P.M. every day. If a user in Accounting accidentally deletes an important spreadsheet at 3:05 P.M., she can, without your assistance, recover the spreadsheet by obtaining it from the 3 P.M. snapshot taken that day. If she finds that the snapshot has changes that shouldn't have been made, she can recover to the 7:00 A.M. snapshot or even recover back to a snapshot taken a different day. She does this by accessing the shadow copy and selecting an archived file for retrieval.

Because Volume Shadow Copy creates point-in-time copies of files, it can also be used to back up open files. Not only has this always been an administrative challenge, it has been many an administrator's nightmare. With some backup systems, open files couldn't be backed up at all. They simply were skipped. With other backup systems, open files could be backed up, but the backup process was slowed significantly or files were backed up out of sequence.

Here's how backup of open files works by using shadow copies: Volume Shadow Copy creates a snapshot of the volume you want to back up and saves the snapshot to another volume. The backup software then uses the shadow copy to create a backup of the volume without concern for open files. In addition, because files are not in use, the backup software need not go through the normal process of unlocking each file, backing it up, and then locking it again for user access—it simply backs up the files.

Although other changes to NTFS aren't as far-reaching as Volume Shadow Copy, they are significant. For instance, in Windows 2000, NTFS clusters could not exceed 4 kilobytes (KB) in size if you wanted to be able to defragment the volume using Disk Defragmenter. However, unlike Windows 2000, Disk Defragmenter can now be used to defragment volumes of any cluster size (up to the allowed 64 KB). Encryption of files on NTFS volumes has also been improved. You can now cache encrypted files for offline use. You can also configure encrypted files so that more than one user can view them.

With Terminal Services, clients using a Web browser, a Windows terminal, or the Remote Desktop can access a centralized terminal server to gain access to network resources. Windows Server 2003 Terminal Services users gain the benefits from the improved Remote Desktop Protocol discussed previously as well as some additional features specific to client terminal services. Clients can now access local hard disk drives and printers and can get audio redirected from the central terminal server. Previously, these features were available only by using a separately purchased add-on.

Local access to hard disk drives allows users to browse local drives as well as remote drives, to drag and drop files between local and remote drives, and to copy, cut, and paste files between local and remote drives. Redirecting audio from a central terminal server to the speaker of a remote client is useful in several situations, such as when applications running on the central terminal server have text-to-speech capabilities, integrated voice mail, or other audio output capabilities.

In addition, client users now have the ability to specify the time zone to use. Previously, the only time zone used was the one on the central terminal server. In Windows Server 2003, clients can choose the default time zone on the server or their local time zone, which is useful when organizations have centralized servers and employees at many different locations.

Last, client users can specify the connection type to use as slow-speed modem, mediumspeed broadband, high-speed local area network (LAN), or custom. This wasn't possible previously, and the advantage is that the terminal server optimizes the user environment based on the connection type. With a slow-speed modem connection, complex backgrounds, themes, and animations are disabled, as are other features that might slow down the display.

By specifying a medium-speed broadband connection, users get more features, but the features are balanced to ensure the connection is optimized for getting work done. For a high-speed LAN connection, all the display features and other options are enabled so the connection works just like it would if the user was sitting at a desktop in the office.

Printing is something most people—even some administrators—take for granted. Heck, when you click Print, a document is supposed to print on a printer somewhere. Well, that doesn't happen all the time. Sometimes print servers or printer queues fail. To resolve this problem for environments in which printing is a high priority, Windows Server 2003 introduces print clusters that provide redundancy for printer queues. Printer queue redundancy allows you to configure printer queues on multiple servers and configure failover from one queue to another in the event of a failure.

Remote Installation Services (RIS) have been enhanced for Windows Server 2003. By using these services, you can create images of server configurations for use in new installations and for server recovery.

For new installations, you can use an RIS image rather than starting from scratch with the Windows Server 2003 CD-ROM. The image can include service packs, updates, security patches, services, and applications. Thus, instead of installing the operating system and then installing and configuring service packs, updates, security patches, and essential services and applications, you simply apply the image and the server is ready for use. Because RIS can store many images, you could create separate images for each server role, such as domain controllers, file servers, and application servers.

The way you use RIS for server recovery is similar to the way you use it for creating images for new servers. After you install and configure all the necessary services and applications, you create an RIS image of the server. This image stores the state of the server before system failure. Then, if the system fails, you can use RIS to recover the server to the last saved image.

When I work with Cisco routers, I love the way that you can connect a portable computer through a serial cable to the back of the router and then use your portable computer to perform low-level management tasks. Once the router is configured, you let it run and do its work. You need not have a monitor, mouse, or keyboard connected to it because you can log in remotely from any terminal or over the Internet to make configuration changes.

In a way, you can think of routers as running in headless operations mode. They don't need input and output devices to function. In Windows Server 2003, you can run servers in headless operations mode as well. Here, you configure the server so that it doesn't expect to have a monitor, mouse, or keyboard connected to it, and then you manage the server using remote connections. This feature saves you from having to run cables to the server from a display switch or actually connecting a monitor, keyboard, or mouse.

Traditionally, one of the drawbacks of headless server operations is that if the server stops or otherwise becomes nonresponsive, there isn't a way to access the server to see what was happening. Routers solve this problem by having serial connection ports that allow direct connections, such as from your portable computer directly to the router, to perform low-level management tasks. One remote management hack to use with routers is to connect a serial cable between the router and another piece of hardware, such as a firewall, so that you could manage the router even if it is otherwise nonresponsive by using a connection from the other hardware component.

A similar out-of-band management feature, called Emergency Management Services, is now available in Windows Server 2003. By using Emergency Management Services, you can connect to a serial port on the back of the server to perform low-level management tasks from the command line. You can even recover from a blue screen, something that you could do previously only by logging on to the console. Here, you could do an image dump of the server's memory and then reboot the server. You could also reboot the server to safe mode so that you could modify system parameters before rebooting the system in normal operations mode. There are many connection options as well. You can connect through a serial port using your portable computer. You can connect through a modem or make a direct serial connection through another device, even another server—both of which work well for remote connections.