Windows 7 / Getting Started

---

Managing Windows Server 2008 Roles and Features

To help organize and manage the expanded functionality of Windows 2008, the platform introduces a new paradigm. This paradigm is the roles and features. The roles and features allow administrators to add and manage functionality in coherent blocks. This includes tools to summarize the installed roles, manage the roles, and maintain the roles.

Roles in Windows Server 2008

Server roles in Windows 2008 are used to organize the functionality of the operating system. The server roles are an expansion of the server roles of previous versions of Windows, with significant enhancements. Roles usually include a number of related functions or services that make up the capabilities that the server will offer. A role designates a primary function of the server, although a given server can have multiple roles.

Windows 2008 includes the following roles:

• Active Directory Certificate Services
• Active Directory Domain Services
• Active Directory Federation Services
• Active Directory Lightweight Directory Services
• Active Directory Rights Management Services
• Application Server
• DHCP Server
• DNS Server
• Fax Server
• File Services
• Network Policy and Access Services
• Print Services
• Terminal Services
• Universal Description, Discovery, and Integration (UDDI) Services
• Web Server (IIS)
• Windows Deployment Services
• Windows Server Update Services

Within each role, a number of role services make up the role. The role services allow the administrator to load only the specific services that are needed for a particular server instance. In some cases, such as for the DHCP Server or DNS Server roles, the role and the role service are one and the same. In other cases, the role will contain multiple services that can be chosen. For example, the File Services role contains the following role services:

• File Server
• Distributed File System
• DFS Namespaces
• DFS Replication
• File Server Resource Manager
• Services for Network File System
• Windows Search Service
• Windows Server 2003 File Services
• File Replication Services
• Indexing Service

Adding a role and role services installs the binaries (i.e., the code) that allow the services to function. There is typically additional installation and configuration that needs to be done after the roles are installed, such as for the Active Directory Domain Services role.

Only loading the roles required for each server and, thus, only the appropriate binaries, reduces the complexity, the attack surface, and the patch surface of the server. This results in a more secure, less complex, and more efficient server-in short, resulting in less headaches for the administrator who has to manage the server!

NOTE: The patch surface of a server is the code in the server that requires patches to be applied. This can increase the need for patches and, thus, downtime, as well as administrative overhead. If code is installed on a server, it needs to be patched even if that particular code is not in use on a server. This is analogous to the attack surface of the server.
A good example of this is the Web Server role. If a domain controller has the Web Server role added, any patches that apply to the code base of the Web Server role need to be installed. This is true even if the services are disabled or just not used. Thus, the patch surface of the domain controller has been increased.
However, if the domain controller only has the roles (and, thus, the code) for just the roles it needs, the patches for other roles will not need to be applied to the domain controller. Thus, the patch surface of the domain controller has been reduced.

Features in Windows Server 2008

In addition to the roles and role services, Windows 2008 also has the ability to add features. Features are typically supporting components that are independent of the server role, but might provide support for a role or role service. For example, a domain controller is configured with the Active Directory Domain Services role. However, in some organizations, the domain controller will also serve as a Windows Internet Naming Service (WINS) server. WINS is a feature in Windows 2008.

There are many different features in Windows 2008, including the following:

• .NET Framework 3.0 Features
• BitLocker Drive Encryption
• BITS Server Extensions
• Connection Manager Administration Kit
• Desktop Experience
• Failover Clustering
• Group Policy Management
• Internet Printing Client
• Internet Storage Name Server (iSNS)
• LPR Port Monitor
• Message Queuing
• Multipath I/O
• Network Load Balancing
• Peer Name Resolution Protocol
• Quality Windows Audio Video Experience (qWave)
• Remote Assistance
• Remote Differential Compression
• Remote Server Administration Tools
• Removable Storage Manager
• RPC over HTTP Proxy
• Simple TCP/IP Services
• SMTP Server
• SNMP Services
• Storage Manager for SANs
• Subsystem for UNIX-Based Applications
• Telnet Client
• Telnet Server
• TFTP Client
• Windows Internal Database
• Windows PowerShell
• Windows Process Activation Service
• Windows Server Backup Features
• Windows System Resource Manager
• WINS Server
• Wireless LAN Service

The features are installed with the Server Manager Add Features Wizard. To add a feature, execute the following steps:

1. In the Initial Configuration Tasks Wizard or Server Manager, click the Add Features link.
2. Select a feature or set of features.
3. Click Next to accept the selected features.
4. Click Install to install the selected features.
5. Click Close to exit the wizard.
6. Close the Server Manager window.

The feature will now be installed.