Windows Small Business Server 2011 : Adding and Removing Roles and Features (part 1) – Add a Role

Adding and removing roles from Windows Server 2008 R2 (and thus Windows Small Business Server 2011) can be done from either the Server Manager console or the Windows PowerShell command line. Both methods perform the same tasks and follow the same logic for which services get installed. But this is definitely a place where it’s a whole lot easier to use the GUI. So unless you’re deploying dozens of identical servers, just use Server Manager. (I can’t believe we said that—we’re the quintessential command-line types for almost everything. But this is one time where graphical just makes sense.)

UNDER THE HOOD: Server Manager—A New Way to Do Old Tasks

Previous versions of Windows Server used a freeform method for adding and removing the various features and abilities of Windows Server. This method could easily allow unnecessary services to be enabled, exposing the server to risk. Equally, it was possible to disable a critical feature or ability of Windows Server, causing other services or features not to work correctly. Troubleshooting these issues was time-consuming and frustrating, and the overall security of the server could be compromised. The Configure Your Server Wizard and the Manage Your Server Wizard of Windows Server 2003 were an attempt to resolve some of these issues by providing a simple interface that allowed for a single place to add or remove roles and manage those that were already on the server.

Windows Server 2008 R2 takes these old wizards and completely replaces them with the new Server Manager. The goal of Server Manager is to be the one place where you can add, manage, or remove roles, role services, and features on the server—your “one-stop shop” for all management tasks on Windows Server 2008 R2. For SBS, we’ve already got our primary interface—the Windows SBS Console. Most management tasks can be handled directly there. But you can’t add roles from there, you can’t add features, and some management tasks just don’t lend themselves to highly standardized wizards, frankly. For all those things, you need Server Manager, the Windows SBS Native Tools Management console, or the individual stand-alone consoles. Plus, if you’re running SBS Premium, you’ll need Server Manager to manage the included copy of Windows Server 2008 R2 Standard.

What’s different about Server Manager (and its PowerShell equivalent) is that it’s a requirement for adding roles, role services, or features. When we first ran across this requirement to always use Server Manager for these tasks, we weren’t very happy about it. In fact, we complained loudly and with a good deal of enthusiasm to more than one set of ears inside Microsoft. We saw it as an unnecessary and unproductive dumbing-down of Windows Server.

Everyone we said this to kept telling us to be patient and work with it. Well, we hate to admit it, but they were right. This is just a whole lot better and smarter way to install roles. Not only do you get the right minimum level of dependent services, but you also have the right configuration and exceptions for Windows Firewall—automatically.

1. Roles, Role Services, and Features

Windows Server 2008 R2 makes a distinction between a server role, a role service, and a featureServer roles are broad groupings of common functionality that help define what a server is used for. Thus, a file server would have the File Services role installed, and a Remote Desktop server would have the Remote Desktop Services role installed.

Each of these broadly defined roles has available one or more role services. A role service is a particular functionality that is available only for the role for which it is a role service. Thus, for a file server with the File Services role installed, the following role services are available: File Server, Distributed File System (and its subsidiary services, DFS Namespaces and DFS Replication), File Server Resource Manager, Services for Network File System, Windows Search Service, and Windows Server 2003 File Services (including its subsidiary service, the Indexing Service). For the Remote Desktop Services role, the following role services are available: Remote Desktop (RD) Session Host, RD Virtualization Host, RD Licensing, RD Connection Broker, RD Gateway, and RD Web Access.

Features are Windows Server 2008 R2 functionality that doesn’t require a specific role to be installed. Features are useful across a wide variety of server role configurations. Features include broad, general-purpose functionality, such as Group Policy Management, as well as narrow but non-role-specific functionality such as BitLocker Drive Encryption and Message Queuing.

2. Adding and Removing Roles

Roles reflect the tasks and services we expect of our servers. The File Services role includes various aspects of using SBS as a file server, one of the most basic tasks of our SBS servers. Generally, the roles that should be installed on the main SBS server are installed automatically as part of the installation of Windows Small Business Server 2011. And you should be very cautious about installing any additional roles on the main SBS server. SBS is a complicated and busy server already, and adding additional roles or functionality is not usually recommended. Instead, add a second server to your SBS network to add additional roles whenever possible, or use the second server that is part of the Premium Add-on for SBS.

2.1. Add a Role

Using the Server Manager console, you can add a role using the following steps:


Note:

In these steps, we’ll add the Remote Desktop Session Host role to our SBS 2011 Premium Edition second server. The steps are essentially similar for any role, though the exact screens and choices will be slightly different.


  1. Open the Server Manager console if it isn’t open already.

  2. Select Add Roles from the Action menu to open the Before You Begin page of the Add Roles Wizard, as shown in Figure 1.

    Figure 1. The Before You Begin page of the Add Roles Wizard

  3. Read the advice on the Before You Begin page. It’s actually good advice and a useful reminder. If you’ve read the page, understand all its implications, and don’t ever want to see the page again, select the Skip This Page By Default check box.

  4. Click Next to open the Select Server Roles page, as shown in Figure 2.

  5. Select the server role(s) you want to add. You can select more than one, but doing so makes it much more likely that you’ll have to reboot before the installation completes.

  6. Click Next to open the page for the first role that will be installed, as shown in Figure 3 (if you selected Remote Desktop Services in the previous step). This page describes the role that is being installed, and it includes a Things To Note section that contains cautions or advisories specific to the role being installed. There is also a link to an Additional Information page with up-to-date information on the role being installed.

    Figure 2. The Select Server Roles page of the Add Roles Wizard

    Figure 3. The Remote Desktop Services page of the Add Roles Wizard

  7. After you’ve read any Things To Note, click Next to open the Select Role Services page shown in Figure 4.

    Figure 4. The Select Role Services page of the Add Roles Wizard

  8. Select the role services you want to add at this time. If you select a role service that has a dependency on another role, role service, or feature, you’ll see a pop-up dialog box describing the additional functionality that will be installed, as shown in Figure 5.

    Figure 5. The Add Role Services And Features Required For Remote Desktop Gateway page of the Add Roles Wizard

  9. Click Add Required Role Services to continue and return to the Select Role Services page, or click Cancel if you want to change your role services selection.

  10. Click Next to open the next page in the Add Roles Wizard. From here to the end of the wizard, the specific pages will vary depending on what roles and role services you’ve selected.


    Note:

    For Remote Desktop Services in an SBS environment, when you get to the Select User Groups Allowed Access To This RD Session Host Server page, it’s useful to add the Windows SBS Remote Web Access Users group, as shown in Figure 6.


    Figure 6. The Select User Groups Allowed Access To This RD Session Host Server page of the Add Roles Wizard

  11. After the Add Roles Wizard has all the information necessary to proceed, it will open the Confirm Installation Selections page. This is your last chance to make sure you’ve selected the roles and role services you expected, and configured any necessary settings appropriate for your environment. If everything looks correct, click Install to begin the installation.

  12. After the installation completes, you’ll see the Installation Results page, shown in Figure 7. This page indicates whether the installation requires a restart or any other warnings or errors. Click Close to complete the wizard.

    Figure 7. The Installation Results page of the Add Roles Wizard

  13. If your installation requires a restart, you’ll be prompted to restart the server. You might as well do it now because you can’t install anything else while a restart is pending.

  14. If your installation requires a restart, be sure to log back on with the same account you used to add the role. The installation can’t complete until you log back on with that account. The Resume Configuration Wizard will open and complete the installation of the roles and role services you selected. Click Close when the installation is complete.