step by step Boot windows 7/2008 from VHD

The post is updated accordingly with the Server 2008 R2 build 7000 commands, and information on how to create/add/attach VHDs using Disk Management.
Windows 7 and Server 2008 R2 supports booting directly from a VHD file, the same kind of files used for Virtual PC/Server and Hyper-V.
This gives you the option to install and handle the installation directly in one simple file, while being able to boot and run the OS just as if it were installed in a regular harddisk.
Also you should be able to attach these installation to the above products, and boot the installation. I'm just guessing here, i have not tried that yet but i'll have a go at it.
First you need to create a VHD file. This is done using diskpart, and then afterwards you can handle the boot process using bcdedit. The following shows the commands used in the 2008 R2 (build 7000), and the Windows 7 Beta 1 (build 7000).
If you have Windows 7 installed, boot into the OS and create the VHD file

diskpart
create vdisk file=c:\vhd\win7.vhd type=fixed maximum=16000

This will create a 16GB VHD file in C:\VHD (C:\VHD\ needs to exists prior to running the command)
VHD files can also be managed using a GUI directly from the Disk Management tool. “Computer Management” and right click “Disk Management”. You should see the following options:



After you have created the disk file, boot your machine with the Windows 7 DVD in the drive, and choose "Install Now". Press SHIFT+F10 to get a CMD prompt. You can also choose "Repair" and start the CMD from the tools menu. Run the following to select and attach the VHD file.

diskpart
select vdisk file=c:\vhd\win7.vhd
attach vdisk

NOTE: The command for "surfacing" (crazy name if you ask me...) a VHD files has changed in the 7000 build, and is now called "attach vdisk" instead of "surface vdisk".
If you are running the above commands when installing 2008 R2 Build 6801 the command is "surface vdisk". My guess is that this will also change in comming 2008 R2 builds to attach instead. The new beta 1 release of Server 2008 R2 (Build 7000) now also uses the “attach” command instead of surface.
After you have attached (Or surfaced the disk...) just type exit 2 times, and you will be back with the installation. When you come to the part where you choose where to install, you should see a 16GB partition. The installation will tell you that you cannot boot off this volume, just ignore and select the drive and install.
Since Windows 7 supports VHD files, it also knows when it is being installed to a VHD file. Therefore you do not need to add boot entries manually, the installation process takes care of that itself. The bad thing about this is that it makes your VHD installation the default boot option, and the entry name is "Windows 7" - just as it is for a "normal" installation.
Fear not - this can be changed using bcdedit.
When you have booted either the HDD or VHD installation, start a CMD prompt and run bcdedit with the verbose (this will show you identifier as GUID, which i find easier)

bcdedit /v

copy the ID for your VHD installation and type: (change xxxxx... to your GUID)

bcdedit /set {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} description "Windows 7 VHD"

The above changes the description for your VHD installation to "Windows 7 VHD" so you can distingues them.

bcdedit /displayorder {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} /addlast

This adds the VHD installation as the last choice in the boot list. If you have multiple entries, jyst type them in your prefered order seperated by spaces, and drop the /addlast option.
If you want to add an entry for a VHD installation manually, the easiest way is to just copy an entry in the boot store

bcdedit /copy {GUID} /d "my copy"

Afterwards you can change the 2 following options to point to your VHD file:

bcdedit /set {GUID} device vhd=[C:]\vhd\win7.vhd
bcdedit /set {GUID} osdevice vhd=[C:]\vhd\win7.vhd

Thats it! Im running 2x 2008 R2 and 2x Windows 7 installation on my laptop using the above, and it works like a charm.
You can also use the diskpart command for attaching your VHD files. This way you can copy files, change settings and so on to the installation in the VHD file. Just use the select + attach/surface command. Remember you cannot attach an running VHD file.

---

Setup IP Reverse DNS Record in Windows Server 2003

1. Install Microsoft Windows DNS Service

1. Go to Start > Settings > Control Panel.
2. Double-click Add/Remove Programs.
3. Click Add and Remove Windows Components.
4. The Windows Components Wizard starts. Click Next.
5. Click Networking Services, and then click Details.
6. Click to select the Domain Name System (DNS) check box, and then click OK.
7. Click OK to start server Setup. The DNS server and tool files are copied to your computer.
8. Continue to the next step to configure the DNS server.

2. Deletgate Reverse Lookup Zone

Your upstream provider need to delegate the reverse DNS lookup zone to your DNS servers. Creating delegated subnetted reverse lookup zones is not a trivial task. This article discusses how to configure delegated subnetted reverse lookup zones for a Microsoft Windows DNS server. How to configure a subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows Server 2003

Create Reverse DNS Record in Your DNS Servers

a. Login to your DNS server and start DNS control panel at Start > Programs > Administrative Tools - DNS

2. Expand Reverse Lookup Zones and click the IP segment that your will setup

If you can't find the IP segment, You should create a new zone for the IP segment.

3. Create New PTR, You can Right Click IP segment -> New Pointer(PTR)...

3. Set the correct parameters for PTR

• Host Ip Number: Please input correct IP
• Host Name: Server Host Name + domain name eg. CP1001.databasemart.net

configuring radius server using windows server 2008

This will be a basic setup using Windows 2008 Server to allow RADIUS and dot1x authentication. Steps for basic installation include:

1. Rename the server
2. Setting server as Domain Controller
3. Installing Certificate Services
4. Request Certificates (optional)
5. Installing Network Policy Services (previously IAS)
6. Creating Group Policies

Rename The Server

Something different about Windows 2008 Server is that the server name is auto-generated and you are not given a chance during the install to name the server so you must do before installing Active Directory or Certificate Services.
In the “Initial Configuration Tasks” window, click the “Provide computer name and domain” link.

Enter a Computer description and click the “Change…” button to change the computer name. I’ll be using WLAN-DC as my name and description.

Enter the Computer name and click “OK” and reboot when prompted.

Setting Server as a Domain Controller

For this example we setup a new forest for the wlan.net domain. Server 2008 abstracts most server function into “Roles” so we’ll be adding the Active Directory Domain Services Role with the Server Manager by clicking “Roles” and clicking “Add Roles.”

Select the Active Directory Domain Services Role.

Click through the confirmation screens and click Install. You should get see an installation progress screen and finally an “installation success” message that asks you to run the command “dcpromo.exe” which will configure your domain. So click the link to run “dcpromo” or click the “Start” button, select “Run” and enter “dcpromo.exe”. You should now see the “Active Directory Domain Service” install wizard. Click “Next “ to continue.

Choose “Create a new domain in a new forest” and click “Next”.

For our example domain we’ll use “wlan.net”. Click “Next” and it will check to see if the name is already used on the network.

When asked to set which “Forest Functional Level” I used the 2008 level.

The next screen you’ll see is a warning that the DNS service isn’t install and will offer to install it for you. Just click “Next” to accept and install.

It will display the following warning, just click “Yes” to continue.

Just accept the defaults and click “Next”.

Now you’ll be prompted to enter a “Directory Services Restore Mode Administrator Password”. Enter a password and click “Next”.

Click “Next” at the Summary screen.

You’ll now see the Installation Wizard install DNS and Active Directory. Check the “Reboot on completion” box and once the wizard finishes it’ll reboot and be ready for the next step.

Installing Certificate Services

To enable PEAP or EAP-TLS we’ll need to install Certificate Services to enable a Certificate Authority (CA) to generate and sign certificates for our domain. Again, add a Role via the Server Manager and select “Active Directory Certificate Services” and click “Next”.

Click through the conformation screen and select “Certification Authority” and “Certificate Authority Web Enrollment” which will tell you that you’ll need IIS to be installed to use the “Certificate Authority Web Enrollment”. Click “Add Required Role Services” and click “Next” to continue.

When prompted for which type of Certificate Authority to install, choose “Enterprise”.

When prompted for CA Type, select “Root CA” and click “Next”.

When prompted to Set Up Private Key select “Create a new private key” and click “Next”.

When prompted to Configure Cryptography for CA, accept the defaults and click “Next” for the rest of the conformation screens.

Request Certificates (optional)

Now that we have our Certificate Authority (CA) up and running we may want to request a certificate for our Authentication Server.
We’ll create a Microsoft Management Console (MMC) that will allow us to request and install the certificate for our server. Press the “Start” button and enter “MMC” in the command field to open the MMC. Next we’ll add the Certificate (For Local Computer) snap-in by clicking “File” and choosing “Add/Remove Snap-in”. Select “Certificates” and click “Add”.

Now be sure to select “Computer Account” and click “Next”.

Choose “Local Computer”, click “Finish” and “OK”.

TIP: While you’re here you might as well add the “Certificate Authority” snap-in and save this MMC to your desktop because you’ll need it again in the future.
To request a certificate for your server (if you don’t want to use the default certificate) expand “Certificates (Local Computer Account)”, “Personal”, and right-click “Certificates” and select “All Tasks”, “Request New Certificate…”

Click through the Enrollment screens choosing the settings you desire for your certificate.

Installing Network Policy and Access Services

In Windows 2008 Server you can no longer just install the Internet Authentication Service (IAS) and have RADIUS functionality. You must now install Network Policy and Access Services, which now include everything from earlier versions of Windows server such as RRAS/IAS/etc,… but now includes NAP (think NAC for Windows). We will be installing and configuring just enough to enable PEAP and RADIUS functionality with our Aruba controller. So once again head to the Server Manager and “Add a Role” selecting “Network Policy and Access Services” and click through the confirmation screen.

Select “Network Policy Server”, “Routing and Remote Access Services”, “Remote Access Service” and “Routing”. Click “Next”, click through the confirmation screen and click “Install”.

Installation will take a couple of minutes and present you with an install summery. Just click “Close”.
Now that NPS is installed, press the “Start” button and enter “nps.msc” in the command field. The NPS MMC should open up allowing you to select the “RADIUS server for 802.1X Wireless or Wired Connections” Installation Wizard from the “Standard Configuration” pull-down menu and click “Configure 802.1X”.

From the “Select 802.1X Connections Type” page, select “Secure Wireless Connections” and click “Next”.

From the “Specify 802.1X Switches” screen click “Add…” and enter the settings for your Aruba controller and press “OK”.

For the “Configure an Authentication Method” screen select “Microsoft Smart Card or other certificate” for EAP-TLS or “Microsoft Protected EAP (PEAP)” for PEAP. I will be selecting PEAP for this example and click “Configure…”

Select the appropriate certificate to use for this server. In this case we’ll use the “WLAN-DC.wlan.net” certificate and click “OK”.

For the “Specify User Groups” screen select the users and/or groups you would like to allow wireless access. For this example I am allowing all of my domain users by selecting the “Domain Users” group. If I want to enforce Machine Authentication I need to add the “Domain Computers” group as well as checking the “Enforce Machine Auth” option in the dot1x policy on my Aruba controller. Click “Next” to continue.
Note: Groups listed here are considered as an OR statement.

For the next screen you can click “Next” and “Finish” or click “Configure…” to add RADIUS attributes for Server Derivation rules.

For example, you may want to map the “Domain Users” to the “employee_role” on your Aruba controller. You could do that here with the “Filter-Id” attribute.

Note: There seems to be a bug in Windows if you mess with these attributes too much the “Filter-Id” attribute vanishes. If this happens cancel out of the wizard and start over.
Press “Next” and “Finish” to complete the wizard. This should now allow you to authenticate users against your Windows 2008 Server.