Adding Server Roles and Features

Applies To: Windows Server 2008

Windows Server® 2008 eases the task of managing and securing multiple server roles in an enterprise with the new Server Manager console. Server Manager in Windows Server 2008 provides a single source for managing a server's identity and system information, displaying server status, identifying problems with server role configuration, and managing all roles installed on the server.

How Server Manager Streamlines Server Administration

Server Manager makes server administration more efficient by allowing administrators to do the following by using a single tool:

  • View and make changes to server roles and features installed on the server.

  • Perform management tasks associated with the operational lifecycle of the server, such as starting or stopping services, and managing local user accounts.

  • Perform management tasks associated with the operational lifecycle of roles installed on the server.

  • Determine server status, identify critical events, and analyze and troubleshoot configuration issues or failures.

How to Add Roles to Your Server

In Windows Server 2008, you can add roles to your server by using the Add Roles Wizard. You can start the Add Roles Wizard from either the Initial Configuration Tasks window or from within Server Manager.

Roles Available for Installation in This Release

The following roles are available for installation by opening the Add Roles Wizard, either from the Initial Configuration Tasks window, or from within Server Manager.


This list of roles may have been updated since this content was published. To check for updates, see the Windows Server 2008 TechCenter (

Role Name Description

Active Directory® Certificate Services

Active Directory® Certificate Services provides customizable services for creating and managing public key certificates used in software security systems employing public key technologies. Organizations can use Active Directory Certificate Services to enhance security by binding the identity of a person, device, or service to a corresponding private key. Active Directory Certificate Services also includes features that allow you to manage certificate enrollment and revocation in a variety of scalable environments.

Applications supported by Active Directory Certificate Services include Secure/Multipurpose Internet Mail Extensions (S/MIME), secure wireless networks, virtual private networks (VPN), Internet Protocol security (IPsec), Encrypting File System (EFS), smart card logon, Secure Socket Layer/Transport Layer Security (SSL/TLS), and digital signatures.

For more information about Active Directory® Certificate Services, see the Microsoft Web site (

Active Directory Domain Services

Active Directory Domain Services (AD DS) stores information about users, computers, and other devices on the network. AD DS helps administrators securely manage this information and facilitates resource sharing and collaboration between users. AD DS is also required to be installed on the network in order to install directory-enabled applications such as Microsoft Exchange Server and for applying other Windows Server technologies such as Group Policy.

For more information about AD DS, see the Microsoft Web site (

Active Directory Federation Services

Active Directory Federation Services (AD FS) provides Web single-sign-on (SSO) technologies to authenticate a user to multiple Web applications using a single user account. AD FS accomplishes this by securely federating, or sharing, user identities and access rights, in the form of digital claims, between partner organizations.

For more information about AD FS, see the Microsoft Web site (

Active Directory Lightweight Directory Services

Organizations that have applications which require a directory for storing application data can use Active Directory Lightweight Directory Services (AD LDS) as the data store. AD LDS runs as a non-operating-system service, and, as such, it does not require deployment on a domain controller. Running as a non-operating-system service allows multiple instances of AD LDS to run concurrently on a single server, and each instance can be configured independently for servicing multiple applications.

For more information about AD LDS, see the Microsoft Web site (

Active Directory Rights Management Services (AD RMS)

Active Directory Rights Management Services (AD RMS) (AD RMS) is information protection technology that works with AD RMS -enabled applications to help safeguard digital information from unauthorized use. Content owners can define exactly how a recipient can use the information, such as who can open, modify, print, forward, and/or take other actions with the information. Organizations can create custom usage rights templates such as "Confidential - Read Only" that can be applied directly to information such as financial reports, product specifications, customer data, and e-mail messages.

For more information about AD RMS, see the Microsoft Web site (

Application Server

Application Server provides a complete solution for hosting and managing high-performance distributed business applications. Integrated services, such as the .NET Framework, Web Server Support, Message Queuing, COM+, Windows Communication Foundation, and Failover Clustering support boost productivity throughout the application life cycle, from design and development through deployment and operations.

For more information about Application Server, see the Microsoft Web site (

Dynamic Host Configuration Protocol (DHCP) Server

The Dynamic Host Configuration Protocol allows servers to assign, or lease, IP addresses to computers and other devices that are enabled as DHCP clients. Deploying DHCP servers on the network automatically provides computers and other TCP/IP based network devices with valid IP addresses and the additional configuration parameters these devices need, called DHCP options, that allow them to connect to other network resources, such as DNS servers, WINS servers, and routers.

For more information about DHCP Server, see the Microsoft Web site (

DNS Server

Domain Name System (DNS) provides a standard method for associating names with numeric Internet addresses. This makes it possible for users to refer to network computers by using easy-to-remember names instead of a long series of numbers. Windows DNS services can be integrated with Dynamic Host Configuration Protocol (DHCP) services on Windows, eliminating the need to add DNS records as computers are added to the network.

For more information about DNS Server, see the Microsoft Web site (

Fax Server

Fax Server sends and receives faxes, and allows you to manage fax resources such as jobs, settings, reports, and fax devices on this computer or on the network.

For more information about Fax Server, see the Microsoft Web site (

File Services

File Services provides technologies for storage management, file replication, distributed namespace management, fast file searching, and streamlined client access to files.

For more information about File Services, see the Microsoft Web site (

Network Policy and Access Services

Network Policy and Access Services delivers a variety of methods to provide users with local and remote network connectivity, to connect network segments, and to allow network administrators to centrally manage network access and client health policies. With Network Access Services, you can deploy VPN servers, dial-up servers, routers, and 802.11 protected wireless access. You can also deploy RADIUS servers and proxies, and use Connection Manager Administration Kit to create remote access profiles that allow client computers to connect to your network.

For more information about Network Policy and Access Services, see the Microsoft Web site (

Print Services

Print Services enables the management of print servers and printers. A print server reduces administrative and management workload by centralizing printer management tasks.

For more information about Print Services, see the Microsoft Web site (

Terminal Services

Terminal Services provides technologies that enable users to access Windows-based programs that are installed on a terminal server, or to access the Windows desktop itself, from almost any computing device. Users can connect to a terminal server to run programs and to use network resources on that server.

For more information about Terminal Services, see the Microsoft Web site (

Universal Description, Discovery, and Integration (UDDI) Services

UDDI Services provides Universal Description, Discovery, and Integration (UDDI) capabilities for sharing information about Web services within an organization's intranet, between business partners on an extranet, or on the Internet. UDDI Services can help improve the productivity of developers and IT professionals with more reliable and manageable applications. With UDDI Services you can prevent duplication of effort by promoting reuse of existing development work.

For more information about UDDI Services, see the Microsoft Web site (

Web Server (IIS)

Web Server (IIS) enables sharing of information on the Internet, an intranet, or an extranet. It is a unified Web platform that integrates IIS 7.0, ASP.NET, and Windows Communication Foundation. IIS 7.0 also features enhanced security, simplified diagnostics, and delegated administration.

For more information about Web Server (IIS), see the Microsoft Web site (

Windows Deployment Services

You can use Windows Deployment Services to install and configure Microsoft® Windows operating systems remotely on computers with Pre-boot Execution Environment (PXE) boot ROMs. Administration overhead is decreased through the implementation of the WdsMgmt Microsoft Management Console (MMC) snap-in, which manages all aspects of Windows Deployment Services. Windows Deployment Services also provides end-users an experience consistent with Windows Setup.

For more information about Windows Deployment Services, see the Microsoft Web site (


Hyper-V provides the services that you can use to create and manage virtual machines and their resources. Each virtual machine is a virtualized computer system that operates in an isolated execution environment. This allows you to run multiple operating systems simultaneously.

For more information about Hyper-V, see the Microsoft Web site (

The Add Roles Wizard

The Add Roles Wizard simplifies the process of installing roles on your server, and allows you to install multiple roles at one time. Earlier versions of the Windows operating system required administrators to run Add or Remove Windows Components multiple times to install all the roles, role services, and features needed on a server. Server Manager replaces Add or Remove Windows Components, and a single session in the Add Roles Wizard can complete the configuration of your server.

The Add Roles Wizard verifies that all of the software components required by a role install with any role you select in the wizard. If necessary, the wizard prompts you to approve the installation of other roles, role services, or software components that are required by roles you select.

Most roles and role services that are available for installation require you to make decisions during the installation process that determine how the role operates in your enterprise. Examples include Active Directory Federation Services (ADFS), which requires the installation of a certificate; or Domain Name System (DNS), which requires you to provide a fully qualified domain name (FQDN).

Before you install a role on your server, it is recommended that you read documentation specific to the planning, deployment and operation of the role, available on the Microsoft Web site.

To start the Add Roles Wizard

  • In the Roles Summary area of the Server Manager main window, click Add Roles.

    -- or --

    In the Customize this server area of the Initial Configuration Tasks window, click Add Roles.


The Initial Configuration Tasks window opens by default when a member of the Administrators group logs on to the computer.
Server Manager opens when the Initial Configuration Tasks window is closed. You can also open Server Manager by using shortcuts on the Start menu or in Administrative Tools.

How to Add Features to Your Server

In Windows Server 2008, you can add available features to your server by using the Add Features Wizard.

Adding Features to Your Server by Using the Add Features Wizard

Adding Features to Your Server by Using the Add Features Wizard

You can add the following features by using the Add Features Wizard.

Feature Description

.NET Framework 3.0

.NET Framework 3.0 combines the power of the .NET Framework 2.0 APIs with new technologies for building applications that offer appealing user interfaces, protect your customers’ personal identity information, enable seamless and secure communication, and provide the ability to model a range of business processes.

BitLocker Drive Encryption

BitLocker Drive Encryption helps to protect data on lost, stolen or inappropriately decommissioned computers by encrypting the entire volume and checking the integrity of early boot components. Data is only decrypted if those components are successfully verified and the encrypted drive is located in the original computer. Integrity checking requires a compatible trusted platform module (TPM).

BITS Server Extensions

Background Intelligent Transfer Service (BITS) Server Extensions allow a server to receive files uploaded by clients using BITS. BITS allows client computers to transfer files in the foreground or background asynchronously, preserve the responsiveness of other network applications, and resume file transfers after network failures and computer restarts.

Connection Manager Administration Kit

Connection Manager Administration Kit (CMAK) generates Connection Manager profiles.

Desktop Experience

Desktop Experience includes features of Windows Vista®, such as Windows Media Player, desktop themes, and photo management. Desktop Experience does not enable any of the Windows Vista features by default; you must manually enable them.

Group Policy Management

Group Policy Management makes it easier to understand, deploy, manage, and troubleshoot Group Policy implementations. The standard tool is Group Policy Management Console (GPMC), a scriptable Microsoft Management Console (MMC) snap-in that provides a single administrative tool for managing Group Policy across the enterprise.

Internet Printing Client

Internet Printing Client allows you to use HTTP to connect to and use printers that are on Web print servers. Internet printing enables connections between users and printers that are not on the same domain or network. Examples of uses include a traveling employee at a remote office site, or in a coffee shop equipped with Wi-Fi access.

Internet Storage Name Server (iSNS)

Internet Storage Name Server (iSNS) provides discovery services for Internet Small Computer System Interface (iSCSI) storage area networks. iSNS processes registration requests, deregistration requests, and queries from iSNS clients.

LPR Port Monitor

Line Printer Remote (LPR) Port Monitor allows users who have access to UNIX-based computers to print on devices attached to them.

Message Queuing

Message Queuing provides guaranteed message delivery, efficient routing, security, and priority-based messaging between applications. Message Queuing also accommodates message delivery between applications that run on different operating systems, use dissimilar network infrastructures, are temporarily offline, or that are running at different times.

Multipath I/O

Multipath I/O (MPIO), along with the Microsoft Device Specific Module (DSM) or a third-party DSM, provides support for using multiple data paths to a storage device on Microsoft Windows.

Peer Name Resolution Protocol

Peer Name Resolution Protocol (PNRP) allows applications to register on and resolve names from your computer, so other computers can communicate with these applications.

Quality Windows Audio Video Experience (qWave)

Quality Windows Audio Video Experience (qWave) is a networking platform for audio and video (AV) streaming applications on Internet protocol home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service for AV applications. It provides admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. On Windows Server platforms, qWave provides only rate-of-flow and prioritization services.

Remote Assistance

Remote Assistance enables you (or a support person) to offer assistance to users with computer issues or questions. Remote Assistance allows you to view and share control of the user’s desktop in order to troubleshoot and fix the issues. Users can also ask for help from friends or co-workers.

Remote Differential Compression

The Remote Differential Compression (RDC) feature is a set of application programming interfaces (APIs) that applications can use to determine if a set of files have changed, and if so, to detect which portions of the files contain the changes.

Remote Server Administration Tools

Remote Server Administration Tools enables remote management of Windows Server 2003 and Windows Server 2008 from a computer running Windows Server 2008 by allowing you to run some of the management tools for roles, role services, and features on a remote computer.

Removable Storage Manager

Removable Storage Manager (RSM) manages and catalogs removable media and operates automated removable media devices.

RPC Over HTTP Proxy

RPC Over HTTP Proxy is a proxy that is used by objects that receive remote procedure calls (RPC) over Hypertext Transfer Protocol (HTTP). This proxy allows clients to discover these objects even if the objects are moved between servers or if they exist in discrete areas of the network, usually for security reasons.

Services for NFS

Services for Network File System (NFS) is a protocol that acts as a distributed file system, allowing a computer to access files over a network as easily as if they were on its local disks. This feature is available for installation in Windows Server 2008 for Itanium-based Systems only; in other versions of Windows Server 2008, Services for NFS is available as a role service of the File Services role.

SMTP Server

SMTP Server supports the transfer of e-mail messages between e-mail systems.

Storage Manager for SANs

Storage Manager for Storage Area Networks (SANs) helps you create and manage logical unit numbers (LUNs) on Fibre Channel and iSCSI disk drive subsystems that support Virtual Disk Service (VDS) in your SAN.

Simple TCP/IP Services

Simple TCP/IP Services supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo and Quote of the Day. Simple TCP/IP Services is provided for backward compatibility and should not be installed unless it is required.

SNMP Services

Simple Network Management Protocol (SNMP) is the Internet standard protocol for exchanging management information between management console applications—such as HP Openview, Novell NMS, IBM NetView, or Sun Net Manager—and managed entities. Managed entities can include hosts, routers, bridges, and hubs.

Subsystem for UNIX-based Applications

Subsystem for UNIX-based Applications (SUA), along with a package of support utilities available for download from the Microsoft Web site, enables you to run UNIX-based programs, and compile and run custom UNIX-based applications in the Windows environment.

Telnet Client

Telnet Client uses the Telnet protocol to connect to a remote telnet server and run applications on that server.

Telnet Server

Telnet Server allows remote users, including those running UNIX-based operating systems, to perform command-line administration tasks and run programs by using a telnet client.

Trivial File Transfer Protocol (TFTP) Client

Trivial File Transfer Protocol (TFTP) Client is used to read files from, or write files to, a remote TFTP server. TFTP is primarily used by embedded devices or systems that retrieve firmware, configuration information, or a system image during the boot process from a TFTP server.

Failover Clustering

Failover Clustering allows multiple servers to work together to provide high availability of services and applications. Failover Clustering is often used for file and print services, database and mail applications.

Network Load Balancing

Network Load Balancing (NLB) distributes traffic across several servers, using the TCP/IP networking protocol. NLB is particularly useful for ensuring that stateless applications, such as a Web server running Internet Information Services (IIS), are scaleable by adding additional servers as the load increases.

Windows Server Backup

Windows Server Backup allows you to back up and recover your operating system, applications, and data. You can schedule backups to run once a day or more often, and can protect the entire server or specific volumes.

Windows System Resource Manager

Windows System Resource Manager (WSRM) is a Windows Server operating system administrative tool that can control how CPU and memory resources are allocated. Managing resource allocation improves system performance and reduces the risk that applications, services, or processes will interfere with each other to reduce server efficiency and system response.

Windows Internet Name Service (WINS) Server

Windows Internet Name Service (WINS) Server provides a distributed database for registering and querying dynamic mappings of NetBIOS names for computers and groups used on your network. WINS maps NetBIOS names to IP addresses and solves the problems arising from NetBIOS name resolution in routed environments.

Wireless LAN Service

Wireless LAN (WLAN) Service configures and starts the WLAN AutoConfig service, regardless of whether the computer has any wireless adapters. WLAN AutoConfig enumerates wireless adapters, and manages both wireless connections and the wireless profiles that contain the settings required to configure a wireless client to connect to a wireless network.

Windows Internal Database

Windows Internal Database is a relational data store that can be used only by Windows roles and features, such as UDDI Services, Active Directory Rights Management Services (AD RMS), Windows Server Update Services, and Windows System Resource Manager.

Windows PowerShell

Windows PowerShell is a command line shell and scripting language that helps IT professionals achieve greater productivity. It provides a new administrator-focused scripting language and more than 130 standard command line tools to enable easier system administration and accelerated automation.

Windows Process Activation Service

Windows Process Activation Service (WAS) generalizes the IIS process model, removing the dependency on HTTP. All the features of IIS that were previously available only to HTTP applications are now available to applications hosting Windows Communication Foundation (WCF) services, using non-HTTP protocols. IIS 7.0 also uses WAS for message-based activation over HTTP.

Open the Add Features Wizard in one of the following two ways.

To start the Add Features Wizard

  • In the Features Summary area of the Server Manager main window, click Add Features.

    -- or --

    In the Customize this server area of the Initial Configuration Tasks window, click Add Features.


The Initial Configuration Tasks window opens by default when a member of the Administrators group logs on to the computer.
Server Manager opens when the Initial Configuration Tasks window is closed. You can also open Server Manager by using shortcuts on the Start menu or in Administrative Tools.