70290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Serv - PowerPoint PPT Presentation

1 / 50
About This Presentation
Title:

70290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Serv

Description:

... Overview Whitepaper, SUS Deployment Guide, Windows Update, Security Web sites ... Configure your SUS to maintain updates on a Microsoft Windows Update server ... – PowerPoint PPT presentation

Number of Views:131
Avg rating:3.0/5.0
Slides: 51
Provided by: MikeS6
Category:

less

Transcript and Presenter's Notes

Title: 70290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Serv


1
70-290 MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment,
EnhancedChapter 10Server Administration
2
Objectives
  • Distinguish between the various methods, tools,
    and processes used to manage a Windows Server
    2003 system
  • Understand and configure Terminal Services and
    Remote Desktop for Administration
  • Delegate administrative authority in Active
    Directory
  • Install, configure, and manage Microsoft Software
    Update Services

3
Network Administration Procedures
  • In a Windows Server 2003 environment,
    administrator will normally be responsible for
    more than one server
  • A useful tool for administrators to manage remote
    servers is Microsoft Management Console (MMC)
  • Secondary logon is another useful tool for
    administrators

4
Windows Server 2003 Management Tools
  • Server shutdown and restart has new features in
    Windows Server 2003
  • Shutdown Event Tracker logs these events
  • Can include comments on why events occurred
  • Logged as event 1074 in Event Viewer system log

5
Activity 10-1 Restarting Windows Server 2003
  • Objective to restart Windows Server 2003
  • Start ? Shut Down ? Restart
  • Configure the Shutdown Event Tracker options

6
Activity 10-2 Viewing Shutdown Events in the
Event View System Log
  • Objective Use Event Viewer to view server
    shutdown events
  • Start ? Administrative Tools ? Event Viewer ?
    System
  • Look for the shutdown event that was generated in
    the previous activity
  • Explore other shutdown events

7
The Microsoft Management Console
  • MMC provides a unified framework for hosting
    multiple management tools (snap-ins)
  • Can add and remove management tools as necessary
    and save custom tools for use by authorized
    administrators
  • Console saved as Management Saved Console (MSC)
    file with .msc extension
  • Can focus snap-ins to point to remote clients or
    servers

8
Activity 10-3 Using the MMC to View Information
on a Remote Computer
  • Objective Use MMC to view system logs on a
    remote computer
  • Focus the Event Viewer to connect to another
    computer from an existing MMC
  • Browse the system and application logs on the
    remote computer
  • Focus back to the local computer

9
Activity 10-4 Creating a Taskpad
  • Objective create a taskpad to simplify
    administrative tasks
  • A taskpad view provides a graphical
    representation of the tasks that can be performed
    in an MMC
  • Create a new MMC with an Event Viewer
  • Create and configure a taskpad view using the New
    Taskpad View Wizard
  • Save the new MMC

10
Secondary Logon
  • Recommendation is for network administrators to
    have two logon accounts
  • One with administrative rights
  • One with normal user rights
  • Secondary logon feature allows you to log on with
    user account, open administrative tools as an
    administrator

11
Activity 10-5 Using the Windows Server 2003
Secondary Logon Feature
  • Objective Use the Run as command to open a
    program with a secondary account
  • Start ? Administrative Tools ? right-click Event
    Viewer ? Run as
  • Log on with alternative credentials in Run As
    dialog box

12
Activity 10-6 Using the Secondary Logon Feature
from the Command Line
  • Objective To log on using alternate credentials
    from the command line
  • Start ? Run ? enter cmd in Open box to open a
    command prompt
  • Enter command-line form of runas to open the
    Event Viewer as directed in the exercise

13
Network Troubleshooting Processes
  • Need a systematic approach to troubleshooting
  • Recommended steps
  • Define the problem
  • Gather detailed information about what has
    changed
  • Devise a plan to solve the problem
  • Implement the plan and observe the results
  • Document all changes and results

14
Define the Problem
  • Indication of a problem is often
  • A general complaint from a user
  • An error message
  • Ask questions of user
  • Try to recreate the problem in a test
  • To decode error messages, use net utility
  • At command prompt, type NET HELPMSG number

15
Gather Detailed Information About What Has Changed
  • Factors to consider include
  • Any new components installed recently?
  • Who has access to computer? Have they made any
    changes?
  • Any software or service patches installed
    recently?

16
Devise a Plan to Solve the Problem
  • Important considerations when devising a plan
  • Interruptions to network or its components (e.g.,
    restarts)
  • Possible changes to network security policy
  • Need to document all changes and troubleshooting
    steps
  • Be sure to include a rollback strategy in case
    plan doesnt work

17
Implement the Plan Observe Results Document All
Changes and Results
  • Notify users if network availability will be
    affected
  • Do not make too many configuration changes at one
    time
  • If plan doesnt work, document what was done and
    start again
  • Document all troubleshooting steps, results, and
    configuration changes

18
Configuring Terminal Services and Remote Desktop
for Administration
  • Two services that provide remote access to a
    server desktop
  • Terminal services allows users to connect in
    order to run applications
  • Remote Desktop for Administration allows an
    administrator to connect in order to run
    administrative services

19
Enabling Remote Desktop for Administration
  • Installed automatically as a part of Windows
    Server 2003
  • Disabled by default
  • Once enabled, only Administrators group can
    connect by default
  • Additional users can be granted access

20
Activity 10-7 Enabling and Testing Remote
Desktop for Administration
  • Objective To enable and test Remote Desktop for
    Administration
  • Start ? Control Panel ? System ? Remote tab
  • Enable Remote Desktop for Administration on the
    server as directed in the activity
  • Connect to the server using the Remote Desktop
    Connection tool
  • Disconnect leaving session open and then
    disconnect closing the session

21
Installing Terminal Services
  • Installed from Add/Remove Windows Components of
    Add or Remove Programs (in Control Panel)
  • To set up a Terminal server, one Windows Server
    2003 server in network must be configured as a
    Terminal Services licensing server

22
Activity 10-8 Installing Terminal Services
  • Objective To install Windows Server 2003
    Terminal Services on a server
  • Start ? Control Panel ? Add or Remove Programs ?
    Add/Remove Windows Components
  • Use the Windows Components Wizard to install
    Terminal Server as directed

23
Managing Terminal Services
  • Three primary tools for Terminal Services
    administration
  • Terminal Services Manager
  • Terminal Services Configuration
  • Terminal Services Licensing

24
Configuring Remote Connection Settings
  • Primary tool is Terminal Services Configuration
  • Settings related to connection attempts
  • Settings related to permissions of user or group
    accounts
  • Configured from properties of a Terminal Server
    connection object 1 object for multiple user
    connections
  • Settings include
  • Authentication (none or standard Windows)
  • Encryption (client compatible or high)

25
Configuring Remote Connection Settings (continued)
26
Activity 10-9 Exploring Terminal Services
Settings
  • Objective to explore and configure Terminal
    Services settings
  • Start ? Administrative Tools ? Terminal Services
    Configuration
  • Browse and configure settings as directed in the
    activity

27
Terminal Services Client Software
  • Terminal Server folder containing client software
    packages
  • Systemroot\system32\clients\tsclient\win32
  • Contains files to install Remote Desktop
    Connection
  • Provided as both MSI file and Win32 executable
  • Share folder and initiate installation process
    either manually or through Group Policy
    deployment
  • Pre-installed on Windows Server 2003 and Windows
    XP

28
Installing Applications
  • Applications must be installed in a mode for
    multiple users compatible with Terminal
    Server(install mode)
  • Use Add or Remove Programs applet in Control
    Panel after Terminal Server is installed
  • Can also place Windows Server 2003 in install
    mode from command line
  • Change user /install to begin
  • Change user /execute when finished
  • May need to reinstall some applications

29
Configuring Terminal Services User Properties
  • Terminal Server adds four tabs to properties of
    user accounts
  • Terminal Services Profile user can configure a
    special connection profile and home directory
  • Remote control configures remote control
    properties for a user account
  • Sessions configures a maximum session time and
    disconnect options
  • Environment configures a program to run
    automatically when user connects to terminal
    server

30
Activity 10-10 Exploring Terminal Services User
Account Settings
  • Objective Explore Terminal Services user account
    settings using Active Directory Users and
    Computers
  • Start ? Administrative Tools ? Active Directory
    Users and Computers ? Users
  • Explore the settings on the four Terminal
    Services tabs Terminal Services Profile, Remote
    control, Sessions, and Environment

31
Delegating Administrative Authority
  • Active Directory is a database and must be
    protected
  • Uses permissions similar to NTFS file permissions
  • Administrators have full access by default
  • User are given read permission for most
    attributes by default
  • Administrator can edit permissions
  • Must take care not to make any objects completely
    inaccessible

32
Active Directory Object Permissions
  • Objects can be assigned permissions at 2 levels
  • Object-level permissions
  • Must be granted for a user to create or modify an
    OU, user, or group account
  • Applied according to a preconfigured set of
    standard permissions
  • Attribute-level permissions
  • Control which attributes a user or group can view
    or modify
  • If not explicitly set, object inherits parent
    containers permissions

33
Activity 10-11 Exploring Active Directory Object
Permissions
  • Objective Explore Active Directory object
    permission settings
  • Start ? Administrative Tools ? Active Directory
    Users and Computers ? View (menu bar) ? Advanced
    Features
  • Access the properties of an OU and explore the
    various permission configurations as directed in
    the exercise

34
Permission Inheritance
  • Child objects inherit permissions from parent
    objects by default when child object is created
  • If permissions to parent are changed
    subsequently, can force permission changes to
    child if desired
  • Can modify default inheritance by blocking it at
    the container or object level

35
Delegating Authority Over Active Directory Objects
  • Allows you to distribute/decentralize process of
    administering Active Directory
  • Steps to delegating authority
  • Design OU structure to permit distribution
  • Configure permissions to support appropriate
    distribution
  • Implementing delegation
  • Can manage permissions directly from Security tab
  • Can use Delegation of Control Wizard

36
Activity 10-12 Using the Delegation of Control
Wizard
  • Objective Delegate control of an OU using the
    Active Directory Users and Computer Delegation of
    Control Wizard
  • To start wizard, right-click OU and click
    Delegate Control
  • Delegate a specific permission to a group
    following directions in the exercise
  • Verify that the permission appears as expected

37
Software Update Services
  • Software Update Services (SUS) allows an
    administrator to control the deployment of O.S.
    security updates and critical packages
  • Intended to minimize administrative effort
    required to keep O.S. protected
  • 2 main elements
  • Client component updated version of Windows
    Automatic Updates, clients contact server to get
    updates
  • Server component can be installed on a server
    running Windows 2000 or Server 2003

38
Installing Software Update Services
  • SUS client and server components available for
    download from Microsoft Web site
  • Requires minimum hardware and a dedicated server
    if possible
  • Internet Information Services version 5.0 or
    higher and Internet Explorer 5.5 or higher are
    prerequisites
  • Server component can be installed on Windows 2000
    Server, Windows Server 2003, or Microsoft Small
    Business Server 2000

39
Activity 10-13 Installing Software Update
Services
  • Objective To install the server component of
    Software Update Services (after installing IIS)
  • Start ? Control Panel ? Add or Remove Programs ?
    Add/Remove Windows Components
  • Install IIS following instructions
  • Run the SUS10SP1.exe file to start installation
    of SUS
  • Follow directions to run Microsoft Software
    Update Services Setup Wizard
  • Complete installation as directed

40
How Software Update Services Works
  • Purpose of SUS is to provide centralized facility
    for clients to obtain security package updates
    automatically
  • SUS server can store updates locally or store
    catalog with clients downloading from Internet
  • Administrator must approve an update before
    clients can download it
  • Clients must have Automatic Updates software
    installed to interact with SUS server

41
Configuring Software Update Services
  • Default SUS configurations (Typical option)
  • Updates downloaded from Internet servers
  • Proxy server settings are set to Automatic
  • Downloaded content is stored locally on SUS
    server
  • Packages are downloaded in all supported
    languages
  • If changes occur to an approved package, changed
    package is not approved
  • Administration is Web-based, password protected
  • On-line resources include SUS Overview
    Whitepaper, SUS Deployment Guide, Windows Update,
    Security Web sites

42
Activity 10-14 Configuring Software Update
Services Settings
  • Objective To configure SUS settings
  • Start ? All Programs ? Internet Explorer
  • Enter the SUS administration Web address and log
    on as directed
  • Browse the Set options pages
  • Configure your SUS to maintain updates on a
    Microsoft Windows Update server

43
Activity 10-15 Synchronizing Software Update
Services Content
  • Objective To manually synchronize SUS content
  • Use the Microsoft SUS menu through Internet
    Explorer to start the synchronization process as
    directed
  • Browse potential updates and explore sorting
    options and details menu
  • Approve an update
  • Browse logs and other information as directed

44
Automatic Updates
  • Clients must have Automatic Updates client
    software installed to obtain security updates
  • Some systems have software preinstalled, others
    must manually install
  • Automatic Updates can be manually enabled along
    with notification and scheduling options
  • To connect to local SUS server to obtain updates,
    must configure clients Registry or Group Policy
    settings
  • Group policy settings override local settings

45
Automatic Updates (continued)
46
Activity 10-16 Reviewing Automatic Updates Group
Policy Settings
  • Objective To review Group Policy settings for
    Automatic Update
  • Start ? Administrative Tools ? Active Directory
    Users and Computers
  • Edit the Default Domain Policy and add the wuau
    template as directed
  • Browse and configure settings for Automatic
    Updates

47
Planning a Software Updates Services
Infrastructure
  • Common methods that organizations use to deploy
    and configure SUS
  • Small networks single server running SUS or
    multiple location-based servers managed
    independently
  • Enterprise networks multiple SUS servers, single
    synchronization server (hub and spoke)
  • High security networks corporate intranet
    disconnected from public Internet. All local
    servers download from special connected server(s).

48
Activity 10-17 Uninstalling Software Update
Services and Internet Information Services
  • Objective To uninstall SUS and IIS
  • Start ? Control Panel ? Add or Remove Programs
  • Remove Software Update Services as directed
  • Remove Internet Information Services as directed

49
Summary
  • Tools used to manage server tasks and remote
    management of clients
  • Microsoft Management Console (MMC)
  • Secondary logon feature
  • Network troubleshooting process steps define
    problem, gather information about changes, devise
    plan, implement plan, document changes results
  • Terminal Services allows users to connect to and
    run applications on remote servers

50
Summary (continued)
  • Remote Desktop for Administration allows
    administrators to connect to and interact with
    remote servers
  • Administrative authority for Active Directory
    objects can be delegated through object-level and
    attribute-level permissions
  • Software Update Services allows control of the
    deployment of security updates throughout a
    network
Write a Comment
User Comments (0)
About PowerShow.com