70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced
Download
1 / 50

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration - PowerPoint PPT Presentation


  • 356 Views
  • Uploaded on

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration. Objectives. Distinguish between the various methods, tools, and processes used to manage a Windows Server 2003 system

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' 70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration' - RoyLauris


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, EnhancedChapter 10:Server Administration


Objectives l.jpg
Objectives 2003 Environment, Enhanced

  • Distinguish between the various methods, tools, and processes used to manage a Windows Server 2003 system

  • Understand and configure Terminal Services and Remote Desktop for Administration

  • Delegate administrative authority in Active Directory

  • Install, configure, and manage Microsoft Software Update Services

Guide to MCSE 70-290, Enhanced


Network administration procedures l.jpg
Network Administration Procedures 2003 Environment, Enhanced

  • In a Windows Server 2003 environment, administrator will normally be responsible for more than one server

  • A useful tool for administrators to manage remote servers is Microsoft Management Console (MMC)

  • Secondary logon is another useful tool for administrators

Guide to MCSE 70-290, Enhanced


Windows server 2003 management tools l.jpg
Windows Server 2003 Management Tools 2003 Environment, Enhanced

  • Server shutdown and restart has new features in Windows Server 2003

    • Shutdown Event Tracker logs these events

    • Can include comments on why events occurred

    • Logged as event 1074 in Event Viewer system log

Guide to MCSE 70-290, Enhanced


Activity 10 1 restarting windows server 2003 l.jpg
Activity 10-1: Restarting Windows Server 2003 2003 Environment, Enhanced

  • Objective: to restart Windows Server 2003

  • Start Shut Down  Restart

  • Configure the Shutdown Event Tracker options

Guide to MCSE 70-290, Enhanced


Activity 10 2 viewing shutdown events in the event view system log l.jpg
Activity 10-2: Viewing Shutdown Events in the Event View System Log

  • Objective: Use Event Viewer to view server shutdown events

  • Start  Administrative Tools  Event Viewer  System

  • Look for the shutdown event that was generated in the previous activity

  • Explore other shutdown events

Guide to MCSE 70-290, Enhanced


The microsoft management console l.jpg
The Microsoft Management Console System Log

  • MMC provides a unified framework for hosting multiple management tools (snap-ins)

  • Can add and remove management tools as necessary and save custom tools for use by authorized administrators

  • Console saved as Management Saved Console (MSC) file with .msc extension

  • Can focus snap-ins to point to remote clients or servers

Guide to MCSE 70-290, Enhanced


Activity 10 3 using the mmc to view information on a remote computer l.jpg
Activity 10-3: Using the MMC to View Information on a Remote Computer

  • Objective: Use MMC to view system logs on a remote computer

  • Focus the Event Viewer to connect to another computer from an existing MMC

  • Browse the system and application logs on the remote computer

  • Focus back to the local computer

Guide to MCSE 70-290, Enhanced


Activity 10 4 creating a taskpad l.jpg
Activity 10-4: Creating a Taskpad Computer

  • Objective: create a taskpad to simplify administrative tasks

  • A taskpad view provides a graphical representation of the tasks that can be performed in an MMC

  • Create a new MMC with an Event Viewer

  • Create and configure a taskpad view using the New Taskpad View Wizard

  • Save the new MMC

Guide to MCSE 70-290, Enhanced


Secondary logon l.jpg
Secondary Logon Computer

  • Recommendation is for network administrators to have two logon accounts

    • One with administrative rights

    • One with normal user rights

  • Secondary logon feature allows you to log on with user account, open administrative tools as an administrator

Guide to MCSE 70-290, Enhanced


Activity 10 5 using the windows server 2003 secondary logon feature l.jpg
Activity 10-5: Using the Windows Server 2003 Secondary Logon Feature

  • Objective: Use the Run as command to open a program with a secondary account

  • Start  Administrative Tools  right-click Event Viewer  Run as

  • Log on with alternative credentials in Run As dialog box

Guide to MCSE 70-290, Enhanced


Activity 10 6 using the secondary logon feature from the command line l.jpg
Activity 10-6: Using the Secondary Logon Feature from the Command Line

  • Objective: To log on using alternate credentials from the command line

  • Start  Run  enter cmd in Open box to open a command prompt

  • Enter command-line form of runas to open the Event Viewer as directed in the exercise

Guide to MCSE 70-290, Enhanced


Network troubleshooting processes l.jpg
Network Troubleshooting Processes Command Line

  • Need a systematic approach to troubleshooting

  • Recommended steps

    • Define the problem

    • Gather detailed information about what has changed

    • Devise a plan to solve the problem

    • Implement the plan and observe the results

    • Document all changes and results

Guide to MCSE 70-290, Enhanced


Define the problem l.jpg
Define the Problem Command Line

  • Indication of a problem is often

    • A general complaint from a user

    • An error message

  • Ask questions of user

  • Try to recreate the problem in a test

  • To decode error messages, use net utility

    • At command prompt, type NET HELPMSG number

Guide to MCSE 70-290, Enhanced


Gather detailed information about what has changed l.jpg
Gather Detailed Information About What Has Changed Command Line

  • Factors to consider include

    • Any new components installed recently?

    • Who has access to computer? Have they made any changes?

    • Any software or service patches installed recently?

Guide to MCSE 70-290, Enhanced


Devise a plan to solve the problem l.jpg
Devise a Plan to Solve the Problem Command Line

  • Important considerations when devising a plan:

    • Interruptions to network or its components (e.g., restarts)

    • Possible changes to network security policy

    • Need to document all changes and troubleshooting steps

  • Be sure to include a rollback strategy in case plan doesn’t work

Guide to MCSE 70-290, Enhanced


Implement the plan observe results document all changes and results l.jpg
Implement the Plan; Observe Results; Document All Changes and Results

  • Notify users if network availability will be affected

  • Do not make too many configuration changes at one time

  • If plan doesn’t work, document what was done and start again

  • Document all troubleshooting steps, results, and configuration changes

Guide to MCSE 70-290, Enhanced


Configuring terminal services and remote desktop for administration l.jpg
Configuring Terminal Services and Remote Desktop for Administration

  • Two services that provide remote access to a server desktop

  • Terminal services allows users to connect in order to run applications

  • Remote Desktop for Administration allows an administrator to connect in order to run administrative services

Guide to MCSE 70-290, Enhanced


Enabling remote desktop for administration l.jpg
Enabling Remote Desktop for Administration Administration

  • Installed automatically as a part of Windows Server 2003

  • Disabled by default

  • Once enabled, only Administrators group can connect by default

    • Additional users can be granted access

Guide to MCSE 70-290, Enhanced


Activity 10 7 enabling and testing remote desktop for administration l.jpg
Activity 10-7: Enabling and Testing Remote Desktop for Administration

  • Objective: To enable and test Remote Desktop for Administration

  • Start  Control Panel  System  Remote tab

  • Enable Remote Desktop for Administration on the server as directed in the activity

  • Connect to the server using the Remote Desktop Connection tool

  • Disconnect leaving session open and then disconnect closing the session

Guide to MCSE 70-290, Enhanced


Installing terminal services l.jpg
Installing Terminal Services Administration

  • Installed from Add/Remove Windows Components of Add or Remove Programs (in Control Panel)

  • To set up a Terminal server, one Windows Server 2003 server in network must be configured as a Terminal Services licensing server

Guide to MCSE 70-290, Enhanced


Activity 10 8 installing terminal services l.jpg
Activity 10-8: Installing Terminal Services Administration

  • Objective: To install Windows Server 2003 Terminal Services on a server

  • Start  Control Panel  Add or Remove Programs  Add/Remove Windows Components

  • Use the Windows Components Wizard to install Terminal Server as directed

Guide to MCSE 70-290, Enhanced


Managing terminal services l.jpg
Managing Terminal Services Administration

  • Three primary tools for Terminal Services administration:

    • Terminal Services Manager

    • Terminal Services Configuration

    • Terminal Services Licensing

Guide to MCSE 70-290, Enhanced


Configuring remote connection settings l.jpg
Configuring Remote Connection Settings Administration

  • Primary tool is Terminal Services Configuration

    • Settings related to connection attempts

    • Settings related to permissions of user or group accounts

  • Configured from properties of a Terminal Server connection object: 1 object for multiple user connections

  • Settings include:

    • Authentication (none or standard Windows)

    • Encryption (client compatible or high)

Guide to MCSE 70-290, Enhanced


Configuring remote connection settings continued l.jpg
Configuring Remote Connection Settings (continued) Administration

Guide to MCSE 70-290, Enhanced


Activity 10 9 exploring terminal services settings l.jpg
Activity 10-9: Exploring Terminal Services Settings Administration

  • Objective: to explore and configure Terminal Services settings

  • Start Administrative Tools  Terminal Services Configuration

  • Browse and configure settings as directed in the activity

Guide to MCSE 70-290, Enhanced


Terminal services client software l.jpg
Terminal Services Client Software Administration

  • Terminal Server folder containing client software packages:

    • %Systemroot%\system32\clients\tsclient\win32

  • Contains files to install Remote Desktop Connection

  • Provided as both MSI file and Win32 executable

  • Share folder and initiate installation process either manually or through Group Policy deployment

  • Pre-installed on Windows Server 2003 and Windows XP

Guide to MCSE 70-290, Enhanced


Installing applications l.jpg
Installing Applications Administration

  • Applications must be installed in a mode for multiple users compatible with Terminal Server(install mode)

  • Use Add or Remove Programs applet in Control Panel after Terminal Server is installed

  • Can also place Windows Server 2003 in install mode from command line

    • Change user /install to begin

    • Change user /execute when finished

  • May need to reinstall some applications

Guide to MCSE 70-290, Enhanced


Configuring terminal services user properties l.jpg
Configuring Terminal Services User Properties Administration

  • Terminal Server adds four tabs to properties of user accounts

    • Terminal Services Profile – user can configure a special connection profile and home directory

    • Remote control – configures remote control properties for a user account

    • Sessions – configures a maximum session time and disconnect options

    • Environment – configures a program to run automatically when user connects to terminal server

Guide to MCSE 70-290, Enhanced


Activity 10 10 exploring terminal services user account settings l.jpg
Activity 10-10: Exploring Terminal Services User Account Settings

  • Objective: Explore Terminal Services user account settings using Active Directory Users and Computers

  • Start  Administrative Tools  Active Directory Users and Computers  Users

  • Explore the settings on the four Terminal Services tabs: Terminal Services Profile, Remote control, Sessions, and Environment

Guide to MCSE 70-290, Enhanced


Delegating administrative authority l.jpg
Delegating Administrative Authority Settings

  • Active Directory is a database and must be protected

  • Uses permissions similar to NTFS file permissions

  • Administrators have full access by default

  • User are given read permission for most attributes by default

  • Administrator can edit permissions

    • Must take care not to make any objects completely inaccessible

Guide to MCSE 70-290, Enhanced


Active directory object permissions l.jpg
Active Directory Object Permissions Settings

  • Objects can be assigned permissions at 2 levels:

    • Object-level permissions

      • Must be granted for a user to create or modify an OU, user, or group account

      • Applied according to a preconfigured set of standard permissions

    • Attribute-level permissions

      • Control which attributes a user or group can view or modify

  • If not explicitly set, object inherits parent container’s permissions

Guide to MCSE 70-290, Enhanced


Activity 10 11 exploring active directory object permissions l.jpg
Activity 10-11: Exploring Active Directory Object Permissions

  • Objective: Explore Active Directory object permission settings

  • Start  Administrative Tools  Active Directory Users and Computers  View (menu bar)  Advanced Features

  • Access the properties of an OU and explore the various permission configurations as directed in the exercise

Guide to MCSE 70-290, Enhanced


Permission inheritance l.jpg
Permission Inheritance Permissions

  • Child objects inherit permissions from parent objects by default when child object is created

  • If permissions to parent are changed subsequently, can force permission changes to child if desired

  • Can modify default inheritance by blocking it at the container or object level

Guide to MCSE 70-290, Enhanced


Delegating authority over active directory objects l.jpg
Delegating Authority Over Active Directory Objects Permissions

  • Allows you to distribute/decentralize process of administering Active Directory

  • Steps to delegating authority

    • Design OU structure to permit distribution

    • Configure permissions to support appropriate distribution

  • Implementing delegation

    • Can manage permissions directly from Security tab

    • Can use Delegation of Control Wizard

Guide to MCSE 70-290, Enhanced


Activity 10 12 using the delegation of control wizard l.jpg
Activity 10-12: Using the Delegation of Control Wizard Permissions

  • Objective: Delegate control of an OU using the Active Directory Users and Computer Delegation of Control Wizard

  • To start wizard, right-click OU and click Delegate Control

  • Delegate a specific permission to a group following directions in the exercise

  • Verify that the permission appears as expected

Guide to MCSE 70-290, Enhanced


Software update services l.jpg
Software Update Services Permissions

  • Software Update Services (SUS) allows an administrator to control the deployment of O.S. security updates and critical packages

  • Intended to minimize administrative effort required to keep O.S. protected

  • 2 main elements:

    • Client component: updated version of Windows Automatic Updates, clients contact server to get updates

    • Server component: can be installed on a server running Windows 2000 or Server 2003

Guide to MCSE 70-290, Enhanced


Installing software update services l.jpg
Installing Software Update Services Permissions

  • SUS client and server components available for download from Microsoft Web site

  • Requires minimum hardware and a dedicated server if possible

  • Internet Information Services version 5.0 or higher and Internet Explorer 5.5 or higher are prerequisites

  • Server component can be installed on Windows 2000 Server, Windows Server 2003, or Microsoft Small Business Server 2000

Guide to MCSE 70-290, Enhanced


Activity 10 13 installing software update services l.jpg
Activity 10-13: Installing Software Update Services Permissions

  • Objective: To install the server component of Software Update Services (after installing IIS)

  • Start  Control Panel  Add or Remove Programs  Add/Remove Windows Components

  • Install IIS following instructions

  • Run the SUS10SP1.exe file to start installation of SUS

  • Follow directions to run Microsoft Software Update Services Setup Wizard

  • Complete installation as directed

Guide to MCSE 70-290, Enhanced


How software update services works l.jpg
How Software Update Services Works Permissions

  • Purpose of SUS is to provide centralized facility for clients to obtain security package updates automatically

  • SUS server can store updates locally or store catalog with clients downloading from Internet

  • Administrator must approve an update before clients can download it

  • Clients must have Automatic Updates software installed to interact with SUS server

Guide to MCSE 70-290, Enhanced


Configuring software update services l.jpg
Configuring Software Update Services Permissions

  • Default SUS configurations (Typical option):

    • Updates downloaded from Internet servers

    • Proxy server settings are set to Automatic

    • Downloaded content is stored locally on SUS server

    • Packages are downloaded in all supported languages

    • If changes occur to an approved package, changed package is not approved

  • Administration is Web-based, password protected

  • On-line resources include SUS Overview Whitepaper, SUS Deployment Guide, Windows Update, Security Web sites

Guide to MCSE 70-290, Enhanced


Activity 10 14 configuring software update services settings l.jpg
Activity 10-14: Configuring Software Update Services Settings

  • Objective: To configure SUS settings

  • Start  All Programs  Internet Explorer

  • Enter the SUS administration Web address and log on as directed

  • Browse the Set options pages

  • Configure your SUS to maintain updates on a Microsoft Windows Update server

Guide to MCSE 70-290, Enhanced


Activity 10 15 synchronizing software update services content l.jpg
Activity 10-15: Synchronizing Software Update Services Content

  • Objective: To manually synchronize SUS content

  • Use the Microsoft SUS menu through Internet Explorer to start the synchronization process as directed

  • Browse potential updates and explore sorting options and details menu

  • Approve an update

  • Browse logs and other information as directed

Guide to MCSE 70-290, Enhanced


Automatic updates l.jpg
Automatic Updates Content

  • Clients must have Automatic Updates client software installed to obtain security updates

  • Some systems have software preinstalled, others must manually install

  • Automatic Updates can be manually enabled along with notification and scheduling options

  • To connect to local SUS server to obtain updates, must configure client’s Registry or Group Policy settings

  • Group policy settings override local settings

Guide to MCSE 70-290, Enhanced


Automatic updates continued l.jpg
Automatic Updates (continued) Content

Guide to MCSE 70-290, Enhanced


Activity 10 16 reviewing automatic updates group policy settings l.jpg
Activity 10-16: Reviewing Automatic Updates Group Policy Settings

  • Objective: To review Group Policy settings for Automatic Update

  • Start  Administrative Tools  Active Directory Users and Computers

  • Edit the Default Domain Policy and add the wuau template as directed

  • Browse and configure settings for Automatic Updates

Guide to MCSE 70-290, Enhanced


Planning a software updates services infrastructure l.jpg
Planning a Software Updates Services Infrastructure Settings

  • Common methods that organizations use to deploy and configure SUS

    • Small networks: single server running SUS or multiple location-based servers managed independently

    • Enterprise networks: multiple SUS servers, single synchronization server (hub and spoke)

    • High security networks: corporate intranet disconnected from public Internet. All local servers download from special connected server(s).

Guide to MCSE 70-290, Enhanced


Activity 10 17 uninstalling software update services and internet information services l.jpg
Activity 10-17: Uninstalling Software Update Services and Internet Information Services

  • Objective: To uninstall SUS and IIS

  • Start  Control Panel  Add or Remove Programs

  • Remove Software Update Services as directed

  • Remove Internet Information Services as directed

Guide to MCSE 70-290, Enhanced


Summary l.jpg
Summary Internet Information Services

  • Tools used to manage server tasks and remote management of clients:

    • Microsoft Management Console (MMC)

    • Secondary logon feature

  • Network troubleshooting process steps: define problem, gather information about changes, devise plan, implement plan, document changes & results

  • Terminal Services allows users to connect to and run applications on remote servers

Guide to MCSE 70-290, Enhanced


Summary continued l.jpg
Summary (continued) Internet Information Services

  • Remote Desktop for Administration allows administrators to connect to and interact with remote servers

  • Administrative authority for Active Directory objects can be delegated through object-level and attribute-level permissions

  • Software Update Services allows control of the deployment of security updates throughout a network

Guide to MCSE 70-290, Enhanced


ad