slide1
Download
Skip this Video
Download Presentation
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration

Loading in 2 Seconds...

play fullscreen
1 / 50

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration - PowerPoint PPT Presentation


  • 356 Views
  • Uploaded on

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration. Objectives. Distinguish between the various methods, tools, and processes used to manage a Windows Server 2003 system

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration' - RoyLauris


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, EnhancedChapter 10:Server Administration

objectives
Objectives
  • Distinguish between the various methods, tools, and processes used to manage a Windows Server 2003 system
  • Understand and configure Terminal Services and Remote Desktop for Administration
  • Delegate administrative authority in Active Directory
  • Install, configure, and manage Microsoft Software Update Services

Guide to MCSE 70-290, Enhanced

network administration procedures
Network Administration Procedures
  • In a Windows Server 2003 environment, administrator will normally be responsible for more than one server
  • A useful tool for administrators to manage remote servers is Microsoft Management Console (MMC)
  • Secondary logon is another useful tool for administrators

Guide to MCSE 70-290, Enhanced

windows server 2003 management tools
Windows Server 2003 Management Tools
  • Server shutdown and restart has new features in Windows Server 2003
    • Shutdown Event Tracker logs these events
    • Can include comments on why events occurred
    • Logged as event 1074 in Event Viewer system log

Guide to MCSE 70-290, Enhanced

activity 10 1 restarting windows server 2003
Activity 10-1: Restarting Windows Server 2003
  • Objective: to restart Windows Server 2003
  • Start Shut Down  Restart
  • Configure the Shutdown Event Tracker options

Guide to MCSE 70-290, Enhanced

activity 10 2 viewing shutdown events in the event view system log
Activity 10-2: Viewing Shutdown Events in the Event View System Log
  • Objective: Use Event Viewer to view server shutdown events
  • Start  Administrative Tools  Event Viewer  System
  • Look for the shutdown event that was generated in the previous activity
  • Explore other shutdown events

Guide to MCSE 70-290, Enhanced

the microsoft management console
The Microsoft Management Console
  • MMC provides a unified framework for hosting multiple management tools (snap-ins)
  • Can add and remove management tools as necessary and save custom tools for use by authorized administrators
  • Console saved as Management Saved Console (MSC) file with .msc extension
  • Can focus snap-ins to point to remote clients or servers

Guide to MCSE 70-290, Enhanced

activity 10 3 using the mmc to view information on a remote computer
Activity 10-3: Using the MMC to View Information on a Remote Computer
  • Objective: Use MMC to view system logs on a remote computer
  • Focus the Event Viewer to connect to another computer from an existing MMC
  • Browse the system and application logs on the remote computer
  • Focus back to the local computer

Guide to MCSE 70-290, Enhanced

activity 10 4 creating a taskpad
Activity 10-4: Creating a Taskpad
  • Objective: create a taskpad to simplify administrative tasks
  • A taskpad view provides a graphical representation of the tasks that can be performed in an MMC
  • Create a new MMC with an Event Viewer
  • Create and configure a taskpad view using the New Taskpad View Wizard
  • Save the new MMC

Guide to MCSE 70-290, Enhanced

secondary logon
Secondary Logon
  • Recommendation is for network administrators to have two logon accounts
    • One with administrative rights
    • One with normal user rights
  • Secondary logon feature allows you to log on with user account, open administrative tools as an administrator

Guide to MCSE 70-290, Enhanced

activity 10 5 using the windows server 2003 secondary logon feature
Activity 10-5: Using the Windows Server 2003 Secondary Logon Feature
  • Objective: Use the Run as command to open a program with a secondary account
  • Start  Administrative Tools  right-click Event Viewer  Run as
  • Log on with alternative credentials in Run As dialog box

Guide to MCSE 70-290, Enhanced

activity 10 6 using the secondary logon feature from the command line
Activity 10-6: Using the Secondary Logon Feature from the Command Line
  • Objective: To log on using alternate credentials from the command line
  • Start  Run  enter cmd in Open box to open a command prompt
  • Enter command-line form of runas to open the Event Viewer as directed in the exercise

Guide to MCSE 70-290, Enhanced

network troubleshooting processes
Network Troubleshooting Processes
  • Need a systematic approach to troubleshooting
  • Recommended steps
    • Define the problem
    • Gather detailed information about what has changed
    • Devise a plan to solve the problem
    • Implement the plan and observe the results
    • Document all changes and results

Guide to MCSE 70-290, Enhanced

define the problem
Define the Problem
  • Indication of a problem is often
    • A general complaint from a user
    • An error message
  • Ask questions of user
  • Try to recreate the problem in a test
  • To decode error messages, use net utility
    • At command prompt, type NET HELPMSG number

Guide to MCSE 70-290, Enhanced

gather detailed information about what has changed
Gather Detailed Information About What Has Changed
  • Factors to consider include
    • Any new components installed recently?
    • Who has access to computer? Have they made any changes?
    • Any software or service patches installed recently?

Guide to MCSE 70-290, Enhanced

devise a plan to solve the problem
Devise a Plan to Solve the Problem
  • Important considerations when devising a plan:
    • Interruptions to network or its components (e.g., restarts)
    • Possible changes to network security policy
    • Need to document all changes and troubleshooting steps
  • Be sure to include a rollback strategy in case plan doesn’t work

Guide to MCSE 70-290, Enhanced

implement the plan observe results document all changes and results
Implement the Plan; Observe Results; Document All Changes and Results
  • Notify users if network availability will be affected
  • Do not make too many configuration changes at one time
  • If plan doesn’t work, document what was done and start again
  • Document all troubleshooting steps, results, and configuration changes

Guide to MCSE 70-290, Enhanced

configuring terminal services and remote desktop for administration
Configuring Terminal Services and Remote Desktop for Administration
  • Two services that provide remote access to a server desktop
  • Terminal services allows users to connect in order to run applications
  • Remote Desktop for Administration allows an administrator to connect in order to run administrative services

Guide to MCSE 70-290, Enhanced

enabling remote desktop for administration
Enabling Remote Desktop for Administration
  • Installed automatically as a part of Windows Server 2003
  • Disabled by default
  • Once enabled, only Administrators group can connect by default
    • Additional users can be granted access

Guide to MCSE 70-290, Enhanced

activity 10 7 enabling and testing remote desktop for administration
Activity 10-7: Enabling and Testing Remote Desktop for Administration
  • Objective: To enable and test Remote Desktop for Administration
  • Start  Control Panel  System  Remote tab
  • Enable Remote Desktop for Administration on the server as directed in the activity
  • Connect to the server using the Remote Desktop Connection tool
  • Disconnect leaving session open and then disconnect closing the session

Guide to MCSE 70-290, Enhanced

installing terminal services
Installing Terminal Services
  • Installed from Add/Remove Windows Components of Add or Remove Programs (in Control Panel)
  • To set up a Terminal server, one Windows Server 2003 server in network must be configured as a Terminal Services licensing server

Guide to MCSE 70-290, Enhanced

activity 10 8 installing terminal services
Activity 10-8: Installing Terminal Services
  • Objective: To install Windows Server 2003 Terminal Services on a server
  • Start  Control Panel  Add or Remove Programs  Add/Remove Windows Components
  • Use the Windows Components Wizard to install Terminal Server as directed

Guide to MCSE 70-290, Enhanced

managing terminal services
Managing Terminal Services
  • Three primary tools for Terminal Services administration:
    • Terminal Services Manager
    • Terminal Services Configuration
    • Terminal Services Licensing

Guide to MCSE 70-290, Enhanced

configuring remote connection settings
Configuring Remote Connection Settings
  • Primary tool is Terminal Services Configuration
    • Settings related to connection attempts
    • Settings related to permissions of user or group accounts
  • Configured from properties of a Terminal Server connection object: 1 object for multiple user connections
  • Settings include:
    • Authentication (none or standard Windows)
    • Encryption (client compatible or high)

Guide to MCSE 70-290, Enhanced

activity 10 9 exploring terminal services settings
Activity 10-9: Exploring Terminal Services Settings
  • Objective: to explore and configure Terminal Services settings
  • Start Administrative Tools  Terminal Services Configuration
  • Browse and configure settings as directed in the activity

Guide to MCSE 70-290, Enhanced

terminal services client software
Terminal Services Client Software
  • Terminal Server folder containing client software packages:
    • %Systemroot%\system32\clients\tsclient\win32
  • Contains files to install Remote Desktop Connection
  • Provided as both MSI file and Win32 executable
  • Share folder and initiate installation process either manually or through Group Policy deployment
  • Pre-installed on Windows Server 2003 and Windows XP

Guide to MCSE 70-290, Enhanced

installing applications
Installing Applications
  • Applications must be installed in a mode for multiple users compatible with Terminal Server(install mode)
  • Use Add or Remove Programs applet in Control Panel after Terminal Server is installed
  • Can also place Windows Server 2003 in install mode from command line
    • Change user /install to begin
    • Change user /execute when finished
  • May need to reinstall some applications

Guide to MCSE 70-290, Enhanced

configuring terminal services user properties
Configuring Terminal Services User Properties
  • Terminal Server adds four tabs to properties of user accounts
    • Terminal Services Profile – user can configure a special connection profile and home directory
    • Remote control – configures remote control properties for a user account
    • Sessions – configures a maximum session time and disconnect options
    • Environment – configures a program to run automatically when user connects to terminal server

Guide to MCSE 70-290, Enhanced

activity 10 10 exploring terminal services user account settings
Activity 10-10: Exploring Terminal Services User Account Settings
  • Objective: Explore Terminal Services user account settings using Active Directory Users and Computers
  • Start  Administrative Tools  Active Directory Users and Computers  Users
  • Explore the settings on the four Terminal Services tabs: Terminal Services Profile, Remote control, Sessions, and Environment

Guide to MCSE 70-290, Enhanced

delegating administrative authority
Delegating Administrative Authority
  • Active Directory is a database and must be protected
  • Uses permissions similar to NTFS file permissions
  • Administrators have full access by default
  • User are given read permission for most attributes by default
  • Administrator can edit permissions
    • Must take care not to make any objects completely inaccessible

Guide to MCSE 70-290, Enhanced

active directory object permissions
Active Directory Object Permissions
  • Objects can be assigned permissions at 2 levels:
    • Object-level permissions
      • Must be granted for a user to create or modify an OU, user, or group account
      • Applied according to a preconfigured set of standard permissions
    • Attribute-level permissions
      • Control which attributes a user or group can view or modify
  • If not explicitly set, object inherits parent container’s permissions

Guide to MCSE 70-290, Enhanced

activity 10 11 exploring active directory object permissions
Activity 10-11: Exploring Active Directory Object Permissions
  • Objective: Explore Active Directory object permission settings
  • Start  Administrative Tools  Active Directory Users and Computers  View (menu bar)  Advanced Features
  • Access the properties of an OU and explore the various permission configurations as directed in the exercise

Guide to MCSE 70-290, Enhanced

permission inheritance
Permission Inheritance
  • Child objects inherit permissions from parent objects by default when child object is created
  • If permissions to parent are changed subsequently, can force permission changes to child if desired
  • Can modify default inheritance by blocking it at the container or object level

Guide to MCSE 70-290, Enhanced

delegating authority over active directory objects
Delegating Authority Over Active Directory Objects
  • Allows you to distribute/decentralize process of administering Active Directory
  • Steps to delegating authority
    • Design OU structure to permit distribution
    • Configure permissions to support appropriate distribution
  • Implementing delegation
    • Can manage permissions directly from Security tab
    • Can use Delegation of Control Wizard

Guide to MCSE 70-290, Enhanced

activity 10 12 using the delegation of control wizard
Activity 10-12: Using the Delegation of Control Wizard
  • Objective: Delegate control of an OU using the Active Directory Users and Computer Delegation of Control Wizard
  • To start wizard, right-click OU and click Delegate Control
  • Delegate a specific permission to a group following directions in the exercise
  • Verify that the permission appears as expected

Guide to MCSE 70-290, Enhanced

software update services
Software Update Services
  • Software Update Services (SUS) allows an administrator to control the deployment of O.S. security updates and critical packages
  • Intended to minimize administrative effort required to keep O.S. protected
  • 2 main elements:
    • Client component: updated version of Windows Automatic Updates, clients contact server to get updates
    • Server component: can be installed on a server running Windows 2000 or Server 2003

Guide to MCSE 70-290, Enhanced

installing software update services
Installing Software Update Services
  • SUS client and server components available for download from Microsoft Web site
  • Requires minimum hardware and a dedicated server if possible
  • Internet Information Services version 5.0 or higher and Internet Explorer 5.5 or higher are prerequisites
  • Server component can be installed on Windows 2000 Server, Windows Server 2003, or Microsoft Small Business Server 2000

Guide to MCSE 70-290, Enhanced

activity 10 13 installing software update services
Activity 10-13: Installing Software Update Services
  • Objective: To install the server component of Software Update Services (after installing IIS)
  • Start  Control Panel  Add or Remove Programs  Add/Remove Windows Components
  • Install IIS following instructions
  • Run the SUS10SP1.exe file to start installation of SUS
  • Follow directions to run Microsoft Software Update Services Setup Wizard
  • Complete installation as directed

Guide to MCSE 70-290, Enhanced

how software update services works
How Software Update Services Works
  • Purpose of SUS is to provide centralized facility for clients to obtain security package updates automatically
  • SUS server can store updates locally or store catalog with clients downloading from Internet
  • Administrator must approve an update before clients can download it
  • Clients must have Automatic Updates software installed to interact with SUS server

Guide to MCSE 70-290, Enhanced

configuring software update services
Configuring Software Update Services
  • Default SUS configurations (Typical option):
    • Updates downloaded from Internet servers
    • Proxy server settings are set to Automatic
    • Downloaded content is stored locally on SUS server
    • Packages are downloaded in all supported languages
    • If changes occur to an approved package, changed package is not approved
  • Administration is Web-based, password protected
  • On-line resources include SUS Overview Whitepaper, SUS Deployment Guide, Windows Update, Security Web sites

Guide to MCSE 70-290, Enhanced

activity 10 14 configuring software update services settings
Activity 10-14: Configuring Software Update Services Settings
  • Objective: To configure SUS settings
  • Start  All Programs  Internet Explorer
  • Enter the SUS administration Web address and log on as directed
  • Browse the Set options pages
  • Configure your SUS to maintain updates on a Microsoft Windows Update server

Guide to MCSE 70-290, Enhanced

activity 10 15 synchronizing software update services content
Activity 10-15: Synchronizing Software Update Services Content
  • Objective: To manually synchronize SUS content
  • Use the Microsoft SUS menu through Internet Explorer to start the synchronization process as directed
  • Browse potential updates and explore sorting options and details menu
  • Approve an update
  • Browse logs and other information as directed

Guide to MCSE 70-290, Enhanced

automatic updates
Automatic Updates
  • Clients must have Automatic Updates client software installed to obtain security updates
  • Some systems have software preinstalled, others must manually install
  • Automatic Updates can be manually enabled along with notification and scheduling options
  • To connect to local SUS server to obtain updates, must configure client’s Registry or Group Policy settings
  • Group policy settings override local settings

Guide to MCSE 70-290, Enhanced

automatic updates continued
Automatic Updates (continued)

Guide to MCSE 70-290, Enhanced

activity 10 16 reviewing automatic updates group policy settings
Activity 10-16: Reviewing Automatic Updates Group Policy Settings
  • Objective: To review Group Policy settings for Automatic Update
  • Start  Administrative Tools  Active Directory Users and Computers
  • Edit the Default Domain Policy and add the wuau template as directed
  • Browse and configure settings for Automatic Updates

Guide to MCSE 70-290, Enhanced

planning a software updates services infrastructure
Planning a Software Updates Services Infrastructure
  • Common methods that organizations use to deploy and configure SUS
    • Small networks: single server running SUS or multiple location-based servers managed independently
    • Enterprise networks: multiple SUS servers, single synchronization server (hub and spoke)
    • High security networks: corporate intranet disconnected from public Internet. All local servers download from special connected server(s).

Guide to MCSE 70-290, Enhanced

activity 10 17 uninstalling software update services and internet information services
Activity 10-17: Uninstalling Software Update Services and Internet Information Services
  • Objective: To uninstall SUS and IIS
  • Start  Control Panel  Add or Remove Programs
  • Remove Software Update Services as directed
  • Remove Internet Information Services as directed

Guide to MCSE 70-290, Enhanced

summary
Summary
  • Tools used to manage server tasks and remote management of clients:
    • Microsoft Management Console (MMC)
    • Secondary logon feature
  • Network troubleshooting process steps: define problem, gather information about changes, devise plan, implement plan, document changes & results
  • Terminal Services allows users to connect to and run applications on remote servers

Guide to MCSE 70-290, Enhanced

summary continued
Summary (continued)
  • Remote Desktop for Administration allows administrators to connect to and interact with remote servers
  • Administrative authority for Active Directory objects can be delegated through object-level and attribute-level permissions
  • Software Update Services allows control of the deployment of security updates throughout a network

Guide to MCSE 70-290, Enhanced

ad