1 / 36

Morgan Simonsen morgan.simonsen@ementor.no Ementor

Windows Server 2003: Advanced administration and Troubleshooting , or: ” How to make your Kung-Fu stronger ”. Morgan Simonsen morgan.simonsen@ementor.no Ementor. What Will We Cover?. Tips and tricks for managing Windows Server 2003 Improvements in Service Pack 2

jolene-joseph
Download Presentation

Morgan Simonsen morgan.simonsen@ementor.no Ementor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2003:Advancedadministration and Troubleshooting, or:”How to make yourKung-Fustronger” Morgan Simonsen morgan.simonsen@ementor.no Ementor

  2. WhatWillWe Cover? • Tips and tricks for managing Windows Server 2003 • Improvements in Service Pack 2 • Security tidbits • Importanttools

  3. Helpful Experience • Experience managing Windows Server 2003 • Networking experience Level 300

  4. Administering W2K3 Server: Tools • Support Tools • ResourceKitTools • Group Policy Management Console • Sysinternals • PowerShell/Scripting

  5. Sysinternals Tools“My Kung-Fu is stronger than your Kung-Fu” • Process Explorer • Process Monitor • AccessEnum • AutoRuns demonstration

  6. Administering W2K3 Server: Scripting • CMD • VBScript/JScript • PowerShell

  7. W2K3 Server WellKeptSecrets • Access BasedEnumeration • Diskpart kung-fu • Replmon.exe/repadmin.exe • UserProfile Hive Cleanup Service

  8. Windows Server 2003 SP2 Improvements

  9. MMC 3.0 MMC .0 List View with Preview Pane List View with Roll-Ups Start Pages Goals • Consistent UI & Structure • Views • Start Pages • Richer Snap-ins • Improved Usability • Improved Reliability • Easier Development • Shipped with WS03R2

  10. Utility Improvements Plus – New Cluster Service Event ID 1239 > DCDiag.exe /x /xsl:file.xsl or .xslt > ICacls c:\windows\* /save AclFile /T > MSConfig.exe

  11. XMLLite New XML API • Part of Vista Beta 2 SDK • Parser native in SP2 Goals of XMLLite • Separate, independent DLL • Adhere’s to XML 1.0 standard • Easy to use • High performance Usage Scenarios • Document format (Office 2007) • Business Transactions • Standard XML Scnearios

  12. Security Features Per Port Firewall Authentication Currently WS03 Windows Firewall supports an authenticated IPSec bypass feature. However, once past the firewall, it is possible to jump to and compromise other applications behind the firewall. Instead of only exempting authenticated IPSec traffic from the entire firewall, it will now be possible to exempt authenticated traffic for a particular port or application exception IPsec Filter Management Simple IPSec Policy Update Significantly Reduces IPsec filter set Fallback to clear is 500ms

  13. Wi-Fi Protected Access 2 • Current Server 2003 SP1 / XP64 Wireless Group Policy does not support WPA2 • WPA2 Enterprise using IEEE 802.1X authentication and WPA2 Personal using a preshared key (PSK) • Uses Advanced Encryption Standard (AES) • Use of Pairwise Master Key (PMK) caching and opportunistic PMK caching

  14. Windows Deployment Services Goals Scenarios • Deliver Great “in-the-box” provisioning solution • Deliver components to enable custom solution • Plug in model for PXE Server extensibility • Unify on single image format – WIM • Improve management experience • Provide migration and co-existence path from RIS

  15. Windows Deployment Services Goals Scenarios • New machine deployment End-to-end solution for clean installs • PXE Boot of WinPE Custom deployment solution or recovery envrionment • Extensibility Points Scalable PXE server built on a unified architecture

  16. WDS Client Setup application runs within WinPE Special mode of Windows Vista • Image Based Setup (IBS) • Logic to communicate with WDS server • Drives the client setup experience (unique to WDS) Regional and Language options • May be configured at setup WDS Client Automated using unattend.xml

  17. Transition from RIS WDS: Modes of Operation Legacy Mixed Native Best of Both WinPE and OSChooser RISETUP, RIPREP and WIM MGMT of new: WDS MMC / CLI MGMT of legacy: RIS utilities WDS Binaries but RIS functionality RISETUP and RIPREP Management through RIS utilities No RIS functionality WinPE only WIM only MGMT through WDS MMC / CLI Longhorn Server Only Windows Server 2003 Only Transition

  18. Scalability Networking Pack Increasing processor loads Excessive context switching Lack of effective scaling Memory overhead and latency Reduces packet processing Offloads network processing Shares network processing Challenges To Faster Networking Scalable Networking Pack

  19. TCP Chimney Offload Applications Network APIs Switch Data Transfer Interfaces TCP State Update Interfaces Intermediate Protocols TCP Chimney TOE-Capable Network Adaptor Tcpip.sys NDIS NDIS miniport driver

  20. Received Side Scaling Processors DPE NDIS 5.1 allows for only a single deferred Procedure Call Doesn’t scale well for Multiprocessor/multi-core systems under heavy workloads In SP2 an adaptor is not associated with a single processor NDIS 5.2 and RSS is supported Allows for more traffic to be processed DPE Network Card

  21. NetDMA Support Offloads processing of memory-to-memory transfers Without NetDMA Processor is heavily invoiced in moving data from NIC buffers to application buffers With NetDMA DMA engine and transfers are managed Minimizes CPU processing of data transfers from NIC buffers to application buffers

  22. Customer Driven Improvements Improves the performance under high APIC access rate for Windows Server 2003 running as a guest operating system under Windows Virtualization Default storage limit changed to 1 GB MSMQ v3.0 may be set too high for certain customers which may experience problems which appear due to low available memory Under workloads with high kernel time, some due to network traffic Fixes Winsock issue that caused system wide dispatch locks Search Microsoft.com for SAPSales Virtualization SQL Server 2005 Message Queuing

  23. security

  24. 10 ways to make yournetworksecure: • Defense-in-depth • Defense-in-depth • Defense-in-depth • Defense-in-depth • Defense-in-depth • Defense-in-depth • Defense-in-depth • Defense-in-depth • Defense-in-depth • Defense-in-depth

  25. Tips for greatersecurity • Never run as local administrator • Anti-Virusdoes not protectagainst a directedattack

  26. Security ConfigurationWizard (SCW) • Part of SP1 • Developed to make defense-in-deptheasier • Integrateswith Group Policy • Should be run on all Windows 2003 servers

  27. Creating a security policy using SCW demonstration

  28. Domainisolation • Another part ofdefense-in-depth • IPSecpoliciescontrolcommunicationoninternalnetwork • Enforced by Group Policy • Easy and cheap to implement

  29. Wireless Security • W2K3 Server has easy to use RADIUS server (IAS) • Group Policy deplymentof Wireless policies (WPA2)

  30. Private Key Infrastructure • Run yourownCertificateAuthority! • W2K3 Server supports 4 differentconfigurations: • Root AD integrated (Enterprise Root CA) • Subordinate AD integrated (Enterprise Subordinate CA) • Stand-aloneRoot CA • Stand-aloneSubordinate CA

  31. Private Key Infrastructure - continued • Group Policy supports auto-enrollement for certificates for users and computers • Trust hierarchyestablishedthrough Group Policy • CRLspublished to AD and IIS ++

  32. demonstration Installing your own Certificate Authority (Brian Comar; eat your heart out!)

  33. RDP Security • RDP protocoldoes not protectpassword • SP1 introduces TLS for RDP • Veryeasy to implement

  34. demonstration Configuring Windows Server 2003 for secureRemoteDesktopConnections

  35. Securethrough Group Policy • Microsoft have security guides for almost all server products • Includes Group Policy securitytemplatesspecificallydesgined for product • Easy to implement, givesgood baseline for securityconfiguration

  36. Miscellaneous tips to make your servers run better • Disableunnecessarymappings in RDP • Set RDP timeouts for adminaccounts • Removeunnecessary services • DNS Scavenging

More Related