Maintaining and Updating Windows Server 2008

Lesson 8

Skills Matrix

Technology Skill

Configuring Windows Server Update Services (WSUS)

Objective Domain

Configure Windows Server Update Services (WSUS) server settings Capture performance data Using the Performance Monitor Using the Windows Event Viewer Using Network Monitor to Gather Network Data Monitor event logs Gather network data

Objective #

5.1

5.2

5.3

5.4

Monitoring a Windows Server 2008

• There are two approaches to maintaining your network: the reactive approach and the proactive approach. • After implementation of your network design is complete and you have verified that your network works properly, the reactive approach means that you will “wait and see” what problems arise.

Monitoring a Windows Server 2008

• A proactive approach doesn’t wait for problems to arise. – A proactive approach to network management is preventative and uses tools such as the Performance and Reliability Monitor, the Event Viewer, and Network Monitor utilities. – Proactive system administrators use these tools to help spot potential and actual networking issues without wasting time guessing what the problems might be because they lack historical data. – They do this by systematically monitoring, logging, and analyzing the network’s data.

Reliability and Performance Monitor

• Located within the Administrative Tools folder.

• Allows you to collect real-time information on your local computer or from a specific computer to which you have permissions. • This information can be viewed in a number of different formats that include line charts and histograms.

Reliability and Performance Monitor

Reliability and Performance Monitor

Performance Monitor

• Probably the most frequently used view within the Reliability and Performance Monitor is the Performance Monitor. • One of the simplest methods is to open the Start menu, key perfmon.exe, and then click OK. • Performance Monitor provides detailed information necessary for in-depth analysis, logging capabilities, and alerts, which are useful for early warnings of possible system issues.

Performance Monitor

Data Collector Sets

• • • One of the significant changes introduced in Windows Server 2008 performance monitoring is the

Data Collector Set

. Rather than manually adding individual performance counters anytime you want to monitor performance on a 2008 server, Data Collector Sets allow you to organize a set of performance counters, event traces, and system configuration data into a single “object” that you can reuse on one or more Windows Server 2008 servers. You can view the counters associated with Data Collector Sets in Performance Monitor view, use them to generate alert actions when particular performance thresholds are reached, and integrate them with the Windows Task Scheduler to collect performance data at specific times.

Data Collector Sets

• There are three built-in Data Collector Sets within Windows Server 2008 — LAN Diagnostics, System Diagnostics, and System Performance — or you can create your own custom sets. • You also have the ability to create

Data Collector Set templates

that are based on the XML file format, thus allowing you to distribute templates across multiple servers for use by other administrators.

Data Collector Sets

Data Collector Sets

Data Collector Sets

Data Collector Sets

Securing Access to Performance Data

• A common request from network administrators in previous versions of Windows is the ability to delegate access to performance data without allowing full administrative rights to a particular server. • To this end, Windows Server 2008 includes a number of built-in group objects that grant limited access to performance data.

Securing Access to Performance Data

• Members of the

Performance Monitor Users

group, by default, are delegated the following additional abilities to view performance data: – Members of Performance Monitor Users can view both real-time and historical data within the Performance Monitor console and can use the Reliability Monitor.

– Members of Performance Monitor Users cannot create or modify Data Collector Sets or use the Resource View.

Securing Access to Performance Data

• Members of the Users.

Performance Log Users

group have all of the rights available to normal Users and Performance Monitor • In addition, Performance Log Users also have the ability to create and modify Data Collector Sets, but only after an administrator has assigned this group the

Log on as a batch user

user right on the server or servers in question.

Windows Event Viewer

• Windows Server 2008 uses the Windows Event Viewer to record system events that take place, such as security, application, and role-specific events.

Windows Event Viewer

Network Monitor

• If you receive reports that a Windows Server 2008 computer is not responding fast enough, you might want to isolate the view of the network traffic that is being sent to or from that server. • You may also need to view network traffic to determine if a client application is faulting, or to determine if a malicious user or virus is attempting to access the computer over the network.

Network Monitor

• Windows Server 2008 does not include a built-in network monitor, but you can download and install the latest version of Network Monitor from the Microsoft Web site. • This free download will allow you to view network traffic that is being sent to and from the network interface cards on a particular Windows Server 2008 computer. • You can view network captures in real-time, or save the information to a file to be analyzed later.

Network Monitor

Network Monitor

Windows Server Update Services (WSUS)

• Traditionally, system administrators and users kept systems up-to-date by frequently checking the Microsoft Windows Update Web site or the Microsoft Security Web site for software updates. • Administrators manually downloaded available updates, tested the updates in their environment, and then distributed the updates manually or with traditional software distribution tools.

Windows Server Update Services (WSUS)

• To improve the manageability of this process, Microsoft introduced

Windows Server Update Services (WSUS)

– A Web-based tool for managing and distributing software updates that resolve known security vulnerabilities or otherwise improve performance.

– – For Microsoft Windows XP, Windows Vista, Microsoft Windows Server 2003, and Windows Server 2008 operating systems. The latest version of WSUS (WSUS 3.0 with Service Pack 1 at the time of this writing) is a free download from the Microsoft Web site that can be installed on a Windows Server 2008 computer.

Windows Server Update Services

WSUS Distributed Infrastructure • • A server that runs WSUS can be synchronized from the public Windows Update servers, from another server running WSUS, or from a manually configured content distribution point. WSUS servers can download and store content locally, or they can use the content on the Windows Update Web site.

Setting WSUS Client Settings with GPOs

Setting WSUS Client Settings with GPOs

Summary

• When monitoring the health of Windows Server 2008, you can examine the Window Event Viewer to obtain information. • By default, it logs informational events such as service start and stop messages, errors, and warnings. • Additional diagnostic logging can be achieved by modifying the registry.

Summary

• Reliability and Performance Monitor in Windows Server 2008 allows you to collect real-time information on your local computer or from a specific computer to which you have permissions. • This information can be viewed in a number of different formats that include charts, graphs, and histograms.

Summary

• Reliability and Performance Monitor uses performance objects, or categories, and performance counters to organize performance information. – Performance counters are the specific processes to monitor. – Many counters are available.

• WSUS is a tool used to manage and distribute software updates that fix known security vulnerabilities or otherwise improve the performance of Microsoft operating systems.

Summary

• Updates can include items such as security fixes, critical updates, and critical drivers.

• Windows Update is a Microsoft Web site that works with Automatic Updates to provide timely critical and noncritical system updates.

• Automatic Updates enables you to automatically interact with the Windows Update Web site.

Summary

• WSUS has three main components: – A content synchronization service.

– An internal Windows Update server.

– Automatic Updates on computers (desktops or servers).

Summary

• WSUS server management includes reviewing and changing configuration options, automatically or manually synchronizing the server, viewing update status, and backing up and restoring the server.

• You can configure Automatic Updates through the Automatic Updates configuration page, Group Policy, and by configuring registry entries.