Transcript Ch. 10 – Server Administration

Ch. 10 – Server
Administration
MIS 431 – created Spring 2006
Chapter 10 Server Administration
1
Overview of Server Administration
 Distinguish between various tools and
methods to manage WS03
 Configure Terminal Services and Remote
Desktop for administration
 Delegate administrative authority in AD
 Install and configure MS Software Update
Services
 Tough call: deciding what level of access
different users should have in AD
Chapter 10 Server Administration
2
WS03 Management Tools
 Microsoft Management Console
 Customizable management framework that can host a
number of different mgt tools
 Can add more snap-in tools to a MMC
 Ex: add tools to manage DNS and DHCP servers
 Save as custom MMC for use by authorized
administrators – saved as a Management Saved
Console file with .msc extension
 Enables you to manage both local and remote
computers
 All the provided MMCs are pre-built with the relevant
snap-ins already added. Cool!
Chapter 10 Server Administration
3
More WS03 Mgt Tools
 It’s useful to have two logon accounts
One is for administrative tasks
 The other is for normal user activities and used for nonadministrative tasks
 Secondary logon feature –lets you log in as your regular
account but still have access to administrative tools with your
admin account
 Activity 10-5: using secondary logon feature
 Start|Administrative Tools
 Rt-click Event Viewer and choose Run as
 Provide the alternate (admin) user information for that one
task
 Activity 10-6: use secondary logon from command line

Chapter 10 Server Administration
4
Networking Troubleshooting
 Just in the rare case you have trouble…. 
 A troubleshooting process





Define the problem
Gather detailed information about what has
changed
Devise a plan to solve the problem
Implement the plan and observe the results
Document all changes and results
Chapter 10 Server Administration
5
Troubleshooting details…
 Define the problem

Usually have a cryptic error message: ask
user questions




what is the exact problem? (digital cam of screen)
how long have you had this problem?
Try to recreate the problem in the test lab so
that you can attempt various solutions
WS03 can help identify specific error
messages: NET HELPMSG number will
retrieve addl information for that error number
Chapter 10 Server Administration
6
Troubleshooting details…
 Gather detailed info about what has changed

What has changed recently that might have
caused the problem?




New HW components installed?
New hardware drivers? (e.g., that “flash”)
Who has access to the computer that might have
changed certain settings?
Any SW or service patches installed recently?
Chapter 10 Server Administration
7
Troubleshooting details…
 Devise a plan to solve the problem
 BEFORE YOU START, have a rollback strategy in case
the fix doesn’t work
 Don’t break it worse with your fix!
 Consider…
 Interruptions to the network (e.g., restart server)
 Possible changes to network security policy
 Need to document ALL CHANGES and
troubleshooting steps (use a notebook next to server)
 It ALWAYS helps to have a buddy to talk your plan over
with – “structured walkthrough” can find flaws
Chapter 10 Server Administration
8
Troubleshooting details…
 Implement the plan and observe the results
 Once plan is devised, notify users on the
network if availability will be interrupted




Can do this to logged on users or send a group
message to all users with accounts on that device
Find a good time to do the fix. THERE ARE NO
GOOD TIMES IN MANY NETWORKS!
Don’t make too many changes at one time –
difficult to see what worked and harder to roll
back if unsuccessful
If it didn’t work, restart troubleshooting process
Chapter 10 Server Administration
9
Troubleshooting details…
 Document all changes and results


Document all troubleshooting steps and
configuration changes to keep track of what
has changed on the network
If the problem occurs again, the
documentation helps explain the possible
cause and lets it be fixed sooner
Chapter 10 Server Administration
10
Terminal Services and Remote
Desktop for Administration
 Terminal Services – thin client (actually a version of
Winframe’s Citrix product)



Terminal emulator that does “remote control” sending
mouse clicks and keyboard to remote side, and
displaying the screen of the remote end on (your) local
end
TS must be installed separately and requires a valid
user client license
Technically for applications running on server rather
than administration
 Install: Add or Remove Programs in Control Panel
and then click Add/Remove Windows Components
button
Chapter 10 Server Administration
11
Terminal Services Administration
 Terminal Services Manager – monitor and
control client access to one or more terminal
servers
 Terminal Services Configuration – configure
Terminal Server settings and connections
 Terminal Services Licensing – stores and
tracks Terminal Services client access
licenses
Chapter 10 Server Administration
12
Configure Remote Connection
Settings
 Multiple users may connect at same time if CALs are
sufficient
 Terminal connection property tabs (Table 10-2)








General
Logon Settings
Sessions
Environment
Remote Control
Client Settings
Network Adapter
Permissions
Chapter 10 Server Administration
13
Terminal Services Client SW
 WS00 Terminal Service client: to install on a client (or
a server) computer (~2 floppies)
 TS client files are installed on the WS03 server when
TS is installed on the server




Several operating systems available: 95, 08, NT 4.0,
2000
Not necessary on Windows XP or WS03 because that
client software is pre-installed
In %Systemroot%\systen32\clients\tsclient\win32 folder
Can share this folder and initiate the installation
process over the network
Chapter 10 Server Administration
14
More Remote Administration
 Remote Desktop for Administration
 Used to do remote server administration
 Installed as part of WS03 but turned off by default
 Go to Control Panel and open System
 On Remote tab click “allow users to connect remotely
to this computer” and save it
 But must enable each user to do remote connection in
AD Users & Computers (or put into the Remote
Desktop Users group – preconfigured)
 If you install Terminal Services on the server then RDA
is grayed out but it works (like in our classroom)
Chapter 10 Server Administration
15
Delegate Administrative Authority
 Administrators can view everything (but you
can make changes that keep YOU from
viewing)
 Can delegate authority to view/change AD to
non-administrators based on the container,
the object, and the group


Ex: HR dept can view address information of
employees
Basically, be very careful who and what you
permit!
Chapter 10 Server Administration
16
Software Update Service – nice!
 Methods to update systems with current
patches





Manual download and installation
Installation using a script, such as login script
Automated deployment using applications like
MS Systems Management Server (SMS)
Installation using MS Windows Update
Push method of Windows Automatic Updates
Chapter 10 Server Administration
17
Install Software Update Services
(SUS)
 This is server-side software to let admins
deploy security patches and hot fixes

Provides more granular control than previous
 Two main elements – client and server


Server side runs on WS00 or WS03
Client side is an updated version of the
Windows Automatic Updates tool
 Don’t need a huge server to fulfill this role but
lots of disk space is a plus
Chapter 10 Server Administration
18
How SUS Works
 Small networks: admin can choose which
updates and decide which clients get them
 Enterprise level:
Chapter 10 Server Administration
19