Ch. 10 – Server Administration
Download
Report
Transcript Ch. 10 – Server Administration
Ch. 10 – Server
Administration
MIS 431 – created Spring 2006
Chapter 10 Server Administration
1
Overview of Server Administration
Distinguish between various tools and
methods to manage WS03
Configure Terminal Services and Remote
Desktop for administration
Delegate administrative authority in AD
Install and configure MS Software Update
Services
Tough call: deciding what level of access
different users should have in AD
Chapter 10 Server Administration
2
WS03 Management Tools
Microsoft Management Console
Customizable management framework that can host a
number of different mgt tools
Can add more snap-in tools to a MMC
Ex: add tools to manage DNS and DHCP servers
Save as custom MMC for use by authorized
administrators – saved as a Management Saved
Console file with .msc extension
Enables you to manage both local and remote
computers
All the provided MMCs are pre-built with the relevant
snap-ins already added. Cool!
Chapter 10 Server Administration
3
More WS03 Mgt Tools
It’s useful to have two logon accounts
One is for administrative tasks
The other is for normal user activities and used for nonadministrative tasks
Secondary logon feature –lets you log in as your regular
account but still have access to administrative tools with your
admin account
Activity 10-5: using secondary logon feature
Start|Administrative Tools
Rt-click Event Viewer and choose Run as
Provide the alternate (admin) user information for that one
task
Activity 10-6: use secondary logon from command line
Chapter 10 Server Administration
4
Networking Troubleshooting
Just in the rare case you have trouble….
A troubleshooting process
Define the problem
Gather detailed information about what has
changed
Devise a plan to solve the problem
Implement the plan and observe the results
Document all changes and results
Chapter 10 Server Administration
5
Troubleshooting details…
Define the problem
Usually have a cryptic error message: ask
user questions
what is the exact problem? (digital cam of screen)
how long have you had this problem?
Try to recreate the problem in the test lab so
that you can attempt various solutions
WS03 can help identify specific error
messages: NET HELPMSG number will
retrieve addl information for that error number
Chapter 10 Server Administration
6
Troubleshooting details…
Gather detailed info about what has changed
What has changed recently that might have
caused the problem?
New HW components installed?
New hardware drivers? (e.g., that “flash”)
Who has access to the computer that might have
changed certain settings?
Any SW or service patches installed recently?
Chapter 10 Server Administration
7
Troubleshooting details…
Devise a plan to solve the problem
BEFORE YOU START, have a rollback strategy in case
the fix doesn’t work
Don’t break it worse with your fix!
Consider…
Interruptions to the network (e.g., restart server)
Possible changes to network security policy
Need to document ALL CHANGES and
troubleshooting steps (use a notebook next to server)
It ALWAYS helps to have a buddy to talk your plan over
with – “structured walkthrough” can find flaws
Chapter 10 Server Administration
8
Troubleshooting details…
Implement the plan and observe the results
Once plan is devised, notify users on the
network if availability will be interrupted
Can do this to logged on users or send a group
message to all users with accounts on that device
Find a good time to do the fix. THERE ARE NO
GOOD TIMES IN MANY NETWORKS!
Don’t make too many changes at one time –
difficult to see what worked and harder to roll
back if unsuccessful
If it didn’t work, restart troubleshooting process
Chapter 10 Server Administration
9
Troubleshooting details…
Document all changes and results
Document all troubleshooting steps and
configuration changes to keep track of what
has changed on the network
If the problem occurs again, the
documentation helps explain the possible
cause and lets it be fixed sooner
Chapter 10 Server Administration
10
Terminal Services and Remote
Desktop for Administration
Terminal Services – thin client (actually a version of
Winframe’s Citrix product)
Terminal emulator that does “remote control” sending
mouse clicks and keyboard to remote side, and
displaying the screen of the remote end on (your) local
end
TS must be installed separately and requires a valid
user client license
Technically for applications running on server rather
than administration
Install: Add or Remove Programs in Control Panel
and then click Add/Remove Windows Components
button
Chapter 10 Server Administration
11
Terminal Services Administration
Terminal Services Manager – monitor and
control client access to one or more terminal
servers
Terminal Services Configuration – configure
Terminal Server settings and connections
Terminal Services Licensing – stores and
tracks Terminal Services client access
licenses
Chapter 10 Server Administration
12
Configure Remote Connection
Settings
Multiple users may connect at same time if CALs are
sufficient
Terminal connection property tabs (Table 10-2)
General
Logon Settings
Sessions
Environment
Remote Control
Client Settings
Network Adapter
Permissions
Chapter 10 Server Administration
13
Terminal Services Client SW
WS00 Terminal Service client: to install on a client (or
a server) computer (~2 floppies)
TS client files are installed on the WS03 server when
TS is installed on the server
Several operating systems available: 95, 08, NT 4.0,
2000
Not necessary on Windows XP or WS03 because that
client software is pre-installed
In %Systemroot%\systen32\clients\tsclient\win32 folder
Can share this folder and initiate the installation
process over the network
Chapter 10 Server Administration
14
More Remote Administration
Remote Desktop for Administration
Used to do remote server administration
Installed as part of WS03 but turned off by default
Go to Control Panel and open System
On Remote tab click “allow users to connect remotely
to this computer” and save it
But must enable each user to do remote connection in
AD Users & Computers (or put into the Remote
Desktop Users group – preconfigured)
If you install Terminal Services on the server then RDA
is grayed out but it works (like in our classroom)
Chapter 10 Server Administration
15
Delegate Administrative Authority
Administrators can view everything (but you
can make changes that keep YOU from
viewing)
Can delegate authority to view/change AD to
non-administrators based on the container,
the object, and the group
Ex: HR dept can view address information of
employees
Basically, be very careful who and what you
permit!
Chapter 10 Server Administration
16
Software Update Service – nice!
Methods to update systems with current
patches
Manual download and installation
Installation using a script, such as login script
Automated deployment using applications like
MS Systems Management Server (SMS)
Installation using MS Windows Update
Push method of Windows Automatic Updates
Chapter 10 Server Administration
17
Install Software Update Services
(SUS)
This is server-side software to let admins
deploy security patches and hot fixes
Provides more granular control than previous
Two main elements – client and server
Server side runs on WS00 or WS03
Client side is an updated version of the
Windows Automatic Updates tool
Don’t need a huge server to fulfill this role but
lots of disk space is a plus
Chapter 10 Server Administration
18
How SUS Works
Small networks: admin can choose which
updates and decide which clients get them
Enterprise level:
Chapter 10 Server Administration
19