70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Thirteen Performing Network Administrative Tasks

Guide to MCSE , Objectives Describe the methods, tools, and processes for managing a Windows Server 2003 system Manage server licensing Delegate administrative authority in Active Directory

Guide to MCSE , Objectives (continued) Monitor and troubleshoot server performance Use the Performance console to monitor server performance Configure services to optimize server performance

Guide to MCSE , Windows Server 2003 Network Administration Tools and Procedures Use MMC snap-ins to manage remote servers Basic Windows Server 2003 administrative tools can be expanded by installing support tools For security purposes, avoid logging on with Administrator user name when not performing administrative functions –Use secondary logon feature

Guide to MCSE , Centrally Managing Servers with the MMC MMC is customizable –Can host many management tools Snap-ins –Customized consoles saved as Management Saved Console (MSC) files File extension is.msc –Can manage local or remote clients/servers Activity 13-1: Using the MMC to View Information on Another Computer –Objective: Use MMC remote administration capabilities

Guide to MCSE , Using Taskpads to Customize MMC Views Taskpad views simplify administrative procedures –Graphical representation of MMC tasks Activity 13-2: Creating a Taskpad –Objective: Create a taskpad to simplify administrative tasks

Guide to MCSE , Additional Management Tools in Windows Server 2003 Windows Server 2003 has more support tools available on installation CD and even more on-line Activity 13-3: Installing Support Tools –Objective: Install Windows Server 2003 support tools and explore their use Table 13-1: Common support tools in Windows Server 2003

Guide to MCSE , Using Secondary Logons Recommended that network administrators have two logon accounts: –One granted administrative rights –Limited user account has normal user rights Used for non-administrative tasks Secondary logon feature: Allows you to run administrative utilities using alternate credentials Activity 13-4: Using the Secondary Logon Feature –Objective: Use the Run as command to open a program using the administrator’s logon credentials

Guide to MCSE , Using Secondary Logons (continued) Activity 13-5: Using a Secondary Logon from the Command Line –Objective: Log on with alternate credentials from the command line Figure 13-2: The Run As dialog box

Guide to MCSE , Network Troubleshooting Processes Define the Problem: Ask questions of user having problem –Get as specific as possible –Recreate problem in controlled environment Gather Detailed Information on What Has Changed: Consider new components, who has access to the computer, and whether software or service patches were installed recently

Guide to MCSE , Network Troubleshooting Processes (continued) Devise a Plan to Solve the Problem: Ensure that no additional problems created –Have a rollback strategy –Consider network disruption, possible changes to security policy, and documentation Implement the Plan and Observe Results: Make one change at a time and test after each change Document All Changes and Results: Essential to help keep track of what has changed –Useful for future troubleshooting

Guide to MCSE , Managing Server Licenses Must have CAL for each connection to Windows Server 2003 system Two types of CALs: –Windows Device CALs: Allow devices to connect regardless of number of users who use device –User CALs: Assigned to user account; allows log on from any number of client computers Two major types of license modes: –Per Server: User or Device CAL for each concurrent connection –Per Device or Per User: Server checks for a valid User/Device CAL

Guide to MCSE , Administering Site Licensing License Logging Service: Assigns and tracks licenses when clients request network services –Provides redundancy by replicating license information on Site License Server Control Panel Licensing Applet: Manage licensing for single Windows Server 2003 computer Administrative Licensing Tool: In multiple-server network, offers options for managing licensing on any Windows Server 2003 computer

Guide to MCSE , Administering Site Licensing (continued) Figure 13-3: Accessing settings for the licensing server

Guide to MCSE , Administering Site Licensing (continued) Figure 13-5: Managing licensing via the Administrative Licensing tool

Guide to MCSE , Delegating Administrative Authority Delegating certain tasks can give you time to focus on more complex tasks –Users often need to be given rights to Active Directory Active Directory Object Permissions: –Object-level permissions: Define types of objects a user or group can view, create, delete, or modify in Active Directory –Attribute-level permissions: Define which attributes of an object a user or group can view or modify in Active Directory

Guide to MCSE , Delegating Administrative Authority (continued) Activity 13-6: Exploring Active Directory Object- level Permissions –Objective: Use Active Directory Users and Computers to explore Active Directory object-level permission settings Table 13-2: Common standard permissions in Windows Server 2003 Active Directory

Guide to MCSE , Delegating Administrative Authority (continued) Figure 13-7: Viewing detailed permissions

Guide to MCSE , Delegating Administrative Authority (continued) Permission Inheritance: Permissions inherited from parent container when object created –When parent’s permissions change, can force all children to re-inherit –Modify default inheritance of permissions by blocking inheritance at container or object level

Guide to MCSE , Delegating Authority for Active Directory Objects Distribute and decentralize process of administering Active Directory –Must design OU structure so that administrative work can be distributed, then configure appropriate level of permissions for each administrator Implementing Delegation: Use Delegation of Control Wizard Activity 13-7: Using the Delegation of Control Wizard –Objective: Use the Delegation of Control Wizard to delegate control of an OU

Guide to MCSE , Delegating Authority for Active Directory Objects (continued) Figure 13-8: The Tasks to Delegate window

Guide to MCSE , Monitoring Server and Client Performance Server performance can deteriorate over time Monitoring helps proactively identify problems –Create a network baseline Three tools for monitoring computer health and performance: –Task Manager –Event Viewer –Performance console

Guide to MCSE , Using Task Manager Fast way to get snapshot of system performance Monitoring and Managing Applications: Applications tab lists applications running in foreground Monitoring and Managing Processes: Processes tab lists all processes in use by applications and services Table 13-3: Information in the Task Manager Processes tab

Guide to MCSE , Using Task Manager (continued) Figure 13-10: The Task Manager Processes tab

Guide to MCSE , Using Task Manager (continued) Monitoring and Managing Processes (continued): –Can set process priorities Activity 13-8: Using Task Manager to Manage Applications and Processes –Objective: Use Task Manager to manage applications and processes Monitoring Real-time Performance: Task Manager Performance tab shows vital CPU and memory performance information

Guide to MCSE , Using Task Manager (continued) Figure 13-11: The Task Manager Performance tab

Guide to MCSE , Using Task Manager (continued) Table 13-4: Information in the Task Manager Performance tab

Guide to MCSE , Using Task Manager (continued) Activity 13-9: Using Task Manager to Monitor Performance –Objective: Use Task Manager to monitor system performance Monitoring Network Performance: Use Task Manager Networking tab to monitor performance of all NICs on system Monitoring Users: Task Manager Users tab lists users currently logged on to system

Guide to MCSE , Using Event Viewer Used to gather information and troubleshoot software, hardware, and system problems –View contents of log files Events typically written to one of three log files: –Application log –Security log –System log Types of events: –Information –Warning –Error

Guide to MCSE , Using Event Viewer (continued) Figure 13-15: Viewing the details of a specific event

Guide to MCSE , Using Event Viewer (continued) Activity 13-10: Viewing System and Application Log Events –Objective: View events in the Event Viewer System and Application logs Viewing System Shutdown Events: Logged as event 1074 in the System log Activity 13-11: Restarting Windows Server 2003 –Objective: Restart Windows Server 2003 to generate a System log event

Guide to MCSE , Using Event Viewer (continued) Activity 13-12: Viewing Shutdown Events in the System Log –Objective: Use Event Viewer to view server shutdown events

Guide to MCSE , Using the Performance Console Performance console consists of two tools: –System Monitor: View data gathered from a wide variety of counter objects in real time –Performance Logs and Alerts: Log samples periodically to data file Imported into other applications or used to generate alerts

Guide to MCSE , Using System Monitor Collect data on real-time server performance –Track how system resources are being used and how they are behaving under current workload Collects data that can be used for: –Monitoring server performance –Problem diagnosis –Capacity planning –Testing Can choose performance objects to monitor and specific types of performance counters

Guide to MCSE , Using System Monitor (continued) Can customize data to capture by specifying source or computer to monitor Real-time information can be displayed in one of three views: –Graph –Histogram –Report Activity 13-13: Exploring System Monitor Settings –Objective: Explore Windows Server 2003 System Monitor settings

Guide to MCSE , Using System Monitor (continued) Figure 13-19: Defining components to monitor

Guide to MCSE , Using System Monitor (continued) Figure 13-20: The default display of System Monitor

Guide to MCSE , Using System Monitor (continued) Performance Objects and Counters: –When monitoring, should first create a baseline –Should examine the following performance objects and associated counters: % Processor Time % Interrupt Time Pages/Second Page Faults/Second % Disk Time Average Disk Queue Length

Guide to MCSE , Using System Monitor (continued) Activity 13-14: Adding Performance Counters to System Monitor –Objective: Add performance counters to the System Monitor tool Performance Objects and Counters (continued): –Gather data is easy; interpreting data is more difficult –Monitoring multiple components regularly should give an idea of how they perform together Make troubleshooting server performance easier –Many alternatives for saving or viewing historical performance data

Guide to MCSE , Using System Monitor (continued) Activity 13-15: Saving and Viewing System Monitor Data –Objective: Explore options for saving System Monitor data Figure 13-24: Viewing System Monitor data in a Web browser

Guide to MCSE , Using Performance Logs and Alerts Can be used to perform the following tasks: –Collect data in a binary, comma-separated, tab- separated, or SQL Server database format; –View data during and after collection –Configure parameters such as start and stop times for log generation, file names, and file size –Configure and manage multiple logging sessions –Set up alerts

Guide to MCSE , Using Performance Logs and Alerts (continued) Three options available: –Counter logs: Save information viewed in System Monitor to a log file –Trace logs: Track what system does after a specific event has occurred –Alerts: Configure an event to occur when a counter meets a predefined value Configuring Alerts: Logging should not be running constantly –Alerts should be set up to notify you of a potential problem

Guide to MCSE , Using Performance Logs and Alerts (continued) Activity 13-16: Configuring Performance Logs and Alerts –Objective: Configure performance logging and alerts Table 13-5: Actions that can be taken when an alert is triggered

Guide to MCSE , Using Performance Logs and Alerts (continued) Figure 13-25: The Action tab for an alert

Guide to MCSE , Configuring and Managing Services When a service is installed unnecessarily during setup or is no longer used, it should be disabled –Running unnecessary services consumes system resources –Must consider service’s role on network, and service dependencies Use Services MMC to access service’s Properties dialog box

Guide to MCSE , Configuring and Managing Services (continued) Tabs on service’s Properties dialog box: –General –Log On –Recovery –Dependencies Activity 13-17: Configuring Windows Server 2003 Services –Objective: Configure the startup properties and settings of Windows Server 2003 services

Guide to MCSE , Configuring and Managing Services (continued) Figure 13-29: The Dependencies tab for the Messenger service

Guide to MCSE , Summary Windows includes a secondary logon feature The Microsoft Management Console is the primary administrative environment for Windows Server 2003 and XP systems Windows Server 2003 contains additional installable support tools Windows Server 2003 licensing includes device and user licenses Servers can be configured to use either the Per Server or Per Device or Per User licensing mode

Guide to MCSE , Summary (continued) Active Directory objects have object-level and attribute-level permissions The Delegation of Control Wizard simplifies delegating administrative authority Task Manager can be used to view and control running applications and processes, find basic performance information, view network utilization information, and view connected users Event Viewer is used to view information, warning, and error events related to the operating system and installed applications

Guide to MCSE , Summary (continued) The Performance console is the primary server- monitoring utility in Windows Server 2003 System Monitor enables server resources to be monitored via graphs or a report view Use Performance Logs and Alerts for collecting data about server resources for further analysis A number of background services run on a Windows Server 2003 system by default