Chapter 10 Server Administration1 Ch. 10 – Server Administration MIS 431 – created Spring 2006
Chapter 10 Server Administration2 Overview of Server Administration Distinguish between various tools and methods to manage WS03 Configure Terminal Services and Remote Desktop for administration Delegate administrative authority in AD Install and configure MS Software Update Services Tough call: deciding what level of access different users should have in AD
Chapter 10 Server Administration3 WS03 Management Tools Microsoft Management Console Customizable management framework that can host a number of different mgt tools Can add more snap-in tools to a MMC Ex: add tools to manage DNS and DHCP servers Save as custom MMC for use by authorized administrators – saved as a Management Saved Console file with.msc extension Enables you to manage both local and remote computers All the provided MMCs are pre-built with the relevant snap-ins already added. Cool!
Chapter 10 Server Administration4 More WS03 Mgt Tools It’s useful to have two logon accounts One is for administrative tasks The other is for normal user activities and used for non- administrative tasks Secondary logon feature –lets you log in as your regular account but still have access to administrative tools with your admin account Activity 10-5: using secondary logon feature Start|Administrative Tools Rt-click Event Viewer and choose Run as Provide the alternate (admin) user information for that one task Activity 10-6: use secondary logon from command line
Chapter 10 Server Administration5 Networking Troubleshooting Just in the rare case you have trouble…. A troubleshooting process Define the problem Gather detailed information about what has changed Devise a plan to solve the problem Implement the plan and observe the results Document all changes and results
Chapter 10 Server Administration6 Troubleshooting details… Define the problem Usually have a cryptic error message: ask user questions what is the exact problem? (digital cam of screen) how long have you had this problem? Try to recreate the problem in the test lab so that you can attempt various solutions WS03 can help identify specific error messages: NET HELPMSG number will retrieve addl information for that error number
Chapter 10 Server Administration7 Troubleshooting details… Gather detailed info about what has changed What has changed recently that might have caused the problem? New HW components installed? New hardware drivers? (e.g., that “flash”) Who has access to the computer that might have changed certain settings? Any SW or service patches installed recently?
Chapter 10 Server Administration8 Troubleshooting details… Devise a plan to solve the problem BEFORE YOU START, have a rollback strategy in case the fix doesn’t work Don’t break it worse with your fix! Consider… Interruptions to the network (e.g., restart server) Possible changes to network security policy Need to document ALL CHANGES and troubleshooting steps (use a notebook next to server) It ALWAYS helps to have a buddy to talk your plan over with – “structured walkthrough” can find flaws
Chapter 10 Server Administration9 Troubleshooting details… Implement the plan and observe the results Once plan is devised, notify users on the network if availability will be interrupted Can do this to logged on users or send a group message to all users with accounts on that device Find a good time to do the fix. THERE ARE NO GOOD TIMES IN MANY NETWORKS! Don’t make too many changes at one time – difficult to see what worked and harder to roll back if unsuccessful If it didn’t work, restart troubleshooting process
Chapter 10 Server Administration10 Troubleshooting details… Document all changes and results Document all troubleshooting steps and configuration changes to keep track of what has changed on the network If the problem occurs again, the documentation helps explain the possible cause and lets it be fixed sooner
Chapter 10 Server Administration11 Terminal Services and Remote Desktop for Administration Terminal Services – thin client (actually a version of Winframe’s Citrix product) Terminal emulator that does “remote control” sending mouse clicks and keyboard to remote side, and displaying the screen of the remote end on (your) local end TS must be installed separately and requires a valid user client license Technically for applications running on server rather than administration Install: Add or Remove Programs in Control Panel and then click Add/Remove Windows Components button
Chapter 10 Server Administration12 Terminal Services Administration Terminal Services Manager – monitor and control client access to one or more terminal servers Terminal Services Configuration – configure Terminal Server settings and connections Terminal Services Licensing – stores and tracks Terminal Services client access licenses
Chapter 10 Server Administration13 Configure Remote Connection Settings Multiple users may connect at same time if CALs are sufficient Terminal connection property tabs (Table 10-2) General Logon Settings Sessions Environment Remote Control Client Settings Network Adapter Permissions
Chapter 10 Server Administration14 Terminal Services Client SW WS00 Terminal Service client: to install on a client (or a server) computer (~2 floppies) TS client files are installed on the WS03 server when TS is installed on the server Several operating systems available: 95, 08, NT 4.0, 2000 Not necessary on Windows XP or WS03 because that client software is pre-installed In %Systemroot%\systen32\clients\tsclient\win32 folder Can share this folder and initiate the installation process over the network
Chapter 10 Server Administration15 More Remote Administration Remote Desktop for Administration Used to do remote server administration Installed as part of WS03 but turned off by default Go to Control Panel and open System On Remote tab click “allow users to connect remotely to this computer” and save it But must enable each user to do remote connection in AD Users & Computers (or put into the Remote Desktop Users group – preconfigured) If you install Terminal Services on the server then RDA is grayed out but it works (like in our classroom)
Chapter 10 Server Administration16 Delegate Administrative Authority Administrators can view everything (but you can make changes that keep YOU from viewing) Can delegate authority to view/change AD to non-administrators based on the container, the object, and the group Ex: HR dept can view address information of employees Basically, be very careful who and what you permit!
Chapter 10 Server Administration17 Software Update Service – nice! Methods to update systems with current patches Manual download and installation Installation using a script, such as login script Automated deployment using applications like MS Systems Management Server (SMS) Installation using MS Windows Update Push method of Windows Automatic Updates
Chapter 10 Server Administration18 Install Software Update Services (SUS) This is server-side software to let admins deploy security patches and hot fixes Provides more granular control than previous Two main elements – client and server Server side runs on WS00 or WS03 Client side is an updated version of the Windows Automatic Updates tool Don’t need a huge server to fulfill this role but lots of disk space is a plus
Chapter 10 Server Administration19 How SUS Works Small networks: admin can choose which updates and decide which clients get them Enterprise level: