11 MAINTAINING THE OPERATING SYSTEM Chapter 5
Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service packs and hotfixes and the process of applying both using Windows Update, Automatic Updates, and group policies. Use Microsoft Baseline Security Analyzer. Install and configure a Microsoft Software Update Services server. Understand Per Server and Per Device or Per User licensing. Configure licenses using the Choose Licensing Mode tool in Control Panel and using the Licensing tool. Understand the difference between service packs and hotfixes and the process of applying both using Windows Update, Automatic Updates, and group policies. Use Microsoft Baseline Security Analyzer. Install and configure a Microsoft Software Update Services server. Understand Per Server and Per Device or Per User licensing. Configure licenses using the Choose Licensing Mode tool in Control Panel and using the Licensing tool.
Chapter 5: MAINTAINING THE OPERATING SYSTEM3 WINDOWS OPERATING SYSTEM UPDATES Update A minor revision to a software product, usually intended to address specific performance issues rather than add new features Upgrade A major revision to a product that might include new features as well as all of the existing patches for the previous version of the product Update A minor revision to a software product, usually intended to address specific performance issues rather than add new features Upgrade A major revision to a product that might include new features as well as all of the existing patches for the previous version of the product
Chapter 5: MAINTAINING THE OPERATING SYSTEM4 SERVICE PACK A collection of patches and other updates that are tested and packaged as a single unit. Service packs are cumulative: SP3 contains all updates from SP1 and SP2. Service pack releases are not on a schedule. A collection of patches and other updates that are tested and packaged as a single unit. Service packs are cumulative: SP3 contains all updates from SP1 and SP2. Service pack releases are not on a schedule.
Chapter 5: MAINTAINING THE OPERATING SYSTEM5 SERVICE PACK RELEASES CD-ROM Entire service pack on CD Express download Analyzes system and downloads only required components Network download Entire service pack in a single file CD-ROM Entire service pack on CD Express download Analyzes system and downloads only required components Network download Entire service pack in a single file
Chapter 5: MAINTAINING THE OPERATING SYSTEM6 HOTFIXES Designed to address a specific issue Downloadable as a single executable Normally directly associated with a Knowledge Base article Designed to address a specific issue Downloadable as a single executable Normally directly associated with a Knowledge Base article
Chapter 5: MAINTAINING THE OPERATING SYSTEM7 WHEN SHOULD YOU UPDATE?
Chapter 5: MAINTAINING THE OPERATING SYSTEM8 UNINSTALLING SERVICE PACKS Requires considerable disk space Service packs can be uninstalled through Add/Remove Programs in Control Panel Should be done only if the service pack installation is causing new issues Requires considerable disk space Service packs can be uninstalled through Add/Remove Programs in Control Panel Should be done only if the service pack installation is causing new issues
Chapter 5: MAINTAINING THE OPERATING SYSTEM9 USING MICROSOFT BASELINE SECURITY ANALYZER
Chapter 5: MAINTAINING THE OPERATING SYSTEM10 USING WINDOWS UPDATE
Chapter 5: MAINTAINING THE OPERATING SYSTEM11 USING AUTOMATIC UPDATES Available in Windows Server 2003, Windows XP (Service Pack 1), Windows 2000 (Service Pack 3). Default is to automatically download updates and prompt the user to install them. Configured via the Automatic Updates tab in System Properties. In Windows 2000, it is configured via the Automatic Updates control panel. Available in Windows Server 2003, Windows XP (Service Pack 1), Windows 2000 (Service Pack 3). Default is to automatically download updates and prompt the user to install them. Configured via the Automatic Updates tab in System Properties. In Windows 2000, it is configured via the Automatic Updates control panel.
Chapter 5: MAINTAINING THE OPERATING SYSTEM12 INSTALLING SERVICE PACKS MANUALLY
Chapter 5: MAINTAINING THE OPERATING SYSTEM13 INSTALLING HOTFIXES MANUALLY Hotfix filenames are formatted as: OperatingSystem-KnowledgeBase#-Platform- Language.exe Example: WindowsServer2003-KB x86-ENU.exe Hotfix filenames are formatted as: OperatingSystem-KnowledgeBase#-Platform- Language.exe Example: WindowsServer2003-KB x86-ENU.exe
Chapter 5: MAINTAINING THE OPERATING SYSTEM14 CHAINING HOTFIXES Use Qchain.exe to install multiple hotfixes at a single time. Use /Z switch to prevent restarts. Qchain.exe ensures that the system uses the correct version of that file when the installation is complete. Use Qchain.exe to install multiple hotfixes at a single time. Use /Z switch to prevent restarts. Qchain.exe ensures that the system uses the correct version of that file when the installation is complete.
Chapter 5: MAINTAINING THE OPERATING SYSTEM15 SLIPSTREAMING Slipstreaming a service pack Slipstreaming hotfixes Slipstreaming a service pack Slipstreaming hotfixes
Chapter 5: MAINTAINING THE OPERATING SYSTEM16 USING GROUP POLICIES
Chapter 5: MAINTAINING THE OPERATING SYSTEM17 USING MICROSOFT SOFTWARE UPDATE SERVICES Allows software updates to be downloaded once for the entire organization Provides administrative control over what updates are applied to clients Reduces Internet usage Allows software updates to be downloaded once for the entire organization Provides administrative control over what updates are applied to clients Reduces Internet usage
Chapter 5: MAINTAINING THE OPERATING SYSTEM18 INSTALLING SUS
Chapter 5: MAINTAINING THE OPERATING SYSTEM19 SYNCHRONIZING SUS
Chapter 5: MAINTAINING THE OPERATING SYSTEM20 APPROVING UPDATES
Chapter 5: MAINTAINING THE OPERATING SYSTEM21 CONFIGURING AUTOMATIC UPDATES
Chapter 5: MAINTAINING THE OPERATING SYSTEM22 BUILDING SUS TOPOLOGY Multiple-server topology Strict parent/child topology Loose parent/child topology Multiple-server topology Strict parent/child topology Loose parent/child topology
Chapter 5: MAINTAINING THE OPERATING SYSTEM23 SUS MONITORING On the server, SUS monitoring information can be viewed through: Monitor Server page Synchronization Log, Approval Log, wutrack.bin file On the client, SUS-related information can be viewed through: Windows Update Log On the server, SUS monitoring information can be viewed through: Monitor Server page Synchronization Log, Approval Log, wutrack.bin file On the client, SUS-related information can be viewed through: Windows Update Log
Chapter 5: MAINTAINING THE OPERATING SYSTEM24 SUS SYSTEM EVENTS SUS-generated events are written to System log of Event Viewer: Each time a synchronization is performed When updates are approved SUS-generated events are written to System log of Event Viewer: Each time a synchronization is performed When updates are approved
Chapter 5: MAINTAINING THE OPERATING SYSTEM25 TROUBLESHOOTING SUS Reloading the memory cache Restarting the synchronization service Restarting IIS Reloading the memory cache Restarting the synchronization service Restarting IIS
Chapter 5: MAINTAINING THE OPERATING SYSTEM26 ADMINISTERING SOFTWARE LICENSES The End-User License Agreement (EULA) is a binding contract that gives you the legal right to use a piece of software. In an enterprise environment, managing software licenses is critically important. The End-User License Agreement (EULA) is a binding contract that gives you the legal right to use a piece of software. In an enterprise environment, managing software licenses is critically important.
Chapter 5: MAINTAINING THE OPERATING SYSTEM27 OBTAINING A CLIENT ACCESS LICENSE A Client Access License (CAL) is required for each user or device that will connect to the server. CALs are normally obtained in bundles (5, 10, 25, 50, 100). CALs are not a physical object, but an entitlement to connect to a Windows network. A Client Access License (CAL) is required for each user or device that will connect to the server. CALs are normally obtained in bundles (5, 10, 25, 50, 100). CALs are not a physical object, but an entitlement to connect to a Windows network.
Chapter 5: MAINTAINING THE OPERATING SYSTEM28 PER SERVER LICENSING Each server permits a certain number of concurrent connections. Once the limit is reached, connections are refused. Usually only practical in environments with a single server. Each server permits a certain number of concurrent connections. Once the limit is reached, connections are refused. Usually only practical in environments with a single server.
Chapter 5: MAINTAINING THE OPERATING SYSTEM29 PER DEVICE OR PER USER LICENSING Each user or device requires a license. Licensed users or devices can connect to any number of servers. Common in environments with multiple servers. Each user or device requires a license. Licensed users or devices can connect to any number of servers. Common in environments with multiple servers.
Chapter 5: MAINTAINING THE OPERATING SYSTEM30 LICENSING TOOLS Licensing in Control Panel Manages licensing for a single computer running Windows Server 2003 Licensing in Administrative Tools Centralized control of licensing and license replication in a site-based model Licensing in Control Panel Manages licensing for a single computer running Windows Server 2003 Licensing in Administrative Tools Centralized control of licensing and license replication in a site-based model
Chapter 5: MAINTAINING THE OPERATING SYSTEM31 ADMINISTERING SITE LICENSING License Logging service assigns and tracks licenses. Licensing information is replicated to a centralized licensing database. Use the Licensing tool in the Administrative Tools program group to view and manage licensing for an entire site. License Logging service assigns and tracks licenses. Licensing information is replicated to a centralized licensing database. Use the Licensing tool in the Administrative Tools program group to view and manage licensing for an entire site.
Chapter 5: MAINTAINING THE OPERATING SYSTEM32 THE SITE LICENSE SERVER
Chapter 5: MAINTAINING THE OPERATING SYSTEM33 ADMINISTERING SITE LICENSES
Chapter 5: MAINTAINING THE OPERATING SYSTEM34 LICENSE GROUPS A license group is a collection of users who share one or more CALs. License groups are created when: A single user uses more than one device, such as a computer. More than one user uses a single device, such as a computer. A license group is a collection of users who share one or more CALs. License groups are created when: A single user uses more than one device, such as a computer. More than one user uses a single device, such as a computer.
Chapter 5: MAINTAINING THE OPERATING SYSTEM35 SUMMARY A service pack is a collection of updates that have been tested together and approved for installation on all computers. A hotfix is a patch that addresses a single issue. Hotfixes are intended only for computers that perform certain tasks or are experiencing a particular problem. Microsoft Software Update Services enables you to centralize and manage the approval and distribution of Windows critical updates and Windows security rollups. Tracking and managing licenses and compliance is an important part of an administrator’s job. A service pack is a collection of updates that have been tested together and approved for installation on all computers. A hotfix is a patch that addresses a single issue. Hotfixes are intended only for computers that perform certain tasks or are experiencing a particular problem. Microsoft Software Update Services enables you to centralize and manage the approval and distribution of Windows critical updates and Windows security rollups. Tracking and managing licenses and compliance is an important part of an administrator’s job.