10-1
Guide to MCSE 70-290, Enhanced
Chapter 10: Server Administration
Objectives
After reading the chapter and completing the exercises, students should be able to:
· Distinguish between the various methods, tools, and processes used to manage a Windows Server 2003 system
· Understand and configure Terminal Services and Remote Desktop for Administration
· Delegate administrative authority in Active Directory
· Install, configure, and manage Microsoft Software Update Services
Teaching Tips
Teaching Tip / This is a long chapter and will require extra time.Network Administration Procedures
1. Introduce the concept of administering multiple servers and the need to be familiar with the server management tools and techniques that are available. This section will discuss using Microsoft Management Console for administering remote servers, using secondary logons, and troubleshooting techniques.
Windows Server 2003 Management Tools
1. Introduce two primary features of Windows Server 2003 that are used in server administration: MMC and secondary logon.
2. Discuss the Windows Server 2003 model of shutting down and restarting a server, particularly the Shutdown Event Tracker.
Activity 10-1: Restarting Windows Server 2003
1. The purpose of this activity is to understand the Shutdown Event Tracker mechanism and how to use it. Students will restart their computer after configuring the Shutdown Event Tracker.
Activity 10-2: Viewing Shutdown Events in the Event Viewer System Log
1. In this activity, students use the Event Viewer to explore the system log for server shutdown events. They specifically look for events with the code 1074, the system’s code for a shutdown event.
The Microsoft Management Console
1. Students should already be familiar with MMC from earlier chapters. Reiterate what it is and be sure to redefine snap-ins.
2. Note what a Management Saved Console (MSC) file is. Perhaps have students search for .msc files to see what prebuilt consoles are available.
3. Note that and MMC enables you to manage local and remote computers by changing the focus of a particular snap-in. Changing snap-in focus will be the subject of Activity 10-3.
Activity 10-3: Using the MMC to View Information on a Remote Computer
1. The object of this activity is to use MMC for a remote administration task. Students will focus the MMC on their partner’s computer and use the Event Viewer to browse system and application logs on that computer.
Activity 10-4: Creating a Taskpad
1. The purpose of this activity is to have students create a taskpad to simplify administrative tasks. They will create a new MMC. They then define a taskpad that creates a shortcut to the system log on the local computer using the New Taskpad View Wizard.
Secondary Logon
1. Explain that it is recommended best practice for an administrator to have an account with normal user privileges and a separate account with administrative privileges. Discuss with students why this is helpful. Motivate the need for a secondary logon by discussing what the problem is when it is necessary to go back and forth between the accounts.
Activity 10-5: Using the Windows Server 2003 Secondary Logon Feature
1. The purpose of this activity is to introduce students to using a secondary logon. They will open the Event Viewer, using the Run as command to log on with alternate credentials.
Activity 10-6: Using the Secondary Logon Feature from the Command Line
1. In this activity, students will use the secondary logon feature from the command line. They will use the runas command to open the Event Viewer from an administrative account.
Network Troubleshooting Processes
1. Discuss with students why a systematic troubleshooting approach will serve them well and list the steps that are recommended for finding and resolving problems.
Define the Problem
1. Note the ways in which they may find out about problems; for example, they may get an error message or hear a complaint from a user. Discuss how to get more information, either by questioning the user or finding out more about the error.
2. Explain how to use the net utility to identify specific error messages.
3. Mention that it is useful to recreate the error in a test situation if possible.
Gather Detailed Information About What Has Changed
1. Explain why it is important to find out what has changed and offer suggestions for factors to consider.
Devise a Plan to Solve the Problem
1. Talk about why planning is important. Discuss factors to consider while devising a plan.
2. Make sure that students think about having a rollback strategy in case the plan doesn’t work or in case things get into some unusual state.
Implement the Plan and Observe Results
1. Note that it is important to notify users if there may be an interruption in availability. Discuss why you should not make too many changes at one time.
2. Discuss what to do if, once the plan is implemented, the problem is still occurring.
Document All Changes and Results
1. Explain that all troubleshooting steps taken, results, and changes should be well documented. This will help if the plan doesn’t work, or if the problem occurs again.
Teaching Tip / Remind students that taking the time to document the troubleshooting process can pay big dividends in the long run. It can be very difficult to keep track of exactly what has been tried unless it is well documented.Quick Quiz
1. What is the event id code associated with a Shutdown Event in Event viewer?
Answer: 1074
2. The ______feature is useful because it allows you to use separate accounts without having to log on and log off every time you switch from one account to another.
Answer: secondary logon
3. How many steps are there in the recommended network troubleshooting process?
Answer: 5
Configuring Terminal Services and Remote Desktop for Administration
1. Explain the history of Terminal Services and the switch in focus with Windows Server 2003 to two separate utilities (Terminal Services and Remote Desktop for Administration).
2. Mention the default installation condition for both of the utilities.
3. Give examples of what the tools are used to manage.
Enabling Remote Desktop for Administration
1. Explain how to enable the Remote Desktop for Administration on a server for both administrators and other users.
Activity 10-7: Enabling and Testing Remote Desktop for Administration
1. The purpose of this activity is to enable Remote Desktop for Administration at the server and then connect and disconnect. Students will enable the utility and connect to it from a client using the Remote Desktop Connection. They will browse the desktop environment and disconnect, first leaving the session open, then finally disconnecting and closing the session.
Installing Terminal Services
1. Explain how to install Terminal Services. Mention that a server must be set up as a Terminal Services licensing server if you want an application server. Note that Windows Server 2003 will run without a license server for 120 days but, after that, clients will not be able to connect without one.
Activity 10-8: Installing Terminal Services
1. The purpose of this exercise is to install Windows Server 2003 Terminal Services on a server using the Add/Remove Windows Components utility from the Control Panel.
2. Note that members of the Domain Users group are added to the default group with access to Remote Desktop by default when Terminal Services is installed.
Managing Terminal Services
1. Introduce the three tools for Terminal Services administration. Go over the descriptions in Table 10-1.
Teaching Tip / Students should be familiar with installing Terminal Services on their server. They now need to understand the process of configuring connections, clients, user properties, and how to install applications on the server.Configuring Remote Connection Settings
1. Go over the settings that are available as shown in Table 10-2.
2. Describe where to find the connection settings in a connection object. Note that some settings can also be set from the properties of a user account, but that connection settings override user account settings.
3. Discuss the encryption and authentication settings.
Activity 10-9: Exploring Terminal Services Settings
1. In this activity, students explore and configure Terminal Services settings, clicking through and reading the options on the various tabs of the Terminal Services Configuration tool as they browse a client connection.
Terminal Services Client Software
1. Explain that installing Terminal Server on a server adds the required client software to a folder on the server. This software must be installed at the client using either a manual installation process or Group Policy software deployment. However, for Windows Server 2003 and Windows XP, the software is preinstalled.
2. Mention that there is also a Web browser client connection utility that can be installed for Windows Server 2003 only.
Installing Applications
1. Discuss with students the need to install applications that are to be run on the server in install mode. This allows them to be accessed by multiple users simultaneously. Existing applications may need to be reinstalled as well.
2. Describe how to install an application (after installing Terminal Server) using Add or Remove Programs from the Control Panel.
3. Note that it is preferable to install as above, but that it is also possible to set the mode manually from the command line and use other installation methods instead.
Configuring Terminal Services User Properties
1. Explain that once Terminal Server is installed, it will add extra tabs to the properties of user accounts. Go over the list of extra tabs and the types of configuration settings that are available on each one.
Activity 10-10: Exploring Terminal Services User Account Settings
1. The purpose of this activity is to explore the extra user account configuration settings that are related to Terminal Server. This is done using Active Directory Users and Computers to open a user account and browse through the Terminal Services Profile, Remote control, Sessions, and Environment tabs in the properties of the account.
Quick Quiz
1. In Windows Server 2003, the ______utility is provided specifically to allow administrators to connect to a server for administration purposes.
Answer: Remote Desktop for Administration
2. What Terminal Services administrative tool is used to configure terminal server settings and connections?
Answer: Terminal Services Configuration
3. Name the four extra tabs that are added to user account properties when Terminal Server is installed in Windows Server 2003.
Answer: Terminal Services Profile, Remote control, Sessions, and Environment
Delegating Administrative Authority
1. Discuss with students the reasons and methods for protecting the Active Directory database. Note that by default administrators have full access to objects in the database and other users have read permission for most attributes of these objects. It is up to the administrator to edit permissions in order to delegate authority.
Teaching Tip / Be sure to caution students about editing permissions in a way that might make objects completely inaccessible to anyone (including themselves).Active Directory Object Permissions
1. Explain the two permission levels that are available (object and attributes levels) and describe what they refer to.
2. Go over the standard object-level permissions available as shown in Table 10-3.
3. Note that if you don’t explicitly set a permission on an object (to allow or deny), the object inherits permission settings from its parent container.
Activity 10-11: Exploring Active Directory Object Permissions
1. In this activity, students will explore the Active Directory object permission settings. Students will turn on Advanced Features mode. Then, using Active Directory Users and Computers, they access the properties of an OU and browse through permissions associated with various groups and account properties and the possible configurations for permissions.
Permission Inheritance
1. Explain the default mechanism for inheritance of permissions for Active Directory objects. Note how to force parent container permission changes to its children if desired.
2. Also note how to block inheritance at a child if necessary.
Delegating Authority Over Active Directory Objects
1. Describe the steps to take in order to delegate authority over particular directory objects. Specifically, you should design the OU structure appropriately and then assign the permissions that support the desired model.
Implementing Delegation
1. Note that permissions can be set manually through the Security tab on every object. However, the Delegation of Control Wizard is available to help minimize the administrative complexity of doing this.
Activity 10-12: Using the Delegation of Control Wizard
1. The purpose of this activity is for students to get experience using the Delegation of Control Wizard to delegate control of an OU. Students delegate a specific task associated with a specific OU to an existing group.
2. Note that you can also use the Delegation of Control Wizard to change existing permissions.
Software Update Services
1. Discuss the need for a network administrator to manage and maintain security updates and hot fixes for both client and server computers. List some of the methods that have commonly been used.
2. Explain what Software Update Services brings to the administration of updates. Note that it cannot be used to deploy service packs or other 3rd party software.
3. Note that it has client and server components and describe them.
Installing Software Update Services
1. Describe how to download the SUS software components.
2. Go over the recommended hardware and operating system requirements for the SUS server component.
3. Note that Internet Installation Services (IIS) version 5.0 or higher must be installed on the server.
Activity 10-13: Installing Software Update Services
1. In this activity, students will install the server component of SUS. They must first ensure that Internet Information Services is installed. They then install SUS Service Pack 1 from an .exe file that runs the Microsoft Software Update Services Setup Wizard.
How Software Update Services Works
1. Be sure that students understand the basic purpose of SUS and how installing security update packages with SUS differs from using the Windows Update feature in non-SUS environments.
2. Discuss the difference between having: 1) a server that downloads packages, stores them locally, and makes them available to clients; and 2) a server that downloads only a catalog, with clients downloading the actual packages from Internet-based servers.