Beruflich Dokumente
Kultur Dokumente
Objectives
Distinguish between the various methods, tools, and processes used to manage a Windows Server 2003 system Understand and configure Terminal Services and Remote Desktop for Administration Delegate administrative authority in Active Directory Install, configure, and manage Microsoft Software Update Services
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 2
Activity 10-2: Viewing Shutdown Events in the Event View System Log
Objective: Use Event Viewer to view server shutdown events Start Administrative Tools Event Viewer System Look for the shutdown event that was generated in the previous activity Explore other shutdown events
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 6
Secondary Logon
Recommendation is for network administrators to have two logon accounts
One with administrative rights One with normal user rights
Secondary logon feature allows you to log on with user account, open administrative tools as an administrator
10
Activity 10-5: Using the Windows Server 2003 Secondary Logon Feature
Objective: Use the Run as command to open a program with a secondary account Start Administrative Tools right-click Event Viewer Run as Log on with alternative credentials in Run As dialog box
11
Activity 10-6: Using the Secondary Logon Feature from the Command Line
Objective: To log on using alternate credentials from the command line Start Run enter cmd in Open box to open a command prompt Enter command-line form of runas to open the Event Viewer as directed in the exercise
12
13
Ask questions of user Try to recreate the problem in a test To decode error messages, use net utility
At command prompt, type NET HELPMSG number
14
15
16
Implement the Plan; Observe Results; Document All Changes and Results
Notify users if network availability will be affected Do not make too many configuration changes at one time If plan doesnt work, document what was done and start again Document all troubleshooting steps, results, and configuration changes
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 17
19
21
22
23
Configured from properties of a Terminal Server connection object: 1 object for multiple user connections Settings include:
Authentication (none or standard Windows) Encryption (client compatible or high)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 24
25
26
Contains files to install Remote Desktop Connection Provided as both MSI file and Win32 executable Share folder and initiate installation process either manually or through Group Policy deployment Pre-installed on Windows Server 2003 and Windows XP
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 27
Installing Applications
Applications must be installed in a mode for multiple users compatible with Terminal Server(install mode) Use Add or Remove Programs applet in Control Panel after Terminal Server is installed Can also place Windows Server 2003 in install mode from command line
Change user /install to begin Change user /execute when finished
Permission Inheritance
Child objects inherit permissions from parent objects by default when child object is created If permissions to parent are changed subsequently, can force permission changes to child if desired Can modify default inheritance by blocking it at the container or object level
34
Implementing delegation
Can manage permissions directly from Security tab Can use Delegation of Control Wizard
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 35
38
Administration is Web-based, password protected On-line resources include SUS Overview Whitepaper, SUS Deployment Guide, Windows Update, Security Web sites
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 41
Automatic Updates
Clients must have Automatic Updates client software installed to obtain security updates Some systems have software preinstalled, others must manually install Automatic Updates can be manually enabled along with notification and scheduling options To connect to local SUS server to obtain updates, must configure clients Registry or Group Policy settings Group policy settings override local settings
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 44
45
Activity 10-17: Uninstalling Software Update Services and Internet Information Services
Objective: To uninstall SUS and IIS Start Control Panel Add or Remove Programs Remove Software Update Services as directed Remove Internet Information Services as directed
48
Summary
Tools used to manage server tasks and remote management of clients:
Microsoft Management Console (MMC) Secondary logon feature
Network troubleshooting process steps: define problem, gather information about changes, devise plan, implement plan, document changes & results Terminal Services allows users to connect to and run applications on remote servers
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 49
Summary (continued)
Remote Desktop for Administration allows administrators to connect to and interact with remote servers Administrative authority for Active Directory objects can be delegated through object-level and attribute-level permissions Software Update Services allows control of the deployment of security updates throughout a network
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 50