Installing and Configuring the SUS Server

The SUS server should run on a server that is dedicated to running SUS, meaning that it will not run any other applications other than IIS, which is required. Microsoft recommends that you install a clean or new version of Windows 2000 Server or Windows Server 2003 and apply any service packs or security-related patches. t i You should not have any virus-scanning software installed on the server. Virus IING scanners can mistake SUS activity for a virus. The following steps are used to install...

Goraj Enterprises Mail

This book is the work of a great team. First I'd like to thank my editor Suzanne Goraj for her excellent job on the editing process. The production editor Elizabeth Campbell was always a pleasure to work with and kept the book moving along and on schedule. Thanks also to technical editor Donald Fuller for his thorough edit and for keeping me honest. I would like to thank Neil Edde, associate publisher and James Chellis who both helped develop and nurtured the MCSE series of books since the...

Managing Process Tasks

The Processes tab of the Task Manager dialog box, shown in Figure 9.26, lists all of the processes that are currently running on the computer. This is a convenient way to get a quick look at how your system is performing. Unlike using System Monitor, you don't need to first configure the collection of this data it's gathered automatically. FIGURE 9.26 The Processes tab of the Task Manager dialog box Applications Processes j performance Networking Users Applications Processes j performance...

Figure The Member Of tab for the Administrator user account

Remote control Terminal Services Profile COM+ General Address Account Profile Telephones Organization Member Of Dial-in Environment Sessions Remote control Terminal Services Profile COM+ General Address Account Profile Telephones Organization Member Of Dial-in Environment Sessions Set Primary Group I There is no need to change Primary group unless -- - you have Macintosh clients or POSIX-compliant

Understanding Data Recovery Agents

If the user who encrypted the folders or files is unavailable to decrypt the folders or files when they're needed, you can use the data recovery agent (DRA) to access the encrypted files. DRAs are implemented differently depending on the version of your operating system and the configuration of your computer For Windows 2000 Professional and Windows 2000 Server computers, a DRA was mandatory, and EFS could not be used if a DRA was not in place. For Windows 2000 Professional computers that were...

Upgrading a Server to a Domain Controller

Once a server has been installed with Windows Server 2003, you can upgrade it to a domain controller through the Dcpromo utility. The following steps assume that the server will be the first server installed into the domain and DNS is not already installed. To upgrade a Windows Server 2003 member server to a domain controller, take the following steps 1. Select Start > Run. In the Run dialog box, type Dcpromo and click the OK button. 2. You will see the Welcome To The Active Directory...

Perform an Automated System Recovery Restore

Boot your computer using the Windows Server 2003 CD. During the boot process, you may need to press a specified key (based on your computer's BIOS) to boot the computer 8. Press F2 when prompted during the text-mode portion of the Windows Server 2003 Setup process to initiate the recovery process. You will be prompted to insert the ASR floppy disk. Insert the disk and press any key. 9. You have only a few seconds to cancel the recovery by hitting the Esc key. Otherwise, the system reformats the...

Managing Data Encryption with EFS

Data encryption is a way to increase data security. Encryption is the process of translating data into code that is not easily accessible. Once data has been encrypted, you must have a key to decrypt the data. Unencrypted data is known as plain text or clear text, and encrypted data is known as cipher text. The Encrypting File System (EFS) is a technology used by Windows 2000, Windows XP Professional, and Windows Server 2003 to store encrypted files on NTFS partitions. Encrypted files add an...

Microsoft Exam Objectives Covered In This Chapter

Manage Internet Information Services (IIS). t''' , ' ' ' '. . ' ' '' - ' . 1 ' v ., ' ' 1 > . ' i * r it1 Windows Server 2003 comes with Internet Information Services (IIS) 6.0, which allows you to create and manage websites. This software provides a wide range of options for configuring the content, performance, and access controls for your websites. In this chapter, you will learn how to install Internet Information Services and how to configure and manage website properties. You will...

Answers to Review Questions

If you are logged in as Administrator and do not see a Security tab on the folder's Property page, then the most likely problem is that the partition is not formatted as NTFS. 2. B. In order to support folder, file, and print auditing, you must be on an NTFS partition, or the option to configure security and auditing will not even appear. In order to support auditing, you must enable auditing for Object Access through the computer's Domain Security policy. Then you enable auditing through...

Understanding How Effective Permissions Are Applied

To determine a user's effective permissions (the rights the user actually has to a file or folder), add all of the permissions that have been allowed through the user's assignments based on that user's username and group associations. After you determine what the user is allowed, you subtract any permissions that have been denied the user through the username or group associations. As an example, suppose that user Marilyn is a member of the Accounting and Execs groups. The following assignments...

Review Questions

Your company uses Windows Server 2003 with Active Directory. Within the network, there are a variety of clients, including Unix clients. One of the Windows Server 2003 member servers on your network is configured as a print server with a printer called ColorLaser. You have a Unix client that wants to submit jobs to the printer. The Unix client has obtained the proper Unix print driver for the print device. Which of the following options must be configured on the Windows Server 2003 print server...

The Microsoft Certified Professional Program

Since the inception of its certification program, Microsoft has certified almost 1.5 million people. As the computer network industry increases in both size and complexity, this number is sure to grow and the need for proven ability will also increase. Companies rely on certifications to verify the skills of prospective employees and contractors. Microsoft has developed its Microsoft Certified Professional (MCP) program to give you credentials that verify your ability to work with Microsoft...

Is This Book for

If you want to acquire a solid foundation in managing and maintaining a Windows Server 2003 environment, and your goal is to prepare for the exam by learning how to use and manage the new operating system, this book is for you. You'll find clear explanations of the fundamental concepts you need to grasp, and plenty of help to achieve the high level of professional competency you need to succeed in your chosen field. If you want to become certified as an MCSE or MCSA, this book is definitely for...

Answers to Assessment Test

The site license server is responsible for managing all of the Windows licenses for the site. The default license server is the first domain controller in the site. The site license server does not have to be a domain controller, but for best performance it is recommended that site license server and domain controller be in the same site. To determine which server is the site license server, you would take the following steps from a domain controller Select Start Administrative Tools...

Managing Shares with the Shared Folders Utility

Shared Folders is a computer management utility for creating and managing shared folders on the computer. The Shared Folders window displays all of the shares that have been created on the computer, the user sessions that are open on each share, and the files that are currently open, listed by user. To access Shared Folders, select Administrative Tools gt Computer Management, expand System Tools, and then expand Shared Folders. In the following sections you will learn how to use the Shared...

Installing Windows Server as a Domain Controller

For the exercises to work properly, you should make sure that the computer that will act as your server meets the list of requirements specified in Table 1.2. Your server should have a network card installed, and it should have at least a 2.5GB drive that is configured with the minimum space requirements and partitions. Other exercises in this book assume that your server is configured as follows 2GB about 2000MB C primary partition with the NTFS file system 500MB of free space you will create...

Figure The User Profiles dialog box

User profiles store settings for your desktop and other information related to your user account. You can create a different profile on each computer you usej or you can select a roaming profile that is the same on every computer you use. User profiles store settings for your desktop and other information related to your user account. You can create a different profile on each computer you usej or you can select a roaming profile that is the same on every computer you use. To create new user...

Using Windows Update

Windows Update is available through the Microsoft website and is used to provide the most current files for the Windows operating systems. Examples of updates include security fixes, critical updates, updated help files, and updated drivers. Sometimes the updates that are installed require that the computer be restarted before the update can take effect. In this event, Windows Update uses a technology called chained installation. With chained installation, all updates that require a computer...

Figure The Computer Name tab of the System Properties dialog box

System Restore Automatic Updates Remote General Computer Name Hardware Advanced T Jg Windows uses the following information to identify your computer Hp on the network. For example Kitchen Computer or Mary's Computer. To use the Network Identification Wizard to join a i NetW0 kiD l domain and create a local user account, click Network l- gt To rename this computer or join a domain, click Change. Change l 4. The Computer Name Changes dialog box will appear, as shown in Figure 3.25. This dialog...

Figure The Active Directory group Properties dialog box

General Members Member Of Managed By Accounting Group name pre-Windows 2000 Accounting Description E-mail Group name pre-Windows 2000 Accounting Description E-mail This dialog box has four tabs with options for managing the group The General tab allows you to view and change the pre-Windows 2000 group name, the description, and the e-mail address. You can view the group scope and change group scope and group type. You can also add notes for the group. The Members tab, shown in Figure 3.19,...

The Hardware Compatibility List HCL

Along with meeting the minimum requirements, your hardware should appear on the Hardware Compatibility List HCL . The HCL is an extensive list of computers and peripheral hardware that have been tested with the Windows Server 2003 operating system. The Windows Server 2003 operating system requires control of the hardware for stability, efficiency, and security. The hardware and supported drivers on the HCL have been put through rigorous tests. If you call Microsoft for support, the first thing...

Monitoring Print Queue Status

You can monitor print queue status through the System Monitor utility. System Monitor is used to track performance-related counters for many computer objects. You monitor print queue status through the System Monitor utility using the following process 1. Select Start gt Administrative Tools gt Performance. 2. The Performance dialog box will appear and the System Monitor utility will be selected by default, as shown in Figure 7.22. 3. Click the Add button which looks like a Plus sign to access...

Figure The Terminal Server Licensing window

The Terminal Server License Activation Wizard will start. Click the Next button. 10. The Connection Method dialog box appears, as shown in Figure 8.20. You can choose to connect to the Microsoft Clearinghouse by one of three methods Automatic, Web Browser, or Telephone. In this example, we will connect by telephone. Select the Telephone option and click the Next button. FIGURE 8.20 Connection Method dialog box FIGURE 8.20 Connection Method dialog box 11. The Country Region Selection dialog...

H

Hard disk drive A mass-storage device that reads and writes digital information magnetically on disks that spin under moving heads. Hard disk drives are precisely aligned and should not be removed, except for maintenance. They are an inexpensive way to store gigabytes of computer data permanently. Hard disk drives also store the applications and user data installed on a computer. Hardware Abstraction Layer HAL A Windows Server 2003 service that provides basic input output services such as...

Using System Monitor

The System Monitor utility Figure 9.1 is used to collect and measure the real-time performance data for a local or remote computer on the network. Through System Monitor, you can view current data or data from a log file. When you view current data, you are monitoring real-time activity. When you view data from a log file, you are importing a log file from a previous session. System Monitor enables you to do the following tasks Collect data from your local computer or remote computers on the...

Configuration for the SUS Clients

There are two methods for configuring SUS clients. The method you use is dependent on whether your network uses Active Directory. In a non-enterprise network not running Active Directory , you would configure Automatic Updates through Control Panel using the same process that was defined in the Using Automatic Updates section of this chapter. Each client's Registry would then be edited to reflect the location of the server that will provide the Automatic Updates. Within an enterprise network,...

Using Folder and File Auditing

If you have configured a partition or volume as NTFS, you can take advantage of an additional security feature called auditing. Auditing allows you to track the success or failure of folder and file access. In order to use auditing, two options must be configured Configure the computer to enable auditing for object access. Configure the events that you want to audit on the specific NTFS folder or file. After you configure auditing, you view the results through the Event Viewer utility's...

Monitoring Disk Quotas

If you implement disk quotas, you will want to monitor disk quotas on a regular basis. Monitoring allows you to check the disk usage by all the users who own files on the volume with the quotas applied. It is especially important to monitor quotas if you have specified that disk space should be denied to users who exceeded their quota limit. Otherwise, some users may not be able to get their work done. For example, suppose that you have set a limit for all users on a specific volume. Your boss...

Creating a DRA

In order to be designated as a DRA, a user must have a certificate that will be used to access encrypted files. To create a certificate for the user who will be the DRA, you should log on as that user, and execute the following command Cipher R filename You will then be asked to type in the password to protect your .pfx, followed by a request to retype the password. The R switch is used to generate two files, one with a .pfx extension and one with a .cer extension. The .pfx file is used for...

Separator Page File Description

Pcl.sep Used to send a separator page on a dual-language HP printer after switching the printer to PCL Printer Control Language , which is a common printing standard TABLE 7.2 Separator Page Files continued TABLE 7.2 Separator Page Files continued Does not send a separator page, but switches the computer to Used by PostScript printers to send a separator page Same as sysprint.sep, but with support for Japanese In Exercise 7.3, you will configure some advanced printer properties. This exercise...

Managing Users Groups and Computers

MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER V Manage local, roaming, and mandatory user profiles. V Create and manage computer accounts in an Active Directory environment. Identify and modify the scope of a group. Find domain groups in which a user is a member. Create and modify groups by using the Active Directory Users and Computers Microsoft Management Console MMC snap-in. Create and modify groups by using automation. V Create and manage user accounts. Create and modify user accounts...

Using the Licensing

To access the Licensing utility, select Start gt Administrative Tools gt Licensing. This brings up the Licensing utility shown in Figure 1.23. If you click the Server Browser tab, then expand your domain and your server, you will see an entry called Windows Server. Double-clicking Windows Server accesses the Choose Licensing Mode dialog box, as shown in Figure 1.24. This allows you to specify whether you will manage enterprise licensing through Per Server mode or Per Device or Per User mode....

Post Installation Product Activation

Product activation is Microsoft's way of reducing software piracy. Unless you have a volume corporate license for Windows Server 2003 or are using a 64-bit version of Windows Server 2003 which does not use product activation , you will need to perform post-installation activation. This can be done online or through a telephone call. After Windows Server 2003 is installed, you will have 14 days to activate the license. After the 14-day grace period expires, you will not be able to restart...

Figure Disk Part commandline utility

Microsoft Windows Version 5.2.37181 lt C gt Copyright 1985-2002 Microsoft Corp. C Documents and Settings fldministrator gt diskpart Microsoft DiskPart uersion 5.2.3718 Copyright CO 1999 2001 Microsoft Corporation. On computer SERUER2003 list of partitions on the current disk, list volumes. list of partitions on the current disk, list volumes. You can then select the disk, volume, or partition you want to manage by selecting the object through the Select command for example, Select Disk, Select...

Print Queue Counter

This counter specifies how many print servers have added shared network printers to the print server. The number is cumulative from when the server was last started. TABLE 7.8 Print Queue Counters Defined continued TABLE 7.8 Print Queue Counters Defined continued The number of bytes, in real time, that have been printed on a Specifies how many browser requests have been made to the print server from network browse lists. The number is cumulative from when the server was last started. The total...

Installing a Terminal Services Server

Select Start gt Control Panel gt Add Or Remove Programs. 2. In the Add Or Remove Programs window, click Add Remove Windows Components. 3. The Windows Components Wizard will automatically start. Check the Terminal Server checkbox and click the Next button. You can add or remove components of Windows. To add or remove a component, click the checkbox. A shaded box means that only part of the component will be installed. To see what's included in a component, click Details. To add or remove a...

Managing Driver Signing

In the past, poorly written device drivers have caused problems with Windows operating systems. Microsoft is now promoting a mechanism called driver signing as a way of ensuring that drivers have passed Microsoft's testing process for compatibility with Windows Server 2003. By applying a digital signature, device drivers can't be altered after they have been signed. In the following sections you will learn how to configure driver signing options and how to verify existing device driver...

Figure The General tab of the Active Directory user Properties dialog box

Active Directory Account Address Tab

Account Profile Telephones Organization First name Last name Display name Description Office FIGURE 3.5 The Address tab of the Active Directory user Properties dialog box FIGURE 3.5 The Address tab of the Active Directory user Properties dialog box Controlling Active Directory Users' Accounts Using the Account tab, shown in Figure 3.6, you can control the user's account. This tab shows the logon name information that you supplied when you set up the new user account and allows you to configure...

Using Startup and Recovery Options

The Startup and Recovery options are used to specify the default operating system that is loaded and specify which action should be taken in the event of system failure. You can access the Startup and Recovery options from your Desktop by right-clicking My Computer, selecting Properties from the pop-up menu, clicking the Advanced tab, and then clicking the Startup And Recovery Settings button. Alternatively, select Start gt Control Panel gt System. From System, select the Advanced tab, then...

Adding Active Directory User Telephone Information

The Telephones tab, shown in Figure 3.13, allows you to configure the user's telephone numbers for home, pager, mobile, fax, and IP phone. You can also add notes such as Don't call home after 10 00 P.M. The Other buttons allow you to specify alternate telephone numbers. FIGURE 3.13 The Telephones tab of the Active Directory user Properties dialog box FIGURE 3.13 The Telephones tab of the Active Directory user Properties dialog box

Figure The Terminal Services Profile tab of the Active Directory user Properties dialog box

General Address Account Profile Telephones Organization Member Of Dial-in Environment Sessions Remote control Terminal Services Profile j C0M Use this tab to configure the Terminal Services user profile. Settings in this profile apply to Terminal Services. Terminal Services User Profile- Terminal Services Home Folder f Local path

Figure The Remote Control tab of the Active Directory user Properties dialog box

General Address Account Profile Telephones Organization Member Of Dial-in Environment Sessions Remote control Terminal Services Profile C0M Use this tab to configure Terminal Services remote control settings. To remotely control or observe a user's session, select the following check box To require the user's permission to control or observe the session, select the Following check box Specify the level of control you want to have over a user's session C View the user's session Inteiact with the...

Managing Server Settings

Through the Terminal Services Configuration utility, you can also configure settings that apply to the Terminal Services server. When you click the Server Settings folder in the Terminal Services Configuration, as shown in Figure 8.12, you see configuration options defined in Table 8.2. FIGURE 8.12 The Terminal Services Configuration Server Settings window tscc - Terminal Services Configuration 5erver Settings Terminal Services Configuration Connections So Delete temporary Folders on exit Ves...

Managing Hardware Devices through Device Manager

Along with displaying information about your hardware devices, the Device Manager utility provides configuration options for managing devices. In the right pane of the Device Manager window, double-click the category of the device you wish to manage to see a list of the devices of that type recognized by your computer. Then right-click the specific device you wish to manage. You will see the options shown in Figure 2.2. Update Driver Used to install a more current version of the device driver....

Using Driver Rollback

Windows XP Professional and Windows Server 2003 offer a new feature called Driver Rollback. You would use Driver Rollback if you installed or upgraded a driver and you encountered problems that you did not have with the previous driver. Some of the problems with drivers relate to the following errors The following steps would be used to roll back a driver 1. Select Start gt Control Panel gt System. 2. From System, select the Hardware tab, then select Device Manager. 3. Expand the category for...

Creating Mirrored Volumes

When you create a mirrored volume, you are setting up two physical drives that contain volumes that mirror each other. You create mirrored volumes from areas of free space on the two drives. In order to create a mirrored volume, you must have at least two drives installed on your computer and each drive must contain unallocated space. Mirrored volumes require that the space on each drive used for the mirror set be equal in size. In the following steps, you will learn how to create a mirrored...

Creating a Trace

What Are Trace Logs Server 2003

Trace logs measure data continuously as opposed to measuring data through periodic samples. Trace logs are also used to track data that is collected by the operating system or programs. For example, you could specify that you want to trace the creation or deletion of processes or threads. To create a trace log, take the following steps 1. Expand Performance Logs And Alerts, right-click Trace Logs, and select New Log Settings from the pop-up menu. 2. The New Log Settings dialog box appears. Type...

Redirecting Print Jobs to Another Printer

If your print device fails, you can redirect all of the jobs that are scheduled to be printed to that print device to another print device that has been configured as a printer. For this redirection to work, the new print device must be able to use the same print driver as the old print device. To redirect print jobs, click the Add Port button in the Ports tab, highlight Local Port, and choose New Port. In the Port Name dialog box, type the UNC name of the printer that you want to redirect the...

Assessment Test

You are responsible for managing all of the Windows licenses in your organization. You currently have a server called Server1 that is configured as the site license server. You want to centrally manage all of the Windows licenses from a server called Server2. How do you configure Server2 to be the site license server A. Control Panel gt Licensing B. Administrative Tools gt Licensing C. Administrative Tools gt Services D. Administrative Tools gt Active Directory Sites and Services 2. You are...

Figure Quota Entries For New Volume dialog box

Quota Entries Dialog Box

To modify a user's quota, double-click that user. This brings up the dialog box shown in Figure 4.28. Here you can specify whether or not the user's disk space should be limited, the limit, and the warning level. FIGURE 4.28 Quota Settings For user dialog box FIGURE 4.28 Quota Settings For user dialog box You can also modify the quotas of several users at once by pressing Ctrl and clicking to highlight several users and selecting Quota gt Properties. In Exercise 4.7, you will set a default...

Setting Printing Preferences

Layout Tab The Printing Preferences

Clicking the Printing Preferences button opens the Printing Preferences dialog box, which allows you to specify the layout of the paper, page order, and paper source. This dialog box has Layout and Paper Quality tabs, as well as an Advanced button that allows you to configure more printer options. The Layout tab of the Printing Preferences dialog box, shown in Figure 7.2, allows you to specify the orientation and page order. Your choices for the Orientation setting are Portrait vertical or...

Using the Msinfo Command Line Utility

The Msinfo32 command-line utility provides the same functionality as the System Information utility. Through the use of this command, you can Gather information about computers through batch files Automatically create a System Information file .nfo or text file .txt with a snapshot of the computer's system information Create and save a System Information file, without ever opening the System Information utility on a local or remote computer The options associated with Msinfo32 are defined in...

Configuring HTTP Headers

The HTTP Headers tab, shown in Figure 6.17, allows you to configure values that will be returned to web browsers in the HTML headers of the web pages. FIGURE 6.17 The HTTP Headers tab of the website Properties dialog box FIGURE 6.17 The HTTP Headers tab of the website Properties dialog box If your website contains information that is time-sensitive, you can enable content expiration. You can set content to expire immediately, after a specified number of minutes, or on a specific date. This...

Printer Pooling

Printer Pooling

Printer pools are used to associate multiple physical print devices with a single logical printer, as illustrated in Figure 7.8. You would use a printer pool if you had multiple physical printers in the same location that were the same type and could use a single print driver. The advantage of using a printer pool is that the first available print device will print your job. This is useful in situations where there is a group of print devices shared by a group of users, such as a secretarial...

Figure The Environment tab of the Active Directory user Properties dialog box

Remote control Terminal Services Profile C0M General Address Account Profile j Telephones Organization Member Of Dial-in Environment Sessions Use this tab to configure the Terminal Services startup environment. These settings override client-specified settings. tart the following program at logon W Connect client drives at logon W Connect client printers at logon Default to main client printer The Sessions tab, shown in Figure 8.14, allows you to configure Terminal Services timeout and...

Bandwidth Throttling

Bandwidth is defined as the total capacity of your transmission media. IIS allows you to limit how much network bandwidth can be used by a given website. This is called bandwidth throttling, and it prevents a particular website from hogging bandwidth and adversely affecting the performance of the other sites on the web server. When bandwidth throttling is enabled, IIS sets it to 1024 bytes per second minimum the maximum is 32,767 bytes per second. FIGURE 6.10 The Performance tab of the website...

Figure The Print Processor dialog box

Selecting a different print processor may result in different options being available for default data types. If your service does not specify a data typej the selection below will be used. Print processor Default data type Selecting a different print processor may result in different options being available for default data types. If your service does not specify a data typej the selection below will be used. Print processor Default data type

Using Per Seat Per Device or Per User Licensing

The Per Seat licensing mode is more practical for the enterprise environment. By purchasing a Client Access License CAL for each device or user, each client is licensed at the client side to access as many servers as needed. When using the Per Seat licensing mode, you record the CALs. In Figure 1.17, note that the servers are only licensed for the server software, and the right to access the server is licensed at the client. In environments where one user uses a computer, this would be referred...

Determining and Specifying the Site License Server

License Site Settings

The site license server is responsible for managing all of the Windows licenses for the site. The default license server is the first domain controller in the site. The site license server does not have to be a domain controller but for best performance it is recommended that site license server and domain controller be in the same site. To determine what server is the site license server, you would take the following steps from a domain controller 1. Select Start gt Administrative Tools gt...

Creating a New Website

IIS allows you to host multiple websites on a single computer. Creating a web or FTP site using IIS Manager does not create the actual site content, but merely creates a directory structure and configuration files. Content is published by adding it to the directory structure for a website, or by pointing that website to the physical location of the content files. To create a new website, take the following steps from the IIS console 1. Right-click the Web Sites folder under the web server and...