Maintaining and Updating Windows Server 2008 Lesson 8 Skills Matrix Technology Skill Objective Domain Objective # Configuring Windows Server Update Services (WSUS) Configure Windows Server Update Services (WSUS) server settings 5.1 Using the Performance Monitor Capture performance data 5.2 Using the Windows Event Viewer Monitor event logs 5.3 Using Network Monitor to Gather Network Data Gather network data 5.4 Monitoring a Windows Server 2008 • There are two approaches to maintaining your network: the reactive approach and the proactive approach. • After implementation of your network design is complete and you have verified that your network works properly, the reactive approach means that you will “wait and see” what problems arise. Monitoring a Windows Server 2008 • A proactive approach doesn’t wait for problems to arise. – A proactive approach to network management is preventative and uses tools such as the Performance and Reliability Monitor, the Event Viewer, and Network Monitor utilities. – Proactive system administrators use these tools to help spot potential and actual networking issues without wasting time guessing what the problems might be because they lack historical data. – They do this by systematically monitoring, logging, and analyzing the network’s data. Reliability and Performance Monitor • Located within the Administrative Tools folder. • Allows you to collect real-time information on your local computer or from a specific computer to which you have permissions. • This information can be viewed in a number of different formats that include line charts and histograms. Reliability and Performance Monitor Reliability and Performance Monitor Performance Monitor • Probably the most frequently used view within the Reliability and Performance Monitor is the Performance Monitor. • One of the simplest methods is to open the Start menu, key perfmon.exe, and then click OK. • Performance Monitor provides detailed information necessary for in-depth analysis, logging capabilities, and alerts, which are useful for early warnings of possible system issues. Performance Monitor Data Collector Sets • One of the significant changes introduced in Windows Server 2008 performance monitoring is the Data Collector Set. • Rather than manually adding individual performance counters anytime you want to monitor performance on a 2008 server, Data Collector Sets allow you to organize a set of performance counters, event traces, and system configuration data into a single “object” that you can reuse on one or more Windows Server 2008 servers. • You can view the counters associated with Data Collector Sets in Performance Monitor view, use them to generate alert actions when particular performance thresholds are reached, and integrate them with the Windows Task Scheduler to collect performance data at specific times. Data Collector Sets • There are three built-in Data Collector Sets within Windows Server 2008 — LAN Diagnostics, System Diagnostics, and System Performance — or you can create your own custom sets. • You also have the ability to create Data Collector Set templates that are based on the XML file format, thus allowing you to distribute templates across multiple servers for use by other administrators. Data Collector Sets Data Collector Sets Data Collector Sets Data Collector Sets Securing Access to Performance Data • A common request from network administrators in previous versions of Windows is the ability to delegate access to performance data without allowing full administrative rights to a particular server. • To this end, Windows Server 2008 includes a number of built-in group objects that grant limited access to performance data. Securing Access to Performance Data • Members of the Performance Monitor Users group, by default, are delegated the following additional abilities to view performance data: – Members of Performance Monitor Users can view both real-time and historical data within the Performance Monitor console and can use the Reliability Monitor. – Members of Performance Monitor Users cannot create or modify Data Collector Sets or use the Resource View. Securing Access to Performance Data • Members of the Performance Log Users group have all of the rights available to normal Users and Performance Monitor Users. • In addition, Performance Log Users also have the ability to create and modify Data Collector Sets, but only after an administrator has assigned this group the Log on as a batch user user right on the server or servers in question. Windows Event Viewer • Windows Server 2008 uses the Windows Event Viewer to record system events that take place, such as security, application, and role-specific events. Windows Event Viewer Network Monitor • If you receive reports that a Windows Server 2008 computer is not responding fast enough, you might want to isolate the view of the network traffic that is being sent to or from that server. • You may also need to view network traffic to determine if a client application is faulting, or to determine if a malicious user or virus is attempting to access the computer over the network. Network Monitor • Windows Server 2008 does not include a built-in network monitor, but you can download and install the latest version of Network Monitor from the Microsoft Web site. • This free download will allow you to view network traffic that is being sent to and from the network interface cards on a particular Windows Server 2008 computer. • You can view network captures in real-time, or save the information to a file to be analyzed later. Network Monitor Network Monitor Windows Server Update Services (WSUS) • Traditionally, system administrators and users kept systems up-to-date by frequently checking the Microsoft Windows Update Web site or the Microsoft Security Web site for software updates. • Administrators manually downloaded available updates, tested the updates in their environment, and then distributed the updates manually or with traditional software distribution tools. Windows Server Update Services (WSUS) • To improve the manageability of this process, Microsoft introduced Windows Server Update Services (WSUS) – A Web-based tool for managing and distributing software updates that resolve known security vulnerabilities or otherwise improve performance. – For Microsoft Windows XP, Windows Vista, Microsoft Windows Server 2003, and Windows Server 2008 operating systems. – The latest version of WSUS (WSUS 3.0 with Service Pack 1 at the time of this writing) is a free download from the Microsoft Web site that can be installed on a Windows Server 2008 computer. Windows Server Update Services WSUS Distributed Infrastructure • A server that runs WSUS can be synchronized from the public Windows Update servers, from another server running WSUS, or from a manually configured content distribution point. • WSUS servers can download and store content locally, or they can use the content on the Windows Update Web site. Setting WSUS Client Settings with GPOs Setting WSUS Client Settings with GPOs Summary • When monitoring the health of Windows Server 2008, you can examine the Window Event Viewer to obtain information. • By default, it logs informational events such as service start and stop messages, errors, and warnings. • Additional diagnostic logging can be achieved by modifying the registry. Summary • Reliability and Performance Monitor in Windows Server 2008 allows you to collect real-time information on your local computer or from a specific computer to which you have permissions. • This information can be viewed in a number of different formats that include charts, graphs, and histograms. Summary • Reliability and Performance Monitor uses performance objects, or categories, and performance counters to organize performance information. – Performance counters are the specific processes to monitor. – Many counters are available. • WSUS is a tool used to manage and distribute software updates that fix known security vulnerabilities or otherwise improve the performance of Microsoft operating systems. Summary • Updates can include items such as security fixes, critical updates, and critical drivers. • Windows Update is a Microsoft Web site that works with Automatic Updates to provide timely critical and noncritical system updates. • Automatic Updates enables you to automatically interact with the Windows Update Web site. Summary • WSUS has three main components: – A content synchronization service. – An internal Windows Update server. – Automatic Updates on computers (desktops or servers). Summary • WSUS server management includes reviewing and changing configuration options, automatically or manually synchronizing the server, viewing update status, and backing up and restoring the server. • You can configure Automatic Updates through the Automatic Updates configuration page, Group Policy, and by configuring registry entries.