Now that you've implemented Windows 2000, you'll need to keep all your systems running smoothly via day-to-day diligence.
Keeping Your Win2K Server Happy
Now that you've implemented Windows 2000, you'll need to keep all your systems running smoothly via day-to-day diligence.
- By Harry Brelsford
- August 01, 2000
During the past few months, we've planned for and installed
Windows 2000 and its various components. This included
setting up Windows 2000 Server, implementing Active Directory,
and installing critical services and protocols. In short,
you've created a functioning Windows 2000 network.
It's now time to move on. Once you have Win2K up and
running, your role shifts to that of administrator. For
many, arriving at the administrator stage is a well-deserved
break after a long shift of implementing Win2K. For those
in a consulting mindset, it's time to proceed to the next
project.
The day-to-day world of Win2K is very different from
the world of Win2K design and planning. It's vital that
you, the Win2K administrator, diligently perform a number
of jobs each day. I've listed six common tasks that come
to mind-virus detection; backup and restore; end user
support; application installation and management; user,
computer, and printer management; and storage maintenance-but,
undoubtedly, you have some that are unique to your network
and workplace (I address a few at the end of this column).
Virus Detection
In the past, I've made backup operations a priority over
virus detection, but in recent months, virus detection
has moved to the top of my list. (Do you agree or disagree?
Write me at the email address at the end of my column.)
My reasons for emphasizing virus detection is obvious:
Despite your best efforts to run a shipshape Win2K network,
some unsuspecting user can easily be duped into opening
a virus as malicious as ILOVEYOU just by reading email,
which can then put others users on your network out of
commission for a whole day.
All the tasks I discuss here can be performed out of
the Win2K box, but not virus detection. So, you'll need
to turn to third-party anti-virus software with client
and server components (McAfee, Symantec, and Trend Micro,
to name a few), and then diligently check your respective
anti-virus ISV's site daily for late breaking virus-related
news.
As with many forms of crime, the bad guys who write viruses
like to get a head-start on their victims. So, if you
prioritize virus detection as the first task of the day,
you'll be able to respond quickly. An interesting trend
I've noticed about virus activity and time zones here
in the U.S.: Administrators on the west coast who watch
TV or check technology Web sites often learn of virus
developments affecting earlier time zones, which gives
those administrators time to react and thwart virus attacks.
Master Tip: All Windows
2000 virus detectors are not equal! I've seen situations
where Computer Associates' Inoculan missed viruses and
McAfee's VirusScan suite found them (both applications
had the most up-to-date virus signature files), and I've
seen exactly the opposite, in which Inoculan caught something
that didn't show up in McAfee. Someday, Windows 2000 MCSEs
will routinely run multiple virus detection applications
for critical redundancy. You'd be wise to implement more
than one anti-virus product.
Backup and Restore
Good ol' backup and restore tasks should be near the
top of everyone's daily to-do list. Win2K Server's native
backup program, which was developed by Executive Software,
is sufficient for most sites. Three strengths in the native
backup program are an automated backup schedule, the ability
to backup Microsoft Exchange and the capability to do
a system state backup. One weakness is Win2K's lack of
a SQL Server backup agent.
To perform a backup:
- Log onto your Win2K Server as an administrator.
- Run Backup from the System Tools program group (find
it by clicking Start| Programs| Accessories).
- Select the Backup Wizard and complete each dialog
box. You will select the data to backup, including Microsoft
Exchange.
- Be sure to select system state. This option is critical
for making a backup of Active Directory and the Registry,
along with a few additional system-level components
such as COM+ (see Figure 1).
- You will schedule the backup.
- Click Finish and the backup job is ready to run.
|
Figure 1. Backup Active Directory
via the System State selection. |
Backups are relatively easy. All you have to do is remember
to change to a fresh backup tape (preferably, daily),
adhere to a bona fide tape rotation scheme, and store
at least one tape copy offsite.
Win2K's native backup program competes with off-the-shelf
solutions, such as Veritas' BackUpExec and Computer Associates'
ARCServe. If you need an enterprise-level backup application,
also consider Legato's Networker.
Restores are a different matter. As a practicing Windows
2000 MCSE consultant, I rarely allow clients to perform
restores. There is significant danger that critical system
settings may be overwritten, such as the Registry, when
all that might be needed is a simple file or folder restore.
Before showing you the keystrokes for a restore, let
me give you some restore best practices:
- Step back and make a backup plan.
- Double-check your restore settings so that you know
conclusively that you're restoring system state information,
such as the Registry and Active Directory.
- If you must restore system state, educate yourself
on the authoritative and non-authoritative Active Directory
restoration approaches. See the online help.
- Be aware that restoring Microsoft Exchange restores
the entire information store, not individual mailboxes
or email selections. An Exchange restoration will roll
back everyone's mailbox to the date that the Exchange
backup was performed.
- Practice restores once a month to verify your backups
and memorize the steps. It's a bad deal to try and learn
how to do a restore in the heat of battle.
To perform a restore:
- Logon to your Windows 2000 Server as an administrator.
- Run Backup from the System Tools program group (click
Start| Programs| Accessories).
- Select the Restore Wizard and complete each dialog
box. You'll select the data to restore, including Exchange.
You may also select System State for restoration.
- Complete the Wizard (scheduled time, etc.) and click
Finish. The restore job has been created.
Support End Users
Not a day goes by when you don't provide end-user support.
More often, end-user support includes technical solutions
as well as customer service. I encourage you to read the
"Professional Speaking" column in the print version of
MCP Magazine for advice.
End user support often means supporting line-of-business
applications, and rarely the hard-core Windows 2000 network
infrastructure. You're far more likely to address a field
definition issue in the company's ERP data dictionary
than resolve a dynamic DNS issue with an end user. The
point is this: Life as a Windows 2000 MCSE administrator
goes far beyond what you learned when you studied for
the certification exams.
Install and Manage Applications
Another day-to-day task for the Windows 2000 MCSE is
installing and managing applications. Here are some best
practices:
- Windows 2000 is relatively new, so be sure to run
the application on a test machine before placing it
on a production machine.
- True Windows 2000-compliant applications will ship
with an .msi file (a file with a set of instructions)
that allows you to deploy the application to end-user
desktops using the Assign and Publish capability in
Group Policy. To use Group Policy, youre fleet of machines
must be running purely on Win2K Server and Professional.
- Avoiding application installation pain is possible
if you think smart. As a veteran of saying "I can do
that" when it came to installing strange applications,
I now insist the software vendor perform the installations.
Call it a cop out to use other specialized consultants,
but I beg to differ. I call it good application management.
Master Tip: The Windows
2000 Server Resource Kit has a little-known tool you
should run that can greatly assist your efforts to manage
applications. Installation Monitor tracks changes made
by setup programs in the registry, .ini files, and other
child processes. This is a great way to see how an installed
application may have modified critical Windows 2000 settings.
Users, Computers, and Printers
Hardly a day or two will pass when you aren't required
to add or remove a user from your Windows 2000 network,
with computers and printers close behind. As you might
expect, there are a few best practices when it comes to
users and printers:
- Strongly consider the group management model when
adding users. This is a traditional security group model
where you manage permissions via groups, not individuals.
For example, Romeo works in the bookkeeping department.
By placing him in the ACCOUNTING group, Romeo immediately
has sufficient rights to run the Timberline accounting
program.
- When adding a user via the Active Directory Users
and Computers MMC, be sure to think about how you're
using Organizational Units. OUs, which usually reflect
department names such as Marketing, are typically used
to apply group policy and create junior administrators.
A user may only be a member of one OU at a time.
- Promptly disable or delete the accounts of terminated
employees. A fast track to losing management's confidence
in your Windows 2000 administration abilities is for
names of the dearly departed to show up months later
as users. Sloppy!
To add a user to your Windows 2000 network.
- Logon to your Windows 2000 Server machine as an administrator.
- Launch the Active Directory Users and Computers MMC
from the Administrative Tools program group.
- Right-click on the OU to which you will add a user.
Select New| User from the secondary menu.
- On successive screens of the New Object - User wizard,
provide user name and password information.
- Click Finish.
To add a user to a group, right-click the group and select
Properties from the secondary menu. Add users to the group
via the Members tab.
Disk Space and Maintenance
Something that can surprise you as a Windows 2000 MCSE
is a shortage of storage. To keep an eye on your storage,
use the Computer Management MMC (launched from the Administrative
Tools program group; see Figure 2). The Storage object
lets you perform common disk management tasks including
checking free space (by right-clicking on a disk drive
and selecting Properties; see Figure 3) and defragment
the disks.
|
Figure 2. Computer Management
MMC. |
|
Figure 3. Viewing a disk's Properties
sheet to see free space. |
Master Tip: BackOffice
2000 and Small Business Server 2000 will improve the monitoring
of storage space and disk health with the new HealthMon
reporting tool. These products will be released within
the next few months.
Custom Tasks
A common compliant I here from Windows 2000 MCSEs is
that "I didn't get my MCSE for this" when it comes to
working outside the BackOffice. That is, each of use are
called upon to do non-MCSE tasks in our jobs as MCSEs.
These tasks might include running the database consistency
checker in Great Plains Dynamics. I'm sure you have your
own examples. My advice? Master the custom tasks necessary
to do your job and grin and bear it.
Conclusion
Don't forget to take a moment each day to renew yourself
along the way, else you'll suffer the evil fate of MCSE
burnout. For example, read that compelling MCP Magazine
article on the ferry back to Staten Island tonight! See
you next month.