Now that you've implemented Windows 2000, you'll need to keep all your systems running smoothly via day-to-day diligence.

Keeping Your Win2K Server Happy

Now that you've implemented Windows 2000, you'll need to keep all your systems running smoothly via day-to-day diligence.

• By Harry Brelsford
• August 01, 2000

During the past few months, we've planned for and installed Windows 2000 and its various components. This included setting up Windows 2000 Server, implementing Active Directory, and installing critical services and protocols. In short, you've created a functioning Windows 2000 network.

It's now time to move on. Once you have Win2K up and running, your role shifts to that of administrator. For many, arriving at the administrator stage is a well-deserved break after a long shift of implementing Win2K. For those in a consulting mindset, it's time to proceed to the next project.

The day-to-day world of Win2K is very different from the world of Win2K design and planning. It's vital that you, the Win2K administrator, diligently perform a number of jobs each day. I've listed six common tasks that come to mind-virus detection; backup and restore; end user support; application installation and management; user, computer, and printer management; and storage maintenance-but, undoubtedly, you have some that are unique to your network and workplace (I address a few at the end of this column).

Virus Detection

In the past, I've made backup operations a priority over virus detection, but in recent months, virus detection has moved to the top of my list. (Do you agree or disagree? Write me at the email address at the end of my column.) My reasons for emphasizing virus detection is obvious: Despite your best efforts to run a shipshape Win2K network, some unsuspecting user can easily be duped into opening a virus as malicious as ILOVEYOU just by reading email, which can then put others users on your network out of commission for a whole day. 

All the tasks I discuss here can be performed out of the Win2K box, but not virus detection. So, you'll need to turn to third-party anti-virus software with client and server components (McAfee, Symantec, and Trend Micro, to name a few), and then diligently check your respective anti-virus ISV's site daily for late breaking virus-related news.

As with many forms of crime, the bad guys who write viruses like to get a head-start on their victims. So, if you prioritize virus detection as the first task of the day, you'll be able to respond quickly. An interesting trend I've noticed about virus activity and time zones here in the U.S.: Administrators on the west coast who watch TV or check technology Web sites often learn of virus developments affecting earlier time zones, which gives those administrators time to react and thwart virus attacks.

Master Tip: All Windows 2000 virus detectors are not equal! I've seen situations where Computer Associates' Inoculan missed viruses and McAfee's VirusScan suite found them (both applications had the most up-to-date virus signature files), and I've seen exactly the opposite, in which Inoculan caught something that didn't show up in McAfee. Someday, Windows 2000 MCSEs will routinely run multiple virus detection applications for critical redundancy. You'd be wise to implement more than one anti-virus product.

Backup and Restore

Good ol' backup and restore tasks should be near the top of everyone's daily to-do list. Win2K Server's native backup program, which was developed by Executive Software, is sufficient for most sites. Three strengths in the native backup program are an automated backup schedule, the ability to backup Microsoft Exchange and the capability to do a system state backup. One weakness is Win2K's lack of a SQL Server backup agent. 

To perform a backup:

1. Log onto your Win2K Server as an administrator.
2. Run Backup from the System Tools program group (find it by clicking Start| Programs| Accessories).
3. Select the Backup Wizard and complete each dialog box. You will select the data to backup, including Microsoft Exchange.
4. Be sure to select system state. This option is critical for making a backup of Active Directory and the Registry, along with a few additional system-level components such as COM+ (see Figure 1).
5. You will schedule the backup.
6. Click Finish and the backup job is ready to run. 

Figure 1. Backup Active Directory via the System State selection.

Backups are relatively easy. All you have to do is remember to change to a fresh backup tape (preferably, daily), adhere to a bona fide tape rotation scheme, and store at least one tape copy offsite.

Win2K's native backup program competes with off-the-shelf solutions, such as Veritas' BackUpExec and Computer Associates' ARCServe. If you need an enterprise-level backup application, also consider Legato's Networker.

Restores are a different matter. As a practicing Windows 2000 MCSE consultant, I rarely allow clients to perform restores. There is significant danger that critical system settings may be overwritten, such as the Registry, when all that might be needed is a simple file or folder restore. 

Before showing you the keystrokes for a restore, let me give you some restore best practices: 

• Step back and make a backup plan.
• Double-check your restore settings so that you know conclusively that you're restoring system state information, such as the Registry and Active Directory.
• If you must restore system state, educate yourself on the authoritative and non-authoritative Active Directory restoration approaches. See the online help.
• Be aware that restoring Microsoft Exchange restores the entire information store, not individual mailboxes or email selections. An Exchange restoration will roll back everyone's mailbox to the date that the Exchange backup was performed. 
• Practice restores once a month to verify your backups and memorize the steps. It's a bad deal to try and learn how to do a restore in the heat of battle.

To perform a restore:

1. Logon to your Windows 2000 Server as an administrator.
2. Run Backup from the System Tools program group (click Start| Programs| Accessories).
3. Select the Restore Wizard and complete each dialog box. You'll select the data to restore, including Exchange. You may also select System State for restoration.
4. Complete the Wizard (scheduled time, etc.) and click Finish. The restore job has been created.

Support End Users

Not a day goes by when you don't provide end-user support. More often, end-user support includes technical solutions as well as customer service. I encourage you to read the "Professional Speaking" column in the print version of MCP Magazine for advice.

End user support often means supporting line-of-business applications, and rarely the hard-core Windows 2000 network infrastructure. You're far more likely to address a field definition issue in the company's ERP data dictionary than resolve a dynamic DNS issue with an end user. The point is this: Life as a Windows 2000 MCSE administrator goes far beyond what you learned when you studied for the certification exams.

Install and Manage Applications

Another day-to-day task for the Windows 2000 MCSE is installing and managing applications. Here are some best practices: 

• Windows 2000 is relatively new, so be sure to run the application on a test machine before placing it on a production machine.
• True Windows 2000-compliant applications will ship with an .msi file (a file with a set of instructions) that allows you to deploy the application to end-user desktops using the Assign and Publish capability in Group Policy. To use Group Policy, youre fleet of machines must be running purely on Win2K Server and Professional.
• Avoiding application installation pain is possible if you think smart. As a veteran of saying "I can do that" when it came to installing strange applications, I now insist the software vendor perform the installations. Call it a cop out to use other specialized consultants, but I beg to differ. I call it good application management.

Master Tip: The Windows 2000 Server Resource Kit has a little-known tool you should run that can greatly assist your efforts to manage applications. Installation Monitor tracks changes made by setup programs in the registry, .ini files, and other child processes. This is a great way to see how an installed application may have modified critical Windows 2000 settings.

Users, Computers, and Printers

Hardly a day or two will pass when you aren't required to add or remove a user from your Windows 2000 network, with computers and printers close behind. As you might expect, there are a few best practices when it comes to users and printers: 

• Strongly consider the group management model when adding users. This is a traditional security group model where you manage permissions via groups, not individuals. For example, Romeo works in the bookkeeping department. By placing him in the ACCOUNTING group, Romeo immediately has sufficient rights to run the Timberline accounting program.
• When adding a user via the Active Directory Users and Computers MMC, be sure to think about how you're using Organizational Units. OUs, which usually reflect department names such as Marketing, are typically used to apply group policy and create junior administrators. A user may only be a member of one OU at a time.
• Promptly disable or delete the accounts of terminated employees. A fast track to losing management's confidence in your Windows 2000 administration abilities is for names of the dearly departed to show up months later as users. Sloppy!

To add a user to your Windows 2000 network.

1. Logon to your Windows 2000 Server machine as an administrator.
2. Launch the Active Directory Users and Computers MMC from the Administrative Tools program group.
3. Right-click on the OU to which you will add a user. Select New| User from the secondary menu.
4. On successive screens of the New Object - User wizard, provide user name and password information.
5. Click Finish.

To add a user to a group, right-click the group and select Properties from the secondary menu. Add users to the group via the Members tab.

Disk Space and Maintenance

Something that can surprise you as a Windows 2000 MCSE is a shortage of storage. To keep an eye on your storage, use the Computer Management MMC (launched from the Administrative Tools program group; see Figure 2). The Storage object lets you perform common disk management tasks including checking free space (by right-clicking on a disk drive and selecting Properties; see Figure 3) and defragment the disks. 

Figure 2. Computer Management MMC.

Figure 3. Viewing a disk's Properties sheet to see free space.

Master Tip: BackOffice 2000 and Small Business Server 2000 will improve the monitoring of storage space and disk health with the new HealthMon reporting tool. These products will be released within the next few months.

Custom Tasks

A common compliant I here from Windows 2000 MCSEs is that "I didn't get my MCSE for this" when it comes to working outside the BackOffice. That is, each of use are called upon to do non-MCSE tasks in our jobs as MCSEs. These tasks might include running the database consistency checker in Great Plains Dynamics. I'm sure you have your own examples. My advice? Master the custom tasks necessary to do your job and grin and bear it. 

Conclusion

Don't forget to take a moment each day to renew yourself along the way, else you'll suffer the evil fate of MCSE burnout. For example, read that compelling MCP Magazine article on the ferry back to Staten Island tonight! See you next month.