In ages gone by your Windows Server network wasn't such an important item in the
SME setup. You only had to worry about storing a few files and mdb's, and manage
one or two 56 kbps connections to the Internet.
Now it's highly likely that Windows Server administration is absolutely crucial
to the daily running of your business. Through Windows Server you manage remote
workers, Web Services connections to other businesses, your own website using IIS
and beyond.
Here's a series of rules that help Windows Server 2003 Administrators ensure they
are making the most of the functionality it provides. Do you agree with them all?
Are we missing some?
Let us know what you think.
-
Do you a back up data from your notebooks to a network
location?
Notebooks roam these days, and you have to ensure that the data is being backed
up. The way we do it is either:
a) keep all your files on the server and use Windows Offline Files
- from a server perspective we force a synchronize on logon via
group policy
- from a client perspective they can run extra sync via "Synchronize"
b) keep all your files on the notebook and use a program to copy to the server daily
- from a server perspective we force a synchronize on logon via
group policy
- from a client perspective they can run extra sync via "Scheduled
Tasks"
We go option b) because have had funny experiences with Office Files
Each user has a few standard directories for keeping data that needs to be backed
up. A simple batch file is used to copy the contents of these folders to a network
location. The batch file uses Robocopy, a utility developed by Microsoft for efficiently
copying and synchronising large numbers of files.
Here is a screenshot of a sample batch file:
- Figure: Batch file used to copy entire folders to the backup location
This batch file refers to a central shared file called Robocopy.bat, shown here:
- Figure: The central Robocopy.bat calls Microsoft's Robocopy program
The user's batch file is executed each day through Scheduled Tasks:
- Figure: Scheduled task for executing the backup batch file
After the transfer is completed, the user sees a summary of the files copied and
any errors that occurred. A detailed report is also logged to the network backup
location where administrators can check it.
|
Note: Microsoft Robocopy seems to have problems with paths longer than 256 characters.
|
-
Backups can be done lots of ways. Servers are the first thing people look at, and
the way we recommend is to have a backup server. Disk space is cheap so tape drives
are out.
- Have the Exchange backup to a file on the server (on a rolling 5 day plan + rolling
2 monthly plan)
- Have the SQL Server backup to a file on the server (on a rolling 5 day plan + rolling
2 monthly plan)
- Have the File Server backup to a file on the server (on a rolling 5 day plan + rolling
2 monthly plan)
- Have the Web Server backup to a file on the server (on a rolling 5 day plan + rolling
2 monthly plan)
- Have the SharePoint backup to a file on the server (on a rolling 5 day plan + rolling
2 monthly plan) - generally we don't have documents in SharePoint but the Workspaces
need backing up.
Backups with SQL Server 2000 Enterprise
Using SQL Server 2000 Enterprise, the DBA can back up and restore databases and
T log files. The DBA can schedule backups to occur at off hours, direct backups
on remote disks to occur across the network, and configure the monitoring agent
to send email and page alerts if the backups are unsuccessful. More could be found
at this web site
-
Do your servers have fixed IP address?
IP address management is important in any network. Generally a DHCP server will
find its way into most networks, unless you specify your servers IP address they
will get a random IP from the DHCP server. Letting your servers get a random IP
is a bad idea as IP's are usually referred directly to servers in network config,
firewall settings, port redirection, and generally annoying as you cannot remember
the IP.
For a small network, we reserve a small band of IP's for servers/printers like 192.168.1.1
- 192.168.1.20
-
Do you have a set IP range for VPN users?
Network monitoring and review is an important part of a network administrators job
especially if external bandwidth is used. You should know how much bandwidth your
VPN clients and other VPN offices are using. You should also be able to easily investigate
what traffic can be minimised.
By assigning an IP range within your Routing and Remote Access server, you are able
to filter logs based on these IP addresses and distinguish unnecessary traffic.
To set this up go Start -> Administrative Tools -> Routing and Remote Access.
Right click the server and go Properties. Click the IP tab and select "Static
address pool". Click the Add button and enter in the IP range you wish to
use.
-
Do you use Software Update Services to automatically
distribute updates across your LAN?
The Blaster
worm has ripped through the world with blistering speed infecting countless computers
using Microsoft operating systems. Microsoft are now licking their wounds and many
users are in damage control. Network administrators who have not been diligent with
their updates and patches are now being asked to explain themselves. How do you
fix it? The simple solution is Automatic Updates, the better solution is Software
Update Services. Whilst enabling automatic updates on your windows settings
seems like a quick and easy fix, and it could improve our network, there are some things that you need to know about
this:
- Regardless of when you download the update, it needs to be installed to avoid all
risks of getting STUNG.
- If you do have it set to automatically update, and you need then you'll be paying
through the nose in download usage every month for patches on every machine on your
network.
If you're going to use this method you can get to the automatic updates options
by going to Start > Control Panel > System > Automatic Updates.
- Figure: Set the Automatic Updates
The avoid the problems associated with enabling automatic updates on your computer
we think that the best solution to this problem for middle to large organizations
is to use Microsoft Software Update Services. This nifty little download allows
you to download patches ONCE and then, when approved, get every client machine patched
from the one location.
Server Requirements:
- Windows 2000 Server (SP2 or later) / Windows 2003 Server with Software Update Services
1.0 SP1
- Dedicated server recommended
- IIS 5.0 or later and IE 5.5 or later required
Client Requirements:
Be aware that the server will download all the current Microsoft updates the first
time you synchronise with the Microsoft servers. This is a lot of updates and is
a couple gigs worth of downloads. This feature is activated through group policy.
- Figure: Use the Software Update Services
Information on installing and configuration SUS is found on Microsoft Software Update Services
-
Is all your software up to date?
Using the latest software versions helps minimize security threats, and keeps your
system stable. While Microsoft provides us with Windows Update, what about all our
other software? Do you open all your software regularly to see if it needs an update?
SSW Diagnostics scans through your system, and displays a report on which versions
of common software you have installed, and where to get the latest version.
It's free, so download it now and make sure you
have all green ticks.
-
When connecting to another domain dont use \\computer\sharename
When you are connecting to another computer don't go
Start > Run then enter in the Computer name
This method can take ages to connect. Instead connect to another computer using
Tools > Map Drive
- Figure: Use map drive to connect to another computer
It is very faster. I dont know why but it just is.
-
Can I get notified when the server goes down?
Although Windows 2003 Server does come with alerts you can make email you when things
go wrong with the server, we choose to use a network wide monitoring tool like
WhatsUp Gold.
Some advantages of using such a tool are:
- You are able to monitor all the computers/routers in your network from one central
location
- You can get alerts on many different devices when something fails
- You can monitor many different services on a device
- Figure: WhatsUp Gold can help you do more network management works
-
Using Performance Monitor
You can see the details on SSW Using Performance Monitor
-
Have you configured your RAID notification software?
We all know that hardware RAID is faster, more stable, easier to recover from a
disaster, etc than software RAID.
The only problem is that with cheap RAID cards or onboard RAID there is not enough
information about your hardware and what its doing without having to reboot the
computer and enter the RAID configuration.
More expensive RAID cards have software that comes with it that enables you to configure
your hardware within windows.
- Figure: Use RAID management tool
The advantage of this software is that it generally comes with some monitoring service
that can notify you if there a hardware problem or fault. It is very important that
you get a RAID card that has this ability. This way you will always know that your
servers are ok unless you get notified.
- Figure: RAID management tool can do many kinds of management
-
Don't install Windows Desktop Search on our servers
Windows Desktop Search is an indexed desktop search platform that can be used to find files or content conveniently.
But WDS stores its index in the folder it is indexing, this was causing our backups to fail.
If you want to take advantage of its feature, you can install it on your own computer, but don't slow down our servers.