In ages gone by your Windows Server network wasn't such an important
item in the SME setup. You only had to worry about storing a few files
and mdb's, and manage one or two 56 kbps connections to the Internet.
Now it's highly likely that Windows Server administration is
absolutely crucial to the daily running of your business. Through
Windows Server you manage remote workers, Web Services connections to
other businesses, your own website using IIS and beyond.
Here's a series of rules that help Windows Server 2003 Administrators
ensure they are making the most of the functionality it provides. Do
you agree with them all? Are we missing some?
Let us know
what you think.
-
Do you a back up data from your notebooks to a network location?
Notebooks roam these days, and you have to ensure that the data is
being backed up. The way we do it is either:
a) keep all your files on the server and use Windows Offline Files
- from a server perspective we force a synchronize on logon via
group policy
- from a client perspective they can run extra sync via
"Synchronize"
b) keep all your files on the notebook and use a program to copy
to the server daily
- from a server perspective we force a synchronize on logon via
group policy
- from a client perspective they can run extra sync via "Scheduled
Tasks"
We go option b) because have had funny experiences with Office
Files
Each user has a few standard directories for keeping data that
needs to be backed up. A simple batch file is used to copy the
contents of these folders to a network location. The batch file
uses Robocopy, a utility developed by Microsoft for efficiently
copying and synchronising large numbers of files.
Here is a screenshot of a sample batch file:
-
-
Figure: Batch file used to copy entire folders to the backup
location
This batch file refers to a central shared file called
Robocopy.bat, shown here:
-
-
Figure: The central Robocopy.bat calls Microsoft's Robocopy
program
The user's batch file is executed each day through Scheduled
Tasks:
-
-
Figure: Scheduled task for executing the backup batch file
After the transfer is completed, the user sees a summary of the
files copied and any errors that occurred. A detailed report is
also logged to the network backup location where administrators
can check it.
|
Note: Microsoft Robocopy seems to have problems with paths
longer than 256 characters.
|
-
Backups can be done lots of ways. Servers are the first thing
people look at, and the way we recommend is to have a backup
server. Disk space is cheap so tape drives are out.
-
Have the Exchange backup to a file on the server (on a rolling 5
day plan + rolling 2 monthly plan)
-
Have the SQL Server backup to a file on the server (on a rolling
5 day plan + rolling 2 monthly plan)
-
Have the File Server backup to a file on the server (on a
rolling 5 day plan + rolling 2 monthly plan)
-
Have the Web Server backup to a file on the server (on a rolling
5 day plan + rolling 2 monthly plan)
-
Have the SharePoint backup to a file on the server (on a rolling
5 day plan + rolling 2 monthly plan) - generally we don't have
documents in SharePoint but the Workspaces need backing up.
Backups with SQL Server 2000 Enterprise
Using SQL Server 2000 Enterprise, the DBA can back up and restore
databases and T log files. The DBA can schedule backups to occur
at off hours, direct backups on remote disks to occur across the
network, and configure the monitoring agent to send email and page
alerts if the backups are unsuccessful. More could be found at
this web site
-
Do your servers have fixed IP address?
IP address management is important in any network. Generally a
DHCP server will find its way into most networks, unless you
specify your servers IP address they will get a random IP from the
DHCP server. Letting your servers get a random IP is a bad idea as
IP's are usually referred directly to servers in network config,
firewall settings, port redirection, and generally annoying as you
cannot remember the IP.
For a small network, we reserve a small band of IP's for
servers/printers like 192.168.1.1 - 192.168.1.20
-
Do you have a set IP range for VPN users?
Network monitoring and review is an important part of a network
administrators job especially if external bandwidth is used. You
should know how much bandwidth your VPN clients and other VPN
offices are using. You should also be able to easily investigate
what traffic can be minimised.
By assigning an IP range within your Routing and Remote Access
server, you are able to filter logs based on these IP addresses
and distinguish unnecessary traffic.
To set this up go Start -> Administrative Tools -> Routing
and Remote Access. Right click the server and go Properties. Click
the IP tab and select "Static address pool". Click the Add button
and enter in the IP range you wish to use.
-
Do you use Software Update Services to automatically distribute
updates across your LAN?
The
Blaster
worm has ripped through the world with blistering speed
infecting countless computers using Microsoft operating systems.
Microsoft are now licking their wounds and many users are in
damage control. Network administrators who have not been
diligent with their updates and patches are now being asked to
explain themselves. How do you fix it? The simple solution is
Automatic Updates
, the better solution is
Software Update Services
. Whilst enabling automatic updates on your windows settings
seems like a quick and easy fix, and it could improve our
network, there are some things that you need to know about this:
-
Regardless of when you download the update, it needs to be
installed to avoid all risks of getting STUNG.
-
If you do have it set to automatically update, and you need
then you'll be paying through the nose in download usage every
month for patches on every machine on your network.
If you're going to use this method you can get to the automatic
updates options by going to Start > Control Panel > System
> Automatic Updates.
-
- Figure: Set the Automatic Updates
The avoid the problems associated with enabling automatic
updates on your computer we think that the best solution to this
problem for middle to large organizations is to use Microsoft
Software Update Services. This nifty little download allows you
to download patches ONCE and then, when approved, get every
client machine patched from the one location.
Server Requirements:
-
Windows 2000 Server (SP2 or later) / Windows 2003 Server with
Software Update Services 1.0 SP1
- Dedicated server recommended
- IIS 5.0 or later and IE 5.5 or later required
Client Requirements:
Be aware that the server will download all the current Microsoft
updates the first time you synchronise with the Microsoft
servers. This is a lot of updates and is a couple gigs worth of
downloads. This feature is activated through group policy.
-
- Figure: Use the Software Update Services
Information on installing and configuration SUS is found on
Microsoft Software Update Services
-
Is all your software up to date?
Using the latest software versions helps minimize security
threats, and keeps your system stable. While Microsoft provides us
with Windows Update, what about all our other software? Do you
open all your software regularly to see if it needs an update?
SSW Diagnostics scans through your system, and displays a report
on which versions of common software you have installed, and where
to get the latest version.
It's free, so
download it now
and make sure you have all green ticks.
-
When connecting to another domain dont use \\computer\sharename
When you are connecting to another computer don't go
Start > Run then enter in the Computer name
This method can take ages to connect. Instead connect to another
computer using
Tools > Map Drive
-
- Figure: Use map drive to connect to another computer
It is very faster. I dont know why but it just is.
-
Can I get notified when the server goes down?
Although Windows 2003 Server does come with alerts you can make
email you when things go wrong with the server, we choose to use a
network wide monitoring tool like
WhatsUp Gold
.
Some advantages of using such a tool are:
-
You are able to monitor all the computers/routers in your
network from one central location
-
You can get alerts on many different devices when something
fails
- You can monitor many different services on a device
-
-
Figure: WhatsUp Gold can help you do more network management
works
-
Have you configured your RAID notification software?
We all know that hardware RAID is faster, more stable, easier to
recover from a disaster, etc than software RAID.
The only problem is that with cheap RAID cards or onboard RAID
there is not enough information about your hardware and what its
doing without having to reboot the computer and enter the RAID
configuration.
More expensive RAID cards have software that comes with it that
enables you to configure your hardware within windows.
-
- Figure: Use RAID management tool
The advantage of this software is that it generally comes with
some monitoring service that can notify you if there a hardware
problem or fault. It is very important that you get a RAID card
that has this ability. This way you will always know that your
servers are ok unless you get notified.
-
-
Figure: RAID management tool can do many kinds of management
-
Don't install Windows Desktop Search on our servers
Windows Desktop Search is an indexed desktop search platform that
can be used to find files or content conveniently. But WDS stores
its index in the folder it is indexing, this was causing our
backups to fail. If you want to take advantage of its feature, you
can install it on your own computer, but don't slow down our
servers.